Commit Graph

1037 Commits

Author SHA1 Message Date
David Prevot c7940dc8c1 CHANGELOG: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|3|4766|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/203//ansiblelint">Evolix » ansible-roles » unstable #203</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:12:37 +01:00
William Hirigoyen 419071f470 php: fix error introduced in 33503e4538 (False evaluated as a string instead of boolean)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|6|4764|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/202//ansiblelint">Evolix » ansible-roles » unstable #202</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:09:41 +01:00
Jérémy Lecour b4a63d3d55 listupgrade: upstream release 23.03.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|5|4765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/197//ansiblelint">Evolix » ansible-roles » unstable #197</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-12 11:12:56 +01:00
Jérémy Lecour b57fd16ee6 listupgrade: upstream release 23.03 2023-03-12 11:12:56 +01:00
Jérémy Lecour d64193287d postgresql: configure max_connections 2023-03-12 11:12:56 +01:00
William Hirigoyen 3f353ad072 elasticsearch: disable GC logging
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-10 10:29:59 +01:00
William Hirigoyen fc95f57711 elasticsearch: Disable GC rotation for JDK 8 2023-03-10 10:29:59 +01:00
William Hirigoyen 4759ed645c lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-08 11:09:36 +01:00
William Hirigoyen af569f8c26 userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-03 14:39:16 +01:00
William Hirigoyen 4d3f92df23 postfix: avoid Amavis transport to be considered dead when restarted.
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-02 17:50:17 +01:00
William Hirigoyen 7ec58bf144 userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:50:58 +01:00
William Hirigoyen cc7c2a7d4e userlogrotate: fix bug introduced in commit 2e54944a24 (rotated files were not zipped)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:22:50 +01:00
William Hirigoyen d9c5563fd6 postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 14:35:51 +01:00
Ludovic Poujol e896459d06 varnish: add variable varnish_update_config to disable configuration update
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-28 15:24:18 +01:00
David Prevot 1d701b060e apt: Use pub.evolix.org instead of pub.evolix.net
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-27 18:11:51 +01:00
Jérémy Lecour 17946f7280 apt: add move-apt-keyrings script/tasks 2023-02-27 13:58:01 +01:00
Jérémy Lecour 431ffd5991 evolinux-base: subversion is not installed anymore 2023-02-26 21:31:02 +01:00
Eric Morino 68d34c8528 Add changelog for add feature in postfix / apache and php
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-24 15:46:00 +01:00
Jérémy Lecour 8cbe837147 bind: refactor role
gitea/ansible-roles/pipeline/head This commit looks good Details
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
2023-02-21 19:01:01 +01:00
William Hirigoyen 2c1db6a222 userlogrotate: create role separated from packweb-apache
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 17:55:46 +01:00
William Hirigoyen cd8a812288 bind: fix fail in check mode
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:14:05 +01:00
Jérémy Lecour 86a3c78a04 yarn: update apt key
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:09:05 +01:00
Jérémy Lecour 21a4f76330 bind: use systemd module 2023-02-21 15:08:02 +01:00
Alexis Ben Miloud--Josselin 6968128e7c php: fix last commit and update changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-14 16:43:41 +01:00
Ludovic Poujol 49e92d20b0 evolinux-users: Update sudoers template to remove commands allowed without password
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-01 15:23:51 +01:00
Jérémy Dubois f354f16cd6 openvpn: Change check_openvpn destination file to comply with recent EvoBSD change
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 11:13:08 +01:00
Jérémy Lecour 8244bd4615 nagios-nrpe: add tasks/files for a wrapper
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-30 12:05:43 +01:00
William Hirigoyen e0c143d9cf postfix: come back to default value of for pack mails
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:35:47 +01:00
William Hirigoyen 13f4578599 postfix: Do not notify errors of classes policy, protocol in of main.cf
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:01:57 +01:00
William Hirigoyen 31e90abe57 fail2ban: add 'Internal login failure' to Dovecot filter
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 10:33:10 +01:00
William Hirigoyen 8d16f17354 * clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix.
gitea/ansible-roles/pipeline/head This commit looks good Details
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-01-18 10:30:41 +01:00
Jérémy Dubois 0cb751591a nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-17 11:11:33 +01:00
Ludovic Poujol c27551939d webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-13 11:05:55 +01:00
Ludovic Poujol dcc378776c webapp/nextcloud : Change default data directory to be outside web root 2023-01-13 11:04:32 +01:00
Jérémy Dubois 68017d8db9 openvpn: fix the client cipher configuration to match the server cipher configuration
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-12 14:29:18 +01:00
William Hirigoyen 417734eed2 haproxy: fix missing admin ACL in stats module access permissions
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-11 16:15:09 +01:00
Patrick Marchand 08db5a5140 Fix problems with docker-host daemon.json config
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-10 11:26:57 -05:00
William Hirigoyen 48e3ced983 elasticsearch : use logrotate for garbage collector logs
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-02 17:29:37 +01:00
William Hirigoyen 8401401716 Update CHANGELOG
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-30 10:46:24 +01:00
Jérémy Lecour 7a0e0d81d6 Proper jinja spacing
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-28 09:03:37 +01:00
Jérémy Lecour 8eae5bba63 Use systemd module instead of command 2022-12-28 09:02:17 +01:00
Patrick Marchand 0e6c2567e2 Fix presentation error in changelog markdown
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-22 11:35:52 -05:00
Patrick Marchand 5611bb73a2 Remove warning ignores as they are depreciated
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:35:20 -05:00
Patrick Marchand 1c6fdbf85a Remove warning ignores as they are depreciated
gitea/ansible-roles/pipeline/head This commit looks good Details
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:32:32 -05:00
William Hirigoyen 7005344a5b evolinux-base: ensure dbus enabled and started
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-19 17:07:18 +01:00
William Hirigoyen 55a64845ce postfix: add localhost. to mydestination
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-15 11:49:35 +01:00
Jérémy Lecour 0622e9ff1e fix non-breaking spaces 2022-12-14 11:47:53 +01:00
Jérémy Lecour 240ccee12b Release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 11:39:51 +01:00
Jérémy Lecour 34fefa1212 typos
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 07:46:12 +01:00
Jérémy Dubois 91b40ce72f openvpn: Fix mode of shellpki script
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-13 19:37:54 +01:00
Jérémy Dubois 9918776286 openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-13 17:53:59 +01:00
Jérémy Dubois 0722b84341 openvpn: shellpki upstream release 22.12.2 2022-12-13 17:50:09 +01:00
Mathieu Trossevin bc1facd1ba
proftpd: Fix mode of public key files and directory
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-09 10:19:51 +01:00
Mathieu Trossevin 101c282846
proftpd: Fix format of public key files controlled by ansible
gitea/ansible-roles/pipeline/head This commit looks good Details
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.

Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
2022-12-08 17:32:53 +01:00
Jérémy Lecour ce361c6819 listupgrade: sort/uniq of packages/services lists in email template
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-07 21:05:12 +01:00
Jérémy Lecour 3c2369a3a2 listupgrade: better detection for PostgreSQL 2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin 982112bd64 rabbitmq: add link in default page
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-07 15:49:03 +01:00
Jérémy Lecour 22f30b59f2 certbot: auto-detect HAPEE version in renewal hook
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-05 14:22:12 +01:00
Jérémy Dubois 6cc3e03864 openvpn: specifies that the mail for expirations is for OpenVPN
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-05 09:52:20 +01:00
Jérémy Dubois cca072425b openvpn: shellpki upstream release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-01 16:56:23 +01:00
Jérémy Dubois cd2c1931b1 keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-28 17:16:43 +01:00
Jérémy Lecour c96f28e47b evocheck: install script according to Debian version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-27 22:14:39 +01:00
Jérémy Lecour 08db230c29 Merge branch 'debian12' into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-27 18:29:57 +01:00
Jérémy Lecour 54dca82838 varnish: fix missing state, that blocked the task
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-26 19:10:21 +01:00
Jérémy Lecour 665177556e evomaintenance: allow missing API endpoint if APi is disabled 2022-11-26 19:09:05 +01:00
Jérémy Lecour ecd9d1543f varnish: better package facts usage with check mode and tags
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-21 15:46:46 +01:00
Alexis Ben Miloud--Josselin 396afa0a75 nagios-nrpe: add ceph checks to changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-15 11:08:01 +01:00
Mathieu Trossevin 83138f0a0b
nagios-nrpe: Correct port for check_opendkim
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-09 17:05:54 +01:00
Jérémy Lecour faeb92230b packweb-apache: manual dependencies resolution
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-06 15:25:17 +01:00
Jérémy Lecour 4050dbea7a packweb-apache: enable log_forensic module 2022-11-06 15:25:17 +01:00
Jérémy Lecour b36d4c4766 various fixes for Debian 12 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4c9aaf6d86 Merge branch 'unstable' into debian12-keyring
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-06 10:19:36 +01:00
Jérémy Lecour a1bf300d54 bookworm-detect: transitional role to help dealing with unreleased bookworm version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-05 21:15:21 +01:00
Jérémy Lecour 28540247f0 Add signed-by option for additional APT sources
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 23:17:08 +01:00
Jérémy Lecour f531460f49 Use proper keyrings directory for APT version
Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
2022-11-02 23:16:32 +01:00
Jérémy Lecour c9ccda2277 varnish: create special tmp directory for syntax validation
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 19:45:15 +01:00
Jérémy Lecour 4d259d3c04 varnish: systemd override depends on Varnish
gitea/ansible-roles/pipeline/head This commit looks good Details
Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible
2022-11-02 13:55:03 +01:00
William Hirigoyen 912cec5a78 lxc-php: update changelog.
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-26 15:25:22 +02:00
Jérémy Lecour 857b3e0e45 nagios-nrpe: check_haproxy_stats supports DRAIN status
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-20 15:46:04 +02:00
Jérémy Lecour 554c086b79 redis: variable to disable transparent hugepage (default: do nothing)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-20 14:38:12 +02:00
Jérémy Lecour fc52fbf4bc redis: some values should be quoted
When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.
2022-10-20 14:36:47 +02:00
Jérémy Lecour f71075d4ef evolinux-base: replace regular kernel by cloud kernel on virtual servers 2022-10-19 16:33:25 +02:00
Jérémy Dubois 6be2ff3b48 evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-17 11:37:58 +02:00
Jérémy Lecour 2d16aeb41e evolinux-base: utils.yml can be excluded
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-11 13:37:21 +02:00
Mathieu Trossevin 4f9d6868e0
evolinux-user: sudoers privileges for check php\fpm80 and 81
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-07 14:16:32 +02:00
Jérémy Lecour 15d7756881 minifirewall: whitelist deb.freexian.com
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-03 18:54:29 +02:00
Jérémy Lecour 8e1b682ccc squid: whitelist deb.freexian.com 2022-10-03 18:54:05 +02:00
Jérémy Lecour c6fb24f7d8 lxc-solr: use default JRE package
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-30 11:39:50 +02:00
Jérémy Lecour 792d1170ab java: use default JRE when version is not specified 2022-09-30 11:39:05 +02:00
Jérémy Lecour 6aeaab078d lxc-solr: set homedir and port at install
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-27 07:47:26 +02:00
Jérémy Lecour 46deb04005 lxc-solr: choose java package and download URL according to Solr Version 2022-09-26 23:47:55 +02:00
Jérémy Lecour 26f9d171a4 lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00
Jérémy Lecour 8089d90bd1 Release 22.09
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-19 17:06:25 +02:00
Ludovic Poujol a540235077 munin: Add ipmi_ plugins on dedicated hardware
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 11:45:24 +02:00
William Hirigoyen c310482ba6 domains: revert commits moved to dev branch domains
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 10:48:55 +02:00
Jérémy Lecour 6f04a41557 fail2ban: fix dovecot-evolix regex syntax
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 09:48:34 +02:00
William Hirigoyen 55f694f051 Update CHANGELOG
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 12:21:13 +02:00
Jérémy Lecour d8a2dccf36 evocheck: upstream release 22.09
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 10:55:02 +02:00
Ludovic Poujol cd46dd8320 proftpd: Add a warning if config file was overriden
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-13 16:31:03 +02:00
Ludovic Poujol 9631476a06 proftpd: Allow user auth with ssh keys 2022-09-13 16:29:59 +02:00
Ludovic Poujol 7c4a169fb8 proftpd: Add options to override configs 2022-09-13 16:26:10 +02:00
Jérémy Lecour 28276b5d6f evolinux-base: update-evobackup-canary upstream release 22.06
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-12 13:54:57 +02:00
Jérémy Lecour 3c1ec588fd minifirewall: use handlers to restart minifirewall
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-09 16:09:48 +02:00
Jérémy Dubois c3be57410d openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-06 11:27:20 +02:00
William Hirigoyen 6fa89e69a5 Update changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-02 15:48:09 +02:00
Ludovic Poujol 1f52700b47 memcached: NRPE check for multi-instance setup
gitea/ansible-roles/pipeline/head This commit looks good Details
Also some cleanup & split of tasks between single and multi instance

Note: Munin part seems still broken at the time
2022-09-01 15:33:00 +02:00
Ludovic Poujol ee67ebca8b webapps/nextcloud: Drop support for Nginx 2022-09-01 12:46:37 +02:00
William Hirigoyen 2bda54a7bd Update CHANGELOG.md
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 12:07:47 +02:00
Ludovic Poujol d165a104f2 * webapps/nextcloud: Add missing dependencies for imagick
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 11:28:08 +02:00
Ludovic Poujol 4a3b40d986 generate-ldif: Support any MariaDB version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-29 17:29:14 +02:00
Jérémy Lecour c7a6b3e694 evocheck: upstream release 22.08.1
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-29 17:03:31 +02:00
Jérémy Lecour 71aafe161c evocheck: upstream release 22.08 2022-08-29 17:03:31 +02:00
Eric Morino 9a25d5981f add webapps/nextcloud changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-26 16:34:19 +02:00
Jérémy Lecour 5fa7f4809c vrrp: fix systemd unit name
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-24 17:58:46 +02:00
Jérémy Lecour 018eee7ea0 Update 'CHANGELOG.md'
* use role name
* more descriptive message
* order items alphabetically
2022-08-24 15:22:25 +02:00
Patrick Marchand 2c1ec040d1 Simplify user subset creation
Instead of tags, allow only one subset of users to be created at a time.
2022-08-24 09:05:29 -04:00
Patrick Marchand 9dfcfe1ef3 Made it possible to only create a subset of users
gitea/ansible-roles/pipeline/head This commit looks good Details
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
2022-08-23 20:18:45 -04:00
David Prevot 3bd4b92425 CHANGELOG: Document previous ($self) change
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-18 10:27:26 +02:00
Jérémy Lecour d0abfa985c redis: config directory must be owned by the user that runs the service
gitea/ansible-roles/pipeline/head This commit looks good Details
… to be able to write tmp config files in it
2022-08-17 16:53:07 +02:00
Jérémy Dubois de0c4fd314 openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 17:23:47 +02:00
Mathieu Trossevin 78dcec8656
varnish: Repair systemd unit for jessie/stretch
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 11:18:23 +02:00
Mathieu Trossevin 08a4f1ed5f
Document previous change
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 10:26:37 +02:00
Jérémy Lecour 6c33e11d5f evocheck: upstream release 22.07.1
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 14:18:12 +02:00
Jérémy Lecour 0f899dcd09 evocheck: remove failure if deprecated variable is used
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 13:58:09 +02:00
Jérémy Lecour 25b96c3283 Release 22.07.1
continuous-integration/drone/push Build is running Details
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/pr Build is passing Details
gitea/ansible-roles/pipeline/pr-stable This commit looks good Details
2022-07-28 13:49:57 +02:00
Jérémy Lecour f10ebe8cd6 evocheck: upstream release 22.07 2022-07-28 13:38:33 +02:00
Jérémy Lecour c8898a3d10 nagios-nrpe: use regexp to exclude paths/devices in check_disk1
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 13:25:51 +02:00
Jérémy Lecour 0d086731ae evomaintenance: upstream release 22.07
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-27 15:49:41 +02:00
Jérémy Lecour f7edd565a3 nagios-nrpe: check_disk1 returns only alerts
continuous-integration/drone/push Build is passing Details
2022-07-27 09:24:46 +02:00
Jérémy Lecour b453321b3d nagios-nrpe: exclude /run/shm and /run/lock from check_disk1 2022-07-27 09:24:46 +02:00
Jérémy Lecour 0b41efd188 mongodb: replace version_compare() with version()
continuous-integration/drone/push Build is passing Details
2022-07-18 15:54:42 +02:00
Bruno TATU 213c6dd6ac Add change for fail2ban role
continuous-integration/drone/push Build is passing Details
2022-07-08 11:28:29 +02:00
Jérémy Lecour 53847d9919 Release 22.07
continuous-integration/drone/push Build is passing Details
2022-07-06 18:02:42 +02:00
Jérémy Lecour a387304483 Fix CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-07-06 14:26:13 +02:00
Jérémy Lecour 0a3bfd7f27 evolinux-base: session timeout is configurable
continuous-integration/drone/push Build is passing Details
2022-07-06 14:24:41 +02:00
Eric Morino 028bfe209a Add change in kvm-host
continuous-integration/drone/push Build is passing Details
2022-07-05 10:18:49 +02:00
Jérémy Dubois 68ac8fc058 openvpn: configure logrotate
continuous-integration/drone/push Build is passing Details
2022-06-30 10:12:36 +02:00
Jérémy Dubois 07c3c0226f openvpn: minimal rights on /etc/shellpki/ and crl.pem
continuous-integration/drone/push Build is passing Details
2022-06-29 16:09:04 +02:00
Jérémy Lecour 205e699355 minifirewall: docker mode is configurable
continuous-integration/drone/push Build is passing Details
2022-06-22 17:20:15 +02:00
Jérémy Lecour abb14e5b52 haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value
continuous-integration/drone/push Build is passing Details
2022-06-22 15:32:10 +02:00
Ludovic Poujol 519ef930df Update PermitRootLogin task to work on Debian 11
continuous-integration/drone/push Build is passing Details
2022-06-21 15:13:38 +02:00
Jérémy Lecour 050c61c220 Release 22.06.3
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
2022-06-17 11:00:51 +02:00
Jérémy Lecour 57ecac01ba evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
continuous-integration/drone/push Build is passing Details
2022-06-16 15:19:44 +02:00
William Hirigoyen (Evolix) 3623363b94 Update changelog for version 22.06
continuous-integration/drone/push Build is passing Details
2022-06-13 17:35:31 +02:00
Jérémy Lecour 556719bbf2 Release 22.06.2
continuous-integration/drone/push Build is passing Details
2022-06-10 11:11:44 +02:00
Ludovic Poujol b3ac39decd postgresql: Fix task order when using pgdg repo & Install the right pg version
continuous-integration/drone/push Build is passing Details
2022-06-09 10:33:28 +02:00
Jérémy Lecour cea1408bba evocheck: upstream release 22.06.2
continuous-integration/drone/push Build is passing Details
2022-06-09 07:42:29 +02:00
Jérémy Lecour 4d1d77faaf postgresql: add variable to configure binding addresses (default: 127.0.0.1) 2022-06-09 07:41:52 +02:00
Ludovic Poujol 1e19418fb0 Fail2ban: Multiple changes & improvements :
continuous-integration/drone/push Build is passing Details
* Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* If jail.local was overriden, add a warning
* Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* Allow to tune the default action with ansible
* Change default action to ban only (instead of ban + mail with whois report)
* Configure recidive jail (off by default) + extend dbpurgeage
2022-06-08 17:55:58 +02:00
Jérémy Lecour bcaacdf57f postgresql: fix nested loop for Munin plugins
continuous-integration/drone/push Build is passing Details
2022-06-08 15:39:34 +02:00
Jérémy Lecour cbe7985814 Enforce String notation for mode 2022-06-08 15:38:21 +02:00
Jérémy Lecour b677defd97 redis: binding is possible on multiple interfaces 2022-06-08 15:36:47 +02:00
Jérémy Lecour 1895c549d4 Release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-06 15:07:10 +02:00
Jérémy Lecour 3d70438f7e evocheck: upstream release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-06 15:05:59 +02:00
Jérémy Lecour 4cd7e0f4a1 minifirewall: upstream release 22.06 2022-06-06 14:42:22 +02:00
Jérémy Lecour 56c2c19d61 evomariabackup: release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-05 21:49:23 +02:00
Jérémy Lecour 6d0e49ba90 mysql: reorganize evomariabackup to use mtree instead of our own dir-check
continuous-integration/drone/push Build is passing Details
2022-06-05 21:48:04 +02:00
Jérémy Lecour e718156f86 fix CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-06-03 10:19:35 +02:00
Jérémy Lecour e8e99bb9b6 Release 22.06
continuous-integration/drone/push Build is passing Details
2022-06-03 09:27:01 +02:00
Jérémy Lecour 9378f5634c add missing entry in CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-06-03 09:26:07 +02:00
Jérémy Lecour 51908f64b9 evocheck: upstream release 22.06
continuous-integration/drone/push Build is passing Details
2022-06-03 09:15:04 +02:00
Jérémy Lecour 586aa206a8 mysql: add post-backup-hook to evomariabackup 2022-06-02 18:26:23 +02:00
Jérémy Lecour b8b96bb5b7 mysql: use dir-check inside evomariabackup
continuous-integration/drone/push Build is passing Details
2022-06-01 17:24:55 +02:00
Jérémy Lecour 249e53fc21 evolinux-base: add dir-check script 2022-06-01 17:24:55 +02:00
Jérémy Lecour 17a2032a10 evolinux-base: add update-evobackup-canary script
continuous-integration/drone/push Build is passing Details
2022-06-01 10:46:13 +02:00
Jérémy Lecour b3dbcb082f certbot: add hapee (HAProxy Enterprise Edition) deploy hook
continuous-integration/drone/push Build is passing Details
2022-05-31 14:06:25 +02:00
Ludovic Poujol 134355d190 docker: Allow live-restore to be toggled with docker_conf_live_restore
continuous-integration/drone/push Build is passing Details
2022-05-24 16:22:49 +02:00
Jérémy Lecour 1a9c219c5b Release 22.05.1
continuous-integration/drone/push Build is passing Details
2022-05-12 15:49:18 +02:00
Jérémy Lecour f82a81844d evocheck: upstream release 22.05
continuous-integration/drone/push Build is passing Details
2022-05-12 15:47:50 +02:00
Ludovic Poujol 9973a62c16 docker : Introduce new variables to tweak daemon settings
continuous-integration/drone/push Build is passing Details
2022-05-10 19:04:58 +02:00
Ludovic Poujol 6aa7b89b78 docker : Introduce new default settings + allow to change the docker data directory
continuous-integration/drone/push Build is passing Details
2022-05-10 18:21:59 +02:00
Ludovic Poujol 1b4d4c98fe docker : Removed Debian Jessie support 2022-05-10 17:39:45 +02:00
Jérémy Lecour 09872fa4ad Release 22.05
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
2022-05-10 16:58:32 +02:00
Jérémy Lecour dd2072b86b minifirewall: fix failed_when conditions on restart
continuous-integration/drone/push Build is passing Details
2022-05-10 16:40:45 +02:00
Jérémy Lecour 378ee04c82 minifirewall: upstream release 22.05 2022-05-10 15:55:08 +02:00
Eric Morino 3663783509 add change in opendkim role
continuous-integration/drone/push Build is passing Details
2022-05-09 10:19:18 +02:00
Jérémy Lecour 749d6a78cd redis: Add log2mail user to redis group 2022-05-05 09:40:30 +02:00
Jérémy Lecour 61cd2b7428 minifirewall: upstream release 22.04
continuous-integration/drone/push Build is passing Details
2022-04-28 19:14:31 +02:00
Jérémy Lecour a53159c93b minifirewall: compatibility with "legacy" version of minifirewall
continuous-integration/drone/push Build is passing Details
2022-04-28 12:40:02 +02:00
Jérémy Lecour 805a8ecb3a etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible 2022-04-27 14:22:59 +02:00
Jérémy Lecour 381a71aca1 dump-server-state: upstream release 22.04.3
continuous-integration/drone/push Build is passing Details
2022-04-26 18:21:42 +02:00
Jérémy Lecour 55356857b2 dump-server-state: upstream release 22.04.2
continuous-integration/drone/push Build is passing Details
2022-04-26 09:56:49 +02:00
Jérémy Lecour daa54cac8f evocheck: upstream release 22.04.1 2022-04-26 09:56:49 +02:00
Jérémy Lecour 5935d9d4a3 evocheck: upstream release 22.04
continuous-integration/drone/push Build is passing Details
2022-04-25 09:58:07 +02:00
Jérémy Lecour 58909bc395 vrrpd: Store sysctl values in specific file 2022-04-22 09:32:37 +02:00
Jérémy Lecour a5bae6645e dump-server-state: upstream release 22.04.1
continuous-integration/drone/push Build encountered an error Details
2022-04-20 11:07:20 +02:00
Jérémy Dubois 9161fae0c4 openvpn: use a local copy of files instead of cloning an external git repository
continuous-integration/drone/push Build was killed Details
2022-04-14 16:34:43 +02:00
Jérémy Dubois 4bf14b9a22 munin: Add possibility to install local plugins, and install dhcp_pool plugin
continuous-integration/drone/push Build was killed Details
2022-04-14 10:45:24 +02:00
Ludovic Poujol 959d6a8579 redis : Activate overcommit sysctl 2022-04-12 11:27:46 +02:00
Jérémy Lecour 84178d6b24 Tomcat 9 by default with Debian 11
continuous-integration/drone/push Build was killed Details
2022-04-08 11:57:35 +02:00
Jérémy Dubois 5b2fecb49c Make evocommit fully compatible with OpenBSD
continuous-integration/drone/push Build was killed Details
2022-04-07 10:18:08 +02:00
Jérémy Lecour e71201ab46 dump-server-state: upstream release 22.04
continuous-integration/drone/push Build was killed Details
2022-04-03 11:18:43 +02:00
Jérémy Dubois 726735d269 etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/ 2022-04-01 15:47:44 +02:00
Jérémy Dubois 6434adcc62 nagios-nrpe: Add a check dhcp_pool
continuous-integration/drone/push Build was killed Details
2022-03-31 16:01:23 +02:00
Jérémy Lecour ed6ca9a85a minifirewall: upstream release 22.03.5
continuous-integration/drone/push Build was killed Details
2022-03-30 22:45:13 +02:00
Mathieu Trossevin 5dc6a1d36b
etc-git: Commit changes to /etc in containers
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-03-30 16:33:00 +02:00
Jérémy Lecour 31c2629d31 minifirewall: configure proxy/backup/sysctl values
continuous-integration/drone/push Build was killed Details
2022-03-30 09:42:56 +02:00
Mathieu Trossevin 20abe0e09a
postfix: Skip milters after amavis (in packmail)
continuous-integration/drone/push Build was killed Details
Otherwise opendkim will sign local mails twice AND sign external mails
(pretending to be) from local domains as if they were local mails.
2022-03-29 16:06:12 +02:00
Jérémy Lecour 75459baa35 dump-server-state: upstream release 22.03.10
continuous-integration/drone/push Build was killed Details
2022-03-29 09:11:35 +02:00
Jérémy Lecour 3feacd0c6d update CHANGELOG
continuous-integration/drone/push Build was killed Details
2022-03-28 13:28:48 +02:00
Jérémy Lecour 54bf9c1854 evolinux-base: rename backup-server-state to dump-server-state
continuous-integration/drone/push Build was killed Details
2022-03-27 09:18:15 +02:00
Jérémy Lecour 85d429295f minifirewall: tail template follows symlinks
continuous-integration/drone/push Build was killed Details
2022-03-25 18:12:24 +01:00
Jérémy Lecour bbc1bae437 minifirewall: upstream release 22.03.4
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-03-25 14:57:10 +01:00
Jérémy Dubois d2fa14fb4f backup-server-state: release 22.03.5
continuous-integration/drone/push Build was killed Details
2022-03-24 18:15:56 +01:00
Jérémy Dubois 42782b7f3d evolinux-base: fix show_help in backup-server-state.sh
continuous-integration/drone/push Build was killed Details
* --uname and --no-uname options were not in help
* --services and --no-services were in help whereas --systemctl and --no-systemctl are used in options parsing
2022-03-24 17:57:58 +01:00
Mathieu Trossevin 1646cc99bf
redis: Remount /usr with RW when adding nagios plugin
continuous-integration/drone/push Build was killed Details
2022-03-23 13:55:54 +01:00
Jérémy Dubois b4f83e54d0 openvpn: use a subnet topology instead of the net30 default topology
continuous-integration/drone/push Build was killed Details
2022-03-23 10:46:17 +01:00
Jérémy Dubois c2f6ff5249 evocheck: upstream release 22.03.1
continuous-integration/drone/push Build was killed Details
2022-03-22 11:03:26 +01:00
Jérémy Lecour 5895f5a99b minifirewall: upstream release 22.03.3
continuous-integration/drone/push Build was killed Details
2022-03-21 14:35:20 +01:00
Jérémy Lecour e7594c6c86 evolinux-base: backup-server-state release 22.03.2
continuous-integration/drone/push Build was killed Details
2022-03-21 11:32:08 +01:00
Mathieu Trossevin 444bd72944
generate-ldif: Correct generated entries for php-fpm in containers
continuous-integration/drone/push Build was killed Details
2022-03-17 17:36:35 +01:00
Jérémy Lecour fb41c81e99 backup-server-state: release 22.03.2
continuous-integration/drone/push Build was killed Details
update documentation for --dpkg-full vs. --dpkg-status
2022-03-17 10:45:44 +01:00
Jérémy Lecour 8a9faa0250 * minifirewall: upstream release 22.03.2
continuous-integration/drone/push Build was killed Details
2022-03-16 23:49:34 +01:00
Jérémy Lecour 545226f6f6 evocheck: upstream release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-15 23:25:15 +01:00
Jérémy Lecour ba90203f21 minifirewall: upstream release 22.03.1 and use includes directory
continuous-integration/drone/push Build was killed Details
2022-03-15 23:07:33 +01:00
Ludovic Poujol 17f884b04a evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
continuous-integration/drone/push Build was killed Details
2022-03-15 11:35:20 +01:00
Ludovic Poujol 913e6d96e8 generate-ldif: Add services check for bkctld
continuous-integration/drone/push Build was killed Details
2022-03-15 10:53:16 +01:00
Jérémy Lecour a733e2794f evolinux-base: backup-server-state release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-08 16:49:53 +01:00
Mathieu Trossevin 9c84e95182
Repair keepalived role
continuous-integration/drone/push Build was killed Details
2022-03-02 16:23:01 +01:00
Jérémy Lecour e5dc503cfd Release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-02 09:42:12 +01:00
Jérémy Lecour 270d03b6a6 evolinx-users: optimize sudo configuration
continuous-integration/drone/push Build was killed Details
2022-03-02 09:40:52 +01:00
Jérémy Lecour 1dc4d0e133 redis: always install check_redis_instances
continuous-integration/drone/push Build was killed Details
2022-03-01 14:04:05 +01:00
Jérémy Lecour c8ef7e9b75 redis: check_redis_instances tolerates absence of instances
continuous-integration/drone/push Build was killed Details
2022-03-01 14:02:22 +01:00
Jérémy Lecour d9e95218ce apt_hold_packages: broadcast message with wall, if present
continuous-integration/drone/push Build was killed Details
2022-02-24 11:49:12 +01:00
Ludovic Poujol 39949ea921 generate-ldif: Add support for php-fpm in containers
continuous-integration/drone/push Build was killed Details
2022-02-21 11:31:00 +01:00
Ludovic Poujol e79141d2d2 lxc: Fail if /var is nosuid 2022-02-17 16:25:20 +01:00
Jérémy Lecour 799466788f lxc-php: preliminary support for PHP 8.1 container
continuous-integration/drone/push Build was killed Details
2022-02-17 14:50:21 +01:00
Jérémy Dubois f3c443d076 openvpn: now check that openvpn has been restarted since last certificates renewal
continuous-integration/drone/push Build was killed Details
2022-02-15 15:52:21 +01:00
Ludovic Poujol 9995fca35d varnish: update munin plugin to work with recent varnish versions
continuous-integration/drone/push Build was killed Details
2022-02-08 16:16:24 +01:00
Ludovic Poujol a2f73bb7df elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
continuous-integration/drone/push Build was killed Details
2022-02-07 15:18:46 +01:00
Jérémy Dubois 981128dc17 openvpn: make it compatible with OpenBSD and add some improvements
continuous-integration/drone/push Build was killed Details
2022-02-03 18:35:16 +01:00
Jérémy Lecour 0cbdda840d Explicit permissions for systemd overrides
continuous-integration/drone/push Build was killed Details
2022-02-03 14:18:20 +01:00
Jérémy Lecour 9e27d9707b kvm-host: add missing default value 2022-02-03 14:16:45 +01:00
Jérémy Lecour 5153b88d01 evolinux-base: option to bypass raid-related tasks 2022-02-03 14:15:33 +01:00
Jérémy Lecour 3dd78fbf7e Release 22.01.3
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-31 11:57:21 +01:00
Jérémy Lecour fcb0b8c80f backup-server-state: 22.01.3
continuous-integration/drone/push Build was killed Details
2022-01-28 16:27:39 +01:00
Jérémy Lecour cd26081add rbenv: install Ruby 3.1.0 by default 2022-01-28 16:27:20 +01:00
Jérémy Lecour bb30402df3 Release 22.01.2
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-27 14:12:40 +01:00
Jérémy Lecour 6ccd0ea440 Release 22.01.1
continuous-integration/drone/pr Build was killed Details
continuous-integration/drone/push Build was killed Details
2022-01-27 14:04:41 +01:00
Jérémy Lecour 2849039fad remount-usr: use findmnt to find if usr is a readonly partition
continuous-integration/drone/push Build was killed Details
2022-01-27 11:21:19 +01:00
Jérémy Lecour 80f8a94798 evolinux-base: many improvements for backup-server-state script
continuous-integration/drone/push Build was killed Details
2022-01-27 10:29:08 +01:00
Jérémy Lecour bff8fcfebb apt: upgrade packages after all the configuration is done
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-25 18:25:47 +01:00
Jérémy Lecour 0e34d4cd4b Merge remote-tracking branch 'origin/bullseye-swap-top' into unstable
continuous-integration/drone/push Build was killed Details
2022-01-25 15:15:05 +01:00
Jérémy Lecour 1f4ee2de79 Prepare CHANGELOG for 22.01 release
continuous-integration/drone/push Build was killed Details
2022-01-25 15:00:03 +01:00
Mathieu Trossevin 1902c40c3c
lxc-php: Fix config for opensmtpd on bullseye
continuous-integration/drone/pr Build was killed Details
2022-01-25 11:57:41 +01:00
Jérémy Dubois 3822696db6 Update CHANGELOG for new openvpn role
continuous-integration/drone/push Build was killed Details
2022-01-24 19:23:26 +01:00
Jérémy Lecour ca1f465aaa nodejs: default to version 16 LTS 2022-01-12 13:04:22 +01:00
Jérémy Lecour ec346a42a5 munin: systemd override to unprotect home directory
continuous-integration/drone/push Build was killed Details
2021-12-23 16:56:23 +01:00
Mathieu Trossevin d3eef71127
nagios-nrpe: Fix check_nfsserver for buster and bullseye
continuous-integration/drone/pr Build is failing Details
From buster onward the nfs server doesn't run NFSv4 over UDP (it is out
of spec, see RFC 7530). As such the check broke as it attempt to check
the availability of NFSv4 over UDP.

Right now the check doesn't check for NFSv2 over UDP as it would need to
check if it exist first, as on bullseye it isn't supported by default
anymore.
2021-11-24 11:11:39 +01:00
Jérémy Lecour e4bb0c6f55 filebeat/metricbeat: version 7.x y default
continuous-integration/drone/push Build is failing Details
2021-11-12 10:07:43 +01:00