Alexis Ben Miloud--Josselin
bbf6ce6f6e
rbenv: Installer libyaml-dev
...
Le paquet est nécessaire en Debian 12.
2023-10-12 17:49:00 +02:00
Alexis Ben Miloud--Josselin
dbd1103078
docker-host: Retirer directive state en trop
2023-10-11 18:06:13 +02:00
Alexis Ben Miloud--Josselin
a80076a5ea
evolinux-base: Corriger autorisation pour evolinux_user
...
Cas configuration SSH séparée. Ticket #74636 .
2023-10-11 10:02:34 +02:00
Jérémy Lecour
3347ac4271
evomaintenance: upstream release 23.10.1
2023-10-09 18:13:48 +02:00
Alexis Ben Miloud--Josselin
0c9b55e5e1
evolix-base/root: fix module used
2023-10-09 17:12:15 +02:00
Jérémy Lecour
c673ed10c6
evomaintenance: upstream release 23.10
2023-10-09 16:24:47 +02:00
Jérémy Lecour
d6a777be72
kvm-host: migrate-vm: set migration speed even on bridges
2023-10-05 22:05:17 +02:00
Jérémy Lecour
9cd0426d2b
nagios-nrpe: sync Redis check from redis roles
2023-10-03 13:34:53 +02:00
David Prevot
f2c37dddff
Use timesyncd instead of ntpd starting with Debian 12 (not always)
2023-09-28 17:25:18 +02:00
David Prevot
a2306e6a15
Changelog for previous commit
2023-09-28 15:27:19 +02:00
David Prevot
aa13171f91
Changelog for previous commit
2023-09-26 18:00:59 +02:00
David Prevot
c03dd0ca2f
Changelog for previous commit
2023-09-26 18:00:48 +02:00
Ludovic Poujol
a65230b5e0
mysql: new munin graph to follow binlog_days over time
2023-09-26 17:35:14 +02:00
Jérémy Lecour
b5550d2ce2
lxc-php: fix APT keyring path inside containers
2023-09-21 15:47:23 +02:00
Jérémy Lecour
cc9d0c59d3
CHANGELOG cleanup
2023-09-20 14:33:45 +02:00
Jérémy Lecour
050b2ae419
kvm-host: migrate-vm sets the migration speed automatically
2023-09-20 13:08:42 +02:00
William Hirigoyen
d7d8ee63b2
Revert "lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)"
...
This reverts commit 92788a8b93
.
2023-09-15 15:20:45 +02:00
William Hirigoyen
92788a8b93
lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
2023-09-14 17:11:46 +02:00
Jérémy Lecour
53a0e56472
metricbeat/logstash: fix Ansible syntax
2023-09-13 09:38:44 +02:00
Jérémy Lecour
41004e20b4
kvm-host: migrate-vm exits if DRBD is not up-to-date
2023-09-12 11:38:54 +02:00
William Hirigoyen
2af2e5ee78
nagios-nrpe: set default check_load --per-cpu for BSD
2023-09-11 09:25:21 +02:00
William Hirigoyen
2a7d2d9c58
postfix: disable IPv6
2023-09-05 15:44:37 +02:00
Mathieu Trossevin
cfca604670
nagios-nrpe: Add proper plugin to monitor glusterfs health
2023-09-05 15:21:08 +02:00
Alexis Ben Miloud--Josselin
73c0a0d29a
evolinux-base: include files under sshd_config.d
...
In case we need to add the Include directive, we add it at the
beginning of the global configuration file. This way the Include
directive can't be inside a Match directive.
2023-08-31 17:09:43 +02:00
Jérémy Lecour
8ca7cc4692
kvm-host: release 23.08 for migrate-vm.sh
2023-08-31 11:26:21 +02:00
Jérémy Lecour
e2dea8054f
kvm-host: add batch-mode and ignore stdin for SSH command in migrate-vm.sh
2023-08-31 11:26:20 +02:00
Eric Morino
df202197c7
Change lxc container in bookworm for php82
2023-08-29 15:28:09 +02:00
Ludovic Poujol
e71cffd8fd
php: add new variable to disable oveeriding settings of php-fpm default pool (www)
2023-08-28 17:08:33 +02:00
Alexis Ben Miloud--Josselin
b8b48bbcb9
evocheck: Fix IS_SSHALLOWUSERS condition
2023-08-23 16:18:35 +02:00
Jérémy Lecour
bb41d313a9
apt: Explicit "signed-by" directives for official sources
2023-08-18 16:28:03 +02:00
Jérémy Lecour
feba74c469
evolinux-base: reboot the server if the Cloud kernel has been installed
2023-08-18 12:10:01 +02:00
Jérémy Lecour
67c6167474
apt: Disable NonFreeFirmware warning for VM on Debian 12+
2023-08-18 12:10:00 +02:00
Alexis Ben Miloud--Josselin
536d051890
Fix mode for files under /etc/ssh/sshd_config.d
2023-08-16 18:21:06 +02:00
Alexis Ben Miloud--Josselin
263f940c3d
Update Changelog
2023-08-16 16:14:42 +02:00
William Hirigoyen
81849c6537
userlogrotate: new version, with separate conf file
2023-08-11 10:51:45 +02:00
Ludovic Poujol
f0abb53750
evolinux-base: New variable "evolinux_system_include_ntpd" to chose wether or not to include ntpd role
2023-08-04 11:47:42 +02:00
Eric Morino
87d09275a0
postgresql: fix file postgresql.pref.j2 for exclude package
2023-08-04 10:18:08 +02:00
Eric Morino
eca010d959
postgresql: fix task "update apt cache" for PGDG repo
2023-08-04 09:56:44 +02:00
Ludovic Poujol
16bba8b469
fail2ban: add variable fail2ban_sshd_port to configure sshd port
2023-07-31 11:50:36 +02:00
William Hirigoyen
3c3db4fefa
postfix: new spam.sh update script that avoids reloading if files did not change.
2023-07-25 15:24:00 +02:00
William Hirigoyen
b6886384b9
redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX)
2023-07-21 16:51:02 +02:00
William Hirigoyen
ef642e564e
bind: Add reload-zone helper
2023-07-21 16:19:26 +02:00
William Hirigoyen
030871ea9b
opendkim: update apt cache before install
2023-07-20 16:33:15 +02:00
William Hirigoyen
f2eaac0894
nginx: set default server directive in default vhost
2023-07-17 17:31:21 +02:00
William Hirigoyen
67f0fa5942
evolinux-base: configure bashrc for all users
2023-07-17 17:18:55 +02:00
William Hirigoyen
7133783695
Update CHANGELOG
2023-07-17 17:09:38 +02:00
Jérémy Lecour
83f7b6cdca
evolinux: Install HPE Agentless Management Service (amsd)
2023-07-12 09:40:24 +02:00
Ludovic Poujol
f50848917a
fail2ban: Fix cron fail2ban_dbpurge (should be bash instead of sh)
2023-07-10 16:41:12 +02:00
Mathieu Trossevin
831715e44c
fix(nagios-nrpe): Fix check_ssl_local output
...
nrpe read output of plugins from stdout only, if there is no output it
return UNKNOWN regardless of return code.
2023-07-07 11:30:22 +02:00
William Hirigoyen
aa10f719b4
redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
2023-07-06 11:04:53 +02:00
Jérémy Lecour
0331c23ad6
minifirewall: update nrpe script to check active configuration
2023-07-05 09:54:53 +02:00
Jérémy Lecour
e347b6eca8
minifirewall: upstream release 23.07
2023-07-05 09:54:52 +02:00
Bruno TATU
fb184a0ecf
Set fail2ban_dbpurgeage_default variable for fail2ban
2023-07-04 15:36:02 +02:00
Gregory Colpart
bb54c9209e
add options for Amavis integration in Postfix packmail
2023-07-04 09:52:47 +02:00
Gregory Colpart
1ecb463104
change default minimal_backoff_time (Postfix role)
2023-07-04 09:50:20 +02:00
Tom David--Broglio
e4436d9066
docker-host: added var for user namespace setting
2023-07-03 18:37:15 +02:00
Jérémy Lecour
a6bac1f20b
change syntax "become: [yes,no]" → "become: [true,false]"
2023-07-03 14:21:22 +02:00
Jérémy Lecour
00fe225a3c
force: [yes,no] → force [true,false]
2023-06-28 13:25:30 +02:00
William Hirigoyen
42ad894d45
dovecot: new Munin plugins, fix old_stats config
2023-06-23 11:26:35 +02:00
Ludovic Poujol
aec5406043
varnish: Allow the systemd template to be overriden with a template outside of the role
2023-06-19 16:09:40 +02:00
Jérémy Lecour
318991fe42
pbbouncer: minor fixes
2023-06-01 09:43:20 +02:00
Jérémy Lecour
2c079755e9
elasticsearch: comment the Xlog:gc line instead of changing it completely
2023-05-31 17:25:27 +02:00
Jérémy Lecour
1ae40e7686
nagios-nrpe: remount /usr **after** installing the packages
2023-05-31 11:27:32 +02:00
Ludovic Poujol
91bcd2a605
policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory
2023-05-25 11:43:53 +02:00
Jérémy Lecour
8706a35705
mysql: improve shell syntax for mysql_skip script
2023-05-22 14:16:50 +02:00
Jérémy Lecour
f79d8456d6
elasticsearch: improve networking configuration
2023-05-12 18:14:19 +02:00
William Hirigoyen
6ab34517b6
nagios-nrpe: add a NRPE check-local command with completion
2023-05-12 12:35:49 +02:00
William Hirigoyen
db0b5ab3db
postfix: add missing localhost.$mydomain to mydestination
2023-05-02 14:21:39 +02:00
William Hirigoyen
9821fc8f78
userlogrotate: rotate also php.log
2023-04-27 10:52:32 +02:00
William Hirigoyen
5c60fad29c
evolinux-users: remove Stretch references in tasks that also apply to next Debian versions.
2023-04-26 18:10:45 +02:00
Jérémy Lecour
6cd72cf9f4
Release 23.04
2023-04-23 10:48:39 +02:00
Jérémy Lecour
42e98791d9
Extract patroni role into its own branch for now
2023-04-23 10:31:02 +02:00
Brice Waegeneire
e8c7d2c3e3
lxc-php: add support for PHP 8.2 container
2023-04-20 11:27:56 +02:00
Eric Morino
8ec5c79ca1
Add new role Patroni in CHANGELOG
2023-04-03 14:45:17 +02:00
Alexis Ben Miloud--Josselin
ce247dba56
Add role for Graylog
2023-03-30 17:58:30 +02:00
Alexis Ben Miloud--Josselin
d37f6c0e3f
PgBouncer: add handler (restart)
2023-03-30 13:21:33 +02:00
Ludovic Poujol
34a0dae3e6
generate-ldif: Support for Debian 12
...
The script required few changes to adapt to the new output of lscpu & usage of lspci
lscpu
- Multiple Vendor ID fields (CPU & Bios) > We keep the first one tied to the CPU info
- No more CPU Speed displayed for virtual machines. We guess the CPU Speed with the CPU Name (Thanks intel puting it in the CPU Name). But that's not going to work with AMD CPUs. An alternative would be to have a peek at /proc/cpu
lspci
- Remove the "0x" prefix as it seems invalid with lscpi version on Debian 12. On older debian, vendor/device id are accepted with or without the "0x" prefix
2023-03-29 11:41:26 +02:00
Jérémy Dubois
939b2358a3
openvpn: updated the README file
2023-03-22 15:21:58 +01:00
Jérémy Lecour
6f61a0744c
apt: with Debian, 12 backports are installed but disabled by default
2023-03-18 15:38:05 +01:00
Jérémy Lecour
fac45cb64d
Release 23.03.1
2023-03-16 22:17:46 +01:00
Jérémy Lecour
8bfc4c28bc
listupgrade: remove old typo version of the cron task
2023-03-16 21:37:04 +01:00
Jérémy Lecour
be03dfcb08
apt: deb822 migration python script is looked relative to shell script
2023-03-16 21:37:04 +01:00
Jérémy Lecour
b7dea8d456
minifirewall: support protocols in numeric form
2023-03-16 21:37:04 +01:00
Alexis Ben Miloud--Josselin
eae2eed7b0
Add role for PgBouncer
2023-03-16 17:14:16 +01:00
Jérémy Lecour
65ee8c7e45
Release 23.03
2023-03-16 14:56:39 +01:00
Jérémy Lecour
8df930f016
import changelog line
2023-03-16 14:38:32 +01:00
Jérémy Lecour
70d34ac18d
listupgrade: upstream release 23.03.3
2023-03-16 14:38:32 +01:00
Jérémy Lecour
50216eb5c7
listupgrade: upstream release 23.03.2
2023-03-16 14:38:32 +01:00
Jérémy Lecour
8d698ec6cb
CHANGELOG cleanup
2023-03-16 14:38:29 +01:00
Alexis Ben Miloud--Josselin
dc6b340081
changelog: ajouter changements sur kvmstats
2023-03-16 14:21:21 +01:00
Jérémy Lecour
fa1935e46c
apt: add tools to migrate sources to deb822 format
2023-03-15 22:50:00 +01:00
David Prevot
c7940dc8c1
CHANGELOG: tfix
2023-03-13 15:12:37 +01:00
William Hirigoyen
419071f470
php: fix error introduced in 33503e4538
(False evaluated as a string instead of boolean)
2023-03-13 15:09:41 +01:00
Jérémy Lecour
b4a63d3d55
listupgrade: upstream release 23.03.1
2023-03-12 11:12:56 +01:00
Jérémy Lecour
b57fd16ee6
listupgrade: upstream release 23.03
2023-03-12 11:12:56 +01:00
Jérémy Lecour
d64193287d
postgresql: configure max_connections
2023-03-12 11:12:56 +01:00
William Hirigoyen
3f353ad072
elasticsearch: disable GC logging
2023-03-10 10:29:59 +01:00
William Hirigoyen
fc95f57711
elasticsearch: Disable GC rotation for JDK 8
2023-03-10 10:29:59 +01:00
William Hirigoyen
4759ed645c
lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001)
2023-03-08 11:09:36 +01:00
William Hirigoyen
af569f8c26
userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
2023-03-03 14:39:16 +01:00
William Hirigoyen
4d3f92df23
postfix: avoid Amavis transport to be considered dead when restarted.
2023-03-02 17:50:17 +01:00
William Hirigoyen
7ec58bf144
userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
2023-03-01 17:50:58 +01:00
William Hirigoyen
cc7c2a7d4e
userlogrotate: fix bug introduced in commit 2e54944a24
(rotated files were not zipped)
2023-03-01 17:22:50 +01:00
William Hirigoyen
d9c5563fd6
postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings)
2023-03-01 14:35:51 +01:00
Ludovic Poujol
e896459d06
varnish: add variable varnish_update_config to disable configuration update
2023-02-28 15:24:18 +01:00
David Prevot
1d701b060e
apt: Use pub.evolix.org instead of pub.evolix.net
2023-02-27 18:11:51 +01:00
Jérémy Lecour
17946f7280
apt: add move-apt-keyrings script/tasks
2023-02-27 13:58:01 +01:00
Jérémy Lecour
431ffd5991
evolinux-base: subversion is not installed anymore
2023-02-26 21:31:02 +01:00
Eric Morino
68d34c8528
Add changelog for add feature in postfix / apache and php
2023-02-24 15:46:00 +01:00
Jérémy Lecour
8cbe837147
bind: refactor role
...
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
2023-02-21 19:01:01 +01:00
William Hirigoyen
2c1db6a222
userlogrotate: create role separated from packweb-apache
2023-02-21 17:55:46 +01:00
William Hirigoyen
cd8a812288
bind: fix fail in check mode
2023-02-21 15:14:05 +01:00
Jérémy Lecour
86a3c78a04
yarn: update apt key
2023-02-21 15:09:05 +01:00
Jérémy Lecour
21a4f76330
bind: use systemd module
2023-02-21 15:08:02 +01:00
Alexis Ben Miloud--Josselin
6968128e7c
php: fix last commit and update changelog
2023-02-14 16:43:41 +01:00
Ludovic Poujol
49e92d20b0
evolinux-users: Update sudoers template to remove commands allowed without password
2023-02-01 15:23:51 +01:00
Jérémy Dubois
f354f16cd6
openvpn: Change check_openvpn destination file to comply with recent EvoBSD change
2023-01-31 11:13:08 +01:00
Jérémy Lecour
8244bd4615
nagios-nrpe: add tasks/files for a wrapper
2023-01-30 12:05:43 +01:00
William Hirigoyen
e0c143d9cf
postfix: come back to default value of for pack mails
2023-01-23 15:35:47 +01:00
William Hirigoyen
13f4578599
postfix: Do not notify errors of classes policy, protocol in of main.cf
2023-01-23 15:01:57 +01:00
William Hirigoyen
31e90abe57
fail2ban: add 'Internal login failure' to Dovecot filter
2023-01-23 10:33:10 +01:00
William Hirigoyen
8d16f17354
* clamav: set MaxConnectionQueueLength
to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix.
...
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-01-18 10:30:41 +01:00
Jérémy Dubois
0cb751591a
nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
2023-01-17 11:11:33 +01:00
Ludovic Poujol
c27551939d
webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
2023-01-13 11:05:55 +01:00
Ludovic Poujol
dcc378776c
webapp/nextcloud : Change default data directory to be outside web root
2023-01-13 11:04:32 +01:00
Jérémy Dubois
68017d8db9
openvpn: fix the client cipher configuration to match the server cipher configuration
2023-01-12 14:29:18 +01:00
William Hirigoyen
417734eed2
haproxy: fix missing admin ACL in stats module access permissions
2023-01-11 16:15:09 +01:00
Patrick Marchand
08db5a5140
Fix problems with docker-host daemon.json config
2023-01-10 11:26:57 -05:00
William Hirigoyen
48e3ced983
elasticsearch : use logrotate for garbage collector logs
2023-01-02 17:29:37 +01:00
William Hirigoyen
8401401716
Update CHANGELOG
2022-12-30 10:46:24 +01:00
Jérémy Lecour
7a0e0d81d6
Proper jinja spacing
2022-12-28 09:03:37 +01:00
Jérémy Lecour
8eae5bba63
Use systemd module instead of command
2022-12-28 09:02:17 +01:00
Patrick Marchand
0e6c2567e2
Fix presentation error in changelog markdown
2022-12-22 11:35:52 -05:00
Patrick Marchand
5611bb73a2
Remove warning ignores as they are depreciated
...
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:35:20 -05:00
Patrick Marchand
1c6fdbf85a
Remove warning ignores as they are depreciated
...
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:32:32 -05:00
William Hirigoyen
7005344a5b
evolinux-base: ensure dbus enabled and started
2022-12-19 17:07:18 +01:00
William Hirigoyen
55a64845ce
postfix: add localhost. to mydestination
2022-12-15 11:49:35 +01:00
Jérémy Lecour
0622e9ff1e
fix non-breaking spaces
2022-12-14 11:47:53 +01:00
Jérémy Lecour
240ccee12b
Release 22.12
2022-12-14 11:39:51 +01:00
Jérémy Lecour
34fefa1212
typos
2022-12-14 07:46:12 +01:00
Jérémy Dubois
91b40ce72f
openvpn: Fix mode of shellpki script
2022-12-13 19:37:54 +01:00
Jérémy Dubois
9918776286
openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
2022-12-13 17:53:59 +01:00
Jérémy Dubois
0722b84341
openvpn: shellpki upstream release 22.12.2
2022-12-13 17:50:09 +01:00
Mathieu Trossevin
bc1facd1ba
proftpd: Fix mode of public key files and directory
2022-12-09 10:19:51 +01:00
Mathieu Trossevin
101c282846
proftpd: Fix format of public key files controlled by ansible
...
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.
Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
2022-12-08 17:32:53 +01:00
Jérémy Lecour
ce361c6819
listupgrade: sort/uniq of packages/services lists in email template
2022-12-07 21:05:12 +01:00
Jérémy Lecour
3c2369a3a2
listupgrade: better detection for PostgreSQL
2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin
982112bd64
rabbitmq: add link in default page
2022-12-07 15:49:03 +01:00
Jérémy Lecour
22f30b59f2
certbot: auto-detect HAPEE version in renewal hook
2022-12-05 14:22:12 +01:00
Jérémy Dubois
6cc3e03864
openvpn: specifies that the mail for expirations is for OpenVPN
2022-12-05 09:52:20 +01:00