misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity
187 commits 13 branches 0 tags 930 KiB
Commit graph

45 commits

Author SHA1 Message Date
Christian Fraß e0529a0346 [mod] role:authelia 2024-06-01 19:26:06 +02:00
Christian Fraß 46375e9dd0 [fix] role:tlscert_acme_inwx 2024-06-01 18:41:52 +02:00
Christian Fraß 53c31d1187 Merge branch 'dev-nginx-hardening_1' into temp 2024-06-01 18:16:47 +02:00
Christian Fraß aeac7cceab [sty] roles:tls hardening:format 2024-06-01 18:14:21 +02:00
Christian Fraß 35688eddaf [fix] roles with ufw incocation 2024-06-01 17:23:42 +02:00
Christian Fraß 8c7b10f852 [fix] roles with ufw incocation 2024-06-01 17:17:40 +02:00
Christian Fraß abdd13264f [fix] role:nginx 2024-06-01 16:25:51 +02:00
Christian Fraß 72cec2758c [fix] role:nginx 2024-06-01 16:17:11 +02:00
Christian Fraß 1bae250945 [fix] role:nginx 2024-06-01 16:06:35 +02:00
Christian Fraß 6416259488 Merge branch 'dev-unattended-updates_1' into temp 2024-06-01 15:00:47 +02:00
Christian Fraß 434c901173 [mod] role:system-basics renamed to system_basics 2024-06-01 13:47:47 +02:00
Christian Fraß 0e913099e6 [fix] role:system-basics:add missing become:true directives [mod] role:system-basisc:also install htop and tmux 2024-06-01 13:47:20 +02:00
Christian Fraß 8d57e57df8 [mod] role:unattended-upgrades renamed to unattended_upgrades 2024-06-01 13:44:51 +02:00
Christian Fraß 715d39716c [fix] install required packages [fix] add missing become:true directives [mod] use fully qualified names for ansible tasks 2024-06-01 13:43:40 +02:00
Christian Fraß ed300b7fdb [mod] role:tlscert_acme_inwx 2024-06-01 13:38:39 +02:00
Christian Fraß fbbca1615f [mod] role:system-basics 2024-06-01 13:38:14 +02:00
Christian Fraß 5c4df42844 [fix] role:tlscert_acme_inwx 2024-06-01 13:26:46 +02:00
Christian Fraß 1cb7fe5e68 [fix] role:tlscert_acme_inwx 2024-06-01 13:17:35 +02:00
Christian Fraß 04de638925 [fix] role:tlscert_acme_inwx 2024-06-01 13:10:22 +02:00
Christian Fraß f95123a21c [fix] role:tlscert_acme_inwx 2024-06-01 13:04:50 +02:00
Christian Fraß 19ceef7f45 [fix] role:unattended-upgrades 2024-06-01 13:00:09 +02:00
Christian Fraß d515cc6cec [fix] role:ufw 2024-06-01 12:56:18 +02:00
Christian Fraß 643ec848f0 [fix] role:system-basics:root 2024-06-01 12:52:16 +02:00
Christian Fraß b1ef98bc00 [fix] role:tlscert_acme_inwx 2024-06-01 12:49:30 +02:00
Christian Fraß 17b581aa61 Merge branch 'dev-tls_auto' into temp 2024-06-01 12:34:00 +02:00
Christian Fraß d18600bf91 [mod] role:tlscert_acme_inwx:revise inwx 2024-06-01 08:53:52 +02:00
Christian Fraß 9806adb9ab [mod] role:tlscert_acme_inwx:rename tls-renew to tls-get 2024-05-31 08:50:13 +02:00
Christian Fraß 7b3d5829ae [mod] role:tlscert_acme_inwx 2024-05-31 08:24:45 +02:00
Christian Fraß 0aa3cb5303 [mod] role:tlscert_acme_inwx:eigene umsetzung und automatische erneuerung 2024-05-30 22:56:56 +02:00
Christian Fraß f25589f56b [int] 2024-05-30 18:44:28 +02:00
Christian Fraß 6239a095b6 [res] 2024-05-20 22:41:50 +02:00
Christian Fraß 8fa7340959 Merge remote-tracking branch 'origin/dev-ufw' into temp 2024-05-20 22:40:15 +02:00
Marius Melzer 389b171401 Apply review comments 2024-04-24 20:03:44 +02:00
Christian Fraß e70ab02fed Apply 6 suggestion(s) to 2 file(s) 2024-04-24 17:38:11 +00:00
Christian Fraß 882286e1a7 Apply 1 suggestion(s) to 1 file(s) 2024-04-24 17:33:35 +00:00
Marius Melzer 65b00c8840 Add ufw role 
- Enable ufw and by default deny incoming traffic
- in other roles: if ufw (role) is enabled, then allow necessary ports
 2024-04-20 17:08:39 +02:00
Marius Melzer fcad5b9354 Add unattended upgrades 
Enable unattended upgrades and triggers unattended reboots (23:55 after an
upgrade which needs reboot).

Attention: this is specific to debian-style linux systems (Debian, Ubuntu,...).
 2024-04-20 15:24:38 +02:00
Marius Melzer 139ba7504a Add system-basics role 
- set time zone
- limit journal size
- set vim as editor
- limit ssh login to pubkey
 2024-04-20 15:23:38 +02:00
Marius Melzer dcc52b04cc Generate dhparams instead of using a checked in file 2024-04-20 13:11:26 +02:00
Marius Melzer a03e50c933 Harden nginx ssl/tls config 
According to https://ssl-config.mozilla.org/
 2024-04-19 00:28:45 +02:00
Christian Fraß 7f555a86c3 [mod] role:gitlab:SMTP-Anbindung hinzugefügt 2024-04-14 11:23:32 +02:00
Christian Fraß a209387e20 [add] role:synapse:vardef 2024-04-12 20:19:57 +02:00
Christian Fraß 6c4e68298b [mod] role:synapse:Schalter für federation 2024-04-05 13:39:26 +02:00
Christian Fraß 00049a180d [fix] role:dokuwiki 2024-04-05 13:31:43 +02:00
Christian Fraß 59211fba86 [int] 2024-03-29 17:21:05 +01:00