Commit 18b16e2b authored by David Nowell's avatar David Nowell
Browse files

Installing fail2ban, cleaning up a few other minor changes

parent 9f810cd6
#!/bin/bash
DATE=`date +%Y%m%d`
HOST=`hostname`
cd /etc/gitlab
tar -cf /tmp/gitback-config.${DATE}.tar .
aws s3 cp /tmp/gitback-config.${DATE}.tar s3://umich-vdc-gitlab
cd /etc/ssh/
tar -cf /tmp/gitback-sshkeys.${DATE}.tar ssh_host*
aws s3 cp /tmp/gitback-sshkeys.${DATE}.tar s3://umich-vdc-gitlab
aws s3 cp /root/.ssh/authorized_keys s3://umich-vdc-gitlab/authorized_keys.${DATE}
aws s3 cp /tmp/gitback-sshkeys.${HOST}.${DATE}.tar s3://umich-vdc-gitlab
......@@ -88,6 +88,7 @@
with_items:
- mailx
- psmisc
- fail2ban
- name: Load secret variables
include_vars:
......@@ -119,6 +120,12 @@
state: reloaded
when: firewall.changed
- name: Start Fail2ban
service:
name: fail2ban
state: started
enabled: yes
- name: Check if GitLab configuration file already exists.
stat: path=/etc/gitlab/gitlab.rb
......@@ -262,14 +269,17 @@
#
# chown git:git /var/opt/gitlab/backups/*.tar
#
#
# aws s3 cp s3://umich-vdc-gitlab/gitback-config.20180620.tar /etc/gitlab/
#
# Be careful about this - It should all be in our Ansible playbook, so might not need it
# cd /etc/gitlab; tar -xf gitback-config.20180620.tar .
#
# This is important to do, but not when setting up a new Gitlab instance. Would do if rebuilding gitlab.umich.edu and want same host key
# aws s3 cp s3://umich-vdc-gitlab/gitback-ssh-host-keys.20180620.tar /etc/ssh/
#
# cd /etc/ssh; tar -xf gitback-ssh-host-keys.20180620.tar
#
#
#
# gitlab-rake gitlab:backup:restore BACKUP=1529568076_2018_06_21_10.8.4-ee force=yes
#
# gitlab-ctl start unicorn
......
......@@ -271,7 +271,7 @@ gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
......@@ -319,7 +319,10 @@ Jn6wFG3B1aNOH7kRJQl52mcyB1+22j+8zuQPelrcJXJIY4DYX2i641iMMIpd37Uc
/WGPV2TUDJZHDKfAWQQKLXX0XnyAdH1ia3809Vojpz3JoLwniRkGixQ79oAbZQft
fIwXhDRM/9SuPvpb/CrILS1qKi1E69AWuqDH
-----END CERTIFICATE-----',
{% include "files/{{ KEYFILE }}" %}
private_key:
'
{% include "files/"+KEYFILE %}
',
},
label: 'U-M Shibboleth SSO',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment