summaryrefslogtreecommitdiff
path: root/roles
AgeCommit message (Collapse)AuthorFilesLines
2022-10-11sshd: guard against a common misconfiguration of mineLars Wirzenius1-0/+6
Sponsored-by: author
2022-10-01sshd: insert Include at beginning of file, not endLars Wirzenius1-0/+1
At end, it'll be in a "match" block, which mean it won't work. Sponsored-by: author
2022-09-12apache_server: set default charset to utf8Lars Wirzenius1-0/+6
Sponsored-by: author
2022-09-10sshd: make sure sshd_config includes sshd_config.d/*.confLars Wirzenius1-0/+6
Sponsored-by: author
2022-09-04fix: drop adding hostname to /etc/hosts as an alias for 127.0.0.1Lars Wirzenius3-8/+24
It doesn't seem to serve any useful purpose, but it bothers a Puomi router then servers 127.0.0.1 as its own address to its DHCP clients. Sponsored-by: author
2022-08-09fix: add missing defaults fileLars Wirzenius1-0/+9
Sponsored-by: author
2022-08-09sshd: make support for authorize_keys file optional (default yes)Lars Wirzenius1-0/+8
Sponsored-by: author
2022-08-03fix: allow ed25519 for certs as wellLars Wirzenius1-1/+1
Sponsored-by: author
2022-08-03fix: typo in sshd/READMELars Wirzenius1-1/+1
Sponsored-by: author
2022-08-02docs: document the `sshd` role variablesLars Wirzenius1-0/+17
Sponsored-by: author
2022-07-31sshd: addLars Wirzenius4-0/+100
Sponsored-by: author
2022-07-11chore(sane_debian_system role): run off Ansible warning aboutLars Wirzenius1-0/+2
Ansible warns about using apt-get instead of the apt module. However, I don't think the module can do what the command does. Shut up the warning. Sponsored-by: author
2022-04-30fix(sane_debian_system/apt): allow root to use sudo without passwordLars Wirzenius1-1/+1
Previously, wrong username was used in sudo config. Sponsored-by: author
2022-04-24fix: allow root to use sudoLars Wirzenius1-0/+7
Sponsored-by: author
2022-04-24fix: start dbus before using hostname module, relying on systemdLars Wirzenius1-0/+7
Sponsored-by: author
2022-02-15apache_server: redirect also https siteLars Wirzenius1-0/+5
Sponsored-by: author
2022-02-15apache_server: allow redirecting a site to another siteLars Wirzenius2-0/+6
Sponsored-by: author
2022-01-29don't install ntp, use Debian's default of systemd-timesyncd insteadLars Wirzenius1-1/+0
Sponsored-by: author
2021-12-31fix: set hostname without systemdLars Wirzenius1-1/+1
Sponsored-by: author
2021-12-31fix: don't have a default hostname valueLars Wirzenius1-2/+2
Sponsored-by: author
2021-12-28sane_debian_system: avoid apt-key for adding repository signing keysLars Wirzenius1-9/+13
Debian has decided to deprecate apt-key, though I can't find out why. Sponsored-by: author
2021-12-12fix: install gpg, for apt key installationLars Wirzenius1-1/+2
Not gnupg (see earlier commit), but gpgv doesn't seem to be enough. Bummer. Sponsored-by: author
2021-12-08fix: drop installation of gnupgLars Wirzenius1-2/+1
gnupg drags in a lot of desktop-oriented stuff, which can make logins to servers quite slow. nalanda.liw.fi logins took 90 seconds because of this. Sponsored-by: author
2021-09-16fix: add impl to bindings files for new SubplotLars Wirzenius2-10/+30
Sponsored-by: author
2021-09-09turn off Ansible warning for using apt-get in shellLars Wirzenius1-0/+2
Sponsored-by: author
2021-08-20fix: tell Ansible to use python3Lars Wirzenius1-1/+2
Sponsored-by: author
2021-08-20fix: automatically handle stable becoming bullseyeLars Wirzenius1-15/+14
Sponsored-by: author
2021-07-12Revert "fix: sane_debian_system setting hostname"Lars Wirzenius1-4/+3
This reverts commit 028980c06c069914823ec965e413f272b0ae0e83.
2021-07-07fix: make sure gnupg is installed before adding apt keysLars Wirzenius1-0/+4
On the Debian 11 cloud image it's not installed by default. Sponsored-by: author
2021-07-07fix: sane_debian_system setting hostnameLars Wirzenius1-3/+4
This avoids the Ansible hostname module, which breaks post-Python3.6, because they removed platform.linux_didstribution. Sigh. Sponsored-by: author
2021-03-31feat! default sane_debian_hostname to inventory hostnameLars Wirzenius3-5/+29
Doesn't break anything if hostname was already set, but just in case, bump version number, which means any users of this role need to be upgraded.
2020-11-08feat(unix_users): allow a user to be added to extra groupsLars Wirzenius4-3/+28
2020-11-04feat! make all sane_debian_system variables be prefixed properlyLars Wirzenius6-36/+27
This is a breaking change.
2020-11-01sane_debian_system: check that debian_codename is setLars Wirzenius1-0/+15
2020-10-21unix_users: drop obsolete authkeys_dir variable, bump versionLars Wirzenius3-27/+32
Also, document the variables in the subplot.
2020-10-21doc: all rolesLars Wirzenius3-0/+17
2020-10-18fix(sane_debian_system): set hostname via AnsibleLars Wirzenius4-12/+25
2020-10-11fix: syntax non-errorLars Wirzenius1-1/+1
2020-10-10test(sane_debian_system): add subplot scenariosLars Wirzenius6-1/+78
2020-10-10doc: add instructions for usingLars Wirzenius1-1/+1
2020-10-10feat(unix_users): user MUST declare compat version they wantLars Wirzenius3-0/+13
2020-10-10test(unix_users): verify setting authorized_keysLars Wirzenius3-1/+16
2020-10-10test(unix_users): set encrypted password for usersLars Wirzenius3-0/+16
2020-10-10feat: verify unix_users can set shellLars Wirzenius3-1/+20
2020-10-10fix: unix_users scenario verifies user doesn't exist before creatingLars Wirzenius3-0/+11
2020-10-06test: add a subplot to verify the roles workLars Wirzenius3-0/+28
2020-09-08fix(sane_debian_system): install sudoLars Wirzenius1-0/+4
2020-09-08fix(apache_server: allow apache2 restarting to failLars Wirzenius1-1/+2
2019-10-02Fix: don't fail when apache can't be startedLars Wirzenius1-1/+2
This happens on first run, since apache want to use a cert that hasn't been created yet.
2019-10-02Change: allow setting Debian release from which certbot is installedLars Wirzenius2-1/+4