Skip to content

Fine Tuning
Compare
Choose a tag to compare
@david-loffredo david-loffredo released this 19 Feb 03:24
v1.1
f6c9073

[1.1] - 2020-02-18

  • Added 'www' user account for uploading website data. Also reworked
    the website configs to add a variety of extra flags.

  • Changed '-' to '_' in backup_server and raspberry_pi group names to
    satisfy new Ansible naming requirements. Update your host files and
    group_var files to match. Many lint fixes throughout the playbooks.

  • Certbot handling now broken out into a separate role, the renewal
    hooks are now configurable and handled by a few simple variables.
    Now requesting a separate certificate for the mail server. This
    makes it possible to build a mail-only or web-only server without
    having to rework certbot.

  • Simplified HTTPS handling, tightened up SLL parameters, and Apache
    directory permissions.

  • backup-server play now brings in the cryptdir role. Encryption type
    is 'none' by default, set to luks to encrypt the backups at rest.

  • bacula_director_bootstart controls whether director starts at boot.
    Starts normally when encryption type is 'none'.

  • mail_services_bootstart controls whether mail starts at boot.
    Starts normally when encryption type is 'none'.

  • web_services_bootstart controls whether apache starts at boot.
    Starts normally but can be overridden if using encryption for the
    document root.

  • The first.yml playbook now does sudo on raspberry pis.

Assets 2
Loading