mirror/ infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-05-18 23:06:04 +02:00
Code Issues
2,920 Commits 20 Branches 0 Tags 16 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
Kristian Klausen 4112bdf9fd Make ansible-lint happy 
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
 2021-02-14 14:22:05 +01:00
Kristian Klausen 2d152700b6 Move certificate issuing to its own role to ease maintenance 
It should make it easier to change how the certificates is issued.
Ex: If we want to switch to ECDSA certificates in the future or replace
certbot with something else.
 2021-01-10 20:03:11 +01:00
Sven-Hendrik Haase d68771ea7a
Fix for ansible 2.10 (fixes #149) 2020-09-23 22:22:34 +02:00
Jakub Klinkovský 85814c031c Fix typos - lineinfile has 'owner', not 'user' parameter 2020-08-28 06:03:07 +00:00
Frederik Schwan 63887d3b09 fix E208 'File permissions not mentioned' 2020-08-27 05:29:00 +00:00
Frederik Schwan a4a4f3e76c
fix E303 'Using command rather than module' 
also use systemd instead of service module
 2020-06-17 02:43:12 +02:00
Frederik Schwan 2b2bd06512
fix E206 'Variables should have spaces before and after: {{ var_name }}' 2020-06-12 22:20:48 +02:00
Jan Alexander Steffens (heftig) c9b667dba7
syncrepo: Fix CacheDir whitespace 2019-09-05 20:50:34 +02:00
Evangelos Foutras 6b0bbe5626 syncrepo: create nginx log dir iff mirror_domain is defined 2019-03-20 02:03:37 +02:00
Phillip Smith 8d681f0040 add "firewall" tag to all relevant tasks 2018-08-17 14:56:37 +10:00
Phillip Smith 1258e6b7d1 make all firewalld changes take effect immediately 2018-08-17 10:32:10 +10:00
Florian Pritz 9ba4f10eb7
Unify mirrorlist changes into template 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-06-25 15:05:58 +02:00
Florian Pritz 13078f8651
Enable cpu/memory accounting by default 
The discovery script now uses a regex and no longer cares where exactly
accounting is enabled. Follow systemd upstream by enabling it by
default.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-06-25 14:50:58 +02:00
Florian Pritz b847916c61
Disable firewalld tasks 
Disable firewall because python2 module is not avaible and the tasks
fail which makes the playbooks fail and leads to handlers not being run.

https://github.com/ansible/ansible/issues/24855

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-03-21 12:38:01 +01:00
Phillip Smith 59807399ed initial commit of firewalld role and tasks 2018-03-06 08:46:24 +11:00
Florian Pritz b59d6b99df
Add cpu/memory accounting to many roles 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-02-28 19:50:32 +01:00
Florian Pritz 7411e9a2db
Tag nginx configs in roles as nginx 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2018-02-19 21:41:14 +01:00
Bartłomiej Piotrowski 5ddd81ae8a Use more idiomatic way of checking for variable presence 2017-10-22 18:40:28 +02:00
Florian Pritz a9100c3d3b Fix typo in ssl cert creation 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2017-10-20 21:28:22 +02:00
Florian Pritz 8614708627 Create SSL certificates automatically for nginx configs 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2017-10-20 21:26:55 +02:00
Giancarlo Razzolini ff27e416e7
roles/*: Fix nginx log dir permissions 
To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.
 2017-02-10 09:15:42 -02:00
Florian Pritz 57d62ca88a
Fix permissions of nginx log dirs, CVE-2016-1247 
CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as nginx
instead of root. logrotate creates the proper log files already so
nginx doesn't need write permissions to those directories.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2017-02-05 19:15:46 +01:00
Florian Pritz e8b1b5b621
Use dedicated log files in nginx vhosts 
Signed-off-by: Florian Pritz <bluewind@xinu.at>
 2017-02-05 14:39:55 +01:00
Giancarlo Razzolini 319ed05022
roles/nginx: Add a handler for reloading nginx and change all the roles to use it, instead of restarting nginx. 2017-01-02 09:31:53 -02:00
Jan Alexander Steffens (heftig) a4b9d88ba7
syncrepo: Set CacheDir to avoid downloads 2016-09-25 03:22:01 +02:00
Jan Alexander Steffens (heftig) aa3c341349
roles/syncrepo: Support rsyncd 2016-09-23 18:41:46 +02:00
Jan Alexander Steffens (heftig) 711915724e
roles/syncrepo: Add nginx config 2016-09-22 13:36:54 +02:00
Jan Alexander Steffens (heftig) 58f9e031c5
roles/syncrepo: Add syncrepo role 2016-09-22 09:25:34 +02:00