Daniel Berteaud
3 years ago
parent
16aca60368
commit
f0da06ade0
139 changed files with 0 additions and 1853 deletions
@ -1,7 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
/usr/bin/mysqldump --user={{ ampache_mysql_user }} \ |
||||
--password={{ ampache_mysql_pass }} \ |
||||
--host={{ ampache_mysql_server }} \ |
||||
--quick --single-transaction \ |
||||
--add-drop-table {{ ampache_mysql_db }} | lz4 -c > {{ ampache_root_dir }}/db_dumps/{{ ampache_mysql_db }}.sql.lz4 |
||||
@ -1,3 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
rm -f {{ ampache_root_dir }}/db_dump/* |
||||
Binary file not shown.
Binary file not shown.
@ -1,13 +0,0 @@ |
||||
--- |
||||
|
||||
system_distro_utils: |
||||
- openssh-clients |
||||
- nc |
||||
- xz |
||||
- lz4 |
||||
- yum-utils |
||||
- fuse-sshfs |
||||
- policycoreutils-python |
||||
- MySQL-python |
||||
- python-psycopg2 |
||||
- zstd |
||||
@ -1,13 +0,0 @@ |
||||
--- |
||||
|
||||
system_distro_utils: |
||||
- openssh-clients |
||||
- nc |
||||
- xz |
||||
- lz4 |
||||
- yum-utils |
||||
- fuse-sshfs |
||||
- policycoreutils-python-utils |
||||
- python3-mysql |
||||
- python3-psycopg2 |
||||
- zstd |
||||
@ -1,3 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
/bin/systemctl restart coturn |
||||
@ -1,40 +0,0 @@ |
||||
pidfile="/var/run/coturn/coturn.pid" |
||||
verbose |
||||
fingerprint |
||||
{% if turn_auth_secret is defined %} |
||||
use-auth-secret |
||||
static-auth-secret {{ turn_auth_secret }} |
||||
{% else %} |
||||
lt-cred-mech |
||||
{% endif %} |
||||
no-sslv2 |
||||
no-sslv3 |
||||
no-loopback-peers |
||||
no-multicast-peers |
||||
realm {{ turn_realm | default(ansible_domain) }} |
||||
proc-user turnserver |
||||
proc-group turnserver |
||||
syslog |
||||
|
||||
{% for ip in turn_listen_ip %} |
||||
listening-ip {{ ip }} |
||||
{% endfor %} |
||||
|
||||
{% if not turn_allow_non_tls %} |
||||
no-tcp |
||||
no-udp |
||||
{% endif %} |
||||
|
||||
listening-port {{ turn_port }} |
||||
alt-listening-port {{ turn_alt_port }} |
||||
|
||||
{% if turn_tls %} |
||||
tls-listening-port {{ turn_tls_port }} |
||||
alt-tls-listening-port {{ turn_alt_tls_port }} |
||||
cert {{ turn_tls_cert }} |
||||
pkey {{ turn_tls_key }} |
||||
{% endif %} |
||||
|
||||
{% if turn_external_ip is defined %} |
||||
external-ip {{ turn_external_ip }} |
||||
{% endif %} |
||||
Binary file not shown.
@ -1,7 +0,0 @@ |
||||
name: default_ip_remediation |
||||
filters: |
||||
- Alert.Remediation == true && Alert.GetScope() == "Ip" |
||||
decisions: |
||||
- type: ban |
||||
duration: {{ crowdsec_ban_duration }} |
||||
on_success: break |
||||
@ -1,14 +0,0 @@ |
||||
--- |
||||
|
||||
# Version of the firewall bouncer to install |
||||
crowdsec_fw_version: 0.0.10 |
||||
# URL of the firewall bouncer archive |
||||
crowdsec_fw_archive_url: https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v{{ crowdsec_fw_version }}/cs-firewall-bouncer.tgz |
||||
# Expected sha1 of the archive |
||||
crowdsec_fw_archive_sha1: 46863e95bdc8f48434583f55e89b7720fce5736d |
||||
|
||||
# API on which the bouncer should listen for alerts |
||||
crowdsec_fw_lapi_url: "{{ crowdsec_lapi_url | default('http://localhost:8080/') }}" |
||||
# If not defined, ansible will try to register the bouncer on the Local API server |
||||
# crowdsec_fw_lapi_key: aaabbbccc |
||||
|
||||
@ -1,4 +0,0 @@ |
||||
--- |
||||
|
||||
- name: restart cs-firewall-bouncer |
||||
service: name=cs-firewall-bouncer state=restarted |
||||
@ -1,8 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Remove temp and obsolete files |
||||
file: path={{ item }} state=absent |
||||
loop: |
||||
- /tmp/cs-firewall-bouncer.tgz |
||||
- /tmp/cs-firewall-bouncer-v{{ crowdsec_fw_version }} |
||||
tags: crowdsec |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Deploy configuration |
||||
template: src=cs-firewall-bouncer.yaml.j2 dest=/etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml mode=600 |
||||
notify: restart cs-firewall-bouncer |
||||
tags: crowdsec |
||||
@ -1,4 +0,0 @@ |
||||
--- |
||||
|
||||
# Just pull the tasks from the crowdsec role as it needs the same dir |
||||
- include: ../crowdsec/tasks/directories.yml |
||||
@ -1,62 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Check if API key is available |
||||
stat: path=/etc/crowdsec/meta/bouncer_fw_api_key |
||||
register: crowdsec_fw_lapi_key_file |
||||
tags: crowdsec |
||||
|
||||
- when: crowdsec_fw_lapi_key is not defined and (not crowdsec_fw_lapi_key_file.stat.exists or crowdsec_fw_lapi_key_file.stat.size == 0) |
||||
block: |
||||
- name: Register the bouncer |
||||
command: cscli bouncers add {{ inventory_hostname }}-firewall -o raw |
||||
register: crowdsec_bouncer_add |
||||
failed_when: crowdsec_bouncer_add.rc not in [0,1] |
||||
changed_when: crowdsec_bouncer_add.rc == 0 |
||||
delegate_to: "{{ crowdsec_lapi_server | default(inventory_hostname) }}" |
||||
|
||||
- name: Record the API key for later use |
||||
copy: content={{ crowdsec_bouncer_add.stdout }} dest=/etc/crowdsec/meta/bouncer_fw_api_key mode=600 |
||||
|
||||
tags: crowdsec |
||||
|
||||
- when: crowdsec_fw_lapi_key is not defined |
||||
block: |
||||
- name: Read the API key |
||||
slurp: src=/etc/crowdsec/meta/bouncer_fw_api_key |
||||
register: crowdsec_fw_lapi_generated_key |
||||
- set_fact: crowdsec_fw_lapi_key={{ crowdsec_fw_lapi_generated_key.content | b64decode | trim }} |
||||
tags: crowdsec |
||||
|
||||
- name: Set initial facts |
||||
block: |
||||
- set_fact: crowdsec_fw_current_version='' |
||||
- set_fact: crowdsec_fw_install_mode='none' |
||||
tags: crowdsec |
||||
|
||||
- name: Check if the bouncer is installed |
||||
stat: path=/usr/local/bin/cs-firewall-bouncer |
||||
register: crowdsec_fw_bin |
||||
tags: crowdsec |
||||
|
||||
- when: crowdsec_fw_bin.stat.exists |
||||
block: |
||||
- name: Detect installed version |
||||
shell: | |
||||
cs-firewall-bouncer -c /dev/null 2>&1 | perl -ne 'm/cs-firewall-bouncer v(\d+(\.\d+)*)/ && print $1' |
||||
register: crowdsec_fw_current_version |
||||
changed_when: False |
||||
|
||||
- set_fact: crowdsec_fw_current_version={{ crowdsec_fw_current_version.stdout }} |
||||
tags: crowdsec |
||||
|
||||
- name: Set install mode |
||||
set_fact: crowdsec_fw_install_mode='install' |
||||
when: not crowdsec_fw_bin.stat.exists |
||||
tags: crowdsec |
||||
|
||||
- name: Set upgrade mode |
||||
set_fact: crowdsec_fw_install_mode='upgrade' |
||||
when: |
||||
- crowdsec_fw_bin.stat.exists |
||||
- crowdsec_fw_current_version != crowdsec_fw_version |
||||
tags: crowdsec |
||||
@ -1,55 +0,0 @@ |
||||
--- |
||||
|
||||
- when: crowdsec_fw_install_mode != 'none' |
||||
block: |
||||
|
||||
- name: Download the bouncer |
||||
get_url: |
||||
url: "{{ crowdsec_fw_archive_url }}" |
||||
dest: /tmp |
||||
checksum: sha1:{{ crowdsec_fw_archive_sha1 }} |
||||
|
||||
- name: Extract the archive |
||||
unarchive: |
||||
src: /tmp/cs-firewall-bouncer.tgz |
||||
dest: /tmp |
||||
remote_src: True |
||||
|
||||
- name: Install or upgrade |
||||
command: ./{{ crowdsec_fw_install_mode }}.sh |
||||
args: |
||||
chdir: /tmp/cs-firewall-bouncer-v{{ crowdsec_fw_version }} |
||||
notify: restart cs-firewall-bouncer |
||||
|
||||
tags: crowdsec |
||||
|
||||
- name: Create systemd unit snippet dir |
||||
file: path=/etc/systemd/system/cs-firewall-bouncer.service.d state=directory |
||||
tags: crowdsec |
||||
|
||||
- name: Link cs-firewall-bouncer with the iptables service |
||||
copy: |
||||
content: | |
||||
[Unit] |
||||
{% if ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' %} |
||||
# Ensure cs-firewall-bouncer starts before iptables |
||||
# so ipset are available |
||||
Before={{ (ansible_os_family == 'Debian') | ternary('netfilter-persistent','iptables') }}.service |
||||
{% endif %} |
||||
# It should start after crowdsec to be able to register on the API |
||||
After=crowdsec.service |
||||
|
||||
[Service] |
||||
# Restart on failure |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
dest: /etc/systemd/system/cs-firewall-bouncer.service.d/ansible.conf |
||||
register: crodwsec_fw_unit |
||||
notify: restart cs-firewall-bouncer |
||||
tags: crowdsec |
||||
|
||||
- name: Reload systemd |
||||
systemd: daemon_reload=True |
||||
when: crodwsec_fw_unit.changed |
||||
tags: crowdsec |
||||
@ -1,17 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Ensure ipsets exist |
||||
shell: | |
||||
ipset list crowdsec-blacklists || ipset create crowdsec-blacklists nethash timeout 300 |
||||
ipset list crowdsec6-blacklists || ipset create crowdsec6-blacklists nethash timeout 300 family inet6 |
||||
changed_when: False |
||||
tags: crowdsec |
||||
|
||||
- name: Add DROP rules |
||||
iptables_raw: |
||||
name: crowdsec_blacklist |
||||
weight: 9 |
||||
rules: | |
||||
-A INPUT -m set --match-set crowdsec-blacklists src -j DROP |
||||
-A FORWARD -m set --match-set crowdsec-blacklists src -j DROP |
||||
tags: crowdsec |
||||
@ -1,10 +0,0 @@ |
||||
--- |
||||
|
||||
- include: directories.yml |
||||
- include: facts.yml |
||||
- include: install.yml |
||||
- include: conf.yml |
||||
- include: iptables.yml |
||||
when: iptables_manage | default(True) |
||||
- include: services.yml |
||||
- include: cleanup.yml |
||||
@ -1,5 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Start and enable the service |
||||
service: name=cs-firewall-bouncer state=started enabled=True |
||||
tags: crowdsec |
||||
@ -1,12 +0,0 @@ |
||||
--- |
||||
|
||||
mode: iptables |
||||
piddir: /var/run/ |
||||
update_frequency: 10s |
||||
daemonize: true |
||||
log_mode: stdout |
||||
log_level: info |
||||
api_url: {{ (crowdsec_fw_lapi_url is search('/$')) | ternary(crowdsec_fw_lapi_url,crowdsec_fw_lapi_url ~ '/') }} |
||||
api_key: {{ crowdsec_fw_lapi_key }} |
||||
disable_ipv6: false |
||||
|
||||
@ -1,7 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
/usr/bin/mysqldump --user={{ dolibarr_db_user }} \ |
||||
--password={{ dolibarr_db_pass | quote }} \ |
||||
--host={{ dolibarr_db_server }} \ |
||||
--quick --single-transaction \ |
||||
--add-drop-table {{ dolibarr_db_name }} | lz4 -c > {{ dolibarr_root_dir }}/db_dumps/{{ dolibarr_db_name }}.sql.lz4 |
||||
@ -1,3 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
rm -f {{ dolibarr_root_dir }}/db_dumps/* |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
- name: Install filebeat |
||||
apt: |
||||
name: |
||||
- filebeat |
||||
tags: logs |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
- name: install filebeat |
||||
yum: |
||||
name: |
||||
- filebeat |
||||
tags: logs |
||||
@ -1,8 +0,0 @@ |
||||
--- |
||||
- name: Install journalbeat |
||||
apt: |
||||
name: |
||||
- journalbeat |
||||
environment: |
||||
https_proxy: "{{ system_proxy }}" |
||||
tags: logs |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
- name: Install journalbeat |
||||
yum: |
||||
name: |
||||
- journalbeat |
||||
tags: logs |
||||
@ -1,32 +0,0 @@ |
||||
--- |
||||
|
||||
fpbx_packages: |
||||
- asterisk |
||||
- asterisk-voicemail |
||||
- asterisk-pjsip |
||||
- asterisk-sip |
||||
- asterisk-mysql |
||||
- asterisk-ael |
||||
- asterisk-iax2 |
||||
- asterisk-dahdi |
||||
- asterisk-fax |
||||
- asterisk-ldap |
||||
- asterisk-misdn |
||||
- asterisk-mp3 |
||||
- asterisk-odbc |
||||
- mysql-connector-odbc |
||||
- mpg123 |
||||
- lame |
||||
- opus |
||||
- nmap |
||||
- nodejs |
||||
- tar |
||||
- mariadb |
||||
- MySQL-python |
||||
- acl |
||||
- gcc-c++ # needed for ucp |
||||
- icu |
||||
- libicu-devel |
||||
- patch |
||||
- vsftpd |
||||
|
||||
@ -1,31 +0,0 @@ |
||||
--- |
||||
|
||||
fpbx_packages: |
||||
- asterisk |
||||
- asterisk-voicemail |
||||
- asterisk-pjsip |
||||
- asterisk-sip |
||||
- asterisk-mysql |
||||
- asterisk-ael |
||||
- asterisk-iax2 |
||||
- asterisk-dahdi |
||||
- asterisk-fax |
||||
- asterisk-ldap |
||||
- asterisk-mp3 |
||||
- asterisk-odbc |
||||
- mariadb-connector-odbc |
||||
- mpg123 |
||||
# - lame |
||||
- opus |
||||
- nmap |
||||
- nodejs |
||||
- tar |
||||
- mariadb |
||||
- python3-mysql |
||||
- acl |
||||
- gcc-c++ # needed for ucp |
||||
- icu |
||||
- libicu-devel |
||||
- patch |
||||
- vsftpd |
||||
|
||||
@ -1,17 +0,0 @@ |
||||
--- |
||||
|
||||
funkwhale_packages: |
||||
- gcc |
||||
- git |
||||
- postgresql13 |
||||
- postgresql-devel |
||||
- openldap-devel |
||||
- cyrus-sasl-devel |
||||
- libjpeg-turbo-devel |
||||
- python-psycopg2 |
||||
- python-setuptools |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- ffmpeg |
||||
- mod_xsendfile |
||||
|
||||
@ -1,16 +0,0 @@ |
||||
--- |
||||
|
||||
funkwhale_packages: |
||||
- gcc |
||||
- git |
||||
- postgresql13 |
||||
- postgresql-devel |
||||
- openldap-devel |
||||
- cyrus-sasl-devel |
||||
- libjpeg-turbo-devel |
||||
- python3-psycopg2 |
||||
- python3-setuptools |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- ffmpeg |
||||
- mod_xsendfile |
||||
@ -1,21 +0,0 @@ |
||||
--- |
||||
- name: Create archive directory |
||||
file: path={{ gitea_root_dir }}/archives/{{ gitea_current_version }} state=directory mode=700 |
||||
tags: gitea |
||||
|
||||
- name: Archive previous version |
||||
copy: src={{ gitea_root_dir }}/bin/gitea dest={{ gitea_root_dir }}/archives/{{ gitea_current_version }} remote_src=True |
||||
tags: gitea |
||||
|
||||
- name: Archive the database |
||||
mysql_db: |
||||
state: dump |
||||
name: "{{ gitea_db_name }}" |
||||
target: "{{ gitea_root_dir }}/archives/{{ gitea_current_version }}/{{ gitea_db_name }}.sql.xz" |
||||
login_host: "{{ gitea_db_server | default(mysql_server) }}" |
||||
login_user: sqladmin |
||||
login_password: "{{ mysql_admin_pass }}" |
||||
quick: True |
||||
single_transaction: True |
||||
tags: gitea |
||||
|
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
gitea_packages: |
||||
- sclo-git212-git |
||||
- git-lfs |
||||
gitea_scl_cmd: '/bin/scl enable sclo-git212 -- ' |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
gitea_packages: |
||||
- git |
||||
- git-lfs |
||||
gitea_scl_cmd: '' |
||||
@ -1,7 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
/usr/bin/mysqldump --user={{ glpi_mysql_user | quote }} \ |
||||
--password={{ glpi_mysql_pass | quote }} \ |
||||
--host={{ glpi_mysql_server | quote }} \ |
||||
--quick --single-transaction \ |
||||
--add-drop-table {{ glpi_mysql_db | quote }} | zstd -T0 -c > {{ glpi_root_dir }}/db_dumps/{{ glpi_mysql_db }}.sql.zst |
||||
@ -1,3 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
rm -f {{ glpi_root_dir }}/db_dumps/* |
||||
@ -1,8 +0,0 @@ |
||||
--- |
||||
|
||||
httpd_common_packages: |
||||
- httpd |
||||
- mod_fcgid |
||||
- policycoreutils-python |
||||
- python-passlib |
||||
- mod_authnz_pam |
||||
@ -1,8 +0,0 @@ |
||||
--- |
||||
|
||||
httpd_common_packages: |
||||
- httpd |
||||
- mod_fcgid |
||||
- python3-policycoreutils |
||||
- python3-passlib |
||||
- mod_authnz_pam |
||||
@ -1,5 +0,0 @@ |
||||
--- |
||||
|
||||
webapps_mysql_packages: |
||||
- MySQL-python |
||||
- mariadb |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
webapps_mysql_packages: |
||||
- python3-mysql |
||||
- mariadb |
||||
|
||||
@ -1,27 +0,0 @@ |
||||
[Unit] |
||||
Description=Jitsi Videobridge |
||||
After=network.target |
||||
|
||||
[Service] |
||||
Type=simple |
||||
SuccessExitStatus=143 |
||||
EnvironmentFile={{ jitsi_root_dir }}/etc/videobridge/videobridge.conf |
||||
User={{ jitsi_user }} |
||||
Group={{ jitsi_user }} |
||||
PrivateTmp=true |
||||
PrivateDevices=true |
||||
ProtectHome=true |
||||
ProtectSystem=full |
||||
ReadOnlyDirectories={{ jitsi_root_dir }}/etc {{ jitsi_root_dir }}/videobridge |
||||
Restart=on-failure |
||||
StartLimitInterval=0 |
||||
RestartSec=30 |
||||
# more threads for this process |
||||
TasksMax=65000 |
||||
# allow more open files for this process |
||||
LimitNPROC=65000 |
||||
LimitNOFILE=65000 |
||||
ExecStart={{ jitsi_root_dir }}/videobridge/jvb.sh ${JVB_OPTS} |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
@ -1,15 +0,0 @@ |
||||
<settings> |
||||
{% if system_proxy is defined and system_proxy != '' %} |
||||
<proxies> |
||||
<proxy> |
||||
<active>true</active> |
||||
<protocol>http</protocol> |
||||
<host>{{ system_proxy | urlsplit('hostname') }}</host> |
||||
<port>{{ system_proxy | urlsplit('port') }}</port> |
||||
{% if system_proxy_no_proxy is defined and system_proxy_no_proxy | length > 0 %} |
||||
<nonProxyHosts>{{ system_proxy_no_proxy | join('|') }}</nonProxyHosts> |
||||
{% endif %} |
||||
</proxy> |
||||
</proxies> |
||||
{% endif %} |
||||
</settings> |
||||
@ -1,19 +0,0 @@ |
||||
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false |
||||
org.jitsi.videobridge.TCP_HARVESTER_PORT={{ jitsi_videobridge_harvester_port }} |
||||
org.ice4j.ipv6.DISABLED=true |
||||
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true |
||||
{% if jitsi_external_ip is defined %} |
||||
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4.address }} |
||||
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ jitsi_external_ip }} |
||||
{% endif %} |
||||
|
||||
org.jitsi.videobridge.ENABLE_STATISTICS=true |
||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc |
||||
|
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.HOSTNAME={{ jitsi_xmpp_server }} |
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.DOMAIN={{ jitsi_videobridge_xmpp_domain }} |
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.USERNAME={{ jitsi_videobridge_xmpp_user }} |
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.PASSWORD={{ jitsi_videobridge_xmpp_pass }} |
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_JIDS=JvbBrewery@internal.{{ jitsi_auth_domain }} |
||||
org.jitsi.videobridge.xmpp.user.xmppserver1.MUC_NICKNAME={{ inventory_hostname | to_uuid }} |
||||
|
||||
@ -1,3 +0,0 @@ |
||||
JVB_OPTS="--apis=rest" |
||||
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION={{ jitsi_root_dir }}/etc -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge" |
||||
|
||||
Binary file not shown.
@ -1,16 +0,0 @@ |
||||
[Unit] |
||||
Description=Jibri Window Manager |
||||
Requires=jitsi-jibri-xorg.service |
||||
After=jitsi-jibri-xorg.service |
||||
|
||||
[Service] |
||||
User={{ jitsi_jibri_user }} |
||||
Group={{ jitsi_jibri_user }} |
||||
Environment=DISPLAY=:0 |
||||
ExecStart=/usr/bin/icewm-session |
||||
Restart=on-failure |
||||
RestartPreventExitStatus=255 |
||||
Type=simple |
||||
|
||||
[Install] |
||||
WantedBy=jitsi-jibri.service |
||||
@ -1,26 +0,0 @@ |
||||
--- |
||||
|
||||
llng_common_packages: |
||||
- lemonldap-ng-conf |
||||
- perl-Cache-Cache |
||||
- lemonldap-ng-fastcgi-server |
||||
|
||||
llng_portal_packages: |
||||
- python-passlib |
||||
- lemonldap-ng-portal |
||||
- lemonldap-ng-doc |
||||
- lasso |
||||
- lasso-perl |
||||
- perl-Authen-Captcha |
||||
- perl-Auth-Yubikey_WebClient |
||||
|
||||
llng_manager_packages: |
||||
- lemonldap-ng-manager |
||||
- lemonldap-ng-doc |
||||
- lemonldap-ng-fr-doc |
||||
|
||||
llng_mysql_packages: |
||||
- perl-DBD-MySQL |
||||
- MySQL-python |
||||
- mariadb |
||||
- perl-Apache-Session-Browseable |
||||
@ -1,26 +0,0 @@ |
||||
--- |
||||
|
||||
llng_common_packages: |
||||
- lemonldap-ng-conf |
||||
- perl-Cache-Cache |
||||
- lemonldap-ng-fastcgi-server |
||||
- python3-mysql |
||||
|
||||
llng_portal_packages: |
||||
- python3-passlib |
||||
- lemonldap-ng-portal |
||||
- lemonldap-ng-doc |
||||
- lasso |
||||
- lasso-perl |
||||
- perl-Authen-Captcha |
||||
- perl-Auth-Yubikey_WebClient |
||||
|
||||
llng_manager_packages: |
||||
- lemonldap-ng-manager |
||||
- lemonldap-ng-doc |
||||
|
||||
llng_mysql_packages: |
||||
- perl-DBD-MySQL |
||||
- python3-mysql |
||||
- mariadb |
||||
- perl-Apache-Session-Browseable |
||||
@ -1,5 +0,0 @@ |
||||
--- |
||||
|
||||
letsencrypt_packages: |
||||
- dehydrated |
||||
- python2-dns-lexicon |
||||
@ -1,5 +0,0 @@ |
||||
--- |
||||
|
||||
letsencrypt_packages: |
||||
- dehydrated |
||||
- python3-dns-lexicon |
||||
@ -1,9 +0,0 @@ |
||||
[Unit] |
||||
Description=Mailman digest sender |
||||
|
||||
[Service] |
||||
Type=oneshot |
||||
PrivateTmp=yes |
||||
User={{ mailman_user }} |
||||
Group={{ mailman_user }} |
||||
ExecStart={{ mailman_root_dir }}/venv/bin/mailman digest --periodic |
||||
@ -1,8 +0,0 @@ |
||||
[Unit] |
||||
Description=Mailman digest sender |
||||
|
||||
[Timer] |
||||
OnCalendar=daily |
||||
|
||||
[Install] |
||||
WantedBy=timers.target |
||||
@ -1,29 +0,0 @@ |
||||
--- |
||||
|
||||
synapse_packages: |
||||
- libtiff-devel |
||||
- libjpeg-devel |
||||
- libzip-devel |
||||
- freetype-devel |
||||
- lcms2-devel |
||||
- libwebp-devel |
||||
- tcl-devel |
||||
- tk-devel |
||||
- libffi-devel |
||||
- openssl-devel |
||||
- libxslt-devel |
||||
- gcc |
||||
- gcc-c++ |
||||
- libtool |
||||
- autoconf |
||||
- automake |
||||
- postgresql13 |
||||
- postgresql-devel |
||||
- libpqxx-devel |
||||
- jemalloc |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- python-psycopg2 |
||||
- python-setuptools |
||||
|
||||
synapse_jemalloc: /usr/lib64/libjemalloc.so.1 |
||||
@ -1,28 +0,0 @@ |
||||
--- |
||||
|
||||
synapse_packages: |
||||
- libtiff-devel |
||||
- libjpeg-devel |
||||
- libzip-devel |
||||
- freetype-devel |
||||
- lcms2-devel |
||||
- libwebp-devel |
||||
- tcl-devel |
||||
- tk-devel |
||||
- libffi-devel |
||||
- openssl-devel |
||||
- libxslt-devel |
||||
- gcc |
||||
- gcc-c++ |
||||
- libtool |
||||
- autoconf |
||||
- automake |
||||
- postgresql13 |
||||
- postgresql-devel |
||||
- jemalloc |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- python3-psycopg2 |
||||
- python3-setuptools |
||||
|
||||
synapse_jemalloc: /usr/lib64/libjemalloc.so.2 |
||||
Binary file not shown.
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
mongo_packages: |
||||
- mongodb-org-server |
||||
- mongodb-org |
||||
- python-pip |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
mongo_packages: |
||||
- mongodb-org-server |
||||
- mongodb-org |
||||
- python3-pip |
||||
@ -1,40 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
# Get the .my.cnf from root |
||||
HOME=/root |
||||
PATH=/usr/bin:$PATH |
||||
DEST=/home/lbkp/mysql |
||||
|
||||
[ -d $DEST ] || mkdir -p $DEST |
||||
|
||||
for DB in $(/usr/bin/mysqlshow | /bin/awk '{print $2}' | /bin/grep -v Databases) |
||||
do |
||||
{% for db in mysql_skip_backup %} |
||||
# {{ db }} is configured not to be backed up |
||||
if [[ "$DB" == "{{ db }}" ]]; then |
||||
continue |
||||
fi |
||||
{% endfor %} |
||||
{% if mysql_compress_cmd %} |
||||
{% if mysql_compress_cmd is search('p?xz') %} |
||||
{% set compext = 'xz' %} |
||||
{% elif mysql_compress_cmd is search('p?bzip2') %} |
||||
{% set compext = 'bz2' %} |
||||
{% elif mysql_compress_cmd is search('(pi)?gz') %} |
||||
{% set compext = 'gz' %} |
||||
{% elif mysql_compress_cmd is search('lzop') %} |
||||
{% set compext = 'lzo' %} |
||||
{% elif mysql_compress_cmd is search('lz4') %} |
||||
{% set compext = 'lz4' %} |
||||
{% elif mysql_compress_cmd is search('zstd') %} |
||||
{% set compext = 'zst' %} |
||||
{% else %} |
||||
{% set compext = 'z' %} |
||||
{% endif %} |
||||
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB | /bin/nice -n 10 {{ mysql_compress_cmd }} > $DEST/$DB.sql.{{ compext }} |
||||
{% else %} |
||||
/usr/bin/mysqldump --ignore-table=mysql.event --single-transaction --add-drop-table $DB -r $DEST/$DB.sql |
||||
{% endif %} |
||||
done |
||||
@ -1,7 +0,0 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
{% if mysql_remove_dump_after_backup | default(True) %} |
||||
rm -f /home/lbkp/mysql/*.sql* |
||||
{% endif %} |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
mysql_server_packages: |
||||
- mariadb-server |
||||
- mariadb |
||||
- MySQL-python |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
mysql_server_packages: |
||||
- mariadb-server |
||||
- mariadb |
||||
- python3-mysql |
||||
@ -1,33 +0,0 @@ |
||||
auth_request_set $headername1 $upstream_http_headername1; |
||||
auth_request_set $headervalue1 $upstream_http_headervalue1; |
||||
auth_request_set $headername2 $upstream_http_headername2; |
||||
auth_request_set $headervalue2 $upstream_http_headervalue2; |
||||
auth_request_set $headername3 $upstream_http_headername3; |
||||
auth_request_set $headervalue3 $upstream_http_headervalue3; |
||||
auth_request_set $headername4 $upstream_http_headername4; |
||||
auth_request_set $headervalue4 $upstream_http_headervalue4; |
||||
auth_request_set $headername5 $upstream_http_headername5; |
||||
auth_request_set $headervalue5 $upstream_http_headervalue5; |
||||
auth_request_set $headername6 $upstream_http_headername6; |
||||
auth_request_set $headervalue6 $upstream_http_headervalue6; |
||||
auth_request_set $headername7 $upstream_http_headername7; |
||||
auth_request_set $headervalue7 $upstream_http_headervalue7; |
||||
auth_request_set $headername8 $upstream_http_headername8; |
||||
auth_request_set $headervalue8 $upstream_http_headervalue8; |
||||
auth_request_set $headername9 $upstream_http_headername9; |
||||
auth_request_set $headervalue9 $upstream_http_headervalue9; |
||||
auth_request_set $headername10 $upstream_http_headername10; |
||||
auth_request_set $headervalue10 $upstream_http_headervalue10; |
||||
auth_request_set $lmcookie $upstream_http_cookie; |
||||
access_by_lua ' |
||||
i = 1 |
||||
ngx.req.set_header("Cookie",ngx.var.lmcookie) |
||||
while true do |
||||
if ngx.var["headername"..i] ~= nil then |
||||
ngx.req.set_header(ngx.var["headername"..i],ngx.var["headervalue"..i]) |
||||
else |
||||
break |
||||
end |
||||
i = i +1 |
||||
end |
||||
'; |
||||
@ -1,21 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Install ntp daemon |
||||
apt: name=ntp |
||||
when: samba_role is defined and (samba_role == 'dc' or samba_role == 'rodc') |
||||
tags: ntp |
||||
|
||||
- name: Install chrony |
||||
apt: name=chrony |
||||
tags: ntp |
||||
|
||||
- name: Deploy chrony configuration |
||||
template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf |
||||
notify: restart chrony |
||||
tags: ntp |
||||
|
||||
- name: Set daemon names |
||||
set_fact: ntp_service='ntp' |
||||
tags: ntp |
||||
- set_fact: chrony_service='chrony' |
||||
tags: ntp |
||||
@ -1,23 +0,0 @@ |
||||
--- |
||||
|
||||
# Samba DC need ntpd |
||||
- name: Install ntp daemon |
||||
yum: name=ntp |
||||
when: samba_role is defined and (samba_role == 'dc' or samba_role == 'rodc') |
||||
tags: ntp |
||||
|
||||
- name: Install chrony |
||||
yum: name=chrony |
||||
tags: ntp |
||||
|
||||
- name: Deploy chrony configuration |
||||
template: src=chrony.conf.j2 dest=/etc/chrony.conf |
||||
notify: restart chrony |
||||
tags: ntp |
||||
|
||||
- name: Set daemon names |
||||
set_fact: ntp_service='ntpd' |
||||
tags: ntp |
||||
- set_fact: chrony_service='chronyd' |
||||
tags: ntp |
||||
|
||||
@ -1,17 +0,0 @@ |
||||
{% if ansible_virtualization_role == "guest" %} |
||||
tinker panic 0 |
||||
{% endif %} |
||||
driftfile /var/lib/ntp/drift |
||||
restrict default kod nomodify notrap nopeer mssntp |
||||
restrict -6 default kod nomodify notrap nopeer mssntp |
||||
restrict 127.0.0.1 |
||||
restrict -6 ::1 |
||||
{% for server in ntp_servers %} |
||||
server {{ server }} iburst prefer |
||||
restrict {{ server }} mask 255.255.255.255 nomodify notrap nopeer noquery |
||||
{% endfor %} |
||||
includefile /etc/ntp/crypto/pw |
||||
keys /etc/ntp/keys |
||||
{% if ntp_samba_signd.stat.exists %} |
||||
ntpsigndsocket /var/lib/samba/ntp_signd/ |
||||
{% endif %} |
||||
@ -1,2 +0,0 @@ |
||||
[Time] |
||||
NTP={{ ntp_servers | join(' ') }} |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
ntp_ntpd_service: ntpd |
||||
ntp_chrony_service: chronyd |
||||
ntp_chrony_conf: /etc/chrony.conf |
||||
ntp_chrony_keyfile: /etc/chrony.keys |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
ntp_ntpd_service: ntpd |
||||
ntp_chrony_service: chronyd |
||||
ntp_chrony_conf: /etc/chrony.conf |
||||
ntp_chrony_keyfile: /etc/chrony.keys |
||||
@ -1,18 +0,0 @@ |
||||
module onlyoffice_docserver 1.0; |
||||
|
||||
require { |
||||
type httpd_sys_content_t; |
||||
type amqp_port_t; |
||||
type mysqld_port_t; |
||||
type init_t; |
||||
class file { execute execute_no_trans getattr map open read }; |
||||
class process execmem; |
||||
class tcp_socket name_connect; |
||||
} |
||||
|
||||
#============= init_t ============== |
||||
allow init_t amqp_port_t:tcp_socket name_connect; |
||||
allow init_t mysqld_port_t:tcp_socket name_connect; |
||||
allow init_t httpd_sys_content_t:file map; |
||||
allow init_t httpd_sys_content_t:file { execute execute_no_trans getattr open read }; |
||||
allow init_t self:process execmem; |
||||
@ -1,23 +0,0 @@ |
||||
[Unit] |
||||
Description=Only Office spell checker |
||||
|
||||
[Service] |
||||
Type=simple |
||||
ExecStart=/var/www/onlyoffice/documentserver/server/SpellChecker/spellchecker |
||||
WorkingDirectory=/var/www/onlyoffice/documentserver/server/SpellChecker/ |
||||
User=ds |
||||
Group=ds |
||||
Environment=NODE_ENV=oods |
||||
Environment=NODE_CONFIG_DIR=/etc/onlyoffice/documentserver |
||||
Environment=NODE_DISABLE_COLORS=1 |
||||
Restart=always |
||||
PrivateTmp=yes |
||||
PrivateDevices=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
MemoryLimit=200M |
||||
SyslogIdentifier=oods-spellchecker |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
@ -1,20 +0,0 @@ |
||||
commit ad678c718b2ed509b5cba45c11ab306a464c9baf
|
||||
Author: Daniel Berteaud <daniel@firewall-services.com>
|
||||
Date: Mon Apr 6 20:06:21 2020 +0200
|
||||
|
||||
New line at the end of nice.yml
|
||||
|
||||
Needed for it to be a valid yaml file
|
||||
|
||||
diff --git a/config.d/realm.tpl/nice.yaml b/config.d/realm.tpl/nice.yaml
|
||||
index 17ec219..164e9e6 100644
|
||||
--- a/config.d/realm.tpl/nice.yaml
|
||||
+++ b/config.d/realm.tpl/nice.yaml
|
||||
@@ -1,4 +1,5 @@
|
||||
backend: Local
|
||||
|
||||
api:
|
||||
- use_revocation_id: 1
|
||||
\ No newline at end of file
|
||||
+ use_revocation_id: 1
|
||||
+
|
||||
@ -1,19 +0,0 @@ |
||||
--- |
||||
|
||||
pki_packages: |
||||
- openssl-devel |
||||
- openldap-devel |
||||
- libxml2-devel |
||||
- expat-devel |
||||
- mariadb-devel |
||||
- libapreq2-devel |
||||
- gcc |
||||
- perl-App-cpanminus |
||||
- gettext # To build I18N files |
||||
- pwgen # To generate random secrets |
||||
- java-1.8.0-openjdk-headless # For keytool utility |
||||
- mariadb # To load the schema |
||||
- patch # To apply local patches |
||||
- perl-autodie # Provides perl(Fatal), needed to install perl deps |
||||
- perl-Config-Std # needed to install perl deps |
||||
|
||||
@ -1,20 +0,0 @@ |
||||
--- |
||||
|
||||
pki_packages: |
||||
- openssl-devel |
||||
- openldap-devel |
||||
- libxml2-devel |
||||
- expat-devel |
||||
- mariadb-devel |
||||
- libapreq2-devel |
||||
- gcc |
||||
- perl-App-cpanminus |
||||
- gettext # To build I18N files |
||||
- pwgen # To generate random secrets |
||||
- java-1.8.0-openjdk-headless # For keytool utility |
||||
- mariadb # To load the schema |
||||
- patch # To apply local patches |
||||
- perl-autodie # Provides perl(Fatal), needed to install perl deps |
||||
- perl-Config-Std # needed to install perl deps |
||||
- glibc-langpack-en |
||||
|
||||
Binary file not shown.
@ -1,11 +0,0 @@ |
||||
--- |
||||
|
||||
pgadmin4_packages: |
||||
- gcc |
||||
- postgresql |
||||
- postgresql-devel |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- python-setuptools # Needed for pip install expect |
||||
- python-pip # Also needed to install expect |
||||
- krb5-devel |
||||
@ -1,10 +0,0 @@ |
||||
--- |
||||
|
||||
pgadmin4_packages: |
||||
- gcc |
||||
- postgresql |
||||
- postgresql-devel |
||||
- python3-virtualenv |
||||
- python3-pip |
||||
- python3-setuptools # Needed for pip install expect |
||||
- krb5-devel |
||||
@ -1,7 +0,0 @@ |
||||
--- |
||||
|
||||
pma_packages: |
||||
- unzip |
||||
- MySQL-python |
||||
- mariadb |
||||
- acl |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
pma_packages: |
||||
- unzip |
||||
- mariadb |
||||
- acl |
||||
@ -1,11 +0,0 @@ |
||||
#!/bin/bash |
||||
|
||||
set -e |
||||
|
||||
if [ -e /var/run/opendmarc/history.dat ]; then |
||||
mv /var/run/opendmarc/history.dat /tmp/dmarc_history.$$ |
||||
/usr/sbin/opendmarc-import --dbhost={{ pmg_dmarc_db_server }} --dbuser={{ pmg_dmarc_db_user }} --dbpasswd='{{ pmg_dmarc_db_pass }}' --dbname={{ pmg_dmarc_db_name }} --verbose < /tmp/dmarc_history.$$ |
||||
/usr/sbin/opendmarc-reports --dbhost={{ pmg_dmarc_db_server }} --dbuser={{ pmg_dmarc_db_user }} --dbpasswd='{{ pmg_dmarc_db_pass }}' --dbname={{ pmg_dmarc_db_name }} --verbose --interval=86400 --report-email 'dmarc-noreply@{{ ansible_domain }}' --report-org '{{ pmg_dmarc_report_org }}' --smtp-port={{ pmg_smtp_int_ports.0 }} |
||||
/usr/sbin/opendmarc-expire --dbhost={{ pmg_dmarc_db_server }} --dbuser={{ pmg_dmarc_db_user }} --dbpasswd='{{ pmg_dmarc_db_pass }}' --dbname={{ pmg_dmarc_db_name }} --verbose |
||||
rm -f /tmp/dmarc_history.$$ |
||||
fi |
||||
@ -1,134 +0,0 @@ |
||||
# auto-generated by proxmox |
||||
|
||||
compatibility_level = 2 |
||||
command_directory = /usr/sbin |
||||
daemon_directory = /usr/lib/postfix/sbin |
||||
data_directory = /var/lib/postfix |
||||
|
||||
# appending .domain is the MUA's job. |
||||
append_dot_mydomain = yes |
||||
|
||||
smtpd_banner = $myhostname [% pmg.mail.banner %] |
||||
biff = no |
||||
|
||||
[% IF pmg.mail.dwarning %] |
||||
delay_warning_time = [% pmg.mail.dwarning %]h |
||||
[% END %] |
||||
|
||||
best_mx_transport = local |
||||
message_size_limit = [% pmg.mail.maxsize %] |
||||
mailbox_size_limit = [% ((pmg.mail.maxsize*2 > 51200000) ? pmg.mail.maxsize*2 : 51200000) %] |
||||
|
||||
mydomain = [% dns.domain %] |
||||
myhostname = [% dns.hostname %].[% dns.domain %] |
||||
|
||||
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps |
||||
|
||||
alias_maps = hash:/etc/aliases |
||||
alias_database = hash:/etc/aliases |
||||
mydestination = localhost, $myhostname |
||||
mynetworks = [% postfix.mynetworks %] |
||||
|
||||
relay_domains = hash:/etc/pmg/domains |
||||
|
||||
transport_maps = hash:/etc/pmg/transport |
||||
|
||||
[% IF pmg.mail.relay %] |
||||
[% IF pmg.mail.relaynomx %] |
||||
relay_transport = smtp:[[% pmg.mail.relay %]]:[% pmg.mail.relayport %] |
||||
[% ELSE %] |
||||
relay_transport = smtp:[% pmg.mail.relay %]:[% pmg.mail.relayport %] |
||||
[% END %] |
||||
[% END %] |
||||
|
||||
[% IF pmg.mail.smarthost %] |
||||
default_transport = smtp:[% pmg.mail.smarthost %]:[% pmg.mail.smarthostport %] |
||||
[% END %] |
||||
|
||||
content_filter=scan:127.0.0.1:10024 |
||||
|
||||
mail_name = Proxmox |
||||
|
||||
[% IF pmg.mail.helotests %] |
||||
smtpd_helo_required = yes |
||||
smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname |
||||
[% ELSE %] |
||||
smtpd_helo_restrictions = |
||||
[% END %] |
||||
|
||||
postscreen_access_list = |
||||
permit_mynetworks, |
||||
cidr:/etc/postfix/postscreen_access |
||||
|
||||
[% IF postfix.dnsbl_sites %] |
||||
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %] |
||||
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %] |
||||
[% END %] |
||||
|
||||
postscreen_dnsbl_action = enforce |
||||
postscreen_greet_action = enforce |
||||
|
||||
smtpd_sender_restrictions = |
||||
permit_mynetworks |
||||
reject_non_fqdn_sender |
||||
check_client_access cidr:/etc/postfix/clientaccess |
||||
check_sender_access regexp:/etc/postfix/senderaccess |
||||
check_recipient_access regexp:/etc/postfix/rcptaccess |
||||
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %] |
||||
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %] |
||||
|
||||
smtpd_recipient_restrictions = |
||||
permit_mynetworks |
||||
reject_unauth_destination |
||||
reject_non_fqdn_recipient |
||||
check_recipient_access regexp:/etc/postfix/rcptaccess |
||||
[%- IF postfix.usepolicy %] check_sender_access regexp:/etc/postfix/senderaccess[% END %] |
||||
[%- IF postfix.usepolicy %] check_client_access cidr:/etc/postfix/clientaccess[% END %] |
||||
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %] |
||||
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %] |
||||
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %] |
||||
|
||||
[% IF pmg.mail.verifyreceivers %] |
||||
unverified_recipient_reject_code = [% pmg.mail.verifyreceivers %] |
||||
[% END %] |
||||
|
||||
smtpd_client_connection_count_limit = [% pmg.mail.conn_count_limit %] |
||||
smtpd_client_connection_rate_limit = [% pmg.mail.conn_rate_limit %] |
||||
smtpd_client_message_rate_limit = [% pmg.mail.message_rate_limit %] |
||||
|
||||
[% IF pmg.mail.tls %] |
||||
smtp_tls_security_level = may |
||||
smtp_tls_policy_maps = hash:/etc/pmg/tls_policy |
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt |
||||
smtpd_tls_security_level = may |
||||
smtpd_tls_cert_file = /etc/pmg/pmg-tls.pem |
||||
smtpd_tls_key_file = $smtpd_tls_cert_file |
||||
[% IF pmg.mail.tlslog %] |
||||
smtpd_tls_loglevel = 1 |
||||
smtp_tls_loglevel = 1 |
||||
[% END %] |
||||
[% IF pmg.mail.tlsheader %] |
||||
smtpd_tls_received_header = yes |
||||
[% END %] |
||||
[% END %] |
||||
|
||||
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache |
||||
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache |
||||
|
||||
[% IF pmg.mail.hide_received %] |
||||
unverified_recipient_reject_reason = Recipient address lookup failed |
||||
[% END %] |
||||
|
||||
|
||||
default_destination_concurrency_limit = 40 |
||||
lmtp_destination_concurrency_limit = 20 |
||||
relay_destination_concurrency_limit = 20 |
||||
smtp_destination_concurrency_limit = 20 |
||||
virtual_destination_concurrency_limit = 20 |
||||
|
||||
recipient_delimiter = + |
||||
|
||||
# Throttle client errors |
||||
smtpd_soft_error_limit = 3 |
||||
smtpd_hard_error_limit = 6 |
||||
smtpd_error_sleep_time = 8s |
||||
@ -1,12 +0,0 @@ |
||||
Background false |
||||
IgnoreAuthenticatedClients true |
||||
{% if pmg_mynetworks.stat.exists %} |
||||
IgnoreHosts /etc/pmg/mynetworks |
||||
{% endif %} |
||||
PidFile /var/run/opendmarc/opendmarc.pid |
||||
PublicSuffixList /usr/share/publicsuffix/ |
||||
Syslog true |
||||
RejectFailures {{ pmg_dmarc_reject | ternary('true','false') }} |
||||
UMask 007 |
||||
Socket local:/var/run/opendmarc/opendmarc.sock |
||||
HistoryFile /var/run/opendmarc/history.dat |
||||
@ -1,23 +0,0 @@ |
||||
[Unit] |
||||
Description=OpenDMARC Milter |
||||
Documentation=man:opendmarc(8) man:opendmarc.conf(5) |
||||
After=network.target nss-lookup.target |
||||
|
||||
[Service] |
||||
Type=simple |
||||
UMask=0007 |
||||
ExecStart=/usr/sbin/opendmarc -c /etc/opendmarc.conf |
||||
User=opendmarc |
||||
Group=opendmarc |
||||
MemoryLimit=50M |
||||
PrivateTmp=yes |
||||
PrivateDevices=yes |
||||
ProtectSystem=full |
||||
ProtectHome=yes |
||||
NoNewPrivileges=yes |
||||
Restart=on-failure |
||||
ExecReload=/bin/kill -USR1 $MAINPID |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
|
||||
@ -1,3 +0,0 @@ |
||||
{% for rule in pmg_sa_rules %} |
||||
score {{ rule.name }} {{ rule.score }} |
||||
{% endfor %} |
||||
@ -1,47 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
DEST=/home/lbkp/pgsql |
||||
|
||||
{% if pg_dump_format == 'text' %} |
||||
{% set dump_options = '-Fp -Cc' %} |
||||
{% set dump_ext = 'sql' %} |
||||
{% elif pg_dump_format == 'custom' %} |
||||
{% set dump_options = '-Fc' %} |
||||
{% set dump_ext = 'sqlc' %} |
||||
{% else %} |
||||
{% set dump_options = '-F' + pg_dump_format %} |
||||
{% set dump_ext = 'dump' %} |
||||
{% endif %} |
||||
|
||||
for DB in $(su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/psql -d postgres -qtc 'SELECT datname from pg_database' | grep -vP '^\s+?template[01]$'") |
||||
do |
||||
{% if pg_compress_cmd %} |
||||
{% if pg_compress_cmd is search('p?xz') %} |
||||
{% set comp_ext = 'xz' %} |
||||
{% elif pg_compress_cmd is search('p?bzip2') %} |
||||
{% set comp_ext = 'bz2' %} |
||||
{% elif pg_compress_cmd is search('(pi)?gz') %} |
||||
{% set comp_ext = 'gz' %} |
||||
{% elif pg_compress_cmd is search('lzop') %} |
||||
{% set comp_ext = 'lzo' %} |
||||
{% elif pg_compress_cmd is search('lz4') %} |
||||
{% set comp_ext = 'lz4' %} |
||||
{% elif pg_compress_cmd is search('zst') %} |
||||
{% set comp_ext = 'zst' %} |
||||
{% else %} |
||||
{% set comp_ext = 'z' %} |
||||
{% endif %} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dump {{ dump_options }} $DB" | /bin/nice -n 10 {{ pg_compress_cmd }} > $DEST/$DB.{{ dump_ext }}.{{ comp_ext }} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dump --schema-only -Fp $DB" | /bin/nice -n 10 {{ pg_compress_cmd }} > $DEST/$DB.schema.{{ dump_ext }}.{{ comp_ext }} |
||||
{% else %} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dump {{ dump_options }} $DB" > $DEST/$DB.{{ dump_ext }} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dump --schema-only -Fp $DB" > $DEST/$DB.schema.sql |
||||
{% endif %} |
||||
done |
||||
{% if pg_compress_cmd %} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dumpall --globals-only" | /bin/nice -n 10 {{ pg_compress_cmd }} > $DEST/pg_globals.sql.{{ comp_ext }} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dumpall --schema-only" | /bin/nice -n 10 {{ pg_compress_cmd }} > $DEST/pg_schema.sql.{{ comp_ext }} |
||||
{% else %} |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dumpall --globals-only" > $DEST/pg_globals.sql |
||||
su - postgres -c "{{ (pg_version != 'default') | ternary('/usr/pgsql-' + pg_version | string,'') }}/bin/pg_dumpall --schema-only" > $DEST/pg_schema.sql |
||||
{% endif %} |
||||
@ -1,5 +0,0 @@ |
||||
#!/bin/bash -e |
||||
|
||||
{% if pg_remove_dump_after_backup %} |
||||
rm -f /home/lbkp/pgsql/*.sql* |
||||
{% endif %} |
||||
@ -1,7 +0,0 @@ |
||||
--- |
||||
|
||||
pg_packages: |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }} |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }}-server |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }}-contrib |
||||
- python-psycopg2 |
||||
@ -1,7 +0,0 @@ |
||||
--- |
||||
|
||||
pg_packages: |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }} |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }}-server |
||||
- postgresql{{ (pg_version != 'default') | ternary(pg_version | string,'') }}-contrib |
||||
- python3-psycopg2 |
||||
@ -1,33 +0,0 @@ |
||||
--- |
||||
- name: Configure base repositories |
||||
yum_repository: |
||||
file: CentOS-Base |
||||
description: "Centos - {{ item.repo }}" |
||||
name: "{{ item.repo }}" |
||||
baseurl: http://mirror.centos.org/centos/$releasever/{{ item.dir }}/$basearch/ |
||||
gpgcheck: True |
||||
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 |
||||
exclude: 'lasso*' |
||||
with_items: |
||||
- repo: base |
||||
dir: os |
||||
- repo: updates |
||||
dir: updates |
||||
- repo: extras |
||||
dir: extras |
||||
|
||||
- name: Configure centosplus |
||||
yum_repository: |
||||
file: CentOS-Base |
||||
description: "Centos - centosplus" |
||||
name: centosplus |
||||
baseurl: http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ |
||||
gpgcheck: True |
||||
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 |
||||
enabled: False |
||||
|
||||
- name: Install yum priorities plugin |
||||
yum: |
||||
name: |
||||
- yum-plugin-priorities |
||||
tags: repo |
||||
@ -1,121 +0,0 @@ |
||||
--- |
||||
|
||||
- when: not repo_centos_stream |
||||
block: |
||||
- name: Configure repositories |
||||
yum_repository: |
||||
file: "{{ item.file }}" |
||||
description: "CentOS {{ item.name }}" |
||||
name: "{{ item.name }}" |
||||
baseurl: http://mirror.centos.org/$contentdir/$releasever/{{ item.dir }}/$basearch/os/ |
||||
gpgcheck: True |
||||
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
||||
enabled: "{{ item.enabled | default(True) }}" |
||||
loop: |
||||
- name: baseos |
||||
file: CentOS-Linux-Base |
||||
dir: BaseOS |
||||
- name: appstream |
||||
file: CentOS-Linux-AppStream |
||||
dir: AppStream |
||||
- name: plus |
||||
file: CentOS-Linux-Plus |
||||
dir: centosplus |
||||
enabled: False |
||||
- name: extras |
||||
file: CentOS-Linux-Extras |
||||
dir: extras |
||||
- name: powertools |
||||
file: CentOS-Linux-PowerTools |
||||
dir: PowerTools |
||||
|
||||
- name: Remove Base file |
||||
file: path=/etc/yum.repos.d/{{ item }}.repo state=absent |
||||
loop: |
||||
- CentOS-Stream-AppStream |
||||
- CentOS-Stream-Base |
||||
- CentOS-Stream-ContinuousRelease |
||||
- CentOS-Stream-Debuginfo |
||||
- CentOS-Stream-Devel |
||||
- CentOS-Stream-Extras |
||||
- CentOS-Stream-FastTrack |
||||
- CentOS-Stream-centosplus |
||||
- CentOS-Stream-PowerTools |
||||
|
||||
# Waiting for the allowerasing args to dnf module, landing in ansible 2.10 |
||||
- name: Switch to centos-linux-repos |
||||
shell: rpm -q centos-linux-repos || dnf install centos-linux-repos -y --allowerasing |
||||
args: |
||||
warn: False |
||||
changed_when: False |
||||
|
||||
tags: repo |
||||
|
||||
- when: repo_centos_stream |
||||
block: |
||||
- name: Check if stream variable is set |
||||
copy: content={{ item.content }} dest={{ item.dest }} |
||||
loop: |
||||
- content: "{{ ansible_distribution_major_version }}-stream" |
||||
dest: /etc/dnf/vars/stream |
||||
|
||||
- name: Configure repositories |
||||
yum_repository: |
||||
file: "{{ item.file }}" |
||||
description: "CentOS {{ item.name }}" |
||||
name: "{{ item.name }}" |
||||
baseurl: http://mirror.centos.org/$contentdir/$stream/{{ item.dir }}/$basearch/os/ |
||||
gpgcheck: True |
||||
gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
||||
loop: |
||||
- name: baseos |
||||
file: CentOS-Stream-BaseOS |
||||
dir: BaseOS |
||||
- name: appstream |
||||
file: CentOS-Stream-AppStream |
||||
dir: AppStream |
||||
- name: extras |
||||
file: CentOS-Stream-Extras |
||||
dir: extras |
||||
- name: powertools |
||||
file: CentOS-Stream-PowerTools |
||||
dir: PowerTools |
||||
|
||||
- name: Remove Base file |
||||
file: path=/etc/yum.repos.d/{{ item }}.repo state=absent |
||||
loop: |
||||
- CentOS-Linux-AppStream |
||||
- CentOS-Linux-BaseOS |
||||
- CentOS-Linux-Base |
||||
- CentOS-Linux-ContinuousRelease |
||||
- CentOS-Linux-Debuginfo |
||||
- CentOS-Linux-Devel |
||||
- CentOS-Linux-Extras |
||||
- CentOS-Linux-FastTrack |
||||
- CentOS-Linux-centosplus |
||||
- CentOS-Linux-Plus |
||||
- CentOS-Linux-PowerTools |
||||
|
||||
# Waiting for the allowerasing args to dnf module, landing in ansible 2.10 |
||||
- name: Switch to centos-stream-repos |
||||
shell: rpm -q centos-stream-repos || dnf install centos-stream-repos -y --allowerasing |
||||
args: |
||||
warn: False |
||||
changed_when: False |
||||
|
||||
tags: repo |
||||
|
||||
- name: Remove old repo files |
||||
file: path=/etc/yum.repos.d/{{ item }}.repo state=absent |
||||
loop: |
||||
- CentOS-Base |
||||
- CentOS-CR |
||||
- CentOS-Extras |
||||
- CentOS-BaseOS |
||||
- CentOS-AppStream |
||||
- CentOS-PowerTools |
||||
- CentOS-centosplus |
||||
- CentOS-cr |
||||
- CentOS-extras |
||||
- CentOS-fasttrack |
||||
tags: repo |
||||
@ -1,11 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Configure EPEL repository |
||||
yum_repository: |
||||
name: epel |
||||
description: "Extra Package for Enterprise Linux" |
||||
baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/$basearch http://mir01.syntis.net/epel/$releasever/$basearch |
||||
gpgcheck: True |
||||
gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-7 |
||||
exclude: dehydrated |
||||
tags: repo |
||||
@ -1,20 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Configure EPEL repository |
||||
yum_repository: |
||||
name: epel |
||||
description: "Extra Package for Enterprise Linux" |
||||
baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Everything/$basearch http://mir01.syntis.net/epel/$releasever/Everything/$basearch |
||||
gpgcheck: True |
||||
gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 |
||||
exclude: dehydrated |
||||
tags: repo |
||||
|
||||
- name: Config EPEL Modular repository |
||||
yum_repository: |
||||
name: epel-modular |
||||
description: "Extra Packages for Enterprise Linux Modular $releasever - $basearch" |
||||
baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Modular/$basearch http://mir01.syntis.net/epel/$releasever/Modular/$basearch |
||||
gpgcheck: True |
||||
gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 |
||||
tags: repo |
||||
@ -1,3 +0,0 @@ |
||||
--- |
||||
|
||||
repo_remi_gpg_url: https://rpms.remirepo.net/RPM-GPG-KEY-remi |
||||
@ -1,3 +0,0 @@ |
||||
--- |
||||
|
||||
repo_remi_gpg_url: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018 |
||||
@ -1,13 +0,0 @@ |
||||
--- |
||||
|
||||
- name: Remove remi-release |
||||
yum: name=remi-release state=absent |
||||
|
||||
- name: Configure Remi Safe repository |
||||
yum_repository: |
||||
name: remi-safe |
||||
description: Safe Remi's RPM repository for Enterprise Linux |
||||
baseurl: http://rpms.remirepo.net/enterprise/$releasever/safe/$basearch/ |
||||
gpgcheck: True |
||||
gpgkey: http://rpms.remirepo.net/RPM-GPG-KEY-remi |
||||
|
||||
@ -1,5 +0,0 @@ |
||||
--- |
||||
|
||||
rsync_packages: |
||||
- rsync |
||||
- libsemanage-python |
||||
@ -1,6 +0,0 @@ |
||||
--- |
||||
|
||||
rsync_packages: |
||||
- rsync |
||||
- rsync-daemon |
||||
- python3-libsemanage |
||||
@ -1,16 +0,0 @@ |
||||
--- |
||||
|
||||
samba_common_packages: |
||||
- samba |
||||
- samba-client |
||||
- sssd-winbind-idmap |
||||
- openldap-clients |
||||
- policycoreutils-python |
||||
- tdb-tools |
||||
|
||||
samba_dc_packages: |
||||
- samba-dc |
||||
- ldb-tools |
||||
- krb5-workstation |
||||
- python36-markdown |
||||
- patch |
||||
@ -1,16 +0,0 @@ |
||||
--- |
||||
|
||||
samba_common_packages: |
||||
- samba |
||||
- samba-client |
||||
- sssd-winbind-idmap |
||||
- openldap-clients |
||||
- policycoreutils-python-utils |
||||
- tdb-tools |
||||
|
||||
samba_dc_packages: |
||||
- samba-dc |
||||
- ldb-tools |
||||
- krb5-workstation |
||||
- python3-markdown |
||||
- patch |
||||
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue