Mirrors/ansible-collection-famedly-base
2
0
Fork 0
mirror of https://github.com/famedly/ansible-collection-base synced 2024-11-10 06:24:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
210 commits 21 branches 1 tag 671 KiB
Commit graph

210 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lars Kaiser
b4c259dd1d
feat(ssh): allow configuring MaxStartups 2024-02-29 15:22:53 +01:00
Lars Kaiser
f204f3036b
feat(ssh): allow configuring MaxSessions 2024-02-29 13:53:18 +01:00
Sebastian Fleer
b8af3d57f1
feat(postgresql): prevent major version updates 
By default the role will now update PostgreSQL to the latest available minor
version, when only a major version is given, or the version of the deployed
container if postgresql_container_version does not match the major version
of that container.
 2024-02-28 11:52:34 +01:00
Lars Kaiser
c668936178
fix(restic): use RandomizedDelaySec 
The previously used AccuracySec is the wrong option to distribute timer
activations. See https://www.freedesktop.org/software/systemd/man/latest/systemd.timer.html#RandomizedDelaySec=
 2024-02-22 14:02:30 +01:00
Jan Christian Grünhage
1be86920bd
chore: add missing @famedly/infrastructure codeowner for ldap role 2024-02-22 13:14:38 +01:00
Jan Christian Grünhage
a892e43f4a
update(docker): bump submodule for debian bookworm support 2024-02-22 10:29:15 +01:00
Jan Christian Grünhage
1dbc371d6b
update(ldap): bump openldap version to 2.6.6-r1 2024-02-22 10:23:47 +01:00
Jan Christian Grünhage
e78876d8cf
update(lego): bump version to 4.15.0 2024-02-14 20:35:38 +01:00
transcaffeine
944298ad54
update(redis): bump version to 7.2.4 2024-02-06 11:16:32 +01:00
Sammy
8e8f496df6
fix(lego): don't unpack source files in check mode 2024-02-02 10:45:58 +01:00
Sammy
4d1fae6b77
fix(user): ignore ssh key errors in check mode 
In check mode, the task fails if it's supposed to be adding ssh keys to
a user who doesn't exist. Ignoring errors in check mode makes it
possible to run the task in check mode even if there are new users to be
added.
 2024-02-02 10:34:16 +01:00
transcaffeine
0e98261665
fix(gpg_secretstore): ensure import errors get properly passed to fail_json 2024-01-25 11:40:01 +01:00
transcaffeine
f54e12561b
feat(gpg_secretstore): add warning if running as root, change warnings 
to str[]
 2024-01-03 13:07:01 +01:00
transcaffeine
c3eea409ea
chore(gpg_secretstore): log when traversing up to find gpg-id file 2024-01-03 13:06:56 +01:00
transcaffeine
af7cd13af9
fix(gpg_secretstore): clear exception on unknown subkey 2024-01-02 12:41:08 +01:00
Sammy
8bcc12dfd1
chore(ssh): disallow terrapin-vulnerable ciphers.. 
..and MACs

See https://terrapin-attack.com/
 2023-12-19 14:22:25 +01:00
Sammy
74d09b4416
fix(ssh): fix typo that prevented allowed ciphers.. 
from being set in the sshd config
 2023-12-19 12:15:37 +01:00
Lars Kaiser
24ae029f01
fix(user): use deploy instead of configure in tags 2023-12-18 13:04:49 +01:00
transcaffeine
7bbae943d2
feat(user): support partial execution with prepare and configure tags 2023-12-15 15:58:32 +01:00
Johanna Dorothea Reichmann
f84376026b
feat(redis): allow not requiring any password to use redis 2023-12-15 13:35:48 +01:00
Jan Christian Grünhage
ee40fd92f7
feat(filter): add some set theory filters 2023-12-12 10:54:21 +01:00
Jan Christian Grünhage
df5783c489
chore: update sanity test ignore generation 2023-12-12 10:54:20 +01:00
Jan Christian Grünhage
bb26511367
chore(gpg_secretstore): remove unused imports and disable lint for false-positive 2023-12-12 10:54:20 +01:00
transcaffeine
d17dfab09e
fix(gpg_secretstore): gnupg library respects GNUPG_HOME already 
The gnupg python library uses the $GNUPG_HOME environment variable
to detect where the GnuPG home is. Setting a default of `~/.gnupg`
which overrides the library behaviour breaks this.
 2023-12-12 10:54:05 +01:00
transcaffeine
c06f6a65be
chore(lego): ensure lego_certificate_store is owned by lego_certificate_store_user 2023-11-29 15:39:52 +01:00
Jan Christian Grünhage
ed8f0158ba
update(lego): bump version to 4.14.2 2023-11-08 23:58:40 +01:00
Jan Christian Grünhage
0a529d92dd
chore(rclone_serve): fix lints 2023-11-08 23:34:39 +01:00
Jan Christian Grünhage
10c34f5a73
fix(lego): systemd unit files should not have the executable bit set 
We're also making them non world readable, just in case people are
putting secrets in there.
 2023-11-08 23:28:43 +01:00
Johanna Dorothea Reichmann
e0c111ba08
chore(rclone_serve): allow adding arguments directly into rclone_serve, update README 2023-11-06 10:34:24 +01:00
Johanna Dorothea Reichmann
777e4f216d
fix(rclone_serve): allow inject remote-path into rclone_serve command 2023-11-06 10:34:23 +01:00
Johanna Dorothea Reichmann
7d7b3462c5
fix(rclone_serve): double-dashed arguments sometimes only get recognised with an equals sign between key and value 2023-11-06 10:34:15 +01:00
Johanna Dorothea Reichmann
457918ad59
update(restic): bump version to 0.16.2 2023-10-31 15:20:21 +01:00
Johanna Dorothea Reichmann
b6a87fc9c9
chore(restic): allow adding commandline parameters to restic backup command 2023-10-31 15:20:20 +01:00
Lars Kaiser
a2f368452c
fix(restic): don't prepend collection name in same collection 2023-10-25 16:17:55 +02:00
Evelyn Alicke
740799de21
feat(rclone_serve): initial implementation 
Co-Authored-By: Lars Kaiser <lars@kaiser.yt>
 2023-10-25 16:17:52 +02:00
Johanna Dorothea Reichmann
57966a1b68
update(restic): bump version to 0.16.1 
See https://github.com/restic/restic/releases/tag/v0.16.1
 2023-10-25 15:03:53 +02:00
Johanna Dorothea Reichmann
a77bd479ec
feat(restic): add ansible role to run restic in systemd jobs 2023-10-24 15:09:39 +02:00
Sammy
a93da4ab5d
chore(dropbear_luks_unlock): fix lints 2023-10-06 13:33:27 +02:00
Jan Christian Grünhage
42f0d14ca5
chore: add __pycache__ to .gitignore 2023-10-04 15:10:23 +02:00
Jan Christian Grünhage
a431011ae7
docs(gpg_secretstore): fix fqcn in lookup module examples 2023-10-04 15:08:30 +02:00
Jan Christian Grünhage
c4d77fd27a
chore: ignore test output directory 2023-09-27 17:54:06 +02:00
Jan Christian Grünhage
b75113582e
feat(gpg_secretstore): support setting secret store path in lookup plugin 2023-09-27 17:05:26 +02:00
Jan Christian Grünhage
568fe24788
docs(gpg_secretstore): update lookup plugin documentation 2023-09-27 17:05:26 +02:00
Jan Christian Grünhage
6c5e6f8f9b
chore(gpg_secretstore): set correct shebang and python encoding 2023-09-27 17:05:26 +02:00
Jan Christian Grünhage
a87df0120b
refactor(gpg_secretstore): fallible python imports for modules and plugins 2023-09-27 17:05:26 +02:00
Jadyn Emma Jaeger
761e12344f
feat(gpg_secretstore): add secretstore lookup plugin and documentation 2023-09-27 17:03:00 +02:00
Jan Christian Grünhage
f4740fe77f
chore(ssh): update algorithm presets 2023-09-27 13:09:51 +02:00
Jan Christian Grünhage
b426afcced
chore(ssh): configure intersection of set and supported algorithms 
This is done in preparation of updating the algorithm presets. Adding
new algorithms that aren't supported by older versions of openssh would
break templating, and we don't want to limit ourselves to algorithms
supported by all ssh versions we've got deployed anywhere.
 2023-09-27 12:58:30 +02:00
Jan Christian Grünhage
7dc00eb18d
chore(ssh): switch default preset from bsi recommendations to our own 2023-09-27 12:57:19 +02:00
Jan Christian Grünhage
265036be47
chore(gpg_secretstore): assert existence of user supplied secret 2023-09-26 14:51:06 +02:00