Merge branch 'buster' into unstable
This commit is contained in:
commit
bea11352be
|
@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
|
||||||
### Added
|
### Added
|
||||||
* evocheck: explicit PATH
|
* evocheck: explicit PATH
|
||||||
* evolinux-base: On debian 10 and later, add noexec on /dev/shm
|
* evolinux-base: On debian 10 and later, add noexec on /dev/shm
|
||||||
|
* evolinux-base: default value for "evolinux_ssh_group"
|
||||||
* generate-ldif: support MariaDB 10.3
|
* generate-ldif: support MariaDB 10.3
|
||||||
* listupgrade: install old-kernel-autoremoval script
|
* listupgrade: install old-kernel-autoremoval script
|
||||||
* mysql: activate binary logs by specifying log_bin path
|
* mysql: activate binary logs by specifying log_bin path
|
||||||
|
@ -25,12 +26,14 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
* elasticsearch: listen on local interface only by default
|
* elasticsearch: listen on local interface only by default
|
||||||
* evocheck: upstream version 19.09
|
* evocheck : update (version 19.09) from upstream
|
||||||
* evocheck: cron jobs execute in verbose
|
* evocheck: cron jobs execute in verbose
|
||||||
* evomaintenance: upstream version 0.5.1
|
* evolinux-base: use "evolinux_internal_group" for SSH authentication
|
||||||
* evomaintenance: Turn on API by default (instead of DB)
|
* evomaintenance: Turn on API by default (instead of DB)
|
||||||
|
* evomaintenance: upstream version 0.5.1
|
||||||
* php: By default, allow 128M for OpCache (instead of 64M)
|
* php: By default, allow 128M for OpCache (instead of 64M)
|
||||||
* squid: Remove wait time when we turn off squid
|
* squid: Remove wait time when we turn off squid
|
||||||
|
* squid: split systemd tasks into own file
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
* lxc-php: Don't remove the default pool
|
* lxc-php: Don't remove the default pool
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
# deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
||||||
|
deb http://pub.evolix.net/ stretch/
|
||||||
|
|
|
@ -79,6 +79,7 @@ evolinux_packages_diagnostic: True
|
||||||
evolinux_packages_hardware: True
|
evolinux_packages_hardware: True
|
||||||
evolinux_packages_common: True
|
evolinux_packages_common: True
|
||||||
evolinux_packages_stretch: True
|
evolinux_packages_stretch: True
|
||||||
|
evolinux_packages_buster: True
|
||||||
evolinux_packages_serveur_base: True
|
evolinux_packages_serveur_base: True
|
||||||
evolinux_packages_purge_openntpd: True
|
evolinux_packages_purge_openntpd: True
|
||||||
evolinux_packages_purge_locate: True
|
evolinux_packages_purge_locate: True
|
||||||
|
@ -124,6 +125,7 @@ evolinux_ssh_password_auth_addresses: "{{ evolinux_default_ssh_password_auth_add
|
||||||
evolinux_ssh_match_address: True
|
evolinux_ssh_match_address: True
|
||||||
evolinux_ssh_disable_acceptenv: True
|
evolinux_ssh_disable_acceptenv: True
|
||||||
evolinux_ssh_allow_current_user: False
|
evolinux_ssh_allow_current_user: False
|
||||||
|
evolinux_ssh_group: "evolinux-ssh"
|
||||||
|
|
||||||
### disabled because of a memory leak
|
### disabled because of a memory leak
|
||||||
# # evolinux users
|
# # evolinux users
|
||||||
|
|
|
@ -95,6 +95,16 @@
|
||||||
- evolinux_packages_stretch
|
- evolinux_packages_stretch
|
||||||
- ansible_distribution_major_version | version_compare('9', '>=')
|
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- name: Install/Update packages for Buster and later
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- spectre-meltdown-checker
|
||||||
|
- binutils
|
||||||
|
when:
|
||||||
|
- evolinux_packages_buster
|
||||||
|
- ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
- name: Customize logcheck recipient
|
- name: Customize logcheck recipient
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/logcheck/logcheck.conf
|
dest: /etc/logcheck/logcheck.conf
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
# only the first instance of the keyword is applied. »
|
# only the first instance of the keyword is applied. »
|
||||||
#
|
#
|
||||||
# We want to allow any user from a list of IP addresses to login with password,
|
# We want to allow any user from a list of IP addresses to login with password,
|
||||||
# but users of the "evolix" group can't login with password from other IP addresses
|
# but users of the "{{ evolinux_internal_group }}" group can't login with password from other IP addresses
|
||||||
|
|
||||||
- name: "Security directives for Evolinux (Debian 10 or later)"
|
- name: "Security directives for Evolinux (Debian 10 or later)"
|
||||||
blockinfile:
|
blockinfile:
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
block: |
|
block: |
|
||||||
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
||||||
PasswordAuthentication yes
|
PasswordAuthentication yes
|
||||||
Match Group evolix
|
Match Group {{ evolinux_internal_group }}
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
validate: '/usr/sbin/sshd -t -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
|
|
|
@ -10,7 +10,7 @@ is_alert5_enabled() {
|
||||||
if test -f /etc/init.d/alert5; then
|
if test -f /etc/init.d/alert5; then
|
||||||
test -f /etc/rc2.d/S*alert5
|
test -f /etc/rc2.d/S*alert5
|
||||||
else
|
else
|
||||||
systemctl is-active alert5 | grep -q "^active$"
|
systemctl is-enabled alert5 -q
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,14 +24,23 @@
|
||||||
- mysql
|
- mysql
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- name: "Install depends for mytop (Debian 9 or later)"
|
- name: "Install depends for mytop (stretch)"
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
- mariadb-client-10.1
|
- mariadb-client-10.1
|
||||||
- libconfig-inifiles-perl
|
- libconfig-inifiles-perl
|
||||||
- libterm-readkey-perl
|
- libterm-readkey-perl
|
||||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
|
- name: "Install depends for mytop (Debian 10 or later)"
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- mariadb-client-10.3
|
||||||
|
- libconfig-inifiles-perl
|
||||||
|
- libterm-readkey-perl
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
- name: Read debian-sys-maint password
|
- name: Read debian-sys-maint password
|
||||||
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
||||||
|
|
|
@ -21,19 +21,19 @@
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- libapache2-mod-security2
|
- libapache2-mod-security2
|
||||||
- modsecurity-crs
|
- modsecurity-crs
|
||||||
- apg
|
- apg
|
||||||
|
|
||||||
- name: Additional modules are enabled
|
- name: Additional modules are enabled
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- ssl
|
- ssl
|
||||||
- include
|
- include
|
||||||
- negotiation
|
- negotiation
|
||||||
- alias
|
- alias
|
||||||
|
|
||||||
- name: Copy Apache settings for modules
|
- name: Copy Apache settings for modules
|
||||||
copy:
|
copy:
|
||||||
|
@ -58,6 +58,5 @@
|
||||||
register: command_result
|
register: command_result
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
with_items:
|
with_items:
|
||||||
- evolinux-evasive
|
- evolinux-evasive
|
||||||
- evolinux-modsec
|
- evolinux-modsec
|
||||||
|
|
||||||
|
|
|
@ -6,23 +6,23 @@
|
||||||
changed_when: "'changed' in command_result.stdout"
|
changed_when: "'changed' in command_result.stdout"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
with_items:
|
with_items:
|
||||||
- /
|
- /
|
||||||
- /etc
|
- /etc
|
||||||
- /usr
|
- /usr
|
||||||
- /usr/bin
|
- /usr/bin
|
||||||
- /var
|
- /var
|
||||||
- /var/log
|
- /var/log
|
||||||
- /home
|
- /home
|
||||||
- /bin
|
- /bin
|
||||||
- /sbin
|
- /sbin
|
||||||
- /lib
|
- /lib
|
||||||
- /usr/lib
|
- /usr/lib
|
||||||
- /usr/include
|
- /usr/include
|
||||||
- /usr/bin
|
- /usr/bin
|
||||||
- /usr/sbin
|
- /usr/sbin
|
||||||
- /usr/share
|
- /usr/share
|
||||||
- /usr/share/doc
|
- /usr/share/doc
|
||||||
- /etc/default
|
- /etc/default
|
||||||
|
|
||||||
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
||||||
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
||||||
|
@ -30,20 +30,21 @@
|
||||||
changed_when: "'changed' in command_result.stdout"
|
changed_when: "'changed' in command_result.stdout"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
with_items:
|
with_items:
|
||||||
- /var/log/apt
|
- /var/log/apt
|
||||||
- /var/lib/dpkg
|
- /var/lib/dpkg
|
||||||
- /var/log/munin
|
- /var/log/munin
|
||||||
- /var/backups
|
- /var/backups
|
||||||
- /etc/init.d
|
- /etc/init.d
|
||||||
- /etc/apache2
|
- /etc/apache2
|
||||||
- /etc/network
|
- /etc/network
|
||||||
- /etc/phpmyadmin
|
- /etc/phpmyadmin
|
||||||
- /var/log/installer
|
- /var/log/installer
|
||||||
|
|
||||||
- name: Change group to www-data for /etc/phpmyadmin/
|
- name: Change group to www-data for /etc/phpmyadmin/
|
||||||
file:
|
file:
|
||||||
dest: /etc/phpmyadmin/
|
dest: /etc/phpmyadmin/
|
||||||
group: www-data
|
group: www-data
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
||||||
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
||||||
|
@ -51,11 +52,11 @@
|
||||||
changed_when: "'changed' in command_result.stdout"
|
changed_when: "'changed' in command_result.stdout"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
with_items:
|
with_items:
|
||||||
- /bin/ping
|
- /bin/ping
|
||||||
- /bin/ping6
|
- /bin/ping6
|
||||||
- /usr/bin/fping
|
- /usr/bin/fping
|
||||||
- /usr/bin/fping6
|
- /usr/bin/fping6
|
||||||
- /usr/bin/mtr
|
- /usr/bin/mtr
|
||||||
|
|
||||||
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
||||||
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
||||||
|
@ -63,6 +64,5 @@
|
||||||
changed_when: "'changed' in command_result.stdout"
|
changed_when: "'changed' in command_result.stdout"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
with_items:
|
with_items:
|
||||||
- /var/log/evolix.log
|
- /var/log/evolix.log
|
||||||
- /etc/warnquota.conf
|
- /etc/warnquota.conf
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,23 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Install phpmyadmin
|
- name: Install apg
|
||||||
apt:
|
apt:
|
||||||
name: '{{ item }}'
|
name: apg
|
||||||
state: present
|
|
||||||
with_items:
|
- name: Install phpmyadmin (Debian <=9)
|
||||||
- phpmyadmin
|
apt:
|
||||||
- apg
|
name: phpmyadmin
|
||||||
|
when: ansible_distribution_major_version | version_compare('9', '<=')
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
|
||||||
|
# /!\ Warning: this is a temporary hack as phpmyadmin for Buster is not yet
|
||||||
|
# available
|
||||||
|
- name: Install phpmyadmin using sid package (Debian >=10)
|
||||||
|
apt:
|
||||||
|
deb: http://mirror.evolix.org/debian/pool/main/p/phpmyadmin/phpmyadmin_4.6.6-5_all.deb
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
- name: Check if phpmyadmin default configuration is present
|
- name: Check if phpmyadmin default configuration is present
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -9,4 +9,7 @@
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- include: main_stretch.yml
|
- include: main_stretch.yml
|
||||||
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
|
- include: main_buster.yml
|
||||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
95
php/tasks/main_buster.yml
Normal file
95
php/tasks/main_buster.yml
Normal file
|
@ -0,0 +1,95 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Set variables (Debian 10 or later)"
|
||||||
|
set_fact:
|
||||||
|
php_cli_defaults_ini_file: /etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_cli_custom_ini_file: /etc/php/7.3/cli/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_apache_defaults_ini_file: /etc/php/7.3/apache2/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_apache_custom_ini_file: /etc/php/7.3/apache2/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_fpm_defaults_ini_file: /etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_fpm_custom_ini_file: /etc/php/7.3/fpm/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_fpm_defaults_conf_file: /etc/php/7.3/fpm/pool.d/z-evolinux-defaults.conf
|
||||||
|
php_fpm_custom_conf_file: /etc/php/7.3/fpm/pool.d/zzz-evolinux-custom.conf
|
||||||
|
php_fpm_service_name: php7.3-fpm
|
||||||
|
|
||||||
|
# Packages
|
||||||
|
|
||||||
|
- name: "Set package list (Debian 9 or later)"
|
||||||
|
set_fact:
|
||||||
|
php_stretch_packages:
|
||||||
|
- php-cli
|
||||||
|
- php-gd
|
||||||
|
- php-intl
|
||||||
|
- php-imap
|
||||||
|
- php-ldap
|
||||||
|
- php-mysql
|
||||||
|
# php-mcrypt is no longer packaged for PHP 7.2
|
||||||
|
- php-pgsql
|
||||||
|
- php-gettext
|
||||||
|
- php-curl
|
||||||
|
- php-ssh2
|
||||||
|
- php-zip
|
||||||
|
- composer
|
||||||
|
- libphp-phpmailer
|
||||||
|
|
||||||
|
- include: sury_pre.yml
|
||||||
|
when: php_sury_enable
|
||||||
|
|
||||||
|
- name: "Install PHP packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items: "{{ php_stretch_packages }}"
|
||||||
|
|
||||||
|
- name: "Install mod_php packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- libapache2-mod-php
|
||||||
|
- php
|
||||||
|
when: php_apache_enable
|
||||||
|
|
||||||
|
- name: "Install PHP FPM packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- php-fpm
|
||||||
|
- php
|
||||||
|
when: php_fpm_enable
|
||||||
|
|
||||||
|
# Configuration
|
||||||
|
|
||||||
|
- name: Enforce permissions on PHP directory
|
||||||
|
file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
mode: "0755"
|
||||||
|
with_items:
|
||||||
|
- /etc/php
|
||||||
|
- /etc/php/7.3
|
||||||
|
|
||||||
|
- include: config_cli.yml
|
||||||
|
- name: Enforce permissions on PHP cli directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.3/cli
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- include: config_fpm.yml
|
||||||
|
when: php_fpm_enable
|
||||||
|
- name: Enforce permissions on PHP fpm directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.3/fpm
|
||||||
|
mode: "0755"
|
||||||
|
when: php_fpm_enable
|
||||||
|
|
||||||
|
- include: config_apache.yml
|
||||||
|
when: php_apache_enable
|
||||||
|
- name: Enforce permissions on PHP apache2 directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.3/apache2
|
||||||
|
mode: "0755"
|
||||||
|
when: php_apache_enable
|
||||||
|
|
||||||
|
- include: sury_post.yml
|
||||||
|
when: php_sury_enable
|
|
@ -4,10 +4,10 @@
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: configure SpamAssasin
|
- name: configure SpamAssasin
|
||||||
copy:
|
copy:
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart spamassassin
|
notify: restart spamassassin
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: enable SpamAssasin
|
- name: enable SpamAssasin
|
||||||
replace:
|
replace:
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
replace: 'ENABLED=1'
|
replace: 'ENABLED=1'
|
||||||
notify: restart spamassassin
|
notify: restart spamassassin
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: add amavis user to debian-spamd group
|
- name: add amavis user to debian-spamd group
|
||||||
user:
|
user:
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
groups: debian-spamd
|
groups: debian-spamd
|
||||||
append: yes
|
append: yes
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: fix right on /var/lib/spamassassin
|
- name: fix right on /var/lib/spamassassin
|
||||||
file:
|
file:
|
||||||
|
@ -41,12 +41,12 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: remount-usr
|
name: remount-usr
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: copy sa-update.sh script
|
- name: copy sa-update.sh script
|
||||||
copy:
|
copy:
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
dest: /usr/share/scripts/sa-update.sh
|
dest: /usr/share/scripts/sa-update.sh
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: enable sa-update.sh cron
|
- name: enable sa-update.sh cron
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -64,13 +64,13 @@
|
||||||
state: present
|
state: present
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: update SpamAssasin's rules
|
- name: update SpamAssasin's rules
|
||||||
command: "/usr/share/scripts/sa-update.sh"
|
command: "/usr/share/scripts/sa-update.sh"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
||||||
- name: ensure SpamAssasin is started and enabled
|
- name: ensure SpamAssasin is started and enabled
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -78,4 +78,4 @@
|
||||||
state: started
|
state: started
|
||||||
enabled: True
|
enabled: True
|
||||||
tags:
|
tags:
|
||||||
- spamassassin
|
- spamassassin
|
||||||
|
|
22
squid/files/squid.service
Normal file
22
squid/files/squid.service
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
## Copyright (C) 1996-2019 The Squid Software Foundation and contributors
|
||||||
|
##
|
||||||
|
## Squid software is distributed under GPLv2+ license and includes
|
||||||
|
## contributions from numerous individuals and organizations.
|
||||||
|
## Please see the COPYING and CONTRIBUTORS files for details.
|
||||||
|
##
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Squid Web Proxy Server
|
||||||
|
Documentation=man:squid(8)
|
||||||
|
After=network.target network-online.target nss-lookup.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/var/run/squid.pid
|
||||||
|
ExecStartPre=/usr/sbin/squid --foreground -z
|
||||||
|
ExecStart=/usr/sbin/squid -sYC -f /etc/squid/evolinux-defaults.conf
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=mixed
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -134,6 +134,9 @@
|
||||||
notify: "reload squid"
|
notify: "reload squid"
|
||||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- include: systemd.yml
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
- include: logrotate_jessie.yml
|
- include: logrotate_jessie.yml
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
|
|
14
squid/tasks/systemd.yml
Normal file
14
squid/tasks/systemd.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Set custom systemd unit service (Debian 10 or later)"
|
||||||
|
copy:
|
||||||
|
src: squid.service
|
||||||
|
dest: /etc/systemd/system/squid.service
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
|
- name: "Reload systemd and restart squid (Debian 10 or later)"
|
||||||
|
systemd:
|
||||||
|
name: squid
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
|
@ -4,15 +4,37 @@
|
||||||
name: apt
|
name: apt
|
||||||
tasks_from: evolix_public.yml
|
tasks_from: evolix_public.yml
|
||||||
|
|
||||||
- name: Install PHP packages
|
- name: Install PHP packages (Debian 10 and later)
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- php-pear
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
|
# /!\ Warning, this is a temporary hack
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
|
||||||
|
# /!\ Warning, this is a temporary hack
|
||||||
|
- name: Install PHP packages from sid (Debian 10 and later)
|
||||||
|
apt:
|
||||||
|
deb: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.12.9-2_all.deb'
|
||||||
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
|
- name: Install PHP packages (stretch)
|
||||||
apt:
|
apt:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- php-pear
|
- php-pear
|
||||||
- php-log
|
- php-log
|
||||||
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- name: Install PHP5 packages
|
- name: Install PHP5 packages (jessie)
|
||||||
apt:
|
apt:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
|
|
Loading…
Reference in a new issue