Ludovic Poujol
e32e1c5496
Unbound: Big update & enhancements
...
* Move configuration generated to /etc/unbound/unbound.conf.d/evolinux.conf so we don't override default config file
* Make use of root hints provided by dns-root-data instead of downloading them
* Add configuration to ensure that configuration reload work out of the box on Debian11 and old
* Add required configuration in Unbound and munin to allow tge plugin to work
* Make ansible-lint a bit more happy
2023-12-08 16:13:41 +01:00
Tom David--Broglio
cbc51c462a
fix Add Ceph volume to fstab : missing UUID= in src
2023-12-07 11:02:04 +01:00
Alexis Ben Miloud--Josselin
4d7de89ad4
webapps/nextcloud: Add condition for config tasks
...
And update CHANGELOG
2023-12-07 10:19:42 +01:00
William Hirigoyen
c9e8b6c4e1
dovecot: Munin plugin conf path is now /etc/munin/plugin-conf.d/zzz-dovecot (instead of z-evolinux-dovecot)
2023-12-07 10:04:11 +01:00
David Prevot
b8732dffaf
Changelog for previous changes
2023-11-30 15:58:31 +01:00
Mathieu Trossevin
0ca31b91fe
fix(certbot): Fix hook for dovecot (too strict)
...
When we use a separate certificate for POP3 and IMAP there might be
blank characters (almost certainly spaces but might as well be more lax)
before `ssl_cert` which resulted in these lines not being detected and
the hook not being played, forcing manual intervention.
This commit fixes that problem by accepting blank characters before
ssl_certs. (`\b` might be even better...)
2023-11-30 10:11:05 +01:00
William Hirigoyen
1a74bef0bc
check stat.exists before stat.isdir
2023-11-29 10:13:43 +01:00
William Hirigoyen
83e61b25a5
etc-git: add /var/chroot-bind/etc/bind repo
2023-11-29 09:59:57 +01:00
Jérémy Lecour
06c47493e9
sort changelog
2023-11-29 09:24:28 +01:00
Jérémy Lecour
81d97bb3fb
vrrpd: variable to force update the switch script (default: false)
2023-11-29 09:24:00 +01:00
David Prevot
e5f5425f6d
lxc-php: Allow one to install php83 on Bookworm container
2023-11-28 17:15:44 +01:00
David Prevot
69bc93ff6e
lxc: Init /etc git repository in lxc container
...
Note: ugly loop, but “it works”…
2023-11-24 11:54:13 +01:00
Alexis Ben Miloud--Josselin
892067cf2b
kvmstats: use .capacity instead of .physical for disk size
2023-11-23 12:26:20 +01:00
David Prevot
c93748487b
evocheck: upstream release 23.11.1
2023-11-22 17:27:39 +01:00
David Prevot
2c86660e52
evocheck: upstream release 23.11
2023-11-22 17:06:39 +01:00
David Prevot
95aeb9a68e
Fix bind changelog entry
2023-11-22 16:13:37 +01:00
David Prevot
96d15eb5aa
Changelog entry for bind changes
2023-11-21 11:35:42 +01:00
Jérémy Lecour
4cba25d8fc
evolinux-base: no need to remove update-evobackup-canary from sbin anymore
2023-11-20 19:15:39 +01:00
Jérémy Lecour
f01e7453fb
no need to symlink backup-server-state to dump-server-state anymore
2023-11-20 19:13:51 +01:00
Jérémy Lecour
83c178f244
log2mail: move custom config in separate file
2023-11-20 19:02:48 +01:00
Jérémy Lecour
642fbb1ea4
evolinux-base: dump-server-state upstream release 23.11
2023-11-20 19:02:03 +01:00
William Hirigoyen
a5e4359d0e
#73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled
2023-11-17 15:51:33 +01:00
Gregory Colpart
0578d5a3ec
apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
2023-11-16 14:45:07 +01:00
Gregory Colpart
ac72c7ac31
apache: fix MaxRequestsPerChild value to be sync with wiki.e.o
2023-11-16 14:44:08 +01:00
Gregory Colpart
b1a67d1a5c
apache : fix goaway pattern for bad bots
2023-11-16 14:35:48 +01:00
William Hirigoyen
1394052fd6
ProFTPd: set missing default listen IP for SFTP, enable ed25525549 key only for Debian >= 11
2023-11-15 10:53:22 +01:00
William Hirigoyen
4a6e6e6ba2
ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key
2023-11-15 09:43:10 +01:00
Ludovic Poujol
b77845cc8c
php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
2023-11-13 16:17:22 +01:00
Tom David--Broglio
6ae9e04f27
webapps/nextcloud: fix misplaced gid attr and added check for nexctcloud uid
2023-11-09 16:48:17 +01:00
Tom David--Broglio
aab3381887
webapps/nextcloud: fix missing gid
2023-11-09 15:59:45 +01:00
Tom David--Broglio
009de62e28
webapps/nextcloud Added var nextcloud_user_uid to enforce uid for nextcloud user
2023-11-09 15:19:15 +01:00
William Hirigoyen
41ec5b737b
nagios: rename var into and check systemd-timesyncd instead of ntpd in Debian 12
2023-11-07 17:46:29 +01:00
William Hirigoyen
c9c8ade55d
nagios: fix default file to monitor for check_clamav_db
2023-11-03 18:03:35 +01:00
William Hirigoyen
bc284f8248
add-vm.sh: allow VM name max length > 20
2023-11-03 10:48:28 +01:00
Brice Waegeneire
74a6b2ead1
nagios-nrpe: add check_sentinel
2023-10-27 15:02:28 +02:00
David Prevot
953ca015c5
Changelog entries for latest changes
2023-10-26 16:09:42 +02:00
Brice Waegeneire
679e170dce
evolinux-base: use separate default config file for rsyslog
2023-10-18 15:10:35 +02:00
Jérémy Lecour
3b3b130248
Release 23.10
2023-10-14 07:37:18 +02:00
Jérémy Lecour
31990cfe80
Linting CHANGELOG
2023-10-14 07:36:29 +02:00
Alexis Ben Miloud--Josselin
bbf6ce6f6e
rbenv: Installer libyaml-dev
...
Le paquet est nécessaire en Debian 12.
2023-10-12 17:49:00 +02:00
Alexis Ben Miloud--Josselin
dbd1103078
docker-host: Retirer directive state en trop
2023-10-11 18:06:13 +02:00
Alexis Ben Miloud--Josselin
a80076a5ea
evolinux-base: Corriger autorisation pour evolinux_user
...
Cas configuration SSH séparée. Ticket #74636 .
2023-10-11 10:02:34 +02:00
Jérémy Lecour
3347ac4271
evomaintenance: upstream release 23.10.1
2023-10-09 18:13:48 +02:00
Alexis Ben Miloud--Josselin
0c9b55e5e1
evolix-base/root: fix module used
2023-10-09 17:12:15 +02:00
Jérémy Lecour
c673ed10c6
evomaintenance: upstream release 23.10
2023-10-09 16:24:47 +02:00
Jérémy Lecour
d6a777be72
kvm-host: migrate-vm: set migration speed even on bridges
2023-10-05 22:05:17 +02:00
Jérémy Lecour
9cd0426d2b
nagios-nrpe: sync Redis check from redis roles
2023-10-03 13:34:53 +02:00
David Prevot
f2c37dddff
Use timesyncd instead of ntpd starting with Debian 12 (not always)
2023-09-28 17:25:18 +02:00
David Prevot
a2306e6a15
Changelog for previous commit
2023-09-28 15:27:19 +02:00
David Prevot
aa13171f91
Changelog for previous commit
2023-09-26 18:00:59 +02:00
David Prevot
c03dd0ca2f
Changelog for previous commit
2023-09-26 18:00:48 +02:00
Ludovic Poujol
a65230b5e0
mysql: new munin graph to follow binlog_days over time
2023-09-26 17:35:14 +02:00
Jérémy Lecour
b5550d2ce2
lxc-php: fix APT keyring path inside containers
2023-09-21 15:47:23 +02:00
Jérémy Lecour
cc9d0c59d3
CHANGELOG cleanup
2023-09-20 14:33:45 +02:00
Jérémy Lecour
050b2ae419
kvm-host: migrate-vm sets the migration speed automatically
2023-09-20 13:08:42 +02:00
William Hirigoyen
d7d8ee63b2
Revert "lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)"
...
This reverts commit 92788a8b93
.
2023-09-15 15:20:45 +02:00
William Hirigoyen
92788a8b93
lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
2023-09-14 17:11:46 +02:00
Jérémy Lecour
53a0e56472
metricbeat/logstash: fix Ansible syntax
2023-09-13 09:38:44 +02:00
Jérémy Lecour
41004e20b4
kvm-host: migrate-vm exits if DRBD is not up-to-date
2023-09-12 11:38:54 +02:00
William Hirigoyen
2af2e5ee78
nagios-nrpe: set default check_load --per-cpu for BSD
2023-09-11 09:25:21 +02:00
William Hirigoyen
2a7d2d9c58
postfix: disable IPv6
2023-09-05 15:44:37 +02:00
Mathieu Trossevin
cfca604670
nagios-nrpe: Add proper plugin to monitor glusterfs health
2023-09-05 15:21:08 +02:00
Alexis Ben Miloud--Josselin
73c0a0d29a
evolinux-base: include files under sshd_config.d
...
In case we need to add the Include directive, we add it at the
beginning of the global configuration file. This way the Include
directive can't be inside a Match directive.
2023-08-31 17:09:43 +02:00
Jérémy Lecour
8ca7cc4692
kvm-host: release 23.08 for migrate-vm.sh
2023-08-31 11:26:21 +02:00
Jérémy Lecour
e2dea8054f
kvm-host: add batch-mode and ignore stdin for SSH command in migrate-vm.sh
2023-08-31 11:26:20 +02:00
Eric Morino
df202197c7
Change lxc container in bookworm for php82
2023-08-29 15:28:09 +02:00
Ludovic Poujol
e71cffd8fd
php: add new variable to disable oveeriding settings of php-fpm default pool (www)
2023-08-28 17:08:33 +02:00
Alexis Ben Miloud--Josselin
b8b48bbcb9
evocheck: Fix IS_SSHALLOWUSERS condition
2023-08-23 16:18:35 +02:00
Jérémy Lecour
bb41d313a9
apt: Explicit "signed-by" directives for official sources
2023-08-18 16:28:03 +02:00
Jérémy Lecour
feba74c469
evolinux-base: reboot the server if the Cloud kernel has been installed
2023-08-18 12:10:01 +02:00
Jérémy Lecour
67c6167474
apt: Disable NonFreeFirmware warning for VM on Debian 12+
2023-08-18 12:10:00 +02:00
Alexis Ben Miloud--Josselin
536d051890
Fix mode for files under /etc/ssh/sshd_config.d
2023-08-16 18:21:06 +02:00
Alexis Ben Miloud--Josselin
263f940c3d
Update Changelog
2023-08-16 16:14:42 +02:00
William Hirigoyen
81849c6537
userlogrotate: new version, with separate conf file
2023-08-11 10:51:45 +02:00
Ludovic Poujol
f0abb53750
evolinux-base: New variable "evolinux_system_include_ntpd" to chose wether or not to include ntpd role
2023-08-04 11:47:42 +02:00
Eric Morino
87d09275a0
postgresql: fix file postgresql.pref.j2 for exclude package
2023-08-04 10:18:08 +02:00
Eric Morino
eca010d959
postgresql: fix task "update apt cache" for PGDG repo
2023-08-04 09:56:44 +02:00
Ludovic Poujol
16bba8b469
fail2ban: add variable fail2ban_sshd_port to configure sshd port
2023-07-31 11:50:36 +02:00
William Hirigoyen
3c3db4fefa
postfix: new spam.sh update script that avoids reloading if files did not change.
2023-07-25 15:24:00 +02:00
William Hirigoyen
b6886384b9
redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX)
2023-07-21 16:51:02 +02:00
William Hirigoyen
ef642e564e
bind: Add reload-zone helper
2023-07-21 16:19:26 +02:00
William Hirigoyen
030871ea9b
opendkim: update apt cache before install
2023-07-20 16:33:15 +02:00
William Hirigoyen
f2eaac0894
nginx: set default server directive in default vhost
2023-07-17 17:31:21 +02:00
William Hirigoyen
67f0fa5942
evolinux-base: configure bashrc for all users
2023-07-17 17:18:55 +02:00
William Hirigoyen
7133783695
Update CHANGELOG
2023-07-17 17:09:38 +02:00
Jérémy Lecour
83f7b6cdca
evolinux: Install HPE Agentless Management Service (amsd)
2023-07-12 09:40:24 +02:00
Ludovic Poujol
f50848917a
fail2ban: Fix cron fail2ban_dbpurge (should be bash instead of sh)
2023-07-10 16:41:12 +02:00
Mathieu Trossevin
831715e44c
fix(nagios-nrpe): Fix check_ssl_local output
...
nrpe read output of plugins from stdout only, if there is no output it
return UNKNOWN regardless of return code.
2023-07-07 11:30:22 +02:00
William Hirigoyen
aa10f719b4
redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
2023-07-06 11:04:53 +02:00
Jérémy Lecour
0331c23ad6
minifirewall: update nrpe script to check active configuration
2023-07-05 09:54:53 +02:00
Jérémy Lecour
e347b6eca8
minifirewall: upstream release 23.07
2023-07-05 09:54:52 +02:00
Bruno TATU
fb184a0ecf
Set fail2ban_dbpurgeage_default variable for fail2ban
2023-07-04 15:36:02 +02:00
Gregory Colpart
bb54c9209e
add options for Amavis integration in Postfix packmail
2023-07-04 09:52:47 +02:00
Gregory Colpart
1ecb463104
change default minimal_backoff_time (Postfix role)
2023-07-04 09:50:20 +02:00
Tom David--Broglio
e4436d9066
docker-host: added var for user namespace setting
2023-07-03 18:37:15 +02:00
Jérémy Lecour
a6bac1f20b
change syntax "become: [yes,no]" → "become: [true,false]"
2023-07-03 14:21:22 +02:00
Jérémy Lecour
00fe225a3c
force: [yes,no] → force [true,false]
2023-06-28 13:25:30 +02:00
William Hirigoyen
42ad894d45
dovecot: new Munin plugins, fix old_stats config
2023-06-23 11:26:35 +02:00
Ludovic Poujol
aec5406043
varnish: Allow the systemd template to be overriden with a template outside of the role
2023-06-19 16:09:40 +02:00
Jérémy Lecour
318991fe42
pbbouncer: minor fixes
2023-06-01 09:43:20 +02:00
Jérémy Lecour
2c079755e9
elasticsearch: comment the Xlog:gc line instead of changing it completely
2023-05-31 17:25:27 +02:00
Jérémy Lecour
1ae40e7686
nagios-nrpe: remount /usr **after** installing the packages
2023-05-31 11:27:32 +02:00
Ludovic Poujol
91bcd2a605
policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory
2023-05-25 11:43:53 +02:00
Jérémy Lecour
8706a35705
mysql: improve shell syntax for mysql_skip script
2023-05-22 14:16:50 +02:00
Jérémy Lecour
f79d8456d6
elasticsearch: improve networking configuration
2023-05-12 18:14:19 +02:00
William Hirigoyen
6ab34517b6
nagios-nrpe: add a NRPE check-local command with completion
2023-05-12 12:35:49 +02:00
William Hirigoyen
db0b5ab3db
postfix: add missing localhost.$mydomain to mydestination
2023-05-02 14:21:39 +02:00
William Hirigoyen
9821fc8f78
userlogrotate: rotate also php.log
2023-04-27 10:52:32 +02:00
William Hirigoyen
5c60fad29c
evolinux-users: remove Stretch references in tasks that also apply to next Debian versions.
2023-04-26 18:10:45 +02:00
Jérémy Lecour
6cd72cf9f4
Release 23.04
2023-04-23 10:48:39 +02:00
Jérémy Lecour
42e98791d9
Extract patroni role into its own branch for now
2023-04-23 10:31:02 +02:00
Brice Waegeneire
e8c7d2c3e3
lxc-php: add support for PHP 8.2 container
2023-04-20 11:27:56 +02:00
Eric Morino
8ec5c79ca1
Add new role Patroni in CHANGELOG
2023-04-03 14:45:17 +02:00
Alexis Ben Miloud--Josselin
ce247dba56
Add role for Graylog
2023-03-30 17:58:30 +02:00
Alexis Ben Miloud--Josselin
d37f6c0e3f
PgBouncer: add handler (restart)
2023-03-30 13:21:33 +02:00
Ludovic Poujol
34a0dae3e6
generate-ldif: Support for Debian 12
...
The script required few changes to adapt to the new output of lscpu & usage of lspci
lscpu
- Multiple Vendor ID fields (CPU & Bios) > We keep the first one tied to the CPU info
- No more CPU Speed displayed for virtual machines. We guess the CPU Speed with the CPU Name (Thanks intel puting it in the CPU Name). But that's not going to work with AMD CPUs. An alternative would be to have a peek at /proc/cpu
lspci
- Remove the "0x" prefix as it seems invalid with lscpi version on Debian 12. On older debian, vendor/device id are accepted with or without the "0x" prefix
2023-03-29 11:41:26 +02:00
Jérémy Dubois
939b2358a3
openvpn: updated the README file
2023-03-22 15:21:58 +01:00
Jérémy Lecour
6f61a0744c
apt: with Debian, 12 backports are installed but disabled by default
2023-03-18 15:38:05 +01:00
Jérémy Lecour
fac45cb64d
Release 23.03.1
2023-03-16 22:17:46 +01:00
Jérémy Lecour
8bfc4c28bc
listupgrade: remove old typo version of the cron task
2023-03-16 21:37:04 +01:00
Jérémy Lecour
be03dfcb08
apt: deb822 migration python script is looked relative to shell script
2023-03-16 21:37:04 +01:00
Jérémy Lecour
b7dea8d456
minifirewall: support protocols in numeric form
2023-03-16 21:37:04 +01:00
Alexis Ben Miloud--Josselin
eae2eed7b0
Add role for PgBouncer
2023-03-16 17:14:16 +01:00
Jérémy Lecour
65ee8c7e45
Release 23.03
2023-03-16 14:56:39 +01:00
Jérémy Lecour
8df930f016
import changelog line
2023-03-16 14:38:32 +01:00
Jérémy Lecour
70d34ac18d
listupgrade: upstream release 23.03.3
2023-03-16 14:38:32 +01:00
Jérémy Lecour
50216eb5c7
listupgrade: upstream release 23.03.2
2023-03-16 14:38:32 +01:00
Jérémy Lecour
8d698ec6cb
CHANGELOG cleanup
2023-03-16 14:38:29 +01:00
Alexis Ben Miloud--Josselin
dc6b340081
changelog: ajouter changements sur kvmstats
2023-03-16 14:21:21 +01:00
Jérémy Lecour
fa1935e46c
apt: add tools to migrate sources to deb822 format
2023-03-15 22:50:00 +01:00
David Prevot
c7940dc8c1
CHANGELOG: tfix
2023-03-13 15:12:37 +01:00
William Hirigoyen
419071f470
php: fix error introduced in 33503e4538
(False evaluated as a string instead of boolean)
2023-03-13 15:09:41 +01:00
Jérémy Lecour
b4a63d3d55
listupgrade: upstream release 23.03.1
2023-03-12 11:12:56 +01:00
Jérémy Lecour
b57fd16ee6
listupgrade: upstream release 23.03
2023-03-12 11:12:56 +01:00
Jérémy Lecour
d64193287d
postgresql: configure max_connections
2023-03-12 11:12:56 +01:00
William Hirigoyen
3f353ad072
elasticsearch: disable GC logging
2023-03-10 10:29:59 +01:00
William Hirigoyen
fc95f57711
elasticsearch: Disable GC rotation for JDK 8
2023-03-10 10:29:59 +01:00
William Hirigoyen
4759ed645c
lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001)
2023-03-08 11:09:36 +01:00
William Hirigoyen
af569f8c26
userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
2023-03-03 14:39:16 +01:00
William Hirigoyen
4d3f92df23
postfix: avoid Amavis transport to be considered dead when restarted.
2023-03-02 17:50:17 +01:00
William Hirigoyen
7ec58bf144
userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
2023-03-01 17:50:58 +01:00
William Hirigoyen
cc7c2a7d4e
userlogrotate: fix bug introduced in commit 2e54944a24
(rotated files were not zipped)
2023-03-01 17:22:50 +01:00
William Hirigoyen
d9c5563fd6
postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings)
2023-03-01 14:35:51 +01:00
Ludovic Poujol
e896459d06
varnish: add variable varnish_update_config to disable configuration update
2023-02-28 15:24:18 +01:00
David Prevot
1d701b060e
apt: Use pub.evolix.org instead of pub.evolix.net
2023-02-27 18:11:51 +01:00
Jérémy Lecour
17946f7280
apt: add move-apt-keyrings script/tasks
2023-02-27 13:58:01 +01:00
Jérémy Lecour
431ffd5991
evolinux-base: subversion is not installed anymore
2023-02-26 21:31:02 +01:00
Eric Morino
68d34c8528
Add changelog for add feature in postfix / apache and php
2023-02-24 15:46:00 +01:00
Jérémy Lecour
8cbe837147
bind: refactor role
...
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
2023-02-21 19:01:01 +01:00
William Hirigoyen
2c1db6a222
userlogrotate: create role separated from packweb-apache
2023-02-21 17:55:46 +01:00