71d392a556
powertools: Initial version of module
2021-03-17 22:45:13 +00:00
9675485eda
git/server: Fix typo from task name
2021-03-17 21:32:34 +00:00
58de72e85a
git: Convert to CentOS 8 and Apache
...
* Update git hosts to CentOS 8
* Drop nslscd and use sssd instead
* Change nginx to apache for future GSSAPI support
* Fix SELinux contexts from git data directory
2021-03-17 21:29:47 +00:00
3d885de573
ifstated: Fix fireall problems when fsol-gw is booted
...
For some reason firewall rules are not correctly loaded during boot
so reload them when ifstated starts.
2021-03-17 20:31:41 +00:00
887d4872d9
ifstated: Cannot validate config during provisioning
...
Network is restarted at the end of play run so ifstated validation
fails due to missing interfaces.
2021-03-17 19:05:01 +00:00
37ef5eb504
ifstated: Validate config before restarting
2021-03-17 18:48:41 +00:00
18a4c592ce
bird: Restart bird after config changes
2021-03-17 18:44:11 +00:00
00c204912f
bird: Remove leftover vim swap file
2021-03-17 18:42:02 +00:00
7b9c0b1f4d
Add ifstated to fsol-gw hosts
2021-03-17 18:41:25 +00:00
7175dc85b8
pf: Allow carp traffic on fsol-gw hosts
2021-03-17 18:30:09 +00:00
01dc86e3e2
bird: Use dynamic router id
2021-03-17 18:13:23 +00:00
635a867068
syslog: Fix syntax warnings from log backup cron job
2021-03-17 05:41:12 +00:00
08c62bd21b
ldap/server: Fix syntax warnings about cron job
2021-03-17 05:40:20 +00:00
a745cdb3ee
sshd: Remove some unused and potentially dangerous features
2021-03-17 05:20:41 +00:00
282fbcb932
sshd: Disable CentOS 8+ crypto policies for sshd
2021-03-17 05:17:53 +00:00
6858706c0b
base: Remove ssh handler as it's now in own role
2021-03-17 05:16:11 +00:00
0172750ca1
sshd: Move ssh deamon configuration to own role
2021-03-17 05:15:05 +00:00
c99efeab61
Lint fixes
2021-03-16 23:07:26 +00:00
6a712f7737
sendmail: Add newalises handler support
2021-03-16 22:46:42 +00:00
7febf3bda5
nginx/server: Use mozilla recommended ssl settings
2021-03-16 22:45:21 +00:00
55855d7c15
Start working on replicated fsol gw
...
* Add fsol01 host
* Move everything to fsol01 for now
* Add pfsync interface
* Try to fix firewall rules with correct no-sync options
2021-03-16 22:41:58 +00:00
1ad8a4e3f8
ldap_netdb: Fix dependencies
2021-03-16 20:17:56 +00:00
cad340750b
ldap_gravatar: Fix dependencies
2021-03-16 20:17:28 +00:00
015de5a8df
ldap_gravatar: Initial version of role
2021-03-16 19:18:55 +00:00
5783675589
sendmail: Restart sendmail after config changes
2021-03-16 17:22:54 +00:00
bfc59bfb2d
sendmail: Fix hostname part from kerberos principal
2021-03-16 17:21:51 +00:00
35b919910f
sendmail: Remove duplicate config option
2021-03-16 17:21:30 +00:00
c1ee7e81d0
saslauthd: Convert ldap to use fastbind
...
Seems that cert auth always returns success even for invalid passwords. :)
2021-03-16 11:51:10 +00:00
0f6d33072e
sendmail: Better ordering for auth mechanisms
2021-03-16 09:26:47 +00:00
ded4730735
sendmail: Add dhparams
2021-03-16 08:31:15 +00:00
ac3ac750c1
sendmail: Don't hardcode tls key and cert paths
2021-03-16 08:27:23 +00:00
183208afff
dovecot: Use Mozilla intermediate ssl settings
2021-03-16 07:30:29 +00:00
2f2db828b2
dhparams: Helper role to copy dhparams file to hosts
2021-03-16 07:30:02 +00:00
a7795193e7
dovecot: Fix permissons from kerberos keytab
2021-03-16 02:57:20 +00:00
2f39d6ebf9
kvm-host: Add virt-top
2021-03-16 01:19:23 +00:00
7fbd201242
kvm-host: Add base libvirt packages not just daemon
2021-03-16 01:09:23 +00:00
3ad51924eb
Add fsol02.home.foo.sh
2021-03-16 00:56:59 +00:00
f73ca08805
bird: Initial version of role
2021-03-16 00:56:00 +00:00
644299f49a
openvpn: Initial version of role
2021-03-16 00:55:43 +00:00
32e4f82ff2
roles-lists: Initial version of role
...
Add support for archiving mailing lists from roles.
2021-03-12 17:09:46 +00:00
cb4292f5d0
clamav: Fix enabling and starting service
...
Correct way to enable instantiated services is to just run
"systemctl enable name@arg.service". This will automatically create
required service files based on "name@.service". Disabling service
again removes required files.
2021-03-12 16:17:50 +00:00
2f01f32259
selinux: Create drop-in directory for custom selinx modules
2021-03-12 15:57:26 +00:00
3eff758f5c
opencollab: Initial version of role
...
This will download opencollab from github and install it with pip2.
Unfortunately ansible pip only checks if module is installed so
new versions are not updated automatically.
Running "pip2 uninstall opencollab" should trigger update on next
ansible run.
2021-03-12 15:41:44 +00:00
8a5d3cde28
nginx/server: Wait for network before starting service
2021-03-12 09:11:52 +00:00
61dbae4228
base: Fix typo
2021-03-11 21:16:08 +00:00
eb81b512b2
autofs: Try to improve NFS performance
2021-03-11 21:08:23 +00:00
72e24d725d
thunderbird: Initial version of role
...
Only disables saving passwords for now.
2021-03-11 21:07:29 +00:00
7c3d24d2c8
firefox: Initial version of role
...
* Install firefox
* Set homepage to https://www.foo.sh
* Disable password manager
2021-03-11 20:25:59 +00:00
6cd2a5bbe5
sendmail: Move mail spool under /export hierarcy
2021-03-11 17:39:27 +00:00
5b03f74903
sendmail: Use cert and cert chain file seperately
...
For some reason sendmail didn't like fullchain file so seperate them.
2021-03-11 17:28:21 +00:00
