dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
Files
906819dd1c6f1944f04758a50c0b649e1042996c
configpolicy/roles
History
Dustin C. Hatch 906819dd1c r/apache: Use variables for HTTPS cert/key content 
Using files for certificates and private keys is less than ideal.
The only way to "share" a certificate between multiple hosts is with
symbolic links, which means the configuration policy has to be prepared
for each managed system.  As we're moving toward a much more dynamic
environment, this becomes problematic; the host-provisioner will never
be able to copy a certificate to a new host that was just created.
Further, I have never really liked the idea of storing certificates and
private keys in Git anyway, even if it is in a submodule with limited
access.
2025-07-13 16:02:57 -05:00
..
alertmanager
r/alertmanager: Deploy AlertManager
2022-08-10 22:18:53 -05:00
ansible/tasks
roles/ansible: Install python-netaddr
2018-04-08 12:33:54 -05:00
apache
r/apache: Use variables for HTTPS cert/key content
2025-07-13 16:02:57 -05:00
aria2
aria2: Deploy aria2 download manager
2018-08-19 14:17:48 -05:00
base
r/base: Install python3-libdnf5
2025-01-31 18:55:58 -06:00
bitwarden_rs
r/bitwarden_rs: Redirect to canonical host name
2024-11-05 06:37:03 -06:00
blackbox-exporter
r/blackbox-exporter: Rework to run as container
2025-01-26 13:06:54 -06:00
btop
btop: Install btop and run it on the console
2024-09-01 09:24:53 -05:00
burp-client
synapse: Back up data using BURP
2023-05-23 09:52:50 -05:00
burp-server
roles/burp-server: switch to version_compare test
2020-01-25 13:54:42 -06:00
caddy
r/frigate-caddy: Deploy Caddy in front of Frigate
2024-08-12 18:47:04 -05:00
cert/tasks
roles/cert: Add handler topic notification
2020-12-26 10:38:17 -06:00
certbot
roles/certbot: Ensure certbot is configured first
2019-09-19 19:50:35 -05:00
chrony
chrony: Add role/PB for chrony
2025-03-16 16:37:19 -05:00
collectd
r/collectd: Ignore efivarfs mounts
2024-02-16 20:24:46 -06:00
collectd-nut
r/collectd-nut: Configure nut plugin for collectd
2021-10-31 14:26:26 -05:00
collectd-prometheus
r/collectd-prometheus: Work w/o firewalld, selinux
2022-08-10 19:47:12 -05:00
collectd-sensors/tasks
r/collectd-sensors: Install collectd sensors plugin
2022-07-21 13:14:25 -05:00
collectd-version
r/collectd-version: Auto-restart service
2024-06-12 19:03:11 -05:00
containers-image
kubelet: Configure cri-o container registries
2025-07-12 16:45:47 -05:00
cri-o
r/{cri-o,kubelet}: Support versioned packages
2025-01-31 18:57:21 -06:00
cronie/tasks
roles/cronie: Install cronie
2018-08-08 21:38:56 -05:00
dch-gw
dch-gw: Restrict traffic from Management network
2018-07-15 12:16:43 -05:00
dch-openvpn-server
dch-openvpn: Support road-warrior clients
2018-10-07 21:42:18 -05:00
dch-proxy
r/dch-proxy: Use separate sockets for HTTP v4/v6
2024-11-05 06:34:55 -06:00
dch-selinux
r/dch-selinux: Install from dch-yum repository
2024-06-12 18:42:22 -05:00
dch-storage-net
roles/dch-storage-net: Add After device dependency
2018-07-29 10:14:00 -05:00
dch-vpn-server
roles/strongswan: Update service name
2020-07-04 14:32:22 -05:00
dch-yum
r/dch-yum: Explicitly disable proxy for repo
2024-02-27 17:42:10 -06:00
dhcpcd
roles/dhcpcd: Always send FQDN
2018-07-23 17:35:10 -05:00
dhcpd
roles/dhcpd: Support UniFi DHCP option 43
2019-03-22 09:29:56 -05:00
dnf-automatic
r/dnf-automatic: Allow excluding packages
2024-06-23 10:43:15 -05:00
doas
r/doas: Configure sudo alternative
2024-11-24 10:33:21 -06:00
docker
roles/docker: Install and set up Docker daemon
2019-09-19 19:27:12 -05:00
dockerhub-proxy
docker-proxy: Deploy a proxy/cache for Docker Hub
2025-07-12 16:45:47 -05:00
elasticsearch
roles/elasticsearch: Add Elasticsearch deployment
2019-10-28 18:33:37 -05:00
fileserver
r/fileserver: Restrict non-administrators to SFTP
2024-02-01 10:29:32 -06:00
formsubmit
r/formsubmit: Deploy formsubmit app
2022-02-27 17:42:15 -06:00
freeradius
hosts: dc2: Add RADIUS server certificate
2021-10-17 14:03:52 -05:00
frigate
r/frigate: Update to v0.15
2025-04-20 16:23:04 -05:00
frigate-caddy
r/frigate: Fix Authelia redirect
2025-04-21 08:27:34 -05:00
frigate-exporter
r/frigate-exporter: Deploy Prometheus exporter
2024-10-21 20:27:31 -05:00
gasket-dkms
r/gasket-dkms: Build/sign Coral TPU driver
2024-08-12 18:47:04 -05:00
gitea
r/gitea: Serve kickstarts over HTTP
2024-12-27 10:51:00 -06:00
grafana
r/grafana: Allow configuring LDAP CA cert
2022-08-11 21:40:19 -05:00
graylog
roles/graylog: Update Graylog repository RPM URL
2021-01-31 15:33:42 -06:00
haproxy
r/haproxy: Enable Prometheus metrics
2024-11-05 06:23:49 -06:00
hass-dhcp
r/hass-dhcp: Start dnsmasq after network is up
2022-08-21 08:03:00 -05:00
hassdb/tasks
roles/hassdb: Deploy Home Assistant database
2020-07-14 11:38:30 -05:00
homeassistant
r/homeassistant: Protect ~/.ssh
2023-06-08 10:05:36 -05:00
hostname
hostname: Also write /etc/hosts
2018-04-08 10:11:43 -05:00
jellyfin
r/jellyfin: Fix system.xml template whitespace
2024-12-12 06:36:23 -06:00
jenkins-slave
jenkins-slave: Allow Jenkins to connect to Docker
2019-09-19 19:50:35 -05:00
journal2ntfy
journal2ntfy: Script to send log messagess via ntfy
2023-05-17 14:51:21 -05:00
k8s-worker
r/k8s-worker: Use K8s API to create join token
2025-07-01 08:09:11 -05:00
kerberos
roles/kerberos: Configure mit-krb5
2018-01-29 15:05:51 -06:00
koji-builder
roles/koji-builder: Deploy the Koji builder
2018-08-12 10:14:25 -05:00
koji-client
roles/koji-client: Configure the koji client
2018-08-12 10:05:56 -05:00
koji-gc
roles/koji-gc: Deploy the Koji garbage collector
2018-08-12 09:58:56 -05:00
koji-hub
roles/koji-hub: Deploy the Koji Hub
2018-08-12 09:33:08 -05:00
koji-web
roles/koji-web: Deploy the Koji Web UI
2018-08-12 10:08:01 -05:00
kojira
roles/kojira: Deploy the Koji repository agent
2018-08-12 10:04:23 -05:00
kubelet
kubelet: Configure cri-o container registries
2025-07-12 16:45:47 -05:00
lego
r/lego-nginx: Configure LEGO for nginx
2025-07-12 16:45:47 -05:00
lego-nginx
r/lego-nginx: Configure LEGO for nginx
2025-07-12 16:45:47 -05:00
logrotate/tasks
roles/logrotate: Install and enable logrotate
2020-12-08 20:59:40 -06:00
loki
loki: Add role+playbook for Grafana Loki
2024-10-20 12:10:55 -05:00
loki-caddy
r/loki-caddy: Caddy reverse proxy for Loki
2024-11-05 06:54:27 -06:00
minio
r/minio: Do not pull images automatically
2025-07-02 09:23:18 -05:00
minio-backups-cert
r/minio-backups-cert: Fix nsupdate kinit for f42
2025-07-12 16:08:21 -05:00
minio-nginx
r/minio-nginx: Reverse proxy for MinIO
2024-09-01 08:59:28 -05:00
mongodb
roles/mongodb: Add MongoDB deployment
2019-10-28 18:34:45 -05:00
mosquitto
r/mosquitto: Support persistence
2022-05-29 11:25:25 -05:00
motioneye
motioneye: Deploy motionEye camera software
2020-10-03 11:29:39 -05:00
named
r/named: Fix typo in firewalld condition
2022-08-20 18:18:38 -05:00
nbd-server
r/nbd-server: Deploy nbd-server
2022-08-15 16:55:36 -05:00
net-ifaces
roles/net-ifaces: Update VLAN for pyrocufflink.blue
2020-05-25 09:17:24 -05:00
netboot
r/netboot/basementhud: Configure NBD export
2022-08-15 17:18:48 -05:00
nextcloud
r/nextcloud: Configure trashbin retention
2024-10-13 18:38:12 -05:00
nextcloud-base
nextcloud: Support remote database server
2024-09-02 20:29:51 -05:00
nextcloud-db
nextcloud: Support remote database server
2024-09-02 20:29:51 -05:00
nextcloud-db-cert
r/nextcloud-db-cert: Fetch client cert from k8s
2024-09-02 20:35:32 -05:00
nftables
roles/nftables: Basic nftables configuration
2018-03-27 20:44:43 -05:00
nginx
r/nginx: Configure error/access syslog separately
2024-10-20 12:10:17 -05:00
nsswitch
roles/nsswitch: Configure glibc name service
2018-03-11 18:16:17 -05:00
ntpd
ntp: Initial PB and role to set up ntpd
2018-04-22 11:19:22 -05:00
nut
r/nut{,-monitor}: Enable nut.target
2024-01-22 09:03:15 -06:00
nut-common
r/nut{,-monitor}: Enable nut.target
2024-01-22 09:03:15 -06:00
nut-monitor
r/nut{,-monitor}: Enable nut.target
2024-01-22 09:03:15 -06:00
postfix
r/postfix: Support rewriting recipient addresses
2024-08-22 16:17:00 -05:00
postgres-exporter
r/postgresql-server: Set become on postgres tasks
2024-11-16 11:50:28 -06:00
postgresql-cert
r/postgresql-server-base: Factor out prep steps
2024-11-17 10:27:31 -06:00
postgresql-data
r/postgresql-data: Manage users and databases
2025-02-01 17:36:58 -06:00
postgresql-server
r/postgresql-server-base: Factor out prep steps
2024-11-17 10:27:31 -06:00
postgresql-server-base
r/pgsql-server-base: Add post-upgrade capability
2024-11-17 10:27:31 -06:00
promtail
r/promtail: Optionally run with DAC_READ_SEARCH
2024-02-28 19:00:26 -06:00
protonvpn
r/protonvpn: Move remote_addrs file to /var
2022-08-20 18:18:21 -05:00
pxe
r/pxe: Depend on apache role
2025-07-13 16:02:57 -05:00
rabbitmq/tasks
roles/rabbitmq: Deploy RabbitMQ
2019-03-07 13:29:29 -06:00
radvd
roles/radvd: Support multiple prefixes per network
2018-04-06 20:16:02 -05:00
redis/tasks
roles/redis: Add role to deploy Redis
2021-06-25 11:10:10 -05:00
repohost
r/repohost: Configure Yum package repo host
2023-11-07 20:51:10 -06:00
restic
r/restic: Enhance restic-backup security sandbox
2024-09-04 17:43:24 -05:00
rhel-network
roles/rhel-network: Add static route support
2018-03-27 20:44:43 -05:00
samba
roles/samba: Support selecting interfaces
2018-06-23 14:42:45 -05:00
samba-cert
r/samba-cert: Save firewall configuration
2024-06-20 19:42:13 -05:00
samba-dc
r/samba-dc: Enable auto-restart for samba.service
2024-08-09 08:11:39 -05:00
scrape-collectd
r/scrape-collectd: Also scrape unmanaged targets
2023-09-27 20:24:47 -05:00
serial-console
r/serial-console: Enable getty on serial console
2021-10-16 14:34:51 -05:00
serterm
r/serterm: Deploy serial terminal multiplexer
2024-11-10 13:15:08 -06:00
squid
r/squid: Support configuring auth_param
2024-08-14 20:26:11 -05:00
ssh-host-certs
r/ssh-host-certs: Manage SSH host certificates
2023-11-07 21:27:02 -06:00
ssh-hostkeys
hosts: Add dc-nrtxms.p.b
2023-10-28 16:07:39 -05:00
ssh-user-ca
r/ssh-user-ca: Add missing handlers file
2024-02-22 10:16:48 -06:00
sshd
roles/sshd: Configure OpenSSH daemon
2018-06-06 21:44:28 -05:00
statsd-exporter
r/statsd-exporter: Deploy statsd exporter
2024-10-13 19:59:52 -05:00
strongswan
roles/strongswan: Update service name
2020-07-04 14:32:22 -05:00
strongswan-swanctl
roles/strongswan-swanctl: Load esp4 module at boot
2021-02-17 20:33:41 -06:00
sudo
r/sudo: Optionally enable pam_ssh_agent_auth
2024-01-28 12:16:35 -06:00
synapse
r/synapse: Increase service startup timeout
2024-01-21 19:05:00 -06:00
system-auth
r/system-auth: skip session winbind for local users
2024-08-13 21:04:42 -05:00
systemd-base/handlers
r/statsd-exporter: Deploy statsd exporter
2024-10-13 19:59:52 -05:00
systemd-networkd
r/systemd-networkd: Enable and start the service
2021-10-31 14:29:30 -05:00
systemd-resolved
r/systemd-resolved: Manage systemd resolver daemon
2022-08-12 14:35:14 -05:00
taiga
roles/taiga: Fix HTTP->HTTPS redirect
2019-03-22 09:29:56 -05:00
tftp/tasks
r/tftp: Deploy TFTP server
2022-08-15 17:06:20 -05:00
trustca
roles/trustca: Generic role for adding CA certs
2018-06-04 20:03:55 -05:00
unifi
r/unifi: Open firewall port for syslog server
2025-03-29 09:27:28 -05:00
useproxy
r/useproxy: Configure dnf to use proxy
2025-03-29 09:30:08 -05:00
victoria-logs
r/victoria-logs: Update to v1.23.3
2025-06-03 18:59:25 -05:00
victoria-metrics
r/v-m: Add role for Victoria Metrics
2022-08-10 19:47:12 -05:00
victoria-metrics-nginx
r/v-m-nginx: Prevent requesting reload
2022-08-12 13:14:05 -05:00
vmagent
r/vmagent: Rework as container deployment
2025-01-26 13:08:59 -06:00
vmalert
vmalert: Allow configuring http.pathPrefix
2022-08-12 13:10:36 -05:00
vmhost
r/vmhost: Update for latest libvirt
2025-03-29 07:34:58 -05:00
wal-g-pg
r/wal-g-pg: Handle versioned storage locations
2024-11-17 10:27:31 -06:00
websites
r/webites: Add apps.du5t1n.xyz F-Droid repo
2024-11-05 06:47:02 -06:00
wheelhost
wheelhost: Publish wheels built by Jenkins
2019-03-22 10:19:27 -05:00
winbind
r/winbind: Disable offline login by default
2023-10-27 17:37:49 -05:00
zabbix-agent
roles/zabbix: Add support for Debian
2019-03-22 09:29:56 -05:00
zabbix-server
roles/zabbix-server: Redirect HTTP -> HTTPS
2018-06-09 14:35:22 -05:00
zezere
zezere: role/playbook to deploy Zezere
2021-07-05 09:34:25 -05:00
zigbee2mqtt
r/z*2mqtt: Restart services after unexpected stop
2022-08-21 22:25:12 -05:00
zwavejs2mqtt
r/z*2mqtt: Restart services after unexpected stop
2022-08-21 22:25:12 -05:00