William Hirigoyen
e0c143d9cf
postfix: come back to default value of for pack mails
2023-01-23 15:35:47 +01:00
William Hirigoyen
13f4578599
postfix: Do not notify errors of classes policy, protocol in of main.cf
2023-01-23 15:01:57 +01:00
William Hirigoyen
31e90abe57
fail2ban: add 'Internal login failure' to Dovecot filter
2023-01-23 10:33:10 +01:00
William Hirigoyen
8d16f17354
* clamav: set MaxConnectionQueueLength
to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix.
...
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-01-18 10:30:41 +01:00
Jérémy Dubois
0cb751591a
nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
2023-01-17 11:11:33 +01:00
Ludovic Poujol
c27551939d
webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
2023-01-13 11:05:55 +01:00
Ludovic Poujol
dcc378776c
webapp/nextcloud : Change default data directory to be outside web root
2023-01-13 11:04:32 +01:00
Jérémy Dubois
68017d8db9
openvpn: fix the client cipher configuration to match the server cipher configuration
2023-01-12 14:29:18 +01:00
William Hirigoyen
417734eed2
haproxy: fix missing admin ACL in stats module access permissions
2023-01-11 16:15:09 +01:00
Patrick Marchand
08db5a5140
Fix problems with docker-host daemon.json config
2023-01-10 11:26:57 -05:00
William Hirigoyen
48e3ced983
elasticsearch : use logrotate for garbage collector logs
2023-01-02 17:29:37 +01:00
William Hirigoyen
8401401716
Update CHANGELOG
2022-12-30 10:46:24 +01:00
Jérémy Lecour
7a0e0d81d6
Proper jinja spacing
2022-12-28 09:03:37 +01:00
Jérémy Lecour
8eae5bba63
Use systemd module instead of command
2022-12-28 09:02:17 +01:00
Patrick Marchand
0e6c2567e2
Fix presentation error in changelog markdown
2022-12-22 11:35:52 -05:00
Patrick Marchand
5611bb73a2
Remove warning ignores as they are depreciated
...
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:35:20 -05:00
Patrick Marchand
1c6fdbf85a
Remove warning ignores as they are depreciated
...
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:32:32 -05:00
William Hirigoyen
7005344a5b
evolinux-base: ensure dbus enabled and started
2022-12-19 17:07:18 +01:00
William Hirigoyen
55a64845ce
postfix: add localhost. to mydestination
2022-12-15 11:49:35 +01:00
Jérémy Lecour
0622e9ff1e
fix non-breaking spaces
2022-12-14 11:47:53 +01:00
Jérémy Lecour
240ccee12b
Release 22.12
2022-12-14 11:39:51 +01:00
Jérémy Lecour
34fefa1212
typos
2022-12-14 07:46:12 +01:00
Jérémy Dubois
91b40ce72f
openvpn: Fix mode of shellpki script
2022-12-13 19:37:54 +01:00
Jérémy Dubois
9918776286
openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
2022-12-13 17:53:59 +01:00
Jérémy Dubois
0722b84341
openvpn: shellpki upstream release 22.12.2
2022-12-13 17:50:09 +01:00
Mathieu Trossevin
bc1facd1ba
proftpd: Fix mode of public key files and directory
2022-12-09 10:19:51 +01:00
Mathieu Trossevin
101c282846
proftpd: Fix format of public key files controlled by ansible
...
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.
Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
2022-12-08 17:32:53 +01:00
Jérémy Lecour
ce361c6819
listupgrade: sort/uniq of packages/services lists in email template
2022-12-07 21:05:12 +01:00
Jérémy Lecour
3c2369a3a2
listupgrade: better detection for PostgreSQL
2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin
982112bd64
rabbitmq: add link in default page
2022-12-07 15:49:03 +01:00
Jérémy Lecour
22f30b59f2
certbot: auto-detect HAPEE version in renewal hook
2022-12-05 14:22:12 +01:00
Jérémy Dubois
6cc3e03864
openvpn: specifies that the mail for expirations is for OpenVPN
2022-12-05 09:52:20 +01:00
Jérémy Dubois
cca072425b
openvpn: shellpki upstream release 22.12
2022-12-01 16:56:23 +01:00
Jérémy Dubois
cd2c1931b1
keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)
2022-11-28 17:16:43 +01:00
Jérémy Lecour
c96f28e47b
evocheck: install script according to Debian version
2022-11-27 22:14:39 +01:00
Jérémy Lecour
08db230c29
Merge branch 'debian12' into unstable
2022-11-27 18:29:57 +01:00
Jérémy Lecour
54dca82838
varnish: fix missing state, that blocked the task
2022-11-26 19:10:21 +01:00
Jérémy Lecour
665177556e
evomaintenance: allow missing API endpoint if APi is disabled
2022-11-26 19:09:05 +01:00
Jérémy Lecour
ecd9d1543f
varnish: better package facts usage with check mode and tags
2022-11-21 15:46:46 +01:00
Alexis Ben Miloud--Josselin
396afa0a75
nagios-nrpe: add ceph checks to changelog
2022-11-15 11:08:01 +01:00
Mathieu Trossevin
83138f0a0b
nagios-nrpe: Correct port for check_opendkim
2022-11-09 17:05:54 +01:00
Jérémy Lecour
faeb92230b
packweb-apache: manual dependencies resolution
2022-11-06 15:25:17 +01:00
Jérémy Lecour
4050dbea7a
packweb-apache: enable log_forensic module
2022-11-06 15:25:17 +01:00
Jérémy Lecour
b36d4c4766
various fixes for Debian 12
2022-11-06 15:25:17 +01:00
Jérémy Lecour
4c9aaf6d86
Merge branch 'unstable' into debian12-keyring
2022-11-06 10:19:36 +01:00
Jérémy Lecour
a1bf300d54
bookworm-detect: transitional role to help dealing with unreleased bookworm version
2022-11-05 21:15:21 +01:00
Jérémy Lecour
28540247f0
Add signed-by option for additional APT sources
2022-11-02 23:17:08 +01:00
Jérémy Lecour
f531460f49
Use proper keyrings directory for APT version
...
Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
2022-11-02 23:16:32 +01:00
Jérémy Lecour
c9ccda2277
varnish: create special tmp directory for syntax validation
2022-11-02 19:45:15 +01:00
Jérémy Lecour
4d259d3c04
varnish: systemd override depends on Varnish
...
Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible
2022-11-02 13:55:03 +01:00
William Hirigoyen
912cec5a78
lxc-php: update changelog.
2022-10-26 15:25:22 +02:00
Jérémy Lecour
857b3e0e45
nagios-nrpe: check_haproxy_stats supports DRAIN status
2022-10-20 15:46:04 +02:00
Jérémy Lecour
554c086b79
redis: variable to disable transparent hugepage (default: do nothing)
2022-10-20 14:38:12 +02:00
Jérémy Lecour
fc52fbf4bc
redis: some values should be quoted
...
When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.
2022-10-20 14:36:47 +02:00
Jérémy Lecour
f71075d4ef
evolinux-base: replace regular kernel by cloud kernel on virtual servers
2022-10-19 16:33:25 +02:00
Jérémy Dubois
6be2ff3b48
evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
2022-10-17 11:37:58 +02:00
Jérémy Lecour
2d16aeb41e
evolinux-base: utils.yml can be excluded
2022-10-11 13:37:21 +02:00
Mathieu Trossevin
4f9d6868e0
evolinux-user: sudoers privileges for check php\fpm80 and 81
2022-10-07 14:16:32 +02:00
Jérémy Lecour
15d7756881
minifirewall: whitelist deb.freexian.com
2022-10-03 18:54:29 +02:00
Jérémy Lecour
8e1b682ccc
squid: whitelist deb.freexian.com
2022-10-03 18:54:05 +02:00
Jérémy Lecour
c6fb24f7d8
lxc-solr: use default JRE package
2022-09-30 11:39:50 +02:00
Jérémy Lecour
792d1170ab
java: use default JRE when version is not specified
2022-09-30 11:39:05 +02:00
Jérémy Lecour
6aeaab078d
lxc-solr: set homedir and port at install
2022-09-27 07:47:26 +02:00
Jérémy Lecour
46deb04005
lxc-solr: choose java package and download URL according to Solr Version
2022-09-26 23:47:55 +02:00
Jérémy Lecour
26f9d171a4
lxc-solr: detect the real partition options
2022-09-26 23:46:29 +02:00
Jérémy Lecour
8089d90bd1
Release 22.09
2022-09-19 17:06:25 +02:00
Ludovic Poujol
a540235077
munin: Add ipmi_ plugins on dedicated hardware
2022-09-15 11:45:24 +02:00
William Hirigoyen
c310482ba6
domains: revert commits moved to dev branch domains
2022-09-15 10:48:55 +02:00
Jérémy Lecour
6f04a41557
fail2ban: fix dovecot-evolix regex syntax
2022-09-15 09:48:34 +02:00
William Hirigoyen
55f694f051
Update CHANGELOG
2022-09-14 12:21:13 +02:00
Jérémy Lecour
d8a2dccf36
evocheck: upstream release 22.09
2022-09-14 10:55:02 +02:00
Ludovic Poujol
cd46dd8320
proftpd: Add a warning if config file was overriden
2022-09-13 16:31:03 +02:00
Ludovic Poujol
9631476a06
proftpd: Allow user auth with ssh keys
2022-09-13 16:29:59 +02:00
Ludovic Poujol
7c4a169fb8
proftpd: Add options to override configs
2022-09-13 16:26:10 +02:00
Jérémy Lecour
28276b5d6f
evolinux-base: update-evobackup-canary upstream release 22.06
2022-09-12 13:54:57 +02:00
Jérémy Lecour
3c1ec588fd
minifirewall: use handlers to restart minifirewall
2022-09-09 16:09:48 +02:00
Jérémy Dubois
c3be57410d
openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
2022-09-06 11:27:20 +02:00
William Hirigoyen
6fa89e69a5
Update changelog
2022-09-02 15:48:09 +02:00
Ludovic Poujol
1f52700b47
memcached: NRPE check for multi-instance setup
...
Also some cleanup & split of tasks between single and multi instance
Note: Munin part seems still broken at the time
2022-09-01 15:33:00 +02:00
Ludovic Poujol
ee67ebca8b
webapps/nextcloud: Drop support for Nginx
2022-09-01 12:46:37 +02:00
William Hirigoyen
2bda54a7bd
Update CHANGELOG.md
2022-09-01 12:07:47 +02:00
Ludovic Poujol
d165a104f2
* webapps/nextcloud: Add missing dependencies for imagick
2022-09-01 11:28:08 +02:00
Ludovic Poujol
4a3b40d986
generate-ldif: Support any MariaDB version
2022-08-29 17:29:14 +02:00
Jérémy Lecour
c7a6b3e694
evocheck: upstream release 22.08.1
2022-08-29 17:03:31 +02:00
Jérémy Lecour
71aafe161c
evocheck: upstream release 22.08
2022-08-29 17:03:31 +02:00
Eric Morino
9a25d5981f
add webapps/nextcloud changelog
2022-08-26 16:34:19 +02:00
Jérémy Lecour
5fa7f4809c
vrrp: fix systemd unit name
2022-08-24 17:58:46 +02:00
Jérémy Lecour
018eee7ea0
Update 'CHANGELOG.md'
...
* use role name
* more descriptive message
* order items alphabetically
2022-08-24 15:22:25 +02:00
Patrick Marchand
2c1ec040d1
Simplify user subset creation
...
Instead of tags, allow only one subset of users to be created at a time.
2022-08-24 09:05:29 -04:00
Patrick Marchand
9dfcfe1ef3
Made it possible to only create a subset of users
...
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
2022-08-23 20:18:45 -04:00
David Prevot
3bd4b92425
CHANGELOG: Document previous ($self) change
2022-08-18 10:27:26 +02:00
Jérémy Lecour
d0abfa985c
redis: config directory must be owned by the user that runs the service
...
… to be able to write tmp config files in it
2022-08-17 16:53:07 +02:00
Jérémy Dubois
de0c4fd314
openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
2022-08-10 17:23:47 +02:00
Mathieu Trossevin
78dcec8656
varnish: Repair systemd unit for jessie/stretch
2022-08-10 11:18:23 +02:00
Mathieu Trossevin
08a4f1ed5f
Document previous change
2022-08-10 10:26:37 +02:00
Jérémy Lecour
6c33e11d5f
evocheck: upstream release 22.07.1
2022-07-28 14:18:12 +02:00
Jérémy Lecour
0f899dcd09
evocheck: remove failure if deprecated variable is used
2022-07-28 13:58:09 +02:00
Jérémy Lecour
25b96c3283
Release 22.07.1
2022-07-28 13:49:57 +02:00
Jérémy Lecour
f10ebe8cd6
evocheck: upstream release 22.07
2022-07-28 13:38:33 +02:00
Jérémy Lecour
c8898a3d10
nagios-nrpe: use regexp to exclude paths/devices in check_disk1
2022-07-28 13:25:51 +02:00
Jérémy Lecour
0d086731ae
evomaintenance: upstream release 22.07
2022-07-27 15:49:41 +02:00
Jérémy Lecour
f7edd565a3
nagios-nrpe: check_disk1 returns only alerts
2022-07-27 09:24:46 +02:00
Jérémy Lecour
b453321b3d
nagios-nrpe: exclude /run/shm and /run/lock from check_disk1
2022-07-27 09:24:46 +02:00
Jérémy Lecour
0b41efd188
mongodb: replace version_compare() with version()
2022-07-18 15:54:42 +02:00
Bruno TATU
213c6dd6ac
Add change for fail2ban role
2022-07-08 11:28:29 +02:00
Jérémy Lecour
53847d9919
Release 22.07
2022-07-06 18:02:42 +02:00
Jérémy Lecour
a387304483
Fix CHANGELOG
2022-07-06 14:26:13 +02:00
Jérémy Lecour
0a3bfd7f27
evolinux-base: session timeout is configurable
2022-07-06 14:24:41 +02:00
Eric Morino
028bfe209a
Add change in kvm-host
2022-07-05 10:18:49 +02:00
Jérémy Dubois
68ac8fc058
openvpn: configure logrotate
2022-06-30 10:12:36 +02:00
Jérémy Dubois
07c3c0226f
openvpn: minimal rights on /etc/shellpki/ and crl.pem
2022-06-29 16:09:04 +02:00
Jérémy Lecour
205e699355
minifirewall: docker mode is configurable
2022-06-22 17:20:15 +02:00
Jérémy Lecour
abb14e5b52
haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value
2022-06-22 15:32:10 +02:00
Ludovic Poujol
519ef930df
Update PermitRootLogin task to work on Debian 11
2022-06-21 15:13:38 +02:00
Jérémy Lecour
050c61c220
Release 22.06.3
2022-06-17 11:00:51 +02:00
Jérémy Lecour
57ecac01ba
evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
2022-06-16 15:19:44 +02:00
William Hirigoyen (Evolix)
3623363b94
Update changelog for version 22.06
2022-06-13 17:35:31 +02:00
Jérémy Lecour
556719bbf2
Release 22.06.2
2022-06-10 11:11:44 +02:00
Ludovic Poujol
b3ac39decd
postgresql: Fix task order when using pgdg repo & Install the right pg version
2022-06-09 10:33:28 +02:00
Jérémy Lecour
cea1408bba
evocheck: upstream release 22.06.2
2022-06-09 07:42:29 +02:00
Jérémy Lecour
4d1d77faaf
postgresql: add variable to configure binding addresses (default: 127.0.0.1)
2022-06-09 07:41:52 +02:00
Ludovic Poujol
1e19418fb0
Fail2ban: Multiple changes & improvements :
...
* Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* If jail.local was overriden, add a warning
* Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* Allow to tune the default action with ansible
* Change default action to ban only (instead of ban + mail with whois report)
* Configure recidive jail (off by default) + extend dbpurgeage
2022-06-08 17:55:58 +02:00
Jérémy Lecour
bcaacdf57f
postgresql: fix nested loop for Munin plugins
2022-06-08 15:39:34 +02:00
Jérémy Lecour
cbe7985814
Enforce String notation for mode
2022-06-08 15:38:21 +02:00
Jérémy Lecour
b677defd97
redis: binding is possible on multiple interfaces
2022-06-08 15:36:47 +02:00
Jérémy Lecour
1895c549d4
Release 22.06.1
2022-06-06 15:07:10 +02:00
Jérémy Lecour
3d70438f7e
evocheck: upstream release 22.06.1
2022-06-06 15:05:59 +02:00
Jérémy Lecour
4cd7e0f4a1
minifirewall: upstream release 22.06
2022-06-06 14:42:22 +02:00
Jérémy Lecour
56c2c19d61
evomariabackup: release 22.06.1
2022-06-05 21:49:23 +02:00
Jérémy Lecour
6d0e49ba90
mysql: reorganize evomariabackup to use mtree instead of our own dir-check
2022-06-05 21:48:04 +02:00
Jérémy Lecour
e718156f86
fix CHANGELOG
2022-06-03 10:19:35 +02:00
Jérémy Lecour
e8e99bb9b6
Release 22.06
2022-06-03 09:27:01 +02:00
Jérémy Lecour
9378f5634c
add missing entry in CHANGELOG
2022-06-03 09:26:07 +02:00
Jérémy Lecour
51908f64b9
evocheck: upstream release 22.06
2022-06-03 09:15:04 +02:00
Jérémy Lecour
586aa206a8
mysql: add post-backup-hook to evomariabackup
2022-06-02 18:26:23 +02:00
Jérémy Lecour
b8b96bb5b7
mysql: use dir-check inside evomariabackup
2022-06-01 17:24:55 +02:00
Jérémy Lecour
249e53fc21
evolinux-base: add dir-check script
2022-06-01 17:24:55 +02:00
Jérémy Lecour
17a2032a10
evolinux-base: add update-evobackup-canary script
2022-06-01 10:46:13 +02:00
Jérémy Lecour
b3dbcb082f
certbot: add hapee (HAProxy Enterprise Edition) deploy hook
2022-05-31 14:06:25 +02:00
Ludovic Poujol
134355d190
docker: Allow live-restore to be toggled with docker_conf_live_restore
2022-05-24 16:22:49 +02:00
Jérémy Lecour
1a9c219c5b
Release 22.05.1
2022-05-12 15:49:18 +02:00
Jérémy Lecour
f82a81844d
evocheck: upstream release 22.05
2022-05-12 15:47:50 +02:00
Ludovic Poujol
9973a62c16
docker : Introduce new variables to tweak daemon settings
2022-05-10 19:04:58 +02:00
Ludovic Poujol
6aa7b89b78
docker : Introduce new default settings + allow to change the docker data directory
2022-05-10 18:21:59 +02:00
Ludovic Poujol
1b4d4c98fe
docker : Removed Debian Jessie support
2022-05-10 17:39:45 +02:00
Jérémy Lecour
09872fa4ad
Release 22.05
2022-05-10 16:58:32 +02:00
Jérémy Lecour
dd2072b86b
minifirewall: fix failed_when conditions on restart
2022-05-10 16:40:45 +02:00
Jérémy Lecour
378ee04c82
minifirewall: upstream release 22.05
2022-05-10 15:55:08 +02:00
Eric Morino
3663783509
add change in opendkim role
2022-05-09 10:19:18 +02:00
Jérémy Lecour
749d6a78cd
redis: Add log2mail user to redis group
2022-05-05 09:40:30 +02:00