* Keep custom dnscrypt-proxy conffile when upgrading
* Unattended upgrade tuning
- Upgrade the 50unattended-upgrades file with latest options
- Keep the common unattended upgrade options in one file
- Enable removing of unused kernels and dependencies to save some space
* Update the Fedora related docs.
- update for new generated config file locations
- remove reference to no-longer-needed copr
- update package names for further py2 changes in Fedora
* switch back to the default ciphers
* adding preshared key generation
* adding preshared folder
* Update client.conf.j2
adding preshared key options
* adding preshared keys to server template
* making sure private preshared is right
* making sure preshared keygen working for main.yml
* changing private to preshared for name
* changing to preshared dir instead of public
* Pick server to update from menu
* Command instead of shell
* Move to find module
Switched to the find module, and made the whole block dependent on server being undefined.
* Change names
* users.yml update
- Add assert to check if any servers found
- Set server_list as a proper list
* Change 'Build string' to 'Build list'
* Support for associating to existing AWS Elastic IP
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Backport ec2_eip_facts module for EIP support
This means that EIP support no longer requires Ansible 2.6
The local fact module has been named ec2_elasticip_facts
to avoid conflict with the ec2_eip_facts module whenever
the Ansible 2.6 upgrade takes place.
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Update from review feedback.
Signed-off-by: Elliot Murphy <statik@users.noreply.github.com>
* Move to the native module. Add additional condition for existing Elastic IP
With preexisting wait_for implementation, deployment to Ubuntu on Lightsail failed with a connection reset error on this task. It appears that Ansible’s wait_for_connection is the recommended way. I have successfully gotten past this task after this change, however I’d appreciate more eyes on this.
* generate service IPs dynamically
* update cloud-init tests
* exclude ipsec and wireguard ranges from the random service ip
* Update docs
* @davidemyers: update wireguard docs for linux
* Move to netaddr filter
* AllowedIPs fix
* WireGuard IPs fix
* Point additional docs to index.md
* Update index.md
Moves existing links from readme.md over to update this separate (previously out-of-date, redundant) page.
* Update documented Ansible roles
* Fix broken links in index.md
* Complete index.md
As a general rule all docs should be linked to from the index file. No?
* Update SSH access instructions
* Clarify SSH access instructions
* Delete setup-roles.md
* Update deploy-from-ansible.md
Change header, insert text from setup-roles.md
* Remove link to setup-roles from index.md
* Fix typos
* Update deploy-from-ansible.md
Document other `--skip-tags` options, as well as examples for Vultr and Scaleway variables.
* Update deploy-from-ansible.md
Added region examples for AWS and Lightsail. Happy to add other examples if people have experience with other providers.
I was going to add this onto the existing PR for docs update, but it turned out to be a little more involved and require some testing of actual deployment.
Changes the "region not available" question to reflect Algo behavior since #976. Also addresses #1413.
Adds a couple of quote marks to the Ubuntu error question, which disappeared for some reason.
* Update main.yml
* Change module names and add IPv6 firewall rules
Uses guide at https://www.renemoser.net/blog/2018/03/19/vultr-firewalling-with-ansible/ written by Rene Moser.
* change vultr to vr
* add ip_version to firewall rules
* add SSH access rules
* Use variable for wireguard port
* update module names for ansible 2.7
* Fix trailing whitespaces
* Try to fix trailing whitespaces again
