Fine Tuning
[1.1] - 2020-02-18
-
Added 'www' user account for uploading website data. Also reworked
the website configs to add a variety of extra flags. -
Changed '-' to '_' in backup_server and raspberry_pi group names to
satisfy new Ansible naming requirements. Update your host files and
group_var files to match. Many lint fixes throughout the playbooks. -
Certbot handling now broken out into a separate role, the renewal
hooks are now configurable and handled by a few simple variables.
Now requesting a separate certificate for the mail server. This
makes it possible to build a mail-only or web-only server without
having to rework certbot. -
Simplified HTTPS handling, tightened up SLL parameters, and Apache
directory permissions. -
backup-server play now brings in the cryptdir role. Encryption type
is 'none' by default, set to luks to encrypt the backups at rest. -
bacula_director_bootstart controls whether director starts at boot.
Starts normally when encryption type is 'none'. -
mail_services_bootstart controls whether mail starts at boot.
Starts normally when encryption type is 'none'. -
web_services_bootstart controls whether apache starts at boot.
Starts normally but can be overridden if using encryption for the
document root. -
The first.yml playbook now does sudo on raspberry pis.