Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
communication
Commits
1be5ff21
Commit
1be5ff21
authored
Sep 11, 2019
by
Lars Beckers
Browse files
Merge branch 'ci-config' into 'master'
Add CI config See merge request
!8
parents
71d74583
e3168dfe
Pipeline
#1340
passed with stage
in 1 minute and 17 seconds
Changes
11
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
.ansible-lint
0 → 100644
View file @
1be5ff21
parseable: true
quiet: true
use_default_rules: true
skip_list:
- '204' # line length is checked by yamllint
- '401' # git checkout must contain explicit version
- '701' # 7xx is about ansible galaxy guidelines
- '702'
- '703'
.gitlab-ci.yml
0 → 100644
View file @
1be5ff21
---
image
:
registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:buster
variables
:
GIT_SUBMODULE_STRATEGY
:
recursive
before_script
:
-
export LANG=en_US.UTF-8
-
chmod o-w .
-
apt-get -qq update && apt-get -qq install -y ansible-lint ripgrep
-
ansible --version
-
ansible-lint --version
-
yamllint --version
stages
:
-
test
test
:
stage
:
test
script
:
-
yamllint .
-
ansible-lint ./*/
# yamllint disable-line rule:line-length
-
"
!
rg
--fixed-strings
'passwordstore'
./*/templates"
.yamllint
View file @
1be5ff21
...
...
@@ -14,6 +14,10 @@ rules:
forbid-in-block-mappings: true
line-length:
level: warning
allow-non-breakable-inline-mappings: true
octal-values:
forbid-implicit-octal: true
level: warning
level: error
# quoted-strings: enable
truthy:
level: error
dovecot/defaults/main.yml
View file @
1be5ff21
...
...
@@ -30,4 +30,4 @@ dovecot_dsync_host_attribute: ansible_host
dovecot_content_filter
:
false
dovecot_spam_folder
:
Spam
dovecot_spam_user
:
"
${1}"
# debian-spamd
dovecot_spam_user
:
"
${1}"
# debian-spamd
dovecot/tasks/main.yml
View file @
1be5ff21
...
...
@@ -89,6 +89,7 @@
-
meta
:
flush_handlers
# yamllint disable-line rule:line-length
-
name
:
ensure the global spam filter and learning sieve script have correct permissions
file
:
state
:
file
...
...
dovecot/vars/tls-intermediate.yml
View file @
1be5ff21
...
...
@@ -3,6 +3,6 @@
dovecot_tls_protocols
:
'
TLSv1.2
TLSv1.3'
dovecot_tls_min_protocol
:
'
TLSv1.2'
dovecot_tls_ciphers
:
'
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
dovecot_tls_dh_length
:
4096
# 2048
dovecot_tls_dh_file
:
ffdhe4096.txt
# ffdhe2048.txt
dovecot_tls_dh_length
:
4096
# 2048
dovecot_tls_dh_file
:
ffdhe4096.txt
# ffdhe2048.txt
dovecot_tls_prefer_server_ciphers
:
false
dovecot/vars/tls-old.yml
View file @
1be5ff21
...
...
@@ -3,6 +3,6 @@
dovecot_tls_protocols
:
'
TLSv1
TLSv1.1
TLSv1.2
!SSLv3'
dovecot_tls_min_protocol
:
'
TLSv1'
dovecot_tls_ciphers
:
'
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
dovecot_tls_dh_length
:
2048
# 1024
dovecot_tls_dh_file
:
ffdhe2048.txt
# openssl dhparam 1024 > ffdhe1024.txt
dovecot_tls_dh_length
:
2048
# 1024
dovecot_tls_dh_file
:
ffdhe2048.txt
# openssl dhparam 1024 > ffdhe1024.txt
dovecot_tls_prefer_server_ciphers
:
true
dovecot/vars/tls-previous.yml
View file @
1be5ff21
...
...
@@ -4,5 +4,5 @@ dovecot_tls_protocols: 'TLSv1.1 TLSv1.2 !SSLv3'
dovecot_tls_min_protocol
:
'
TLSv1.1'
dovecot_tls_ciphers
:
"
{{
tls_ciphers
}}"
dovecot_tls_dh_length
:
4096
dovecot_tls_dh_file
:
ffdhe4096.txt
# ffdhe2048.txt
dovecot_tls_dh_file
:
ffdhe4096.txt
# ffdhe2048.txt
dovecot_tls_prefer_server_ciphers
:
true
postfix/vars/tls-intermediate.yml
View file @
1be5ff21
...
...
@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
postfix_tls_preempt_cipherlist
:
false
postfix_tls_eecdh_grade
:
null
postfix_tls_high_cipherlist
:
null
postfix_tls_dh_file
:
ffdhe2048.txt
# ffdhe4096.txt
postfix_tls_dh_file
:
ffdhe2048.txt
# ffdhe4096.txt
postfix_tls_medium_cipherlist
:
'
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
postfix/vars/tls-old.yml
View file @
1be5ff21
...
...
@@ -5,5 +5,5 @@ postfix_tls_mandatory_ciphers: medium
postfix_tls_preempt_cipherlist
:
true
postfix_tls_eecdh_grade
:
null
postfix_tls_high_cipherlist
:
null
postfix_tls_dh_file
:
ffdhe2048.txt
# ffdhe4096.txt
postfix_tls_dh_file
:
ffdhe2048.txt
# ffdhe4096.txt
postfix_tls_medium_cipherlist
:
'
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
prosody/tasks/main.yml
View file @
1be5ff21
---
-
import_tasks
:
postgres.yml db_user="{{prosody_user}}" db_name="{{prosody_db}}"
# yamllint disable-line rule:line-length
-
import_tasks
:
postgres.yml db_user="{{ prosody_user }}" db_name="{{ prosody_db }}"
-
name
:
ensure prosody is installed
apt
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment