lilik_playbook

Commit Graph

Author	SHA1	Message	Date
Zolfa	dc1479d22b	roles/gitlab: configure ocsp stapling correctly	5 years ago
Zolfa	410f7187a2	roles/gitlab: proxy_protocol support If proxy-protocol is enabled use alternative port 10443 for PROXY Protocol traffic on both gitlab and mattermost and keep port 443 for standard HTTPS Traffic.	5 years ago
Zolfa	cd5dcf2422	roles/gitlabe: gitlab mattermost added	5 years ago
Zolfa	c99cb8a9d5	reverse_proxy: use PROXY PROTOCOL Original Client IP is correctly passed to upstream nginx instances (nginx role or gitlab). Affected roles: - reverse_proxy: Pass PROXY PROTOCOL by default to all upstream server. May cause problem with upstream server unable to understand PROXY PROTOCOL. We should put a nginx proxy in front in that case. - nginx: Expect PROXY PROTOCOL for all incoming TLS connection on nginx clients. Warning: now you can access local server only passing by the firewall reverse proxy, not directly. - gitlab: Built-in nginx instance configured to expect PROXY PROTOCOL for tls incoming connections.	5 years ago
Zolfa	d44c630c9e	roles/gitlab: initial_root_password	5 years ago
Zolfa	0f75220c72	Force TLSv1.3 when feasible Affected roles: - gitlab - nginx - ldap	5 years ago
Zolfa	5631ae6a15	style and variables refactoring - Coherent quotation style Single quotes for text variable (even if implicit), no quotes for variable and conditional statements, if not required. - Some useful tags added: * ssh_certs renewal of server SSH certificates and configuration of authorized CA. * tls_pub renewal of public TLS certificates (let's encrypt) and certbot configuration. * tls_int renewal of internal TLS certificates (service authorizations) and configuration of authorized internal CA. (ToDo: deployment of Certificate Revokation Lists) * lxc deployment of new containers (deployment of configuration file excluded, for instance change in ip address are always applied and trigger a container restart even if you skip this tag. * packages installation and upgrade of software packages (apt, opkg or tarballs) * service_password create new random password for services-only password, for routine rotation. Not meant to be skipped (some roles need to know the service password, so they do a rotation). - prepare_host - ssh_server - lxc_guest - ldap - gitlab - x509_subject_prefix - x509_ldap_suffix Replaces: x509_suffix in ldap.yaml - letsencrypt_email Used in roles/certbot and roles/gitlab - root_ca_cert Replaces: ssl_ca_cert and files/lilik_x1.crt New defaults: - ldap_domain \| default: `${domain}` - server_fqdn \| default: `${hostname}.dmz.${domain}` Replaces: fqdn_domain Removed: - fqdn_dmain - x509_suffix Replaced by: x509_ldap_suffix in common New defaults: - server_fqdn \| default: `${hostname}.${domain}` Replaces: fqdn - ldap_domain \| default: `${domain}` - ldap_server \| default: `ldap1.dmz.${domain}` - ldap_basedn \| default: `dn(${ldap_domain})` - enable_https \| default: `true` New defaults: - server_fqdn \| default: `${hostname}.${domain}`	5 years ago
Zolfa	8720df17c3	Documentation for refactored roles And minor improvements/refactoring	5 years ago
Zolfa	9f51ed25f4	roles/gitlab: move to omnibus release - Move to omnibus release, with NGINX ang pgSQL managed by GitLab configuration utilities. - Move from anonymous to authenticated LDAP bind.	5 years ago
Andrea Cimbalo	d249faab50	patch gitlab source to add domain to email ldap field	7 years ago
Andrea Cimbalo	62e14d6ae6	remove unused files	7 years ago
Andrea Cimbalo	7fafe2314d	use gitlab from debian repositories, temp vm name: projects2	7 years ago
Edoardo Putti	3882ede943	better format gitlab roles tasks	8 years ago
Andrea Cimbalo	602d541d57	add gitlab roles	8 years ago
Andrea Cimbalo	69d124d014	huge refactoring on services	8 years ago
Slash	f9efe565cc	Gitlab role, updated projects playbook.	9 years ago

16 Commits (f47d64ba7e4896c331c073fb64abb243a5849f63)