debops.plan

List of DebOps things to do in 2015:

✓ add ansible_managed template in debops script
✓ add option to automatically upgrade all packages instead of just security upgrades
✓ new PKI role
- nginx certificate pinning
✓ update gitlab role, remove shasum dependency
- gitlab role, detach mysql/postgresql dependency
- add racktables role or opendcim role
✓ add tls support in mysql
✓ add stunnel role
- add openvpn role
✓ add TLS support in slapd (check if works with OpenSSL certificates, otherwise create separate pki realm)
✓ add ldap auth support
- add nrpe role
- add icinga role
- add wordpress-mu role
- add bind role
- add prosody role
- add logstash role
- add kibana role
- add syslog-ng role
✓ rewrite nfs role into nfs4 client and server
- add mysql replication support
- add postgresql replication support
✓ add rsnapshot backup role
- update safekeep backup
- add duplicity backup role
✓ add kernel + grub role
- add selinux / apparmor role
✓ add dovecot role
- add bld (mail blacklist daemon) role
- add amavis/clmav/spamassassin role
- add dspam role
- add roundcube role
- add global addressbook based on ldap
- add calendar support via caldav
- add single-sign-on via CAS / Jasig
✓ update owncloud role
- remove ansible role
- remove nat role
- add rebuildd + pbuilder role
✓ update reprepro role to be separate from apt
- separate apt-cacher-ng role
✓ add preseed role
- add opendkim support
- add sshd certificate support similar to PKI
- add libvirt role with tls support
✓ add openiscsi role
✓ add separate tftp server
- convert ruby role from backporter to rebuildd/pbuilder
- update monkeysphere role
- drop encfs role
- add squid role
- add security.conf and limits.conf management
- password policies in pam via ldap
- add piwik role
- add ssl key pinning in nginx
- check php5 role and split it into php5-fpm in anticipation of uwsgi-php5 ? divert config files
- add vcsh role



- name: Get pools to configure
  tags: ['php5', 'php5-config']
  set_fact:
    php5_configure_pools: "{{ php5_pools | map(attribute='name') | list }}"

- name: Get pools from /etc/php5/fpm/pool.d/*.conf
  tags: ['php5', 'php5-config']
  shell: ls -1 /etc/php5/fpm/pool.d/*.conf || true
  register: php5_unmanaged_pools
  changed_when: False

- name: Remove unmanaged pools
  tags: ['php5', 'php5-config']
  file:
    name={{ item }}
    state=absent
  when: item not in php5_configure_pools
  with_items: php5_unmanaged_pools.stdout_lines



- name: Get pools to configure from php5_pools
  tags: ['php5', 'php5-config']
  set_fact:
    php5_pools_to_configure: "{{ php5_pools | map(attribute='name') | list }}"

- name: Get installed pools from /etc/php5/fpm/pool.d/*.conf
  tags: ['php5', 'php5-config']
  shell: for file in /etc/php5/fpm/pool.d/*.conf ; do basename $file .conf ; done
  register: php5_installed_pools
  changed_when: False

- name: Remove unmanaged pools in /etc/php5/fpm/pool.d/*.conf
  tags: ['php5', 'php5-config']
  file:
    name=/etc/php5/fpm/pool.d/{{ item }}.conf
    state=absent
  when: item not in php5_pools_to_configure
  with_items: php5_installed_pools.stdout_lines



- name: Get pools names to configure
  tags: ['php5', 'php5-config']
  set_fact:
    php5_pools_names: "{{ php5_pools | map(attribute='name') | list }}"

- name: Find unmanaged pools
  tags: ['php5', 'php5-config']
  shell: >
    find /etc/php5/fpm/pool.d \
        -name '*.conf' \
        -regextype posix-egrep \
      ! -regex '/etc/php5/fpm/pool.d/({{ php5_pools_names | join('|') }}).conf'
  register: unmanaged_php5_pools

- name: Remove unmanaged pools
  tags: ['php5', 'php5-config']
  file:
    name={{ item }}
    state=absent
  with_items: unmanaged_php5_pools.stdout_lines