foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
517 commits 2 branches 0 tags 1.8 MiB
Commit graph

335 commits

Author SHA1 Message Date
Timo Makinen
00c204912f bird: Remove leftover vim swap file 2021-03-17 18:42:02 +00:00
Timo Makinen
7b9c0b1f4d Add ifstated to fsol-gw hosts 2021-03-17 18:41:25 +00:00
Timo Makinen
7175dc85b8 pf: Allow carp traffic on fsol-gw hosts 2021-03-17 18:30:09 +00:00
Timo Makinen
01dc86e3e2 bird: Use dynamic router id 2021-03-17 18:13:23 +00:00
Timo Makinen
635a867068 syslog: Fix syntax warnings from log backup cron job 2021-03-17 05:41:12 +00:00
Timo Makinen
08c62bd21b ldap/server: Fix syntax warnings about cron job 2021-03-17 05:40:20 +00:00
Timo Makinen
a745cdb3ee sshd: Remove some unused and potentially dangerous features 2021-03-17 05:20:41 +00:00
Timo Makinen
282fbcb932 sshd: Disable CentOS 8+ crypto policies for sshd 2021-03-17 05:17:53 +00:00
Timo Makinen
6858706c0b base: Remove ssh handler as it's now in own role 2021-03-17 05:16:11 +00:00
Timo Makinen
0172750ca1 sshd: Move ssh deamon configuration to own role 2021-03-17 05:15:05 +00:00
Timo Makinen
c99efeab61 Lint fixes 2021-03-16 23:07:26 +00:00
Timo Makinen
6a712f7737 sendmail: Add newalises handler support 2021-03-16 22:46:42 +00:00
Timo Makinen
7febf3bda5 nginx/server: Use mozilla recommended ssl settings 2021-03-16 22:45:21 +00:00
Timo Makinen
55855d7c15 Start working on replicated fsol gw 
* Add fsol01 host
* Move everything to fsol01 for now
* Add pfsync interface
* Try to fix firewall rules with correct no-sync options
 2021-03-16 22:41:58 +00:00
Timo Makinen
1ad8a4e3f8 ldap_netdb: Fix dependencies 2021-03-16 20:17:56 +00:00
Timo Makinen
cad340750b ldap_gravatar: Fix dependencies 2021-03-16 20:17:28 +00:00
Timo Makinen
015de5a8df ldap_gravatar: Initial version of role 2021-03-16 19:18:55 +00:00
Timo Makinen
5783675589 sendmail: Restart sendmail after config changes 2021-03-16 17:22:54 +00:00
Timo Makinen
bfc59bfb2d sendmail: Fix hostname part from kerberos principal 2021-03-16 17:21:51 +00:00
Timo Makinen
35b919910f sendmail: Remove duplicate config option 2021-03-16 17:21:30 +00:00
Timo Makinen
c1ee7e81d0 saslauthd: Convert ldap to use fastbind 
Seems that cert auth always returns success even for invalid passwords. :)
 2021-03-16 11:51:10 +00:00
Timo Makinen
0f6d33072e sendmail: Better ordering for auth mechanisms 2021-03-16 09:26:47 +00:00
Timo Makinen
ded4730735 sendmail: Add dhparams 2021-03-16 08:31:15 +00:00
Timo Makinen
ac3ac750c1 sendmail: Don't hardcode tls key and cert paths 2021-03-16 08:27:23 +00:00
Timo Makinen
183208afff dovecot: Use Mozilla intermediate ssl settings 2021-03-16 07:30:29 +00:00
Timo Makinen
2f2db828b2 dhparams: Helper role to copy dhparams file to hosts 2021-03-16 07:30:02 +00:00
Timo Makinen
a7795193e7 dovecot: Fix permissons from kerberos keytab 2021-03-16 02:57:20 +00:00
Timo Makinen
2f39d6ebf9 kvm-host: Add virt-top 2021-03-16 01:19:23 +00:00
Timo Makinen
7fbd201242 kvm-host: Add base libvirt packages not just daemon 2021-03-16 01:09:23 +00:00
Timo Makinen
3ad51924eb Add fsol02.home.foo.sh 2021-03-16 00:56:59 +00:00
Timo Makinen
f73ca08805 bird: Initial version of role 2021-03-16 00:56:00 +00:00
Timo Makinen
644299f49a openvpn: Initial version of role 2021-03-16 00:55:43 +00:00
Timo Makinen
32e4f82ff2 roles-lists: Initial version of role 
Add support for archiving mailing lists from roles.
 2021-03-12 17:09:46 +00:00
Timo Makinen
cb4292f5d0 clamav: Fix enabling and starting service 
Correct way to enable instantiated services is to just run
"systemctl enable name@arg.service". This will automatically create
required service files based on "name@.service". Disabling service
again removes required files.
 2021-03-12 16:17:50 +00:00
Timo Makinen
2f01f32259 selinux: Create drop-in directory for custom selinx modules 2021-03-12 15:57:26 +00:00
Timo Makinen
3eff758f5c opencollab: Initial version of role 
This will download opencollab from github and install it with pip2.
Unfortunately ansible pip only checks if module is installed so
new versions are not updated automatically.

Running "pip2 uninstall opencollab" should trigger update on next
ansible run.
 2021-03-12 15:41:44 +00:00
Timo Makinen
8a5d3cde28 nginx/server: Wait for network before starting service 2021-03-12 09:11:52 +00:00
Timo Makinen
61dbae4228 base: Fix typo 2021-03-11 21:16:08 +00:00
Timo Makinen
eb81b512b2 autofs: Try to improve NFS performance 2021-03-11 21:08:23 +00:00
Timo Makinen
72e24d725d thunderbird: Initial version of role 
Only disables saving passwords for now.
 2021-03-11 21:07:29 +00:00
Timo Makinen
7c3d24d2c8 firefox: Initial version of role 
* Install firefox
* Set homepage to https://www.foo.sh
* Disable password manager
 2021-03-11 20:25:59 +00:00
Timo Makinen
6cd2a5bbe5 sendmail: Move mail spool under /export hierarcy 2021-03-11 17:39:27 +00:00
Timo Makinen
5b03f74903 sendmail: Use cert and cert chain file seperately 
For some reason sendmail didn't like fullchain file so seperate them.
 2021-03-11 17:28:21 +00:00
Timo Makinen
4804a50b37 dovecot: Try to fix cache dir permissions again 2021-03-11 17:17:06 +00:00
Timo Makinen
ff97290463 dovecot: Use fullchain extension for certificate 2021-03-11 17:05:40 +00:00
Timo Makinen
a293945d04 saslauthd: Fix LDAP mech 
* Fix server address
* Force server certificate check
* Use client certificates for authenticating to LDAP
 2021-03-11 17:01:24 +00:00
Timo Makinen
61633eb07b autofs: Allow to use home directories over NFS 2021-03-11 16:56:05 +00:00
Timo Makinen
36b2f9f9c5 mutt: Initial version of module 2021-03-11 16:54:01 +00:00
Timo Makinen
5322b2268b base: Use argv when running commands 2021-03-11 10:59:04 +00:00
Timo Makinen
d1921c3dc4 base: Fix selinux contexts from /export 2021-03-11 10:07:51 +00:00