2018-01-18 18:40:49 +01:00
# Changelog
2023-10-14 07:36:29 +02:00
2018-01-18 18:40:49 +01:00
All notable changes to this project will be documented in this file.
2018-01-18 23:37:56 +01:00
The format is based on [Keep a Changelog ](http://keepachangelog.com/en/1.0.0/ ).
This project does not follow semantic versioning.
2021-09-29 16:43:05 +02:00
The **major** part of the version is the year
2024-03-01 09:09:52 +01:00
The **minor** part is the month
The **patch** part is incremented if multiple releases happen the same month
2018-01-18 18:40:49 +01:00
## [Unreleased]
2020-05-13 11:20:45 +02:00
### Added
2023-05-22 14:16:14 +02:00
2024-05-15 14:16:03 +02:00
### Changed
### Fixed
### Removed
### Security
## [24.05] 2024-05-15
### Added
2024-05-02 16:21:13 +02:00
* apt: add list-upgradable-held-packages.sh
2024-04-30 17:41:15 +02:00
### Changed
2024-05-14 08:24:57 +02:00
* evobackup-client: upstream release 24.05.1
2024-05-02 18:44:30 +02:00
* evolinux-base: improve adding the current user to SSH AllowGroups of AllowUsers
2024-05-07 15:11:09 +02:00
* evolinux-users: improve SSH configuration
2024-05-15 11:33:44 +02:00
* evomaintenance: upstream release 24.05
2024-05-15 13:50:32 +02:00
* evomaintenance: move upstream files into upstream folder
2024-05-02 10:27:34 +02:00
2024-04-30 17:41:15 +02:00
### Fixed
2024-05-06 17:02:46 +02:00
* apt: use archive.debian.org with Buster
2024-04-30 17:41:15 +02:00
## [24.04] 2024-04-30
### Added
2024-04-30 17:44:41 +02:00
* proftpd: optional configuration of IP whitelists per groups of users
2024-04-30 17:38:14 +02:00
2024-03-01 09:00:49 +01:00
### Changed
2024-03-19 08:18:50 +01:00
* autosysadmin-agent: upstream release 24.03.2
2024-04-30 17:08:44 +02:00
* evobackup-client: replace non-functional role with install tasks
* evobackup-client: upstream release 24.04.1
2024-03-18 15:30:23 +01:00
* evolinux-base: Add new variable to disable global customisation of bash config
2024-04-18 15:10:01 +02:00
* evolinux-base: Disable logcheck monitoring of journald only if journald.logfiles exists
2024-03-27 12:13:49 +01:00
* evolinux-users: Add sudo mvcli for nagios user
2024-04-18 15:11:34 +02:00
* haproxy: support bookworm for backport packages
2024-04-11 15:48:37 +02:00
* nrpe: !disk1 exclude filesystem type overlay
2024-04-17 17:09:12 +02:00
* postfix/amavis: max servers is now 3 (previously 2)
2024-04-18 15:11:34 +02:00
* roundcube: Use /var/log/roundcube directly
2024-04-18 15:18:42 +02:00
* vrrpd: configure and restart minifirewall before starting VRRP
* vrrpd: configure minifirewall with blocks instead of lines
2024-03-05 16:54:10 +01:00
2024-03-01 09:00:49 +01:00
### Fixed
2024-04-26 09:29:15 +02:00
* certbot: Fix HAPEE renewal hook
2024-04-30 17:16:22 +02:00
* certbot: Fix HAProxy renewal hook
* evolinux-base/logcheck: fix conf patch, journal check was not disabled when asked
* fail2ban: SQLite purge script didn't vacuum as expected + error when vacuum cannot be done
2024-03-07 15:47:39 +01:00
* keepalived: Fix tasks that use file instead of copy
2024-03-11 10:54:36 +01:00
* memcached: Fix conditions not properly writen (installation was always in multi-instance mode)
2024-03-22 11:09:06 +01:00
* nagios-nrpe: create /etc/bash_completion.d if missing
2024-04-30 17:16:22 +02:00
* openvpn: install packages manually, because openbsd_pkg module is broken since OpenBSD 7.4 with the version of Ansible we currently use
2024-03-27 15:17:48 +01:00
* packweb: fix old bug (2017!) .orig file created by module patch and taken in account by ProFTPd
2024-04-12 15:54:20 +02:00
* redis: replace inline argument with environment variable for the password
2024-03-04 15:00:01 +01:00
2024-03-01 09:00:49 +01:00
### Removed
2024-04-30 17:38:26 +02:00
* docker-host: Removed `docker_conf_use_iptables` variable (iptable usage forced to true)
2024-04-18 15:38:11 +02:00
2024-03-01 09:00:49 +01:00
## [24.03] 2024-03-01
### Added
2024-03-01 08:26:43 +01:00
* autosysadmin-agent: upstream release 24.03
2024-03-01 08:32:47 +01:00
* autosysadmin-restart_nrpe: add role
2024-02-21 12:27:18 +01:00
* certbot: Renewal hook for NRPE
2024-02-12 19:07:20 +01:00
* kvm-host: add minifirewall rules if DRBD interface is configured
2024-03-15 09:19:55 +01:00
* proftpd: add whitelist ip
2024-02-12 19:07:20 +01:00
2024-02-08 09:27:08 +01:00
### Changed
2024-02-20 09:49:41 +01:00
* apt: add ftp.evolix.org as recognized system source
2024-02-29 19:16:18 +01:00
* autosysadmin-agent: logs clearing is done weekly
* autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart}
2024-03-01 08:55:07 +01:00
* certbot: use pkey to test the key
2024-03-01 08:35:16 +01:00
* evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
2024-02-16 11:03:22 +01:00
* lxc-php, php: Update sury PGP key
2024-02-21 10:51:08 +01:00
* openvpn: earlier alert for CA expiration
2024-03-01 08:55:07 +01:00
* redis: create sysfs config file if missing
2024-03-14 10:16:10 +01:00
* nextcloud: use latest version by default
2024-02-20 09:48:58 +01:00
2024-02-08 09:27:08 +01:00
### Removed
2024-02-28 15:40:39 +01:00
* autosysadmin: replaced by autosysadmin-agent
2024-02-08 11:08:28 +01:00
## [24.02.1] 2024-02-08
### Fixed
* fail2ban: fix Ansible syntax
2024-02-08 09:27:08 +01:00
## [24.02] 2024-02-08
### Added
2024-02-08 08:33:49 +01:00
* Support for PHP 8.3 with bookworm LXC containers
2023-12-11 14:06:10 +01:00
* apt: add task file to install ELTS repository (default: False)
2023-12-20 15:28:09 +01:00
* autosysadmin: Add a role to automatically deploy autosysadmin on evolixisation
2024-02-06 08:41:58 +01:00
* check_free_space: added role
2023-12-20 15:28:09 +01:00
* etc-git: add /var/chroot-bind/etc/bind repo
2024-02-06 08:41:58 +01:00
* fail2ban: add script unban_ip
* generateldif: new Services for check_pressure_{cpu,io,mem}
2023-12-05 11:50:24 +01:00
* kvm-host: Automatically add an LVM filter when LVM is present
2023-11-29 09:24:28 +01:00
* lxc-php: Allow one to install php83 on Bookworm container
2023-12-20 15:28:09 +01:00
* minifirewall: Fix nagios check for old versions of minifirewall
2023-12-18 16:36:09 +01:00
* mongodb: add gpg key for 7.0
2023-10-27 15:02:28 +02:00
* nagios-nrpe: add check_sentinel for monitoring Redis Sentinel
2024-02-06 08:41:58 +01:00
* nagios-nrpe: new check_pressure_{cpu,io,mem}
2023-12-08 10:11:45 +01:00
* remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
2024-02-06 08:41:58 +01:00
* vrrpd: configure minifirewall
2023-12-20 15:27:07 +01:00
* vrrpd: test if interface exists before deleting it
2023-12-22 15:44:40 +01:00
* webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
2024-02-06 08:41:58 +01:00
* webapps/nextcloud: Add condition for archive tasks
2023-12-20 15:28:09 +01:00
* webapps/nextcloud: Add condition for config tasks
* webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user
* webapps/nextcloud: Set ownership and permissions of data directory
2023-10-26 16:09:42 +02:00
2023-10-14 07:37:18 +02:00
### Changed
2023-11-03 10:48:28 +01:00
* add-vm.sh: allow VM name max length > 20
2024-02-07 16:15:32 +01:00
* amavis: make ldap_suffix mandatory
2023-11-16 14:21:45 +01:00
* apache : fix goaway pattern for bad bots
2023-11-16 14:45:07 +01:00
* apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
2023-12-11 18:19:38 +01:00
* apache: use backward compatible Redirect directive
2023-12-11 14:07:15 +01:00
* apt: Disable archive repository for Debian 8
* apt: Use the GPG version of the key for Debian 8-9
2023-11-29 09:23:22 +01:00
* bind: Update role for Buster, Bullseye and Bookworm support
2024-02-07 16:14:29 +01:00
* dovecot: add variables for LDAP
2023-12-09 12:28:17 +01:00
* dovecot: Munin plugin conf path is now `/etc/munin/plugin-conf.d/zzz-dovecot` (instead of `z-evolinux-dovecot` )
2024-01-03 17:46:15 +01:00
* evocheck: upstream release 24.01
2023-11-20 19:02:03 +01:00
* evolinux-base: dump-server-state upstream release 23.11
* evolinux-base: use separate default config file for rsyslog
2023-11-29 09:23:22 +01:00
* kvmstats: use .capacity instead of .physical for disk size
2024-02-07 16:15:32 +01:00
* ldap: make ldap_suffix mandatory
2024-01-12 11:39:01 +01:00
* listupgrade : old-kernel-removal.sh upstream release 24.01
2023-11-20 19:02:48 +01:00
* log2mail: move custom config in separate file
2023-11-30 15:58:31 +01:00
* lxc: init /etc git repository in lxc container
2023-12-11 18:21:57 +01:00
* mysql: disable performance schema for Debian 8
2023-12-18 19:15:05 +01:00
* nagios: add dockerd check in nrpe check template
2023-12-20 15:28:09 +01:00
* nagios: cleaning nrpe check template
* nagios: rename var `nagios_nrpe_process_processes` into `nagios_nrpe_processes` and check systemd-timesyncd instead of ntpd in Debian 12
2024-02-27 10:33:49 +01:00
* nagios: add option --full to check pressure IO and mem to avoid flaps
2023-11-20 19:02:03 +01:00
* proftpd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
2024-01-18 10:00:38 +01:00
* redis: manage config template inside a block, to allow custom modifications outside
2023-12-05 11:50:24 +01:00
* spamassassin: Use spamd starting with Bookworm
2024-01-18 10:01:46 +01:00
* squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8
2023-12-08 16:13:41 +01:00
* unbound: Add config file to allow configuration reload on Debian 11 and lower
* unbound: Add munin configuration & setup plugin
2023-12-09 12:28:17 +01:00
* unbound: Big cleanup
* unbound: Move generated config file to `/etc/unbound/unbound.conf.d/evolinux.conf`
* unbound: Use root hints provided by debian package dns-root-data instead of downloading them
2024-02-08 08:33:49 +01:00
* vrrpd: replace switch script with custom one (fix MAC issue, use `ip(8)` , shell cleanup…)
2023-12-09 12:28:17 +01:00
* vrrpd: variable to force update the switch script (default: false)
2023-12-07 10:18:09 +01:00
* webapps/nextcloud: Add Ceph volume to fstab
2024-01-23 18:00:54 +01:00
* webapps/nextcloud: Set home directory's mode
2023-10-26 16:09:42 +02:00
2023-10-14 07:37:18 +02:00
### Fixed
2023-10-26 16:09:42 +02:00
* Add php-fpm82 to LDAP when relevant
2024-02-08 08:33:49 +01:00
* Check stat.exists before stat.isdir
2023-11-29 09:24:28 +01:00
* apache: fix MaxRequestsPerChild value to be sync with wiki.e.o
2023-12-20 15:28:09 +01:00
* apt: use archive.debian.org with Stretch
* certbot: fix hook for dovecot when more than one certificate is used (eg. different certificates for POP3 and IMAP)
2024-02-06 08:41:58 +01:00
* dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »).
* dovecot: fix missing default mails
2024-01-11 17:46:49 +01:00
* dovecot: fix plugin dovecot1
2023-11-29 09:24:28 +01:00
* evoadmin-web: Fix PHP version for Bookworm
2023-12-20 15:28:09 +01:00
* evolinux-base: fix hardware.yml (wrong repo, missing update cache)
* evolinux-base: start to install linux-image-cloud-amd64 with Buster
2024-01-11 17:46:49 +01:00
* fail2ban: fix template marker
2024-02-06 08:41:58 +01:00
* minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.
2023-11-03 18:03:35 +01:00
* nagios: fix default file to monitor for check_clamav_db
2024-02-06 08:41:58 +01:00
* nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
2024-01-11 17:46:49 +01:00
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
2023-11-29 09:24:28 +01:00
* nginx: keep indentation
2024-01-11 17:46:49 +01:00
* nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
2023-11-13 16:17:22 +01:00
* php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
2024-01-18 10:01:46 +01:00
* php: drop apt_preferences(5) file for sury
2024-02-06 08:41:58 +01:00
* postfix: remove dependency on evolinux_fqdn var
2023-12-20 15:28:09 +01:00
* proftpd: set missing default listen IP for SFTP
2024-02-06 08:41:58 +01:00
* roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL)
2023-11-17 15:51:33 +01:00
* ssl: no not execute haproxy tasks and reload if haproxy is disabled
2023-12-20 15:28:09 +01:00
* unbound: Add a apt cache validity to enforce an apt update if needed
* webapps/nextcloud: added check that nextcloud uid is over 3000
* webapps/nextcloud: fix Add Ceph volume to fstab : missing UUID= in src
2023-11-29 09:24:28 +01:00
* webapps/nextcloud: fix misplaced gid attribute
* webapps/nextcloud: fix missing gid
2024-02-01 16:49:24 +01:00
* webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice)
2024-02-07 11:32:41 +01:00
* amavis: Add variables for generate "ldap_suffix"
* proftpd: fix error when no SSH key is provided
2023-10-26 16:09:42 +02:00
2023-10-14 07:37:18 +02:00
### Removed
2023-11-20 19:15:39 +01:00
* evolinux-base: no need to remove update-evobackup-canary from sbin anymore
2023-11-20 19:13:51 +01:00
* evolinux-base: no need to symlink backup-server-state to dump-server-state anymore
2023-10-14 07:37:18 +02:00
## [23.10] 2023-10-14
### Added
2023-09-20 14:33:45 +02:00
* apt: disable `NonFreeFirmware` warning for VM on Debian 12+
* apt: explicit `signed-by` directives for official sources
* bind: add reload-zone helper
2023-09-21 15:47:23 +02:00
* certbot: deploy-hook for proftpd
2023-08-18 12:09:56 +02:00
* docker-host: added var for user namespace setting
* dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
2023-09-20 14:33:45 +02:00
* dovecot: fix old_stats plugin for Dovecot 2.3
* evocheck: add support for Debian >= 12 split SSH configuration
* evolinux-base: add split SSH configuration for Debian >= 12
* evolinux-base: configure `.bashrc` for all users
* evolinux-base: New variable `evolinux_system_include_ntpd` to chose wether or not to include `ntpd` role
2023-08-18 12:09:56 +02:00
* evolinux-base: reboot the server if the Cloud kernel has been installed
2023-09-20 14:33:45 +02:00
* evolinux-users: add split SSH configuration for Debian >= 12
* evolinux: install HPE Agentless Management Service (amsd)
2023-07-04 15:36:02 +02:00
* fail2ban: add default variable fail2ban_dbpurgeage_default
2023-09-20 14:33:45 +02:00
* fail2ban: add `fail2ban_sshd_port` variable to configure sshd port
2023-10-05 22:05:17 +02:00
* kvm-host: release 23.10 for migrate-vm.sh
2023-09-20 14:33:45 +02:00
* metricbeat/logstash: fix Ansible syntax
2023-09-26 17:35:14 +02:00
* mysql: new munin graph to follow binlog_days over time
2023-07-11 11:13:28 +02:00
* nagios-nrpe: add a NRPE check-local command with completion.
2023-09-20 14:33:45 +02:00
* nagios-nrpe: add a proper monitoring plugin for GlusterFS (on servers, not for clients)
* php: add new variable to disable overriding settings of php-fpm default pool (www)
* policy_pam: New role to manage password policy with `pam_pwquality` & `pam_pwhistory`
* userlogrotate: add a `userlogpurge` script disabled by default
2023-08-18 12:09:56 +02:00
* userlogrotate: new version, with separate conf file
2023-09-20 14:33:45 +02:00
* userlogrotate: rotate also php.log
2023-09-26 17:56:33 +02:00
* java: allow version 17
2023-09-28 17:25:18 +02:00
* timesyncd: new role, used instead of ntpd by default starting with Debian 12
2020-06-05 11:02:50 +02:00
2023-04-23 10:48:39 +02:00
### Changed
2023-05-12 18:14:19 +02:00
2023-07-03 14:21:22 +02:00
* all: change syntax "become: [yes,no]" → "become: [true,false]"
2023-09-20 14:33:45 +02:00
* all: change syntax "force: [yes,no]" → "force: [true,false]"
2023-05-12 18:14:19 +02:00
* elasticsearch: improve networking configuration
2023-09-20 14:33:45 +02:00
* evolinux-base: include files under `sshd_config.d`
2023-05-22 14:16:14 +02:00
* evolinux-users: remove Stretch references in tasks that also apply to next Debian versions
2023-10-09 18:13:35 +02:00
* evomaintenance: upstream release 23.10.1
2023-09-20 14:33:45 +02:00
* lxc-php: change LXC container in bookworm for php82
2023-07-04 17:25:44 +02:00
* minifirewall: update nrpe script to check active configuration
2023-09-20 14:33:45 +02:00
* minifirewall: upstream release 23.07
2023-05-22 14:16:14 +02:00
* mysql: improve shell syntax for mysql_skip script
2023-09-20 14:33:45 +02:00
* nagios-nrpe: set default check_load --per-cpu for BSD
* pgbouncer: minor fixes
2023-09-21 15:47:23 +02:00
* postfix (packmail or when postfix_slow_transport_include is True): change `miniprofmal_backoff_time` from 2h to 15m (see HowtoPostfix)
2023-07-04 09:52:47 +02:00
* postfix (packmail) : optimize Amavis integration
2023-09-05 14:37:55 +02:00
* postfix: disable sending mails via IPv6
2023-09-20 14:33:45 +02:00
* postfix: new spam.sh update script that avoids reloading if files did not change.
* postgresql: fix file `postgresql.pref.j2` for exclude package
* postgresql: fix task `update apt cache` for PGDG repo
* redis: standardize plugins path from `/usr/local/share/munin/` to `/usr/local/lib/munin/plugins/`
* varnish: allow the systemd template to be overridden with a template outside of the role
2023-09-26 16:14:54 +02:00
* lxc: purge openssh-server from container on install
2023-04-23 10:48:39 +02:00
### Fixed
2023-05-22 14:16:14 +02:00
2023-09-20 14:33:45 +02:00
* elasticsearch: comment the `Xlog:gc` line instead of changing it completely
* evocheck: fix IS_SSHALLOWUSERS condition
* evolinux-base, evolinux-users: Fix files mode under `/etc/ssh/sshd_config.d`
* evolinux-base: fix file extension
* fail2ban: fix cron `fail2ban_dbpurge` (should be bash instead of sh)
2023-09-21 15:47:23 +02:00
* lxc-php: fix APT keyring path inside containers
2023-09-20 14:33:45 +02:00
* nagios-nrpe: `check_ssl_local` now has an output that nrpe can understand when it isn't OK
* nagios-nrpe: remount `/usr` **after** installing the packages
2023-09-26 10:40:06 +02:00
* nagios-nrpe: sync Redis check from redis roles
2023-07-17 17:31:21 +02:00
* nginx: set default server directive in default vhost
2023-07-20 16:33:11 +02:00
* opendkim: update apt cache before install
2023-09-20 14:33:45 +02:00
* packweb-apache,nagios-nrpe: add missing task and config for PHP 8.2 container
* postfix: add missing `localhost.$mydomain` to `mydestination`
* redis: replace erroneous `ini_file` module for Munin config, fix dedicated Munin config filename (z-XXX).
2023-10-09 17:12:15 +02:00
* evolinux-base: use lineinfile instead of replace under root task
2023-10-11 09:55:56 +02:00
* evolinux-base: Corriger autorisation pour evolinux_user
2023-10-11 18:05:39 +02:00
* docker-host: Retirer directive state en trop
2023-10-12 17:49:00 +02:00
* rbenv: Installer libyaml-dev
2023-04-23 10:48:39 +02:00
### Removed
2023-06-23 11:26:35 +02:00
* dovecot: remove Munin plugin dovecot (not working)
2023-04-23 10:48:39 +02:00
## [23.04] 2023-04-23
### Added
2023-03-30 17:58:30 +02:00
* graylog: new role
2023-03-20 18:00:22 +01:00
* lxc-php: add support for PHP 8.2 container
2023-03-30 17:58:30 +02:00
2023-03-16 14:56:39 +01:00
### Changed
2023-04-23 10:48:39 +02:00
* Use FQCN (Fully Qualified Collection Name)
2023-03-18 15:38:05 +01:00
* apt: with Debian 12, backports are installed but disabled by default
2023-03-22 15:21:58 +01:00
* openvpn: updated the README file
2023-03-30 13:19:13 +02:00
* pgbouncer: add handler to restart the service
2023-03-18 15:38:05 +01:00
2023-03-16 14:56:39 +01:00
### Fixed
2023-03-29 11:41:26 +02:00
* generate-ldif: Support for Debian 12
2023-03-16 22:17:46 +01:00
## [23.03.1] 2023-03-16
### Added
* pgbouncer: new role
### Changed
* apt: deb822 migration python script is looked relative to shell script
* listupgrade: remove old typo version of the cron task
* minifirewall: support protocols in numeric form
2023-03-16 14:56:39 +01:00
## [23.03] 2023-03-16
### Added
2023-03-16 14:06:44 +01:00
* apache: add task to enable mailgraph on default vhost and index.html
2023-02-27 13:58:01 +01:00
* apt: add move-apt-keyrings script/tasks
2023-03-15 22:50:00 +01:00
* apt: add tools to migrate sources to deb822 format
2023-01-23 10:33:07 +01:00
* fail2ban: add "Internal login failure" to Dovecot filter
2023-03-16 14:06:44 +01:00
* lxc: copy `/etc/profile.d/evolinux.sh` from host into container
* nagios-nrpe: add tasks/files for a wrapper
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
* php: add `php_version` variable when sury is activated for each Debian version
2023-02-14 16:43:41 +01:00
* php: add a way to choose which version to install using sury repository
2023-03-16 14:06:44 +01:00
* postfix: Add task to enable mailgraph on packmail
2023-03-09 14:37:42 +01:00
* postgresql: configure max_connections
2023-03-16 14:06:44 +01:00
* userlogrotate: create dedicated role, separated from packweb-apache
* varnish: add `varnish_update_config` variable to disable configuration update
2022-12-30 10:46:24 +01:00
2022-12-14 11:37:38 +01:00
### Changed
2022-12-28 09:02:17 +01:00
* Use systemd module instead of command
2023-03-16 14:06:44 +01:00
* Removed all `warn: False` args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
* apt: Use pub.evolix.org instead of pub.evolix.net
2023-02-21 18:30:09 +01:00
* bind: refactor role
2023-03-16 14:06:44 +01:00
* elasticsearch: Disable garabge collector logging (JDK >= 9)
2023-02-21 15:09:05 +01:00
* evolinux-users: Update sudoers template to remove commands allowed without password
2023-03-16 14:31:34 +01:00
* listupgrade: upstream release 23.03.3
2023-03-16 14:37:51 +01:00
* kvmstats: use virsh domstats | awk to get guests informations
2023-03-16 14:06:44 +01:00
* nagios-nrpe : Rewrite `check_vrrpd` for a better check (check `rp_filter` , `vrrpd` and `uvrrpd` compatible, use arguments, …)
* openvpn: Change `check_openvpn` destination file to comply with recent EvoBSD change
2023-02-21 15:09:05 +01:00
* postfix: come back to default value of `notify_classes` for pack mails.
2023-03-16 14:06:44 +01:00
* userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
2023-02-21 15:09:05 +01:00
* webapps/nextcloud : Change default data directory to be outside web root
* webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
* yarn: update apt key
2022-12-22 17:31:28 +01:00
2022-12-14 11:37:38 +01:00
### Fixed
2022-12-28 09:03:37 +01:00
* Proper jinja spacing
2023-03-16 14:06:44 +01:00
* clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurring failures in Postfix.
* docker-host: fix type in `daemon.json` and remove host configuration that is already in the systemd service by default
2022-12-19 17:05:45 +01:00
* evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
2023-01-11 16:14:46 +01:00
* haproxy: fix missing admin ACL in stats module access permissions
2023-01-12 14:22:40 +01:00
* openvpn: fix the client cipher configuration to match the server cipher configuration
2023-03-16 14:06:44 +01:00
* php: fix error introduced in #33503e4538 (`False` evaluated as a String instead of Boolean)
* php: install using Sury repositories on Bullseye
2023-01-18 10:29:41 +01:00
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-03-16 14:06:44 +01:00
* postfix: avoid Amavis transport to be considered dead when restarted.
* postfix: remove unused `aliases_scope=sub` from virtual_aliases.cf (it generated warnings)
2023-03-01 17:22:36 +01:00
* userlogrotate: fix bug introduced in commit 2e54944a246 (rotated files were not zipped)
2023-03-01 17:50:58 +01:00
* userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
2022-12-19 17:05:45 +01:00
2022-12-14 11:37:38 +01:00
### Removed
2023-02-26 00:10:00 +01:00
* evolinux-base: subversion is not installed anymore
2022-12-14 11:37:38 +01:00
## [22.12] 2022-12-14
### Added
* all: add signed-by option for additional APT sources
2022-11-06 15:20:31 +01:00
* all: preliminary work to support Debian 12
2022-12-14 11:37:38 +01:00
* all: use proper keyrings directory for APT version
2022-10-19 16:32:36 +02:00
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
2022-12-14 11:37:38 +01:00
* lxc-php: set php-fpm umask to `007`
* nagios-nrpe: `check_ceph_*`
* nagios-nrpe: `check_haproxy_stats` supports DRAIN status
* packweb-apache: enable `log_forensic` module
2022-12-07 15:46:40 +01:00
* rabbitmq: add link in default page
2022-12-14 11:37:38 +01:00
* varnish: create special tmp directory for syntax validation
2022-12-15 11:43:13 +01:00
* postfix: add localhost.$mydomain to mydestination
2022-10-26 15:25:22 +02:00
2022-09-19 17:06:25 +02:00
### Changed
2022-12-05 14:22:08 +01:00
* certbot: auto-detect HAPEE version in renewal hook
2022-11-27 22:14:39 +01:00
* evocheck: install script according to Debian version
2022-12-14 11:37:38 +01:00
* evolinux-base: `utils.yml` can be excluded
2022-10-20 14:36:47 +02:00
* evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
2022-12-14 11:37:38 +01:00
* evolinux-user: add sudoers privilege for check `php_fpm81`
2022-11-26 19:09:05 +01:00
* evomaintenance: allow missing API endpoint if APi is disabled
2022-09-30 11:38:53 +02:00
* java: use default JRE package when version is not specified
2022-12-14 11:37:38 +01:00
* keepalived: change exit code (_warning_ if running but not on expected state ; _critical_ if not running)
2022-12-07 21:04:33 +01:00
* listupgrade: better detection for PostgreSQL
2022-12-07 21:05:12 +01:00
* listupgrade: sort/uniq of packages/services lists in email template
2022-09-26 23:46:29 +02:00
* lxc-solr: detect the real partition options
2022-10-20 14:36:47 +02:00
* lxc-solr: download URL according to Solr Version
2022-09-27 07:47:26 +02:00
* lxc-solr: set homedir and port at install
2022-10-03 18:54:29 +02:00
* minifirewall: whitelist deb.freexian.com
2022-12-14 11:37:38 +01:00
* openvpn: shellpki upstream release 22.12.2
* openvpn: specifies that the mail for expirations is for OpenVPN
2022-11-06 15:24:54 +01:00
* packweb-apache: manual dependencies resolution
2022-10-20 14:36:47 +02:00
* redis: some values should be quoted
2022-10-20 14:38:12 +02:00
* redis: variable to disable transparent hugepage (default: do nothing)
2022-12-14 11:37:38 +01:00
* squid: whitelist `deb.freexian.com`
2022-11-21 15:46:46 +01:00
* varnish: better package facts usage with check mode and tags
2022-11-02 13:29:58 +01:00
* varnish: systemd override depends on Varnish version instead of Debian version
2022-09-26 23:46:29 +02:00
2022-09-19 17:06:25 +02:00
### Fixed
2022-12-14 11:37:38 +01:00
* evolinux-user: Fix sudoers privilege for check `php_fpm80`
2022-11-09 17:05:54 +01:00
* nagios-nrpe: Fix check opendkim for recent change in listening port
2022-12-13 19:37:54 +01:00
* openvpn: Fix mode of shellpki script
2022-12-14 11:37:38 +01:00
* proftpd: Fix format of public key files controlled by Ansible
* proftpd: Fix mode of public key directory and files (they have to be accessible by `proftpd:nobody` )
* varnish: fix missing state, that blocked the task
2022-10-07 14:16:32 +02:00
2022-09-19 17:06:25 +02:00
### Removed
2022-12-13 17:53:59 +01:00
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
2022-09-19 17:06:25 +02:00
## [22.09] 2022-09-19
### Added
2022-08-24 15:22:25 +02:00
* evolinux_users: create only users who have a certain value for the `create` key (default: `always` ).
2022-08-18 10:27:08 +02:00
* php: install php-xml with recent PHP versions
2022-08-24 17:58:44 +02:00
* vrrp: add an `ip.yml` task file to help create VRRP addresses
2022-08-26 16:34:19 +02:00
* webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
2022-09-01 15:32:56 +02:00
* memcached: NRPE check for multi-instance setup
2022-09-15 11:45:24 +02:00
* munin: Add ipmi_ plugins on dedicated hardware
2022-09-13 16:31:03 +02:00
* proftpd: Add options to override configs (and add a warning if file was overriden)
2022-09-13 16:29:59 +02:00
* proftpd: Allow user auth with ssh keys
2022-08-18 10:27:08 +02:00
2022-07-06 18:02:42 +02:00
### Changed
2022-09-14 10:55:00 +02:00
* evocheck: upstream release 22.09
2022-09-12 13:54:57 +02:00
* evolinux-base: update-evobackup-canary upstream release 22.06
2022-08-29 17:29:09 +02:00
* generate-ldif: Support any MariaDB version
2022-09-09 16:09:45 +02:00
* minifirewall: use handlers to restart minifirewall
2022-08-10 17:23:47 +02:00
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
2023-10-14 07:36:29 +02:00
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
2022-09-06 11:26:19 +02:00
* openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
2022-09-14 12:21:13 +02:00
* nagios-nrpe: Upgrade check_mongo
2022-07-28 14:18:12 +02:00
2022-07-06 18:02:42 +02:00
### Fixed
2022-09-15 09:48:34 +02:00
* fail2ban: fix dovecot-evolix regex syntax
2022-08-10 10:26:37 +02:00
* haproxy: make it so that munin doesn't break if there is a non default `haproxy_stats_path`
2022-09-15 09:48:34 +02:00
* mysql: Add missing Munin conf for Debian 11
2022-08-17 16:53:05 +02:00
* redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
2022-09-15 09:48:34 +02:00
* varnish: make `-j <jail_config>` the first argument on jessie/stretch as it has to be the first argument there.
2022-09-01 11:28:08 +02:00
* webapps/nextcloud: Add missing dependencies for imagick
2022-08-10 10:26:37 +02:00
2022-07-06 18:02:42 +02:00
### Removed
2022-07-28 13:58:09 +02:00
* evocheck: remove failure if deprecated variable is used
2022-09-01 11:58:24 +02:00
* webapps/nextcloud: Drop support for Nginx
2022-07-28 13:58:09 +02:00
2022-07-28 13:49:57 +02:00
## [22.07.1] 2022-07-28
### Changed
* evocheck: upstream release 22.07
* evomaintenance: upstream release 22.07
* mongodb: replace version_compare() with version()
* nagios-nrpe: check_disk1 returns only alerts
* nagios-nrpe: use regexp to exclude paths/devices in check_disk1
2022-07-08 11:28:29 +02:00
## [22.07] 2022-07-08
### Added
* fail2ban: Ensure apply dbpurgeage from stretch and buster
2022-07-06 18:02:42 +02:00
## [22.07] 2022-07-06
### Added
2022-07-06 14:24:38 +02:00
* evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
2022-06-22 15:32:10 +02:00
* haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
2022-07-05 10:18:49 +02:00
* kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
2022-07-06 14:26:13 +02:00
* openvpn: configure logrotate
2022-06-22 15:32:10 +02:00
2022-06-10 11:11:44 +02:00
### Changed
2022-06-29 16:09:04 +02:00
* openvpn: minimal rights on /etc/shellpki/ and crl.pem
2022-06-10 11:11:44 +02:00
### Fixed
2022-06-22 17:20:15 +02:00
* evolinux-base: Update PermitRootLogin task to work on Debian 11
* evolinux-user: Update PermitRootLogin task to work on Debian 11
* minifirewall: docker mode is configurable
2022-06-21 15:13:33 +02:00
2022-06-17 11:00:51 +02:00
## [22.06.3] 2022-06-17
### Changed
* evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
2022-06-10 11:11:44 +02:00
## [22.06.2] 2022-06-10
### Added
2022-06-08 16:45:41 +02:00
* postgresql: add variable to configure binding addresses (default: 127.0.0.1)
2022-06-03 09:27:01 +02:00
### Changed
2022-06-09 07:41:49 +02:00
* evocheck: upstream release 22.06.2
2022-06-08 17:55:58 +02:00
* fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* fail2ban: If jail.local was overriden, add a warning
* fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* fail2ban: Allow to tune the default action with ansible
* fail2ban: Change default action to ban only (instead of ban + mail with whois report)
* fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
2022-06-08 15:36:47 +02:00
* redis: binding is possible on multiple interfaces (breaking change)
2022-06-03 09:27:01 +02:00
### Fixed
2022-06-08 15:38:21 +02:00
* Enforce String notation for mode
2022-06-08 15:39:34 +02:00
* postgresql: fix nested loop for Munin plugins
2022-06-09 10:33:28 +02:00
* postgresql: Fix task order when using pgdg repo
* postgresql: Install the right pg version
2022-06-08 15:38:21 +02:00
2022-06-06 15:07:10 +02:00
## [22.06.1] 2022-06-06
### Changed
* evocheck: upstream release 22.06.1
* minifirewall: upstream release 22.06
* mysql: evomariabackup release 22.06.1
* mysql: reorganize evomariabackup to use mtree instead of our own dir-check
2022-06-03 09:27:01 +02:00
## [22.06] 2022-06-03
### Added
2022-06-01 17:23:56 +02:00
* certbot: add hapee (HAProxy Enterprise Edition) deploy hook
* evolinux-base: add dir-check script
* evolinux-base: add update-evobackup-canary script
2022-06-02 18:26:23 +02:00
* mysql: add post-backup-hook to evomariabackup
2022-06-01 17:24:51 +02:00
* mysql: use dir-check inside evomariabackup
2022-05-31 14:06:15 +02:00
2022-05-12 15:49:18 +02:00
### Changed
2022-05-24 16:22:49 +02:00
* docker: Allow "live-restore" to be toggled with docker_conf_live_restore
2022-06-03 09:15:04 +02:00
* evocheck: upstream release 22.06
2022-06-13 17:35:31 +02:00
* evolinux-base: Replacement of variable `evolinux_packages_hardware` by `ansible_virtualization_role == "host"` automatize host type detection and avoids installing smartd & other on VM.
2022-06-03 10:19:35 +02:00
* minifirewall: tail template follows symlinks
2022-06-03 09:26:07 +02:00
* mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner
2022-05-24 16:22:49 +02:00
2022-12-14 11:47:53 +01:00
### Fixed
2022-06-13 17:35:31 +02:00
* Role `postfix` : Add missing `localhost.localdomain localhost` to `mydestination` variable which caused undelivered of some local mails.
2022-05-12 15:49:18 +02:00
## [22.05.1] 2022-05-12
### Added
2023-11-21 11:35:42 +01:00
* docker: Introduce new default settings + allow to change the docker data directory
* docker: Introduce new variables to tweak daemon settings
2022-05-10 19:04:58 +02:00
2022-05-10 16:58:32 +02:00
### Changed
2023-11-21 11:35:42 +01:00