Jérémy Lecour
5d79c31dc3
kvm-host: add migrate-vm script
2021-04-28 15:53:38 +02:00
Jérémy Lecour
94a5d7daa2
mysql: variable to disable myadd script overwrite (default: True)
2021-04-23 14:59:29 +02:00
Jérémy Lecour
eab68545fe
evolinux-base: add default motd template
2021-04-23 11:41:27 +02:00
Ludovic Poujol
3457b14fed
ntpd: Add leapfile configuration setting to ntpd on debian 10+
2021-04-21 17:22:45 +02:00
Ludovic Poujol
d56c545183
apache: new variable for mpm mode (+ updated default config accordingly)
...
Also, itk package will only be installed if required
2021-04-19 17:35:49 +02:00
Jérémy Lecour
5e0ca0e3ff
Release 10.5.1
2021-04-13 15:56:09 +02:00
Ludovic Poujol
0f8804a8ab
etc-git: commit in /usr/share/scripts when there's an active repository
2021-04-08 16:07:49 +02:00
Jérémy Lecour
a5a2c6e335
haproxy: dedicated internal address/binding (without SSL)
2021-04-06 14:41:03 +02:00
Jérémy Lecour
2686eea2b1
Release 10.5.0
2021-04-01 15:38:10 +02:00
Jérémy Lecour
7041a70eeb
elasticsearch: log rotation is more readable/maintainable
2021-04-01 15:36:34 +02:00
Ludovic Poujol
f2ebe2d878
lxc-php: Add php 7.4 support
2021-03-31 10:57:29 +02:00
Jérémy Lecour
d7d057e435
filebeat: fix Ansible syntax error
2021-03-23 16:29:03 +01:00
Jérémy Lecour
2593784ab0
metricbeat: new variables to configure SSL mode
2021-03-23 16:28:14 +01:00
Jérémy Lecour
3a3cf1395e
listupgrade: update script from upstream
2021-03-23 16:27:15 +01:00
Jérémy Lecour
5a4bd28eaf
nagios-nrpe: libfcgi-client-perl is not available before Debian 10
2021-03-18 15:16:23 +01:00
Jérémy Lecour
5582d6e724
redis: socket/pid directories have the correct permissions
2021-03-18 15:15:39 +01:00
Patrick Marchand
e5511eafc6
Revert changes to bind log path from apparmor fix
...
I realised it wasnt the best idea to change the path we are used to using just for this, so I overwrite the apparmor configuration instead.
2021-03-09 16:58:14 -05:00
Patrick Marchand
ffd3ff97f1
Fix conflict in changelog
2021-03-09 12:28:01 -05:00
Patrick Marchand
7da22e243e
Changed log directory for bind9
...
It is now /var/log/named, this is what debian 10 and apparmor expect by default. This fixes the bind9 service crashing at start.
2021-03-09 12:25:15 -05:00
Jérémy Lecour
3103af67a7
redis: escape password in Munin configuration
2021-03-09 18:24:15 +01:00
Ludovic Poujol
3cb18faf28
evolinux-users: Add sudo rights for nagios for multi-php lxc
2021-03-04 16:48:55 +01:00
Jérémy Lecour
1f4079b1b3
haproxy: possible admin access with login/pass
2021-02-27 18:43:59 +01:00
Ludovic Poujol
df9db31725
deny requests to ^/evolinux_fpm_status-.*
2021-02-22 16:06:57 +01:00
Jérémy Lecour
3709808fdc
redis: use /run instead or /var/run
2021-02-18 16:42:54 +01:00
Ludovic Poujol
ddd3e1aa06
nagios-nrpe: new script check_phpfpm_multi
2021-02-17 17:23:11 +01:00
Jérémy Lecour
f862ffc42e
beats packages can be upgraded to latest (default: False)
2021-02-16 16:35:25 +01:00
Jérémy Lecour
622bbca4c2
apache: rotate logs daily instead of weekly
2021-02-12 18:05:47 +01:00
Ludovic Poujol
b0cb14eb5b
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
2021-02-12 15:22:57 +01:00
Jérémy Lecour
2b328dc764
postfix: add smtpd_relay_restrictions in configuration
2021-02-12 14:10:04 +01:00
Jérémy Lecour
17f1a1a55e
update changelog
2021-02-11 12:09:32 +01:00
Jérémy Lecour
dde2672715
nginx: no more "minimal" mode, but the package remains customizable.
2021-02-04 11:31:36 +01:00
Jérémy Lecour
cff309ff41
nginx: add access to server status on default VHost
2021-02-04 11:30:32 +01:00
Jérémy Lecour
5588ed6009
minifirewall: change some defaults
...
Only SSH (22) is open on privilegied IPs
Remove volatile.debian.org domain
2021-02-04 10:55:31 +01:00
Jérémy Lecour
024d30ea43
evoacme: upstream release 21.01
2021-01-07 19:16:06 +01:00
Jérémy Lecour
0e32e0d2aa
certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
2021-01-07 18:55:44 +01:00
Jérémy Lecour
8c54fd8c16
apache: new variables for logrotate + server-status
2021-01-05 17:47:56 +01:00
Jérémy Lecour
19da5ea1f7
Release 10.4.0
2020-12-24 14:00:37 +01:00
Jérémy Lecour
7ec0748383
certbot: detect domains if missing
2020-12-24 13:56:43 +01:00
Jérémy Lecour
442e9bcda8
cerbot: hook to sync certificates to remote servers
2020-12-24 13:56:43 +01:00
Jérémy Lecour
4dbd1b0bee
certbot: disable auth for Let's Encrypt challenge
2020-12-24 10:33:48 +01:00
Jérémy Lecour
1d56e002b4
nginx: change from "nginx_status-XXX" to "server-status-XXX"
2020-12-23 15:53:36 +01:00
Jérémy Lecour
66a6e67de2
varnish: variable for jail configuration
2020-12-21 23:33:14 +01:00
Jérémy Lecour
1922b51fbe
Release 10.3.0
2020-12-21 16:03:49 +01:00
Jérémy Lecour
67ce8de85e
varnish: custom reload script is now useless
2020-12-20 23:25:34 +01:00
Jérémy Lecour
3e72d6961c
varnish: no threadpool delay by default
2020-12-20 23:03:37 +01:00
Jérémy Lecour
8861169a04
varnish: config file name is configurable
2020-12-20 23:03:10 +01:00
Jérémy Lecour
81fbd98a5f
evolinux-users: improve uid/login checks
2020-12-17 15:25:48 +01:00
Jérémy Lecour
0b528f15da
tomcat-instance: fail if uid already exists
2020-12-17 08:06:44 +01:00
Jérémy Lecour
5b2d3b09d0
Create system users for vmail (dovecot) and evoadmin
2020-12-17 08:05:16 +01:00
Jérémy Lecour
3c4986275c
evocheck: upstream release 20.12
2020-12-08 11:07:42 +01:00
Jérémy Lecour
772bce8c0b
dovecot: vmail uid/gid are configurable
2020-12-07 17:26:45 +01:00
Jérémy Lecour
4d6f88f0f4
minifirewall: add variables to force upgrade the script and the config (default: False)
2020-12-07 17:23:37 +01:00
Jérémy Lecour
98f798b9fb
cerbot: parse HAProxy config file only if HAProxy is found
2020-12-03 17:26:16 +01:00
Jérémy Lecour
fc71bb5945
minifirewall: upstream release 20.12
2020-12-01 22:57:13 +01:00
Jérémy Lecour
9aa24f4cde
minifirewall: Docker support
2020-12-01 22:47:38 +01:00
Jérémy Lecour
b6817cb62c
evoacme: upstream release 20.12
2020-12-01 22:27:05 +01:00
Jérémy Lecour
18ac1e7279
redis: check maxmemory in NRPE check
...
If "maxmemory" is set and "maxmemory-policy" is missing or set to
"noeviction" then we enforce the "maxmemory" limit
2020-12-01 19:02:42 +01:00
Jérémy Lecour
86d59cbb5f
mysql: install save_mysql_processlist script
2020-11-24 13:59:04 +01:00
Ludovic Poujol
1d8b7c3bea
apt: disable APT Periodic
...
This interfere with our usual workflow (listupgrade)
Note : Using 0 instead of false is intentional, The value is used by the
apt-daily script that except a "0" to disable itself.
2020-11-24 11:19:18 +01:00
Jérémy Lecour
592030ee9a
evoacme: variable to disable Debian version check (default: False)
2020-11-21 09:59:10 +01:00
Jérémy Lecour
b43d0f3629
evoacme: upstream release 20.11
2020-11-19 21:21:07 +01:00
Ludovic Poujol
15154169cf
kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-10-30 11:56:24 +01:00
Mathieu Trossevin
71f85a5863
Merge branch 'unstable' into packweb-multi-php2
2020-10-20 17:41:36 +02:00
Mathieu Trossevin
2ea4745f93
lxc-php: Update changelog
2020-10-20 17:27:34 +02:00
Ludovic Poujol
c8d4da532f
evoacme: Don't ignore hooks with . in the name (ignore when it's ".disable")
2020-10-20 10:58:51 +02:00
Ludovic Poujol
9e5d041210
dovecot: Update munin plugin & configure it
2020-10-20 10:56:41 +02:00
Jérémy Lecour
d80461e39a
redis: variable to force use of port 6379 in instances mode
2020-10-19 16:03:58 +02:00
Ludovic Poujol
929f258bf8
nextcloud: New role
2020-10-02 16:51:05 +02:00
Jérémy Lecour
8b48552e36
Release 10.2.0
2020-09-17 14:06:46 +02:00
Jérémy Lecour
3e67d92fd3
certbot: an empty change shouldn't raise an exception
2020-09-16 12:07:27 +02:00
Jérémy Lecour
48174ad618
evoacme: remount /usr if necessary
2020-09-14 11:31:47 +02:00
Jérémy Lecour
b818c348c2
evoacme: remove Debian 9 support
2020-09-11 11:09:45 +02:00
Ludovic Poujol
f9d6fe0ad4
evolinux-base: install wget
2020-09-10 14:59:19 +02:00
Jérémy Lecour
c7151a8de8
certbot: fix "no-self-upgrade" option
2020-09-08 10:02:15 +02:00
Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
2020-09-01 14:08:39 +02:00
Jérémy Lecour
afa0fd35c8
Change default public SSH/SFTP port from 2222 to 22222
2020-08-28 18:32:47 +02:00
Jérémy Lecour
d0622c6b20
tomcat: root directory owner/group are configurable
2020-08-27 17:12:34 +02:00
Jérémy Lecour
7413a242a8
Release 10.1.0
2020-08-21 14:50:17 +02:00
Jérémy Lecour
1e6d6cdd13
sort lines in CHANGELOG
2020-08-21 14:03:41 +02:00
Jérémy Lecour
a60deb276b
evoacme: upstream release 20.08
2020-08-21 14:01:06 +02:00
Jérémy Lecour
8ea1bac000
evoacme: update for new certbot role
...
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
2020-08-21 13:36:24 +02:00
Benoît S.
a8095b1c36
Updated CHANGELOG.md with recent merges
2020-08-20 15:49:22 +09:00
Jérémy Lecour
57ac4e467c
metricbeat: allow using a template
2020-08-18 14:01:09 +02:00
Jérémy Lecour
ce35f7292f
filebeat: allow using a template
2020-08-18 14:00:46 +02:00
Jérémy Lecour
d3e69eeeb5
certbot: fix haproxy hook (ssl cert directory detection)
...
It was matching additional parameters.
Now it matches on the first argument after "crt"
2020-07-21 10:46:01 +02:00
Jérémy Lecour
21b8104654
elasticsearch: configure cluster with seed hosts and initial masters
2020-07-19 11:40:59 +02:00
Jérémy Lecour
9270852349
elasticsearch: set tmpdir before datadir
2020-07-19 11:30:00 +02:00
Jérémy Lecour
8aa7f6cf33
mongodb: install custom munin plugins
2020-07-17 13:48:18 +02:00
Jérémy Lecour
9bdd5ad9e7
haproxy: rotate logs with date extension and immediate compression
2020-06-22 19:02:29 +02:00
Jérémy Lecour
977c28c720
varnish: fix start command when multiple addresses are present
2020-06-16 13:51:07 +02:00
Jérémy Lecour
ce7468816f
haproxy: deport SSL tuning to Mozilla SSL generator
...
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good
configuration.
2020-06-15 22:47:08 +02:00
Jérémy Lecour
30cdbae981
haproxy: split stats variables
2020-06-15 22:45:22 +02:00
Jérémy Lecour
011761eb8f
haproxy: add deny_ips file to reject connections
2020-06-14 23:28:29 +02:00
Jérémy Lecour
8465743973
haproxy: add some comments to default config
2020-06-14 23:27:50 +02:00
Jérémy Lecour
4bf5b1daa6
nginx: read server-status values before changing the config
2020-06-14 12:49:10 +02:00
Jérémy Lecour
f47af9f54f
haproxy: preconfigure SSL with defaults
2020-06-14 12:37:04 +02:00
Jérémy Lecour
7f54b8ab60
haproxy: adapt backports installed package list to distibution
2020-06-14 12:37:04 +02:00
Jérémy Lecour
e5d4ea3c18
nginx: make default vhost configurable
2020-06-14 12:37:04 +02:00
Jérémy Lecour
ce0d61bcbd
certbot: detect HAProxy cert directory
2020-06-14 12:37:04 +02:00
Jérémy Lecour
a8887aaa8e
update changelog
2020-06-09 11:45:19 +02:00
Jérémy Lecour
4c71ea2012
haproxy: enable stats frontend with access lists
2020-06-09 11:41:33 +02:00
Patrick Marchand
c9daa8ba35
evobackup-client: Fix ssh connection test in zzz_evobackup.sh
...
When I made the ssh key name a variable and defaulted it to id_ed25519,
I forgot to change the hardcoded value for the ssh test in
evobackup-client/templates/zzz_evobackup.default.sh.j2
2020-06-08 17:22:18 -04:00
Jérémy Lecour
1ade990526
mongodb: fix logrotate patterm on Debian buster
2020-06-05 11:02:54 +02:00
Jérémy Lecour
7f0931510f
evoacme: upstream release 20.06.1
2020-06-05 11:01:42 +02:00
Ludovic Poujol
ebffccae59
lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
2020-06-05 11:01:22 +02:00
Ludovic Poujol
186f3d90b9
lxc-php: Install opensmtpd as intended
2020-06-05 10:57:49 +02:00
Ludovic Poujol
0dfb92360f
php: Don't disable putenv() by default in PHP settings
2020-06-04 11:52:04 +02:00
Ludovic Poujol
90704dc712
lxc-php: Don't disable putenv() by default in PHP settings
2020-06-04 11:51:25 +02:00
Ludovic Poujol
ead0b7fd88
lxc-php: Install php-sqlite by default
2020-06-04 11:42:17 +02:00
Ludovic Poujol
8c883c44dd
php: Install php-sqlite by default
2020-06-04 11:39:51 +02:00
Ludovic Poujol
c7d456471b
packweb-apache: Install zip & unzip by default
2020-06-04 11:34:26 +02:00
Jérémy Lecour
3bd0a4ffb3
certbot: restore compatibility with old Nginx
2020-06-04 11:22:58 +02:00
Jérémy Lecour
9aed38b637
certbot: install certbot dependencies non-interactively for jessie
2020-06-04 11:22:58 +02:00
Jérémy Lecour
1d5a30b144
evoacme: upstream release 20.06
2020-06-03 12:09:58 +02:00
Patrick Marchand
c8cd119a18
Merge pull request 'Make it possible to setup mysql replication' ( #102 ) from mysql_replication into unstable
2020-06-02 17:31:13 +02:00
Jérémy Lecour
4cf438c8ff
redis: raise an error is port 6379 is used in "instance" mode
2020-06-02 11:22:56 +02:00
Jérémy Lecour
8a87fecbe4
redis: new syntax for match filter
2020-06-02 11:00:06 +02:00
Jérémy Lecour
47d11308ba
redis: create sudoers file if missing
2020-06-02 10:59:51 +02:00
Jérémy Lecour
86cab2ab94
haproxy: chroot and socket path are configurable
2020-06-02 10:58:10 +02:00
Patrick Marchand
8c1e40c1a9
Add option to make a mysql install read only
...
Rebased on unstable
2020-06-01 12:03:23 -04:00
Ludovic Poujol
09371b095f
packweb-apache: Don't turn on mod-evasive emails by default
2020-05-18 12:03:34 +02:00
Jérémy Lecour
4016387ca8
Release 10.0.0
2020-05-13 11:20:45 +02:00
Jérémy Lecour
ac7ee86a9c
minifirewall: /bin/true command doesn't report "changed" anymore
2020-05-11 15:23:52 +02:00
Jérémy Lecour
849ec405d5
evocheck: upstream version 20.04.4
2020-04-28 16:00:45 +02:00
Jérémy Lecour
57e5791728
networkd-to-ifconfig: add variables for configuration by variables
2020-04-26 18:39:25 +02:00
Jérémy Lecour
2f77100b47
evocheck: upstream version 20.04.3
2020-04-26 10:54:49 +02:00
Jérémy Lecour
d013a65cf6
Merge branch 'unstable' into lpoujol/better-multiphp
2020-04-17 12:23:56 +02:00
Jérémy Lecour
6764418e75
evocheck: upstream release 20.04.2
2020-04-15 18:01:55 +02:00
Jérémy Lecour
257a3476f1
evocheck: upstream release 20.04.1
2020-04-12 22:30:07 +02:00
Jérémy Lecour
f2613e91aa
evolinux-base: configure cciss-vol-statusd in the proper file
...
The default file should be used for configuration instead of the init
script.
2020-04-10 11:36:03 +02:00
Ludovic Poujol
93c043c8e0
(fix) lxc: Fix container existance check to be able to run in check_mode
2020-04-08 17:57:46 +02:00
Ludovic Poujol
bd63e7037f
packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
2020-04-08 17:54:43 +02:00
Ludovic Poujol
f135f67cd0
(change) php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
...
Closes #98
2020-04-01 18:22:46 +02:00
Ludovic Poujol
7fc260a17b
(fix) php: update surry_post.yml to match current latest PHP release
2020-04-01 18:08:57 +02:00
Ludovic Poujol
f442239cec
(fix) packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
2020-04-01 18:05:20 +02:00
Ludovic Poujol
135a089341
(change) lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a21fcaf663
(fix) php: Chose the debian version repo archive for packages.sury.org
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a680399608
packweb-apache: Add missing dependency to evoacme role
2020-04-01 17:23:39 +02:00
Ludovic Poujol
9b80db3772
lxc: Don't stop the container if it already exists
2020-04-01 17:17:00 +02:00
Jérémy Lecour
5b5b8944c5
java: add Java 11 as possible version to install
2020-03-21 19:07:26 +01:00
Patrick Marchand
d5731f90e0
Merge branch 'bind9_evocheck_fix' into unstable
2020-03-10 13:48:52 -04:00
Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
92dcbf1ab5
rbenv: change default Ruby version to 2.7.0
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ac6414076c
nodejs: change default version to 12 (new LTS)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
783dcb9890
evomaintenance: upstream release 0.6.3
2020-03-02 22:12:58 +01:00
Jérémy Lecour
68a1d4eb27
update changelog
2020-03-02 20:53:54 +01:00
Jérémy Lecour
af53a6b2ec
evomaintenance: upstream release 0.6.2
2020-03-02 14:45:41 +01:00
Jérémy Lecour
eb74bda22a
nagios-nrpe: check_mode per cpu dynamically
2020-02-28 12:14:20 +01:00
Jérémy Lecour
1b29f2d793
update listupgrade from upstream
2020-02-27 13:41:04 +01:00