| Age | Commit message (Collapse) | Author |
|---|
|
In the README section for acme account information, I had incorrectly referred
to the CAA records as TLSA records (which do not need this information at all).
This commit fixes that mistake.
|
|
This commit updates the README to include config lines that are being used as
of previous commits.
|
|
Although this playbook originally installed certificates to the server, this
turned out to be a bad idea, because the playbook could in some circumstances
(if the acme project had already renewed the certs) have installed a different
certificate to the remote server.
By delgating responsibility to the acme server fully, this should prevent any
such issues, as well as potential DANE misconfigurations.
|
|
The naming scheme I'm using for prod and nonprod environments have changed,
therefore this commit also updates the documentation to match this.
|
|
These references were out of date with what was needed from the playbook.
|
|
These are now fully automated, thanks to the libcloud setup, which is currently
sitting in a separate repository, that will be merged with this one.
Therefore, there is no longer any need to configure these manually.
|
|
|
|
This commit adds support for XEPS 0065 and 0365 - i.e. sending files from one
account to another.
|
|
This commit enabled SOCKS5 Bytestreams, allowing users to send and receive
files.
|
|
At present, these are not automated by the runbook and need to be manually run
as part of setup for each new managed host the playbook is run against.
|
|
This commit adds borgmatic, to provide automated backups.
|
|
For now, there are not too many variables to set per host. However, this will
likely change in future commits, with a greater number of variables needing to
be configured. Therefore, this commit encourages the user to define these
variables in a yaml file, which will be more cleanly scalable.
|
|
This commit adds some basic DNS instructions for the initial setup of the host,
which can be used when the domain of the JID matches the domain of the host.
|
|
There are some checks that are enabled by default in yamllint, that are not
caught by default by ansible-lint. For instance, ansible-lint does not check
for line lengths in its default configuration. Therefore, we would like to
re-introduce yamllint to make sure we do not miss any checks.
|
|
ansible-lint uses yamllint under the hood, and also checks for many more
"logical" errors in the ansible config.
|
|
This commit uses the new per-host virtual_host variable to create the necessary
prosody host-specific cfg files.
|
|
This commit adds a prosody configuration file that can be installed on the
remote hosts. This lets me make the configuration locally, deploy it to staging
environments, and then to prod, without having to directly login to the hosts.
|
|
This commit enables the necessary ports for XMPP, web hosting (to allow certbot
to renew automatically) and SSH.
|
|
At present, the playbook simply ensures that all required packages are
installed.
|
