Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2019-01-24 | Change: add cron job to run deploy_static_site_certs | Lars Wirzenius | 1 | -0/+10 | |
2019-01-06 | Fix: restart haproxy after Let's Encrypt certifiacte is renewed | Lars Wirzenius | 1 | -0/+1 | |
2019-01-06 | Change: default Debian mirror | Lars Wirzenius | 1 | -1/+1 | |
2018-11-06 | Fix: recreate haproxy.pem in cron job | Lars Wirzenius | 1 | -0/+11 | |
haproxy wants a haproxy.pem that is the catenation of letsencrypt's fullchain.pem and privkey.pem. It's created by the Ansible playbook, but if you don't run Ansible for three months, the cert will expire. Add a daily cron job that recreates haproxy.pem every day. This might be doable using a certbot haproxy plugin, but I can't be arsed to find out. Don't understand why letsencrypt doesn't just create such a file by default, or why haproxy wants such a file. | |||||
2018-08-07 | Add: check that letsencrypt_email is set | Lars Wirzenius | 1 | -2/+12 | |
2018-08-07 | Add: haproxy role | Lars Wirzenius | 4 | -0/+146 | |
2018-07-30 | Fix: well-known dir for certbot | Lars Wirzenius | 1 | -1/+1 | |
2018-07-03 | Change: stop Apache while running certbot | Lars Wirzenius | 1 | -0/+2 | |
The certbot apache support is not currently working in Debian, so this is a workaround. Not ideal, but good enough for me. | |||||
2018-07-03 | Change: let user group Let's Encrypt certs | Lars Wirzenius | 3 | -48/+65 | |
2018-06-19 | Change: support static website aliases for letsenrypt | Lars Wirzenius | 2 | -15/+17 | |
2018-05-30 | Fix: drop jinja2 templating from a "when:" | Lars Wirzenius | 1 | -1/+1 | |
2018-05-30 | Fix: allow access via HTTP when no HTTPS is to be required | Lars Wirzenius | 1 | -0/+1 | |
2018-05-22 | Fix: enable apache ssl module only after configs | Lars Wirzenius | 1 | -8/+8 | |
2018-05-18 | Change: allow .well-known dir be outside webroot | Lars Wirzenius | 3 | -9/+18 | |
2018-05-18 | Fix: don't run things that require letencrypt vars, unlss desired | Lars Wirzenius | 1 | -0/+3 | |
2018-05-18 | Change: don't use Let's Encrypt certificates by default | Lars Wirzenius | 1 | -1/+1 | |
2018-05-12 | Add: support optional Let's Encrypt TLS certs for static web sites | Lars Wirzenius | 4 | -4/+109 | |
2018-02-25 | Add: if the initial apt setup, ignore the failure | Lars Wirzenius | 1 | -0/+8 | |
This lets us get past a mistake in the sources.list, such as a badly set debian_codename. Add: ignore more apt errors in initial setup | |||||
2018-02-25 | Add: sanity check: is debian_codename set? | Lars Wirzenius | 2 | -1/+11 | |
I couldn't get the Ansible "when" clause to work, so this checks it in shell instead. Ugly, but works. | |||||
2018-02-15 | Merge branch 'liw/htpasswd' | Ivan Dolgov | 2 | -2/+20 | |
2018-02-14 | Change: optionally install a per-site htpasswd file | Lars Wirzenius | 2 | -2/+20 | |
Also, configure the Apache vhost to use the file if installed. | |||||
2018-01-10 | Change: set debian_codename to a never-valid value | Lars Wirzenius | 1 | -1/+1 | |
This will catch problems where it's inadvertenly set. Not that I've ever mistyped the variable name. Not me. Nope. | |||||
2017-12-16 | Fix: only set password if one is given | Lars Wirzenius | 1 | -1/+7 | |
Previously this would set the encrypted password to xxx which means authn never works. I'm so stupid that the only reason I breathe is because my body doesn't let me have a vote in the matter. | |||||
2017-12-13 | Add: password field for users in unix_users | Lars Wirzenius | 2 | -0/+5 | |
This is for an _encrypted_ password. Sometimes it's necessary to have one, and just ssh key access isn't enough. Say, IMAP users. | |||||
2017-12-06 | Add: new way of installined authorized_keys | Lars Wirzenius | 1 | -1/+39 | |
The old way still works, but is ignored unless the authkeys_dir is set explicitly. | |||||
2017-12-06 | Add: new fields for unix_users list items | Lars Wirzenius | 1 | -1/+10 | |
2017-11-15 | Add: allow overriding AuthConfig in .htaccess | Lars Wirzenius | 1 | -0/+1 | |
2017-10-19 | Add: in sources_lists signing-key and keyring-package are optional | Lars Wirzenius | 1 | -0/+2 | |
2017-10-19 | Fix: don't install -updates/-backports for buster | Lars Wirzenius | 1 | -0/+5 | |
2017-10-14 | Fix: set ownership, perms for /etc/hostname | Lars Wirzenius | 1 | -0/+3 | |
2017-10-13 | Add: install signing key, keyring package via sources_lists | Lars Wirzenius | 2 | -1/+15 | |
2017-08-02 | Add: git-annex on a gitano server | Lars Wirzenius | 1 | -0/+4 | |
2017-07-09 | Add: robots.txt for cgit to exclude everyone | Lars Wirzenius | 3 | -0/+11 | |
2017-05-08 | Handle ssh keys as content; restart apache after cgit | Lars Wirzenius | 3 | -3/+11 | |
2017-04-24 | Disable cgit caching | Lars Wirzenius | 1 | -2/+2 | |
2017-04-24 | Rename roles to be more specific | Lars Wirzenius | 16 | -0/+0 | |
Suggested by Ivan Dolgov. | |||||
2017-04-21 | Add web_server and git_server roles | Lars Wirzenius | 16 | -0/+324 | |
Need git_server for the new QvarnLabs git server, and the git server relies on the web server for cgit. | |||||
2017-04-18 | Install dbus so timectl works on systemd systems | Lars Wirzenius | 1 | -0/+4 | |
2017-04-17 | Set time zone in sane_debian_system | Lars Wirzenius | 2 | -0/+8 | |
2017-04-15 | Generate requested locales; fix conditions for hostname | Lars Wirzenius | 2 | -3/+15 | |
2017-04-15 | Generate sources.list suitable for unstable | Lars Wirzenius | 1 | -0/+3 | |
2017-04-12 | Add a role to create Unix system users | Lars Wirzenius | 3 | -0/+47 | |
Including setting authorized_keys, and passwordless sudo access. | |||||
2017-04-04 | Fix apt-transport-https installation | Lars Wirzenius | 1 | -2/+12 | |
We run virtual machines built from a disk image. The image has package lists downloaded, but from far ago. So we update them before installing the https transport. Then we install the transport. Then we fiddle with sources.lists, update package lists and then continue as needed. | |||||
2017-04-04 | Add -backports to sources.list.j2 | Lars Wirzenius | 1 | -0/+1 | |
It's safe to do, since nothing will be installed from there without explicit request. | |||||
2017-04-04 | Fix source.list creation, separate apt update | Lars Wirzenius | 1 | -4/+7 | |
2017-04-04 | Fix line for codename-updates to be correct | Lars Wirzenius | 1 | -1/+1 | |
2017-04-04 | Fix debian-release to be debian-codename | Lars Wirzenius | 1 | -2/+2 | |
Also, use a more reliable default mirror. | |||||
2017-04-04 | Use underscores, to be systemtic | Lars Wirzenius | 6 | -0/+0 | |
2017-04-04 | Make release codename a variable | Lars Wirzenius | 2 | -3/+5 | |
2017-04-04 | Rename role to be generic Debian, not just jessie | Lars Wirzenius | 6 | -0/+0 | |