Merge branch 'master' of git.9iron.club:salt/ansible

inventory/group_vars/webservers.yml

@@ -1,4 +1,5 @@
 #!/usr/bin/ansible-playbook
 # vim:ft=ansible:
 backups_outdir: "/cold/backups"
-ssl_cipher_suite: "!SHA1:!SHA256:!SHA384"
+ssl_protocol: "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
+ssl_cipher_suite: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"

roles/desktop/tasks/main.yml

@@ -106,6 +106,7 @@
         - papirus-icon-theme
         - pavucontrol-qt
         - polybar
+        - qt5ct
         - xbacklight
         # Desktop applications
         - cantata

roles/dokuwiki/templates/apache2-vhost-ssl.conf

@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
 	SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
 		SSLOptions +StdEnvVars

roles/dokuwiki/templates/apache2-vhost.conf

@@ -1,13 +0,0 @@
-# Configuration for {{ dokuwiki_url }}
-# vim:ft=apache:
-
-# Website configuration
-<VirtualHost *:80>
-	ServerName {{ dokuwiki_url }}
-	DocumentRoot {{ dokuwiki_webroot }}
-	<Directory "{{ dokuwiki_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
-</VirtualHost>

roles/gitea/templates/apache2-vhost-ssl.conf

@@ -16,6 +16,7 @@ SSLProxyEngine on
 	SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	ServerName {{ gitea_url }}
 	DocumentRoot {{ gitea_webroot }}

roles/gitlab/templates/apache2-vhost-ssl.conf

@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
 	SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	ServerName {{ gitlab_url }}
 	DocumentRoot {{ gitlab_webroot }}

roles/gitlab/templates/apache2-vhost.conf

@@ -1,13 +0,0 @@
-# Configuration for {{ gitlab_url }}
-# vim:ft=apache:
-
-# Website configuration
-<VirtualHost *:80>
-	ServerName {{ gitlab_url }}
-	DocumentRoot {{ gitlab_webroot }}
-	<Directory "{{ gitlab_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
-</VirtualHost>

roles/gitweb/templates/apache2-vhost-ssl.conf

@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
 	SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
 		SSLOptions +StdEnvVars

roles/gitweb/templates/apache2-vhost.conf

@@ -1,13 +0,0 @@
-# Configuration for {{ gitweb_url }}
-# vim:ft=apache:
-
-# Website configuration
-<VirtualHost *:80>
-	ServerName {{ gitweb_url }}
-	DocumentRoot {{ gitweb_webroot }}
-	<Directory "{{ gitweb_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
-</VirtualHost>

roles/grafana/templates/apache2-vhost-ssl.conf

@@ -16,6 +16,8 @@ SSLProxyEngine on
 	SSLCertificateFile /etc/pki/cert/crt/{{ grafana_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ grafana_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ grafana_url }}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
+	SSLCipherSuite {{ ssl_cipher_suite }}
 	ServerName {{ grafana_url }}
 	DocumentRoot {{ grafana_webroot }}
 	<Directory "{{ grafana_webroot }}">

roles/nextcloud/templates/apache2-vhost-ssl.conf

@@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
 	SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
 	SSLCipherSuite {{ ssl_cipher_suite }}
 	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
 		SSLOptions +StdEnvVars

roles/nextcloud/templates/apache2-vhost.conf

@@ -1,13 +0,0 @@
-# Configuration for {{ nextcloud_url }}
-# vim:ft=apache:
-
-# Website configuration
-<VirtualHost *:80>
-	ServerName {{ nextcloud_url }}
-	DocumentRoot {{ nextcloud_webroot }}
-	<Directory "{{ nextcloud_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
-</VirtualHost>

roles/redirect/templates/apache2-redirect.conf

@@ -15,6 +15,8 @@ SSLStrictSNIVHostCheck off
 	SSLCertificateFile /etc/pki/cert/crt/{{ redirect_from }}.crt
 	SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_from }}.key
 	SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_from}}-fullchain.crt
+	SSLProtocol {{ ssl_protocol }}
+	SSLCipherSuite {{ ssl_cipher_suite }}
 	ServerName {{ redirect_from }}
 	Redirect permanent / https://{{ redirect_to }}/
 </VirtualHost>