Lars Kaiser
77c11d4ab1
fix(ssh): make role more idempotent
2024-07-05 10:47:24 +02:00
Lars Kaiser
1987ae6993
chore: clean up CODEOWNERS
2024-07-05 10:20:04 +02:00
Lars Kaiser
cc238c7101
chore(postgresql): add check for empty directory in initialization
2024-07-05 10:20:04 +02:00
Lars Kaiser
9f55a4cce4
fix(postgresql): look at PG_VERSION file instead of the container
2024-07-05 10:20:04 +02:00
Lars Kaiser
450dc3f859
fix(redis): assert version correctly
2024-06-25 16:19:38 +02:00
Lars Kaiser
5a011dff61
chore(restic): make vars mandatory for better error messages
2024-06-25 13:47:47 +02:00
Sebastian Fleer
a821a2f405
feat(lego): make HTTP challenge port configurable
2024-06-24 11:59:46 +02:00
transcaffeine
7c42199b1e
chore(lego): allow for lego_post_renewal_script to be array of commands/hooks
2024-06-23 12:08:32 +02:00
Sammy
056b896083
chore: add ff-merge workflow
2024-06-13 11:45:48 +02:00
Evelyn Alicke
519f9b99c1
chore(redis): add assertion for version with license change
...
closes: https://github.com/famedly/infra-meta/issues/1528
related-to: https://github.com/famedly/infra-meta/issues/1364
2024-06-12 11:21:02 +02:00
Evelyn Alicke
44a79890d5
chore(restic): add optional unlock step before check
...
fixes: https://github.com/famedly/infra-meta/issues/1525
2024-06-11 10:58:35 +02:00
Lars Kaiser
b757f65f0f
update(postgresql): new deployments will start with 16.3
2024-05-15 21:11:10 +02:00
transcaffeine
7906330a75
feat(postgresql_client_access): allow setting postgresql users and databases to be removed
2024-05-02 13:25:10 +02:00
Evelyn Alicke
26451225ec
fix(lego): get correct image for platforms other than x86_64
2024-03-28 21:02:40 +01:00
Jadyn Emma Jäger
82bca3f758
feat(lego): Add ExecStartPre Script option
2024-03-16 17:30:52 +01:00
Sebastian Fleer
a412e7161b
feat(postgresql): replace oom_killer with oom_score_adj
...
Docker ignores OomKillDisable with cgroup v2
2024-03-13 12:06:13 +01:00
Lars Kaiser
77a823859f
chore(gpg_secretstore): fix lints
2024-03-11 17:11:13 +01:00
Lars Kaiser
b4c259dd1d
feat(ssh): allow configuring MaxStartups
2024-02-29 15:22:53 +01:00
Lars Kaiser
f204f3036b
feat(ssh): allow configuring MaxSessions
2024-02-29 13:53:18 +01:00
Sebastian Fleer
b8af3d57f1
feat(postgresql): prevent major version updates
...
By default the role will now update PostgreSQL to the latest available minor
version, when only a major version is given, or the version of the deployed
container if postgresql_container_version does not match the major version
of that container.
2024-02-28 11:52:34 +01:00
Lars Kaiser
c668936178
fix(restic): use RandomizedDelaySec
...
The previously used AccuracySec is the wrong option to distribute timer
activations. See https://www.freedesktop.org/software/systemd/man/latest/systemd.timer.html#RandomizedDelaySec=
2024-02-22 14:02:30 +01:00
Jan Christian Grünhage
1be86920bd
chore: add missing @famedly/infrastructure codeowner for ldap role
2024-02-22 13:14:38 +01:00
Jan Christian Grünhage
a892e43f4a
update(docker): bump submodule for debian bookworm support
2024-02-22 10:29:15 +01:00
Jan Christian Grünhage
1dbc371d6b
update(ldap): bump openldap version to 2.6.6-r1
2024-02-22 10:23:47 +01:00
Jan Christian Grünhage
e78876d8cf
update(lego): bump version to 4.15.0
2024-02-14 20:35:38 +01:00
transcaffeine
944298ad54
update(redis): bump version to 7.2.4
2024-02-06 11:16:32 +01:00
Sammy
8e8f496df6
fix(lego): don't unpack source files in check mode
2024-02-02 10:45:58 +01:00
Sammy
4d1fae6b77
fix(user): ignore ssh key errors in check mode
...
In check mode, the task fails if it's supposed to be adding ssh keys to
a user who doesn't exist. Ignoring errors in check mode makes it
possible to run the task in check mode even if there are new users to be
added.
2024-02-02 10:34:16 +01:00
transcaffeine
0e98261665
fix(gpg_secretstore): ensure import errors get properly passed to fail_json
2024-01-25 11:40:01 +01:00
transcaffeine
f54e12561b
feat(gpg_secretstore): add warning if running as root, change warnings
...
to str[]
2024-01-03 13:07:01 +01:00
transcaffeine
c3eea409ea
chore(gpg_secretstore): log when traversing up to find gpg-id file
2024-01-03 13:06:56 +01:00
transcaffeine
af7cd13af9
fix(gpg_secretstore): clear exception on unknown subkey
2024-01-02 12:41:08 +01:00
Sammy
8bcc12dfd1
chore(ssh): disallow terrapin-vulnerable ciphers..
...
..and MACs
See https://terrapin-attack.com/
2023-12-19 14:22:25 +01:00
Sammy
74d09b4416
fix(ssh): fix typo that prevented allowed ciphers..
...
from being set in the sshd config
2023-12-19 12:15:37 +01:00
Lars Kaiser
24ae029f01
fix(user): use deploy
instead of configure
in tags
2023-12-18 13:04:49 +01:00
transcaffeine
7bbae943d2
feat(user): support partial execution with prepare
and configure
tags
2023-12-15 15:58:32 +01:00
Johanna Dorothea Reichmann
f84376026b
feat(redis): allow not requiring any password to use redis
2023-12-15 13:35:48 +01:00
Jan Christian Grünhage
ee40fd92f7
feat(filter): add some set theory filters
2023-12-12 10:54:21 +01:00
Jan Christian Grünhage
df5783c489
chore: update sanity test ignore generation
2023-12-12 10:54:20 +01:00
Jan Christian Grünhage
bb26511367
chore(gpg_secretstore): remove unused imports and disable lint for false-positive
2023-12-12 10:54:20 +01:00
transcaffeine
d17dfab09e
fix(gpg_secretstore): gnupg library respects GNUPG_HOME already
...
The gnupg python library uses the $GNUPG_HOME environment variable
to detect where the GnuPG home is. Setting a default of `~/.gnupg`
which overrides the library behaviour breaks this.
2023-12-12 10:54:05 +01:00
transcaffeine
c06f6a65be
chore(lego): ensure lego_certificate_store is owned by lego_certificate_store_user
2023-11-29 15:39:52 +01:00
Jan Christian Grünhage
ed8f0158ba
update(lego): bump version to 4.14.2
2023-11-08 23:58:40 +01:00
Jan Christian Grünhage
0a529d92dd
chore(rclone_serve): fix lints
2023-11-08 23:34:39 +01:00
Jan Christian Grünhage
10c34f5a73
fix(lego): systemd unit files should not have the executable bit set
...
We're also making them non world readable, just in case people are
putting secrets in there.
2023-11-08 23:28:43 +01:00
Johanna Dorothea Reichmann
e0c111ba08
chore(rclone_serve): allow adding arguments directly into rclone_serve, update README
2023-11-06 10:34:24 +01:00
Johanna Dorothea Reichmann
777e4f216d
fix(rclone_serve): allow inject remote-path into rclone_serve command
2023-11-06 10:34:23 +01:00
Johanna Dorothea Reichmann
7d7b3462c5
fix(rclone_serve): double-dashed arguments sometimes only get recognised with an equals sign between key and value
2023-11-06 10:34:15 +01:00
Johanna Dorothea Reichmann
457918ad59
update(restic): bump version to 0.16.2
2023-10-31 15:20:21 +01:00
Johanna Dorothea Reichmann
b6a87fc9c9
chore(restic): allow adding commandline parameters to restic backup
command
2023-10-31 15:20:20 +01:00