Compare commits

...

1180 Commits

Author SHA1 Message Date
Jérémy Lecour 2a856d579e
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2712|0|2712|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2024-03-01 09:06:08 +01:00
Jérémy Lecour beea53aa64
Merge branch 'stable' into unstable 2024-03-01 09:04:25 +01:00
Jérémy Lecour 342380876a
Release 24.03 2024-03-01 09:00:49 +01:00
Jérémy Lecour 24cbbf2f54
fix CHANGELOG 2024-03-01 08:55:07 +01:00
Jérémy Lecour 56237bb3c6
evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2711|9|2702|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/13//ansiblelint">Evolix » ansible-roles » unstable #13</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-03-01 08:35:16 +01:00
Jérémy Lecour abd329b9c1
autosysadmin-restart_nrpe: add role 2024-03-01 08:32:47 +01:00
Jérémy Lecour 037ec9d376
autosysadmin-agent: upstream release 24.03 2024-03-01 08:26:43 +01:00
Jérémy Lecour c333970606
autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart} 2024-02-29 19:16:18 +01:00
Jérémy Lecour 10b507adc4
autosysadmin-agent: logs clearing is done weekly
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2708|6|2702|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/12//ansiblelint">Evolix » ansible-roles » unstable #12</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-29 18:50:14 +01:00
Jérémy Lecour b2e22413bc
autosysadmin-agent: upstream release 24.02.3
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2706|22|2684|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/11//ansiblelint">Evolix » ansible-roles » unstable #11</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-28 15:40:39 +01:00
William Hirigoyen bec868009c nagios: add option --full to check pressure IO and mem to avoid flaps
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|6|2683|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/10//ansiblelint">Evolix » ansible-roles » unstable #10</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-27 10:33:49 +01:00
David Prevot aea710cb25 redis: Update munin plugin
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|4|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/9//ansiblelint">Evolix » ansible-roles » unstable #9</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-22 09:44:50 +01:00
Ludovic Poujol b0ba70f06c
certbot: Renewal hook for NRPE
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|4|2684|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/8//ansiblelint">Evolix » ansible-roles » unstable #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-21 12:27:18 +01:00
Jérémy Dubois 0a4a220bdf openvpn: earlier alert for CA expiration
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2690|4|2686|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/7//ansiblelint">Evolix » ansible-roles » unstable #7</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-21 10:51:08 +01:00
Jérémy Lecour 282dcb28f4
apt: add comments to deb822 migration scripts
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|4|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/6//ansiblelint">Evolix » ansible-roles » unstable #6</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 18:50:39 +01:00
Alexis Ben Miloud--Josselin a0fc763a0c certbot: Utiliser pkey pour tester clé
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|3|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/5//ansiblelint">Evolix » ansible-roles » unstable #5</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 16:12:26 +01:00
David Prevot a56e8c27ee lxc-php, php: Update sury PGP key
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|4|2684|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/4//ansiblelint">Evolix » ansible-roles » unstable #4</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 13:57:17 +01:00
Jérémy Lecour 56db6e1fbc
apt: add ftp.evolix.org as recognized system source
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|0|2689|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 09:49:41 +01:00
Jérémy Lecour 015cac688e
redis: create sysfs config file if missing 2024-02-20 09:48:58 +01:00
Jérémy Lecour c12c581f63
update CHANGELOG
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-12 19:07:20 +01:00
Alexis Ben Miloud--Josselin 7c2fd5e394
kvm-host: Add firewall rule for DRBD
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-12 18:52:29 +01:00
Jérémy Lecour 9402458304
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
gitea/ansible-roles/pipeline/tag There was a failure building this commit Details
2024-02-08 11:08:47 +01:00
Jérémy Lecour cf0fab1e22
Release 24.02.1 2024-02-08 11:08:28 +01:00
Jérémy Lecour 13284645de
fail2ban: fix Ansible syntax
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-08 11:03:14 +01:00
Jérémy Lecour 2f96151c70
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
gitea/ansible-roles/pipeline/tag There was a failure building this commit Details
2024-02-08 09:48:29 +01:00
Jérémy Lecour d4fcc6f8f4
Release 24.02 2024-02-08 09:27:08 +01:00
Jérémy Lecour eb3aac9d3e
update CHANGELOG 2024-02-08 08:33:49 +01:00
Jérémy Lecour 2e9b6c0680
amavis/ldap: make ldap_suffix mandatory 2024-02-07 16:15:32 +01:00
Jérémy Lecour 0b859fd1a4
dovecot: add variables for LDAP 2024-02-07 16:14:29 +01:00
Jérémy Lecour fe5a61289b
whitespaces 2024-02-07 16:12:32 +01:00
Jérémy Lecour ae665ea178
spamassassin: optimize tasks 2024-02-07 16:01:37 +01:00
Jérémy Lecour d401778024
remount-usr: back to a simpler implementation 2024-02-07 15:43:23 +01:00
Jérémy Lecour 4fb49dd6c9
nginx: clarify intent regarding check mode 2024-02-07 15:39:05 +01:00
Jérémy Lecour ef2e65287e
YAML header 2024-02-07 15:38:29 +01:00
Jérémy Lecour 8af6cdc4d6
apache: create ip_whitelist file if missing 2024-02-07 15:38:28 +01:00
William Hirigoyen 3bb29aa6ba proftpd: fix error when no SSH key is provided 2024-02-07 11:32:41 +01:00
Jérémy Lecour 47d7141a66
evoadmin-mail: apt modules already knows how to download packages 2024-02-06 13:59:28 +01:00
Jérémy Lecour 75650032d4
postfix: default to evolinux_fqdn 2024-02-06 13:33:15 +01:00
Eric Morino 5df27a4bc5 Add variables for generate "ldap_suffix" in amavis role. 2024-02-06 10:29:52 +01:00
Jérémy Lecour 2768b3146f
nginx: simpler regex for settings 2024-02-06 08:46:20 +01:00
Jérémy Lecour 8f86584605
nginx: different way of dealing with check-mode 2024-02-06 08:44:48 +01:00
Jérémy Lecour ba827b79d9
sort CHANGELOG 2024-02-06 08:41:58 +01:00
Jérémy Lecour 12993a8d7c
vrrpd: configure minifirewall 2024-02-06 08:40:55 +01:00
Jérémy Lecour ff233b65a6
remove check-mode protection for handlers
handlers are not supposed to be executed in check-mode since no change should happen in check-mode.
If there is a corner case we should deal with it at the source, not at the handler level.
2024-02-06 08:39:38 +01:00
Jérémy Lecour 8dd9c64cbc
nagios-nrpe: multi-line list 2024-02-06 08:34:22 +01:00
Jérémy Lecour 112bc2133a
dovecot: combine similar tasks 2024-02-06 08:22:18 +01:00
Jérémy Lecour 63745c2697
apt: remove duplicate extension 2024-02-06 08:21:15 +01:00
William Hirigoyen 1f8738fbda postfix: move postfix installation from evolinux-base to postfix role, plus some refactoring
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|33|2663|34|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/467//ansiblelint">Evolix » ansible-roles » unstable #467</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
postfix:
* Move common packages installation in common.yml
* Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)
* Remove dependency on evolinux_fqdn var
* Do not overwrite main.cf if it has been modified (except if postfix_force_main_cf)

evolinux-base:
* Move exim4 purge from evolinux-base to postfix role
* Call postfix role call after nagios role (dependency)
2024-02-01 18:00:48 +01:00
William Hirigoyen 554bbaa36f roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL) 2024-02-01 18:00:38 +01:00
William Hirigoyen bc07010aa6 webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice) 2024-02-01 18:00:38 +01:00
William Hirigoyen 9f530d78db evolinux-base: addd cert.sh, a small readonly openssl wrapper (testing, not deployed yet) 2024-02-01 18:00:38 +01:00
William Hirigoyen de0a98d693 dovecot: fix missing default mails 2024-02-01 18:00:38 +01:00
Alexis Ben Miloud--Josselin 8741167a80 Revert last commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|5|2692|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/466//ansiblelint">Evolix » ansible-roles » unstable #466</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-01 17:04:30 +01:00
Alexis Ben Miloud--Josselin 4c9e4a30cc userlogrotate: Ensure we use a valid group name
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|8|2689|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/465//ansiblelint">Evolix » ansible-roles » unstable #465</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Use user's primary group when user's name is not an existing group.
2024-02-01 11:07:19 +01:00
William Hirigoyen d67e2b122f nagios-nrpe, generateldif: new check_pressure_{cpu,io,mem}
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|5|2691|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/464//ansiblelint">Evolix » ansible-roles » unstable #464</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-31 18:04:11 +01:00
William Hirigoyen 393c1f4ff1 add missing LDAP conf iterate_filter to exclude disabled accounts in users list
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|5|2692|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/463//ansiblelint">Evolix » ansible-roles » unstable #463</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 12:04:38 +01:00
David Prevot e14408cb05 apt: follow up from previous commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|4|2692|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/462//ansiblelint">Evolix » ansible-roles » unstable #462</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 10:07:01 +01:00
David Prevot 1924324c07 apt: No preferences needed for backports
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2698|3|2695|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/461//ansiblelint">Evolix » ansible-roles » unstable #461</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 09:49:36 +01:00
David Prevot d55b2b14bb evolinux-base: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|5|2691|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/460//ansiblelint">Evolix » ansible-roles » unstable #460</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 09:44:57 +01:00
David Prevot b31aa53c81 apt: Improve check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2695|3|2692|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/459//ansiblelint">Evolix » ansible-roles » unstable #459</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-25 13:59:36 +01:00
William Hirigoyen dae2a25f78 check_free_space: add role; evolinux-base: install check_free_space by default
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|20|2677|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/458//ansiblelint">Evolix » ansible-roles » unstable #458</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 17:25:20 +01:00
William Hirigoyen cce7280cd0 fail2ban: add script unban_ip
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|3|2679|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/457//ansiblelint">Evolix » ansible-roles » unstable #457</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 15:24:42 +01:00
William Hirigoyen 68d9d3c47c minifirewall: do not open publicly ports except 22222
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|3|2680|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/456//ansiblelint">Evolix » ansible-roles » unstable #456</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 11:45:28 +01:00
Alexis Ben Miloud--Josselin 251416f3e8 webapps/nextcloud: Set home directory's mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|4|2678|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/455//ansiblelint">Evolix » ansible-roles » unstable #455</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-23 18:00:54 +01:00
Alexis Ben Miloud--Josselin 9b67202acc webapps/nextcloud: Add condition for archive tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|7|2676|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/454//ansiblelint">Evolix » ansible-roles » unstable #454</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-23 16:35:51 +01:00
David Prevot 30bd72614d listupgrade: Fix removal order
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|3|2680|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/453//ansiblelint">Evolix » ansible-roles » unstable #453</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-18 10:14:37 +01:00
David Prevot aa2593f34c Revert "listupgrade: No removal (especially of the just installed cron_file) needed"
This reverts commit 09f951de18.
2024-01-18 10:14:37 +01:00
David Prevot bc19912b71 Revert "listupgrade: try and get rid of duplicate entries"
This reverts commit 531b633d99.
2024-01-18 10:14:36 +01:00
Jérémy Lecour 0c17e4d8fc
sort CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|5|2677|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/452//ansiblelint">Evolix » ansible-roles » unstable #452</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-18 10:01:46 +01:00
Jérémy Lecour 51280c586a
redis: manage config template inside a block
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|18|2665|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/451//ansiblelint">Evolix » ansible-roles » unstable #451</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This allows to have a coherent block managed by Ansible and extra lines that won't be overwritten.
Eg. : automatically added lines for replication, sentinel groups…
2024-01-18 10:00:44 +01:00
Jérémy Lecour f994e19946
vrrpd: fix typo in switch script 2024-01-18 10:00:43 +01:00
David Prevot 531b633d99 listupgrade: try and get rid of duplicate entries
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2672|7|2665|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/450//ansiblelint">Evolix » ansible-roles » unstable #450</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-17 17:07:20 +01:00
David Prevot bceb3f5c27 php: drop apt_preferences(5) file for sury (changelog)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2671|3|2668|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/449//ansiblelint">Evolix » ansible-roles » unstable #449</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-17 16:51:14 +01:00
David Prevot 422f007e9d php: drop apt_preferences(5) file for sury
It doesn’t work as expected, and all covered cases should already be
available from http://pub.evolix.org/evolix/dists/ (if
$release_name-phpXY is not available, $release should probably be fixed
or the correct suite added to the repository).
2024-01-17 16:49:11 +01:00
Brice Waegeneire 72727a8332 nagios-nrpe: check_phpfpm_multi expand globing of args
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2674|8|2666|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/448//ansiblelint">Evolix » ansible-roles » unstable #448</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-12 13:38:17 +01:00
Jérémy Lecour f3eb7a4981
listupgrade : old-kernel-removal.sh upstream release 24.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2673|6|2667|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/447//ansiblelint">Evolix » ansible-roles » unstable #447</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-12 11:39:01 +01:00
Jérémy Lecour bca5b9f28c
fail2ban: fix template marker 2024-01-11 17:46:49 +01:00
Jérémy Lecour c9df19e146
warning comment 2024-01-11 17:45:55 +01:00
Jérémy Lecour bf07ef74c3
nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2674|15|2659|9|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/446//ansiblelint">Evolix » ansible-roles » unstable #446</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-11 16:51:20 +01:00
William Hirigoyen f5d5e84caf dovecot: fix plugin dovecot1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/445//ansiblelint">Evolix » ansible-roles » unstable #445</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-09 17:13:22 +01:00
David Prevot e089796c4c evocheck: upstream release 24.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|5|2664|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/444//ansiblelint">Evolix » ansible-roles » unstable #444</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-03 17:47:09 +01:00
William Hirigoyen 0a590b6679 nginx: fix multiple fails in check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|11|2659|11|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/443//ansiblelint">Evolix » ansible-roles » unstable #443</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-03 11:29:20 +01:00
William Hirigoyen 41897f4c62 bind: improve reload script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|2|2668|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/442//ansiblelint">Evolix » ansible-roles » unstable #442</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-29 12:12:39 +01:00
David Prevot 1ac497282c evoadmin-mail: use fixed version for Ansible
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|6|2664|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/441//ansiblelint">Evolix » ansible-roles » unstable #441</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-22 15:44:40 +01:00
William Hirigoyen 9fb635b45f webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|6|2664|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/440//ansiblelint">Evolix » ansible-roles » unstable #440</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
(H)acked-By: David Prévot <dprevot+git@evolix.fr>
2023-12-22 15:42:30 +01:00
Mathieu Trossevin c2de4b4cd1
kvm-host: Add LVM filter when needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2671|8|2663|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/439//ansiblelint">Evolix » ansible-roles » unstable #439</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-22 11:26:08 +01:00
Jérémy Lecour d93eb2495b
sort CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|3|2665|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/438//ansiblelint">Evolix » ansible-roles » unstable #438</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-20 15:28:09 +01:00
Jérémy Lecour 046f1411b3
vrrpd: test if interface exists before deleting it 2023-12-20 15:27:07 +01:00
Ludovic Poujol 4a1b94f55d unbound: Add a apt cache validity to enforce an apt update if needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/437//ansiblelint">Evolix » ansible-roles » unstable #437</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-19 17:55:36 +01:00
Tom David--Broglio 1eb5a47c71 nagios: add dockerd check in nrpe check template
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|5|2664|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/436//ansiblelint">Evolix » ansible-roles » unstable #436</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 19:17:39 +01:00
Tom David--Broglio d4ac4ef7a1 nagios: cleaning nrpe check template 2023-12-18 19:17:39 +01:00
Alexis Ben Miloud--Josselin 70c2d25837 evolinux-base: Check for syntax error in cron.log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/435//ansiblelint">Evolix » ansible-roles » unstable #435</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 18:05:36 +01:00
Mathieu Trossevin c0f27426bc
Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|6|2663|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/434//ansiblelint">Evolix » ansible-roles » unstable #434</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 17:47:47 +01:00
Mathieu Trossevin 62c596046d
Add role for automatically deploying autosysadmin 2023-12-18 17:00:51 +01:00
Jérémy Lecour b4c9fcf6f7
mongodb: add gpg key for 7.0
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|4|2666|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/433//ansiblelint">Evolix » ansible-roles » unstable #433</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 16:36:09 +01:00
William Hirigoyen 9e67db57e5 evolinux-base: fix hardware.yml (wrong repo, missing update cache)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|11|2659|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/432//ansiblelint">Evolix » ansible-roles » unstable #432</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 11:29:40 +01:00
Mathieu Trossevin 0c09763e87
fix(minifirewall): Properly detect old minifirewall versions
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2667|1|2666|2|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/431//ansiblelint">Evolix » ansible-roles » unstable #431</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-14 16:59:55 +01:00
David Prevot 95610e16be bind: allow bullseye and bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2667|0|2667|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-12 17:11:47 +01:00
David Prevot 5f158e031b spamassin: Use spamd starting with Bookworm 2023-12-12 17:11:47 +01:00
Jérémy Lecour b0992bcaf9
mysql: disable performance schema for Debian 8
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2662|4|2658|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/429//ansiblelint">Evolix » ansible-roles » unstable #429</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 18:21:57 +01:00
Jérémy Lecour 26e3dc1be6
apache: use backward compatible Redirect directive 2023-12-11 18:19:38 +01:00
Jérémy Lecour a920d2d402
apt: Disable archive repository for Debian 8
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2663|18|2645|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/428//ansiblelint">Evolix » ansible-roles » unstable #428</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 15:10:11 +01:00
Jérémy Lecour 6c0ca02391
apt: add task file to install ELTS repository (default: False) 2023-12-11 15:10:10 +01:00
Jérémy Lecour db63902206
apt: use the GPG version of the key for Debian 8-9 2023-12-11 15:10:09 +01:00
Jérémy Lecour ca5d9d5202
mysql: use a boolean for read-only 2023-12-11 15:10:08 +01:00
Jérémy Lecour fb7218972f
squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8 2023-12-11 15:10:06 +01:00
William Hirigoyen 66b69f1502 remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|22|2633|15|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/427//ansiblelint">Evolix » ansible-roles » unstable #427</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 10:46:04 +01:00
Jérémy Lecour c90afcb4f4
apt: fix Jessie repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|6|2642|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/426//ansiblelint">Evolix » ansible-roles » unstable #426</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-09 10:00:30 +01:00
Ludovic Poujol e32e1c5496 Unbound: Big update & enhancements
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|2|2645|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/425//ansiblelint">Evolix » ansible-roles » unstable #425</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
* Move configuration generated to /etc/unbound/unbound.conf.d/evolinux.conf so we don't override default config file
* Make use of root hints provided by dns-root-data instead of downloading them
* Add configuration to ensure that configuration reload work out of the box on Debian11 and old
* Add required configuration in Unbound and munin to allow tge plugin to work
* Make ansible-lint a bit more happy
2023-12-08 16:13:41 +01:00
Tom David--Broglio cbc51c462a fix Add Ceph volume to fstab : missing UUID= in src
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2657|5|2652|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/424//ansiblelint">Evolix » ansible-roles » unstable #424</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 11:02:04 +01:00
Alexis Ben Miloud--Josselin 4d7de89ad4 webapps/nextcloud: Add condition for config tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2656|9|2647|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/423//ansiblelint">Evolix » ansible-roles » unstable #423</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
And update CHANGELOG
2023-12-07 10:19:42 +01:00
William Hirigoyen c9e8b6c4e1 dovecot: Munin plugin conf path is now /etc/munin/plugin-conf.d/zzz-dovecot (instead of z-evolinux-dovecot)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|5|2650|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/422//ansiblelint">Evolix » ansible-roles » unstable #422</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 10:04:11 +01:00
Alexis Ben Miloud--Josselin 31826b9ee5 webapps/nextcloud: Set owner and mode once mounted
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|7|2648|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/421//ansiblelint">Evolix » ansible-roles » unstable #421</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 09:42:34 +01:00
Alexis Ben Miloud--Josselin 43aff50891 webapps/nextcloud: Ajouter volume dans fstab 2023-12-07 09:34:04 +01:00
David Prevot de949fd348 Fix timesyncd template
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|6|2647|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/420//ansiblelint">Evolix » ansible-roles » unstable #420</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-05 11:15:36 +01:00
Tom David--Broglio 57ce920d7f scripts munin pour les stats sur les pools
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|3|2650|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/419//ansiblelint">Evolix » ansible-roles » unstable #419</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-04 18:46:48 +01:00
Jérémy Lecour ae79f33e3a
fix: search/replace error
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|5|2650|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/418//ansiblelint">Evolix » ansible-roles » unstable #418</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-04 11:38:09 +01:00
William Hirigoyen c861fe1974 etc-git: add /var/chroot-bind/etc/bind to Git safe directories to avoid owner check by Git (bind owns the repo, not root)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|8|2647|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/417//ansiblelint">Evolix » ansible-roles » unstable #417</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 17:41:25 +01:00
William Hirigoyen 9867dcb319 Retrait debug
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2651|6|2645|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/416//ansiblelint">Evolix » ansible-roles » unstable #416</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 17:25:14 +01:00
David Prevot 066a66eb4b [minor] drop extra line
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|5|2648|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/415//ansiblelint">Evolix » ansible-roles » unstable #415</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 16:45:08 +01:00
David Prevot b8732dffaf Changelog for previous changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|5|2649|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/414//ansiblelint">Evolix » ansible-roles » unstable #414</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:58:31 +01:00
David Prevot 4d9e1af40f evolinux-base: Don’t try to install unavailable linux-image-cloud-amd64 before Buster
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|5|2648|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/413//ansiblelint">Evolix » ansible-roles » unstable #413</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:45:48 +01:00
David Prevot 59afbb2e9a apt: Stretch has been archived
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|3|2651|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/412//ansiblelint">Evolix » ansible-roles » unstable #412</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:35:57 +01:00
Mathieu Trossevin 0ca31b91fe
fix(certbot): Fix hook for dovecot (too strict)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|8|2646|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/411//ansiblelint">Evolix » ansible-roles » unstable #411</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
When we use a separate certificate for POP3 and IMAP there might be
blank characters (almost certainly spaces but might as well be more lax)
before `ssl_cert` which resulted in these lines not being detected and
the hook not being played, forcing manual intervention.

This commit fixes that problem by accepting blank characters before
ssl_certs. (`\b` might be even better...)
2023-11-30 10:11:05 +01:00
William Hirigoyen fba894cad9 etc-git: create /var/chroot-bind/etc/bind GIT repo also in jessie
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|8|2646|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/410//ansiblelint">Evolix » ansible-roles » unstable #410</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 10:49:07 +01:00
William Hirigoyen 1a74bef0bc check stat.exists before stat.isdir
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|7|2646|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/409//ansiblelint">Evolix » ansible-roles » unstable #409</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 10:13:43 +01:00
William Hirigoyen 83e61b25a5 etc-git: add /var/chroot-bind/etc/bind repo 2023-11-29 09:59:57 +01:00
Jérémy Lecour 06c47493e9
sort changelog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2650|9|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/408//ansiblelint">Evolix » ansible-roles » unstable #408</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 09:24:28 +01:00
Jérémy Lecour 81d97bb3fb
vrrpd: variable to force update the switch script (default: false) 2023-11-29 09:24:00 +01:00
Jérémy Lecour 9e3e20e3a8
evolinux-base: move htop/top config to different task file 2023-11-29 09:23:27 +01:00
Jérémy Lecour f9125b8f3f
whitespace 2023-11-29 09:23:26 +01:00
David Prevot e5f5425f6d lxc-php: Allow one to install php83 on Bookworm container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|9|2638|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/407//ansiblelint">Evolix » ansible-roles » unstable #407</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-28 17:15:44 +01:00
David Prevot 69bc93ff6e lxc: Init /etc git repository in lxc container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2643|6|2637|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/406//ansiblelint">Evolix » ansible-roles » unstable #406</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Note: ugly loop, but “it works”…
2023-11-24 11:54:13 +01:00
David Prevot 8f1fa57c37 evocheck: report “IS_ETCGIT_LXC, IS_GITPERMS_LXC: fix path”
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|3|2638|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/405//ansiblelint">Evolix » ansible-roles » unstable #405</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 15:01:58 +01:00
David Prevot cb03831ae8 lxc-php: Fix lxc_php_container_name
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2642|5|2637|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/404//ansiblelint">Evolix » ansible-roles » unstable #404</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 13:40:03 +01:00
Alexis Ben Miloud--Josselin 892067cf2b kvmstats: use .capacity instead of .physical for disk size
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|4|2636|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/403//ansiblelint">Evolix » ansible-roles » unstable #403</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 12:26:20 +01:00
David Prevot c93748487b evocheck: upstream release 23.11.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|6|2635|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/402//ansiblelint">Evolix » ansible-roles » unstable #402</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 17:27:39 +01:00
David Prevot 2c86660e52 evocheck: upstream release 23.11
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|2|2639|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/401//ansiblelint">Evolix » ansible-roles » unstable #401</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 17:06:39 +01:00
David Prevot 95aeb9a68e Fix bind changelog entry
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|5|2636|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/400//ansiblelint">Evolix » ansible-roles » unstable #400</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 16:13:37 +01:00
Brice Waegeneire 239065bf36 kvm-host: Fix regression on old Debian
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|6|2634|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/399//ansiblelint">Evolix » ansible-roles » unstable #399</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-21 16:17:48 +01:00
Brice Waegeneire 736ed26036 lxc-php: Add variable 'lxc_php_container_name' 2023-11-21 16:13:07 +01:00
David Prevot 96d15eb5aa Changelog entry for bind changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|9|2631|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/398//ansiblelint">Evolix » ansible-roles » unstable #398</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-21 11:35:42 +01:00
David Prevot 33d22b2614 bind: Bind mount for Bookworm 2023-11-21 11:21:31 +01:00
David Prevot 3bd87906ce bind: Adapt chroot-bind for Bookworm 2023-11-21 09:04:57 +01:00
David Prevot 9cedf84dae bind: Group accessibility for /var/chroot-bind 2023-11-21 09:04:57 +01:00
David Prevot 7ad55027da bind: Adapt apparmor rules as in https://wiki.debian.org/Bind9 2023-11-21 09:04:57 +01:00
David Prevot c71521acc3 bind: Adapt chroot-bind for Buster 2023-11-21 09:04:57 +01:00
David Prevot 8993242b2c bind: /etc/default/bind9 has been renamed as /etc/default/named
Since Bullseye (Debian 11)
2023-11-21 09:04:57 +01:00
Jérémy Lecour 4cba25d8fc
evolinux-base: no need to remove update-evobackup-canary from sbin anymore
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2637|4|2633|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/397//ansiblelint">Evolix » ansible-roles » unstable #397</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:15:39 +01:00
Jérémy Lecour f01e7453fb
no need to symlink backup-server-state to dump-server-state anymore
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2638|7|2631|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/396//ansiblelint">Evolix » ansible-roles » unstable #396</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:13:51 +01:00
Jérémy Lecour 71ed4c4c8c
shell syntax
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2639|10|2629|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/395//ansiblelint">Evolix » ansible-roles » unstable #395</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:03:50 +01:00
Jérémy Lecour 00fad357b5
use ternary condition (more readable) 2023-11-20 19:03:39 +01:00
Jérémy Lecour 83c178f244
log2mail: move custom config in separate file 2023-11-20 19:02:48 +01:00
Jérémy Lecour 642fbb1ea4
evolinux-base: dump-server-state upstream release 23.11 2023-11-20 19:02:03 +01:00
William Hirigoyen a5e4359d0e #73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/394//ansiblelint">Evolix » ansible-roles » unstable #394</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-17 15:51:33 +01:00
Gregory Colpart 0578d5a3ec apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|8|2627|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/393//ansiblelint">Evolix » ansible-roles » unstable #393</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-16 14:45:07 +01:00
Gregory Colpart ac72c7ac31 apache: fix MaxRequestsPerChild value to be sync with wiki.e.o 2023-11-16 14:44:08 +01:00
Gregory Colpart b1a67d1a5c apache : fix goaway pattern for bad bots
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|2|2633|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/392//ansiblelint">Evolix » ansible-roles » unstable #392</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-16 14:35:48 +01:00
William Hirigoyen 1394052fd6 ProFTPd: set missing default listen IP for SFTP, enable ed25525549 key only for Debian >= 11
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/391//ansiblelint">Evolix » ansible-roles » unstable #391</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-15 10:53:22 +01:00
William Hirigoyen 4a6e6e6ba2 ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/390//ansiblelint">Evolix » ansible-roles » unstable #390</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-15 09:43:10 +01:00
Ludovic Poujol b77845cc8c php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2634|7|2627|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/389//ansiblelint">Evolix » ansible-roles » unstable #389</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-13 16:17:22 +01:00
Jérémy Lecour c97e94bfe7
use ternary syntax for readability (subjective)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|4|2629|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/388//ansiblelint">Evolix » ansible-roles » unstable #388</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-10 17:17:39 +01:00
Tom David--Broglio 6ae9e04f27 webapps/nextcloud: fix misplaced gid attr and added check for nexctcloud uid
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|4|2629|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/387//ansiblelint">Evolix » ansible-roles » unstable #387</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 16:48:17 +01:00
Tom David--Broglio aab3381887 webapps/nextcloud: fix missing gid
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/386//ansiblelint">Evolix » ansible-roles » unstable #386</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 15:59:45 +01:00
Tom David--Broglio 009de62e28 webapps/nextcloud Added var nextcloud_user_uid to enforce uid for nextcloud user
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|6|2627|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/385//ansiblelint">Evolix » ansible-roles » unstable #385</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 15:19:15 +01:00
William Hirigoyen 41ec5b737b nagios: rename var into and check systemd-timesyncd instead of ntpd in Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|12|2623|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/384//ansiblelint">Evolix » ansible-roles » unstable #384</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-07 17:46:29 +01:00
William Hirigoyen c9c8ade55d nagios: fix default file to monitor for check_clamav_db
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|8|2622|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/383//ansiblelint">Evolix » ansible-roles » unstable #383</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-03 18:03:35 +01:00
William Hirigoyen bc284f8248 add-vm.sh: allow VM name max length > 20
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|6|2622|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/382//ansiblelint">Evolix » ansible-roles » unstable #382</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-03 10:48:28 +01:00
Brice Waegeneire 74a6b2ead1 nagios-nrpe: add check_sentinel
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|5|2622|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/381//ansiblelint">Evolix » ansible-roles » unstable #381</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-27 15:02:28 +02:00
David Prevot 331f4e8875 Revert "php83: preliminary work"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|4|2624|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/380//ansiblelint">Evolix » ansible-roles » unstable #380</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit 1259b88588.
2023-10-27 14:33:12 +02:00
David Prevot 953ca015c5 Changelog entries for latest changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|7|2623|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/379//ansiblelint">Evolix » ansible-roles » unstable #379</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-26 16:09:42 +02:00
David Prevot 45436d77b1 evocheck: upstream release 23.10 2023-10-26 16:03:45 +02:00
David Prevot 1259b88588 php83: preliminary work 2023-10-26 15:13:06 +02:00
David Prevot b05fa5a779 Add php-fpm82 to LDAP when relevant 2023-10-26 15:12:44 +02:00
David Prevot 03c09dc092 evoadmin-web: Fix PHP version for Bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|3|2625|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/378//ansiblelint">Evolix » ansible-roles » unstable #378</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-23 18:16:48 +02:00
Jérémy Lecour ab30ea4cde
nginx: keep indentation
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2629|10|2619|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/377//ansiblelint">Evolix » ansible-roles » unstable #377</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-18 22:12:40 +02:00
Brice Waegeneire 679e170dce evolinux-base: use separate default config file for rsyslog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|6|2619|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/376//ansiblelint">Evolix » ansible-roles » unstable #376</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-18 15:10:35 +02:00
Jérémy Lecour 198f3fab0a
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|0|2627|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-10-14 07:38:22 +02:00
Jérémy Lecour 3b3b130248
Release 23.10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|6|2620|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/375//ansiblelint">Evolix » ansible-roles » unstable #375</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-14 07:37:18 +02:00
Jérémy Lecour 31990cfe80
Linting CHANGELOG 2023-10-14 07:36:29 +02:00
Jérémy Lecour 3e55768c49
evolinux-base: replace value if present
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|7|2619|15|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/374//ansiblelint">Evolix » ansible-roles » unstable #374</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-14 07:25:07 +02:00
Jérémy Lecour 86e753b7a0
timesyncd: rename variable ntp_servers to timesyncd_ntp_servers and check for minimum number of elements 2023-10-14 07:07:57 +02:00
Jérémy Lecour 9c56cff642
conventions 2023-10-14 07:05:55 +02:00
Jérémy Lecour 243c64f555
timesyncd: compact tasks 2023-10-14 06:59:57 +02:00
Alexis Ben Miloud--Josselin bbf6ce6f6e rbenv: Installer libyaml-dev
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2634|7|2627|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/373//ansiblelint">Evolix » ansible-roles » unstable #373</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Le paquet est nécessaire en Debian 12.
2023-10-12 17:49:00 +02:00
Alexis Ben Miloud--Josselin dbd1103078 docker-host: Retirer directive state en trop
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|3|2630|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/372//ansiblelint">Evolix » ansible-roles » unstable #372</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-11 18:06:13 +02:00
Alexis Ben Miloud--Josselin bc3656dd4c evolinux-base: retirer tâche traitée
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|10|2625|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/371//ansiblelint">Evolix » ansible-roles » unstable #371</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-11 12:07:05 +02:00
Alexis Ben Miloud--Josselin a80076a5ea evolinux-base: Corriger autorisation pour evolinux_user
Cas configuration SSH séparée. Ticket #74636.
2023-10-11 10:02:34 +02:00
Jérémy Lecour 3347ac4271
evomaintenance: upstream release 23.10.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|4|2627|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/370//ansiblelint">Evolix » ansible-roles » unstable #370</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 18:13:48 +02:00
Alexis Ben Miloud--Josselin 0c9b55e5e1 evolix-base/root: fix module used
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|3|2627|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/369//ansiblelint">Evolix » ansible-roles » unstable #369</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 17:12:15 +02:00
Jérémy Lecour c673ed10c6
evomaintenance: upstream release 23.10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|3|2628|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/368//ansiblelint">Evolix » ansible-roles » unstable #368</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 16:24:47 +02:00
Jérémy Lecour 0f15484ada
kvm-tools: migrate-vm: remove transient/persistent options + allow migration of stopped VM
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/367//ansiblelint">Evolix » ansible-roles » unstable #367</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-06 15:25:29 +02:00
Jérémy Lecour d6a777be72
kvm-host: migrate-vm: set migration speed even on bridges
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/366//ansiblelint">Evolix » ansible-roles » unstable #366</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-05 22:05:17 +02:00
Jérémy Lecour 31456aa126
kvm-host: migrate-vm: set drbd role after define/undefine 2023-10-05 18:06:30 +02:00
Jérémy Lecour 9cd0426d2b
nagios-nrpe: sync Redis check from redis roles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|6|2626|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/365//ansiblelint">Evolix » ansible-roles » unstable #365</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-03 13:34:53 +02:00
David Prevot fef86b0a3f apt: Add Signed-by on Bookworm updates
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|4|2627|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/364//ansiblelint">Evolix » ansible-roles » unstable #364</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
The generic keyring is used instead of the specific ones for system and
security because /usr/share/keyrings/debian-archive-bookworm-* are not
present (yet) on major upgrades. It’s not ideal, and should be replaced
afterwards.

https://wiki.evolix.org/HowtoDebian/SourcesList#bookworm-12
2023-09-29 16:09:14 +02:00
David Prevot f2c37dddff Use timesyncd instead of ntpd starting with Debian 12 (not always)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|7|2624|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/363//ansiblelint">Evolix » ansible-roles » unstable #363</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-28 17:25:18 +02:00
David Prevot 35e7f22210 deb822-migration: Don’t keep evolix_public_old.sources on upgrade
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|25|2608|16|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/362//ansiblelint">Evolix » ansible-roles » unstable #362</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-28 15:59:16 +02:00
David Prevot b722ca822f evolinux-base: remount /usr rw before writting on it 2023-09-28 15:27:20 +02:00
David Prevot a2306e6a15 Changelog for previous commit 2023-09-28 15:27:19 +02:00
David Prevot ca67feb39e New timesyncd role used instead of ntpd by default 2023-09-28 15:27:19 +02:00
David Prevot aa13171f91 Changelog for previous commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|4|2620|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/361//ansiblelint">Evolix » ansible-roles » unstable #361</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 18:00:59 +02:00
David Prevot ec4c9108e7 Allow Java 17 2023-09-26 18:00:57 +02:00
David Prevot c03dd0ca2f Changelog for previous commit 2023-09-26 18:00:48 +02:00
David Prevot d69259f2ca LXC: Drop openssh-server from just installed container 2023-09-26 18:00:42 +02:00
Ludovic Poujol a65230b5e0 mysql: new munin graph to follow binlog_days over time
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|7|2618|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/360//ansiblelint">Evolix » ansible-roles » unstable #360</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 17:35:14 +02:00
Bruno TATU ee6bd8cec4 keep rights from current log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|5|2618|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/359//ansiblelint">Evolix » ansible-roles » unstable #359</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 11:42:21 +02:00
Brice Waegeneire e4a70b3c0c Revert "Add pki role."
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|3|2620|26|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/358//ansiblelint">Evolix » ansible-roles » unstable #358</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit ac70793ad6.

Implementation too inflexible. Try again!
2023-09-21 16:56:39 +02:00
Brice Waegeneire 4c91f424c6 Revert "pki: fix conventions and idioms"
This reverts commit dfe2448e86.

Implementation too inflexible. Try again!
2023-09-21 16:56:01 +02:00
Jérémy Lecour dfe2448e86
pki: fix conventions and idioms
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|6|2640|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/357//ansiblelint">Evolix » ansible-roles » unstable #357</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-21 16:05:08 +02:00
Jérémy Lecour b5550d2ce2
lxc-php: fix APT keyring path inside containers 2023-09-21 15:47:23 +02:00
Jérémy Lecour cc9d0c59d3
CHANGELOG cleanup
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/356//ansiblelint">Evolix » ansible-roles » unstable #356</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 14:33:45 +02:00
William Hirigoyen 6cd4048a0c bind: add todo to reload-zone script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|5|2642|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/354//ansiblelint">Evolix » ansible-roles » unstable #354</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 14:28:54 +02:00
Jérémy Lecour 1dbe51fc65
Revert "add new version of evocheck.sh"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/353//ansiblelint">Evolix » ansible-roles » unstable #353</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit 4ca17f06c1.
2023-09-20 13:32:38 +02:00
Jérémy Lecour 050b2ae419
kvm-host: migrate-vm sets the migration speed automatically
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|5|2642|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/352//ansiblelint">Evolix » ansible-roles » unstable #352</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 13:08:42 +02:00
Bruno TATU 45fc4b3371 whitelist domains used by nextcloud
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|4|2643|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/351//ansiblelint">Evolix » ansible-roles » unstable #351</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 09:47:22 +02:00
William Hirigoyen 1848a6162a nagios-nrpe: check-local can now detect anwqd connect to local IPs other than 127.0.0.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|4|2642|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/350//ansiblelint">Evolix » ansible-roles » unstable #350</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-18 10:53:24 +02:00
Iliane Said 4ca17f06c1 add new version of evocheck.sh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/349//ansiblelint">Evolix » ansible-roles » unstable #349</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-18 10:07:36 +02:00
William Hirigoyen 2c98717ebc nagios-nrpe: check-local now supports /etc/nagios/{nrpe.cfg,nrpe_local.cfg} + better completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|7|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/348//ansiblelint">Evolix » ansible-roles » unstable #348</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-15 16:36:57 +02:00
William Hirigoyen f8b9361afd lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|6|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/347//ansiblelint">Evolix » ansible-roles » unstable #347</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-15 15:27:37 +02:00
William Hirigoyen d7d8ee63b2 Revert "lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)"
This reverts commit 92788a8b93.
2023-09-15 15:20:45 +02:00
William Hirigoyen 92788a8b93 lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|4|2643|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/346//ansiblelint">Evolix » ansible-roles » unstable #346</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-14 17:11:46 +02:00
Brice Waegeneire 689ed21b38 evolinux-base: Add missing journald.conf
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|30|2618|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/345//ansiblelint">Evolix » ansible-roles » unstable #345</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-13 11:36:02 +02:00
Brice Waegeneire 682fac14b2 nagios-nrpe: Make check_process configurable 2023-09-13 11:35:37 +02:00
Brice Waegeneire ac70793ad6 Add pki role. 2023-09-13 11:35:37 +02:00
Jérémy Lecour b57a5c3b3c
evolinux-base: default value for evolinux_kernel_cloud_reboot (true)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|15|2610|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/344//ansiblelint">Evolix » ansible-roles » unstable #344</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-13 09:42:30 +02:00
Jérémy Lecour 53a0e56472
metricbeat/logstash: fix Ansible syntax 2023-09-13 09:38:44 +02:00
Jérémy Lecour 41004e20b4
kvm-host: migrate-vm exits if DRBD is not up-to-date
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|2|2621|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/343//ansiblelint">Evolix » ansible-roles » unstable #343</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-12 11:38:54 +02:00
William Hirigoyen 2af2e5ee78 nagios-nrpe: set default check_load --per-cpu for BSD
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|6|2617|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/342//ansiblelint">Evolix » ansible-roles » unstable #342</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-11 09:25:21 +02:00
William Hirigoyen 2a7d2d9c58 postfix: disable IPv6
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|2|2620|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/341//ansiblelint">Evolix » ansible-roles » unstable #341</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:44:37 +02:00
Mathieu Trossevin 4ee7c89410
fix(nagios-nrpe): Add missing dependency for new gluster.rb plugin
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|3|2619|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/340//ansiblelint">Evolix » ansible-roles » unstable #340</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:22:49 +02:00
Mathieu Trossevin cfca604670
nagios-nrpe: Add proper plugin to monitor glusterfs health
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|1|2621|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/339//ansiblelint">Evolix » ansible-roles » unstable #339</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:21:08 +02:00
William Hirigoyen 7ad296e74f Revert "postfix: Move common packages installation in common.yml"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|23|2601|18|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/338//ansiblelint">Evolix » ansible-roles » unstable #338</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit ec4fd5d27f.
2023-08-31 17:48:00 +02:00
William Hirigoyen 1b6700925c Revert "postfix: Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)"
This reverts commit bfe3bd7ef4.
2023-08-31 17:47:58 +02:00
William Hirigoyen 5b63ba112c Revert "evolinux-base: include postfix role, move exim4 purge from evolinux-base to postfix role"
This reverts commit a440110cad.
2023-08-31 17:47:49 +02:00
Gregory Colpart e289fd7119 j'ai refait le script par rapport aux autres modèles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2619|4|2615|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/337//ansiblelint">Evolix » ansible-roles » unstable #337</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 17:39:28 +02:00
William Hirigoyen a440110cad evolinux-base: include postfix role, move exim4 purge from evolinux-base to postfix role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2620|19|2601|21|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/336//ansiblelint">Evolix » ansible-roles » unstable #336</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 17:30:34 +02:00
William Hirigoyen bfe3bd7ef4 postfix: Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs) 2023-08-31 17:30:34 +02:00
William Hirigoyen ec4fd5d27f postfix: Move common packages installation in common.yml 2023-08-31 17:30:34 +02:00
Alexis Ben Miloud--Josselin 73c0a0d29a evolinux-base: include files under sshd_config.d
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|10|2612|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/335//ansiblelint">Evolix » ansible-roles » unstable #335</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
In case we need to add the Include directive, we add it at the
beginning of the global configuration file. This way the Include
directive can't be inside a Match directive.
2023-08-31 17:09:43 +02:00
Gregory Colpart 354c11fc25 ajout hook certbot pour ProFTPD
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|3|2619|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/334//ansiblelint">Evolix » ansible-roles » unstable #334</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 14:45:21 +02:00
Jérémy Lecour 8ca7cc4692
kvm-host: release 23.08 for migrate-vm.sh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|4|2619|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/333//ansiblelint">Evolix » ansible-roles » unstable #333</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 11:26:21 +02:00
Jérémy Lecour e2dea8054f
kvm-host: add batch-mode and ignore stdin for SSH command in migrate-vm.sh 2023-08-31 11:26:20 +02:00
Eric Morino df202197c7 Change lxc container in bookworm for php82
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|5|2617|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/332//ansiblelint">Evolix » ansible-roles » unstable #332</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:28:09 +02:00
Eric Morino 6e5ba9bd9a Merge branch 'lxc-php82' into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|9|2613|11|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/331//ansiblelint">Evolix » ansible-roles » unstable #331</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:26:40 +02:00
Eric Morino 090495e920 Fix rôle lxc-php for php82 in bookworm container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|6|2620|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/lxc-php82/1//ansiblelint">Evolix » ansible-roles » lxc-php82 #1</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:07:35 +02:00
Ludovic Poujol 594146bdac kibana: include tasks instead of import
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|3|2621|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/330//ansiblelint">Evolix » ansible-roles » unstable #330</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 12:06:21 +02:00
Ludovic Poujol e71cffd8fd php: add new variable to disable oveeriding settings of php-fpm default pool (www)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|6|2618|10|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/329//ansiblelint">Evolix » ansible-roles » unstable #329</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-28 17:08:33 +02:00
Eric Morino 8c72a7de8e New container lcx php82 in bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|0|2626|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-24 15:23:32 +02:00
Alexis Ben Miloud--Josselin b8b48bbcb9 evocheck: Fix IS_SSHALLOWUSERS condition
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|4|2624|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/328//ansiblelint">Evolix » ansible-roles » unstable #328</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-23 16:18:35 +02:00
Brice Waegeneire 53aab6f405 evolinux-base: Add comments structure in logs
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|11|2617|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/327//ansiblelint">Evolix » ansible-roles » unstable #327</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-23 15:48:45 +02:00
Brice Waegeneire fe369257ed evolinux-base: Limit journald to 1 day 2023-08-23 15:48:42 +02:00
Brice Waegeneire 0e1fe0e81f evolinux-base: Disable logcheck monitoring of journald 2023-08-23 15:05:10 +02:00
Ludovic Poujol 5cc7c13104 evolinux-base/tasks/kernel.yml > fix typo, 'is changed' vs '| changed'
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|4|2623|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/326//ansiblelint">Evolix » ansible-roles » unstable #326</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-22 12:28:57 +02:00
Jérémy Lecour bb41d313a9
apt: Explicit "signed-by" directives for official sources
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|5|2620|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/325//ansiblelint">Evolix » ansible-roles » unstable #325</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 16:28:03 +02:00
Brice Waegeneire a56682a7ca kvm-host: Add support for kvm solo
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|4|2621|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/324//ansiblelint">Evolix » ansible-roles » unstable #324</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 15:17:13 +02:00
Jérémy Lecour feba74c469
evolinux-base: reboot the server if the Cloud kernel has been installed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|10|2616|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/323//ansiblelint">Evolix » ansible-roles » unstable #323</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 12:10:01 +02:00
Jérémy Lecour 67c6167474
apt: Disable NonFreeFirmware warning for VM on Debian 12+ 2023-08-18 12:10:00 +02:00
Alexis Ben Miloud--Josselin 536d051890 Fix mode for files under /etc/ssh/sshd_config.d
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2621|5|2616|10|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/322//ansiblelint">Evolix » ansible-roles » unstable #322</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 18:21:06 +02:00
Alexis Ben Miloud--Josselin 36cd982f35 Merge branch 'ssh-split' into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|29|2597|15|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/321//ansiblelint">Evolix » ansible-roles » unstable #321</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:15:00 +02:00
Alexis Ben Miloud--Josselin 263f940c3d Update Changelog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|8|2619|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/9//ansiblelint">Evolix » ansible-roles » ssh-split #9</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:14:42 +02:00
Alexis Ben Miloud--Josselin a478348716 Fix grep under /etc/ssh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|5|2620|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/8//ansiblelint">Evolix » ansible-roles » ssh-split #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:05:37 +02:00
Alexis Ben Miloud--Josselin f7f578705c Fix config file path
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|4|2622|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/7//ansiblelint">Evolix » ansible-roles » ssh-split #7</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 4a0d3a4965 Fix permitrootlogin condition 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fbb0b73e3a Add permitrootlogin at beginning of file 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 7e15e01b14 Fix task name 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 86978a8225 evolinux-users: Fix "disable root login" task 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 0098cd2f08 evolinux-users: Fix "validate" syntax 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin e70ab6d039 evolinux-users: Fix tests order 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fc8105e84e evolinux-users: prepare SSH configuration for Debian 12 (wip) 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 87711ef00c evolinux-base: PermitRootLogin depends on evolinux_root_disable_ssh 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fc241f2835 evolinux-base: Add SSH configuration template 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin eca2b5e4bf fqcn 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin ec34d8afe1 Move PermitRootLogin to another file
Debian >= 12.
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 5265119912 evocheck/ssh: add Debian 12 condition 2023-08-16 15:25:07 +02:00
Eric Morino b92871bfef Add variable ansible_distribution_release on preference file for fix version of postgresql
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|5|2607|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/320//ansiblelint">Evolix » ansible-roles » unstable #320</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-14 09:29:12 +02:00
William Hirigoyen 81849c6537 userlogrotate: new version, with separate conf file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|5|2608|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/319//ansiblelint">Evolix » ansible-roles » unstable #319</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-11 10:51:45 +02:00
Ludovic Poujol 204b8af59b php: Add missing gpg key for pub.evolix.org (and remove reg.asc)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|2|2610|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/318//ansiblelint">Evolix » ansible-roles » unstable #318</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Completes commit cc3fb051b0
2023-08-09 17:08:03 +02:00
William Hirigoyen a867da5ca9 nagios-nrpe: fix missing quote in check-local completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|4|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/317//ansiblelint">Evolix » ansible-roles » unstable #317</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-08 16:53:47 +02:00
Ludovic Poujol f0abb53750 evolinux-base: New variable "evolinux_system_include_ntpd" to chose wether or not to include ntpd role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|13|2600|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/316//ansiblelint">Evolix » ansible-roles » unstable #316</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 11:47:42 +02:00
Eric Morino 87d09275a0 postgresql: fix file postgresql.pref.j2 for exclude package
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|4|2609|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/315//ansiblelint">Evolix » ansible-roles » unstable #315</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 10:18:08 +02:00
Eric Morino eca010d959 postgresql: fix task "update apt cache" for PGDG repo
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|6|2607|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/314//ansiblelint">Evolix » ansible-roles » unstable #314</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 09:56:44 +02:00
Jérémy Lecour 3ce412341f
dump-server-state: upstream release 23.08
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|4|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/313//ansiblelint">Evolix » ansible-roles » unstable #313</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-01 23:00:11 +02:00
David Prevot 05715d92f3 Fix template has no state
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|8|2605|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/312//ansiblelint">Evolix » ansible-roles » unstable #312</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-31 18:33:30 +02:00
David Prevot bc714c5ac8 Prepare lxc-php82 on Bookworm (not yet by default) 2023-07-31 18:33:30 +02:00
Ludovic Poujol 16bba8b469 fail2ban: add variable fail2ban_sshd_port to configure sshd port
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2614|6|2608|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/311//ansiblelint">Evolix » ansible-roles » unstable #311</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-31 11:50:36 +02:00
William Hirigoyen 7e193e4916 nagios-nrpe: improve check-local completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2611|3|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/310//ansiblelint">Evolix » ansible-roles » unstable #310</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-28 12:01:13 +02:00
William Hirigoyen e6ef4396f3 postfix: minor modifs spamp.sh 2023-07-28 12:00:31 +02:00
David Prevot 8e99b9fcb8 Use our current repository even in comments
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|3|2610|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/309//ansiblelint">Evolix » ansible-roles » unstable #309</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-27 14:50:54 +02:00
David Prevot 043f714722 Clean file committed by mistake 2023-07-27 14:43:08 +02:00
Eric Morino 6f218a7763 Add enabled and started systemd unit for mailgraph
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|3|2609|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/308//ansiblelint">Evolix » ansible-roles » unstable #308</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-26 10:44:26 +02:00
William Hirigoyen 5bd6893dac postfix: split packmail.yml, create packmail-spam.yml to be called separately for update
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2611|15|2596|16|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/307//ansiblelint">Evolix » ansible-roles » unstable #307</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-26 09:37:45 +02:00
William Hirigoyen 3c3db4fefa postfix: new spam.sh update script that avoids reloading if files did not change.
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|5|2607|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/306//ansiblelint">Evolix » ansible-roles » unstable #306</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 15:24:00 +02:00
David Prevot 4b4b34e849 Ensure {{ apt_keyring_dir }} directory exists
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|29|2583|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/305//ansiblelint">Evolix » ansible-roles » unstable #305</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 10:59:53 +02:00
David Prevot b64072fbbb Ticket #70508 : ajout check_elasticsearch_shards
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|2|2594|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/304//ansiblelint">Evolix » ansible-roles » unstable #304</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 10:24:41 +02:00
William Hirigoyen c2e27d025c nagios-nrpe: add brackets in check grep
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|2|2595|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/303//ansiblelint">Evolix » ansible-roles » unstable #303</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-24 15:35:09 +02:00
William Hirigoyen b6886384b9 redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|7|2590|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/302//ansiblelint">Evolix » ansible-roles » unstable #302</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:51:02 +02:00
William Hirigoyen 1a1d4265a7 dovecot: set Munin config in dedicated file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|6|2592|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/301//ansiblelint">Evolix » ansible-roles » unstable #301</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:33:15 +02:00
William Hirigoyen ef642e564e bind: Add reload-zone helper
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|2|2596|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/300//ansiblelint">Evolix » ansible-roles » unstable #300</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:19:26 +02:00
William Hirigoyen 030871ea9b opendkim: update apt cache before install
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2600|5|2595|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/299//ansiblelint">Evolix » ansible-roles » unstable #299</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-20 16:33:15 +02:00
David Prevot 440a54c21c Allow script to work on old and not yet usr-merged systems
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|3|2595|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/298//ansiblelint">Evolix » ansible-roles » unstable #298</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-20 16:17:43 +02:00
William Hirigoyen f2eaac0894 nginx: set default server directive in default vhost
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|5|2593|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/297//ansiblelint">Evolix » ansible-roles » unstable #297</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:31:21 +02:00
William Hirigoyen 67f0fa5942 evolinux-base: configure bashrc for all users
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|9|2589|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/296//ansiblelint">Evolix » ansible-roles » unstable #296</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:18:55 +02:00
William Hirigoyen 7133783695 Update CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|4|2593|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/295//ansiblelint">Evolix » ansible-roles » unstable #295</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:09:38 +02:00
Jérémy Lecour 4476c4b633
etc-git: include → import_tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|4|2591|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/294//ansiblelint">Evolix » ansible-roles » unstable #294</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-12 09:40:25 +02:00
Jérémy Lecour 83f7b6cdca
evolinux: Install HPE Agentless Management Service (amsd) 2023-07-12 09:40:24 +02:00
Ludovic Poujol f50848917a fail2ban: Fix cron fail2ban_dbpurge (should be bash instead of sh)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|5|2593|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/293//ansiblelint">Evolix » ansible-roles » unstable #293</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-10 16:41:12 +02:00
David Prevot fa35cb6d8f Use --force-yes for lxc-php so it can run on Jessie
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|4|2592|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/292//ansiblelint">Evolix » ansible-roles » unstable #292</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-10 15:27:27 +02:00
William Hirigoyen 016750685f userlogrotate: add a userlogpurge script disabled by default
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|9|2589|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/291//ansiblelint">Evolix » ansible-roles » unstable #291</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 15:05:41 +02:00
William Hirigoyen da0110b4f3 nagios-nrpe: Cleaning of check_ssl_local (minor)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/290//ansiblelint">Evolix » ansible-roles » unstable #290</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 12:02:02 +02:00
Mathieu Trossevin 831715e44c
fix(nagios-nrpe): Fix check_ssl_local output
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|5|2591|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/289//ansiblelint">Evolix » ansible-roles » unstable #289</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
nrpe read output of plugins from stdout only, if there is no output it
return UNKNOWN regardless of return code.
2023-07-07 11:30:22 +02:00
William Hirigoyen 53f82edefb evocheck: upstream release 23.07
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/288//ansiblelint">Evolix » ansible-roles » unstable #288</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 11:18:20 +02:00
William Hirigoyen aa10f719b4 redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2593|0|2593|1|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/287//ansiblelint">Evolix » ansible-roles » unstable #287</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-06 11:04:53 +02:00
Jérémy Lecour d747ee0f83
minifirewall: add safe-restart and safe-start commands
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|3|2591|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/286//ansiblelint">Evolix » ansible-roles » unstable #286</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-06 08:51:02 +02:00
Jérémy Lecour 0331c23ad6
minifirewall: update nrpe script to check active configuration
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/285//ansiblelint">Evolix » ansible-roles » unstable #285</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-05 09:54:53 +02:00
Jérémy Lecour e347b6eca8
minifirewall: upstream release 23.07 2023-07-05 09:54:52 +02:00
Bruno TATU fb184a0ecf Set fail2ban_dbpurgeage_default variable for fail2ban
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|5|2589|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/284//ansiblelint">Evolix » ansible-roles » unstable #284</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 15:36:02 +02:00
Gregory Colpart bb54c9209e add options for Amavis integration in Postfix packmail
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|6|2589|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/283//ansiblelint">Evolix » ansible-roles » unstable #283</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 09:52:47 +02:00
Gregory Colpart 1ecb463104 change default minimal_backoff_time (Postfix role)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|6|2589|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/282//ansiblelint">Evolix » ansible-roles » unstable #282</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 09:50:20 +02:00
Tom David--Broglio e4436d9066 docker-host: added var for user namespace setting
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|5|2590|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/281//ansiblelint">Evolix » ansible-roles » unstable #281</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-03 18:37:15 +02:00
Jérémy Lecour a6bac1f20b
change syntax "become: [yes,no]" → "become: [true,false]"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2593|3|2590|23|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/280//ansiblelint">Evolix » ansible-roles » unstable #280</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-03 14:21:22 +02:00
Bruno TATU 18f160fb83 valeur que l'on propose par défaut
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|5|2608|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/279//ansiblelint">Evolix » ansible-roles » unstable #279</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-28 14:55:16 +02:00
Jérémy Lecour 00fe225a3c
force: [yes,no] → force [true,false]
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2615|7|2608|177|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/278//ansiblelint">Evolix » ansible-roles » unstable #278</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-28 13:25:30 +02:00
William Hirigoyen def4d54538 dovecot: fix taks for check mode (minor)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|3|2782|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/277//ansiblelint">Evolix » ansible-roles » unstable #277</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-27 17:09:19 +02:00
David Prevot 9f632100fb Drop useless spaces
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|4|2781|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/276//ansiblelint">Evolix » ansible-roles » unstable #276</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-23 15:12:05 +02:00
William Hirigoyen 42ad894d45 dovecot: new Munin plugins, fix old_stats config
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|8|2779|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/275//ansiblelint">Evolix » ansible-roles » unstable #275</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-23 11:26:35 +02:00
William Hirigoyen 64c1da40b0 nagios-nrpe: corrige les cas où un check est défini plusieurs fois ou commenté
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|3|2782|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/274//ansiblelint">Evolix » ansible-roles » unstable #274</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-21 16:14:35 +02:00
Ludovic Poujol aec5406043 varnish: Allow the systemd template to be overriden with a template outside of the role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2786|4|2782|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/273//ansiblelint">Evolix » ansible-roles » unstable #273</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-19 16:09:40 +02:00
David Prevot 2e73bf09f7 amavis: Workaround https://bugs.debian.org/569150
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|6|2782|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/272//ansiblelint">Evolix » ansible-roles » unstable #272</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 17:52:41 +02:00
William Hirigoyen 19787152d8 postfix: remove duplicate directive
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|8|2780|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/271//ansiblelint">Evolix » ansible-roles » unstable #271</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 17:19:17 +02:00
Jérémy Lecour 1c60b02e77
.gitignore .vscode directory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|4|2781|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/270//ansiblelint">Evolix » ansible-roles » unstable #270</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 15:26:07 +02:00
Ludovic Poujol 9a5b5a39a9 policy_pam > Add support for Debian 10/9
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|7|2778|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/269//ansiblelint">Evolix » ansible-roles » unstable #269</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-12 11:35:53 +02:00
Eric Morino 1ec212f514 rename handler
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|6|2784|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/268//ansiblelint">Evolix » ansible-roles » unstable #268</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 14:28:06 +02:00
Ludovic Poujol 24d7fe5def pam_policy: Default settings : disabled
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|7|2783|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/267//ansiblelint">Evolix » ansible-roles » unstable #267</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 11:33:08 +02:00
Ludovic Poujol b234fdaea9 pam_policy : Ensure it's only executed on Debian 11+ systems 2023-06-05 10:33:34 +02:00
Ludovic Poujol 5c095dc862 policy_pam : Enforce password min days to prevent circumvention of pwhistory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|9|2782|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/266//ansiblelint">Evolix » ansible-roles » unstable #266</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 10:27:22 +02:00
William Hirigoyen e00af3aafb nagios-nrpe: allow check-local for Debian < 10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|5|2785|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/265//ansiblelint">Evolix » ansible-roles » unstable #265</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-02 09:47:20 +02:00
Jérémy Lecour 060018be26 vscode: ansible/yaml formatter
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|9|2782|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/264//ansiblelint">Evolix » ansible-roles » unstable #264</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-01 09:43:43 +02:00
Jérémy Lecour 318991fe42 pbbouncer: minor fixes 2023-06-01 09:43:20 +02:00
Jérémy Lecour 5027151011 elasticsearch: use an Integer
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2789|5|2784|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/263//ansiblelint">Evolix » ansible-roles » unstable #263</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 17:25:27 +02:00
Jérémy Lecour 2c079755e9 elasticsearch: comment the Xlog:gc line instead of changing it completely 2023-05-31 17:25:27 +02:00
Eric Morino 9f87049ee4 add variables for admin_users and stats_users to access on the pgbouncer console
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|12|2779|11|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/262//ansiblelint">Evolix » ansible-roles » unstable #262</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 17:09:42 +02:00
Eric Morino 81e1d1b0c1 Add variable pgbouncer_auth_type and add README
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|4|2786|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/261//ansiblelint">Evolix » ansible-roles » unstable #261</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 15:50:20 +02:00
Jérémy Lecour 1ae40e7686 nagios-nrpe: remount /usr **after** installing the packages
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2789|6|2783|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/260//ansiblelint">Evolix » ansible-roles » unstable #260</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 11:27:32 +02:00
emorino 6837df5a9e Delete old configuration file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|5|2782|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/259//ansiblelint">Evolix » ansible-roles » unstable #259</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-29 10:53:02 +02:00
emorino 3e00632a41 Add include to /etc/opendkim-evolix.conf on default configuration file, cf. #68552
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|8|2779|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/258//ansiblelint">Evolix » ansible-roles » unstable #258</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-29 10:51:36 +02:00
William Hirigoyen 9ff615f19a nagios-nrpe: switch to echo (printf problem with % chars)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|8|2780|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/256//ansiblelint">Evolix » ansible-roles » unstable #256</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-25 16:15:22 +02:00
William Hirigoyen 5563b4f8f2 nagios-nrpe: improve check-local output and fix completion in Debian 10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2786|2|2784|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/256//ansiblelint">Evolix » ansible-roles » unstable #256</a> Details
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2023-05-25 16:01:04 +02:00
Ludovic Poujol 91bcd2a605 policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|11|2774|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/255//ansiblelint">Evolix » ansible-roles » unstable #255</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-25 11:43:53 +02:00
Jérémy Lecour 8706a35705 mysql: improve shell syntax for mysql_skip script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2776|4|2772|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/254//ansiblelint">Evolix » ansible-roles » unstable #254</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-22 14:16:50 +02:00
Eric Morino 7b667d1650 Add task for mount nextcloud_data volume
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|2|2775|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/253//ansiblelint">Evolix » ansible-roles » unstable #253</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-19 16:21:41 +02:00
William Hirigoyen 5ef4d91f1c mysql: add missing notify to restart MySQL after setting config
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|6|2771|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/252//ansiblelint">Evolix » ansible-roles » unstable #252</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-16 18:04:03 +02:00
Jérémy Lecour 7660444c9a fix syntax
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|6|2771|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/251//ansiblelint">Evolix » ansible-roles » unstable #251</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 18:14:25 +02:00
Jérémy Lecour f79d8456d6 elasticsearch: improve networking configuration 2023-05-12 18:14:19 +02:00
William Hirigoyen 3d8ae87368 nagios-nrpe: add double quotes to input var in check-local
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|5|2773|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/250//ansiblelint">Evolix » ansible-roles » unstable #250</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 12:38:40 +02:00
William Hirigoyen 6ab34517b6 nagios-nrpe: add a NRPE check-local command with completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|5|2776|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/249//ansiblelint">Evolix » ansible-roles » unstable #249</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 12:35:49 +02:00
David Prevot ad2d96d890 tfix s/import/include/
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|7|2774|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/248//ansiblelint">Evolix » ansible-roles » unstable #248</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-11 17:51:55 +02:00
Jérémy Lecour d3345d2866 apt: move stretch backports to archive.d.o
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|4|2774|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/247//ansiblelint">Evolix » ansible-roles » unstable #247</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-09 10:48:04 +02:00
William Hirigoyen db0b5ab3db postfix: add missing localhost.$mydomain to mydestination
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|5|2776|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/246//ansiblelint">Evolix » ansible-roles » unstable #246</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-02 14:21:39 +02:00
William Hirigoyen 9821fc8f78 userlogrotate: rotate also php.log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2780|4|2776|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/245//ansiblelint">Evolix » ansible-roles » unstable #245</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-27 10:52:32 +02:00
William Hirigoyen 5c60fad29c evolinux-users: remove Stretch references in tasks that also apply to next Debian versions.
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2779|6|2773|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/244//ansiblelint">Evolix » ansible-roles » unstable #244</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-26 18:10:45 +02:00
William Hirigoyen 8f4bcccbc3 packweb-apache,nagios-nrpe: add missing task and config fo PHP 8.2 container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2780|10|2770|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/243//ansiblelint">Evolix » ansible-roles » unstable #243</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-26 17:43:26 +02:00
Jérémy Lecour a10cff94d0 Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/tag This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2779|4|2775|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/stable/8//ansiblelint">Evolix » ansible-roles » stable #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:49:00 +02:00
Jérémy Lecour 6cd72cf9f4 Release 23.04
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|3|2775|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/242//ansiblelint">Evolix » ansible-roles » unstable #242</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:48:39 +02:00
Jérémy Lecour 42e98791d9 Extract patroni role into its own branch for now
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|3|2775|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/241//ansiblelint">Evolix » ansible-roles » unstable #241</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:31:02 +02:00
Brice Waegeneire e8c7d2c3e3 lxc-php: add support for PHP 8.2 container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|10|2782|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/239//ansiblelint">Evolix » ansible-roles » unstable #239</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-20 11:27:56 +02:00
David Prevot 37e6b14001 listupgrade: Fix removal order
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|7|4825|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/stable/5//ansiblelint">Evolix » ansible-roles » stable #5</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-18 09:47:03 +02:00
Eric Morino 602bb22984 Add template systemd for patroni
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|3|2785|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/238//ansiblelint">Evolix » ansible-roles » unstable #238</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-13 09:55:35 +02:00
William Hirigoyen 0c2e06de33 evocheck: upstream release 23.04.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|3|2788|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/237//ansiblelint">Evolix » ansible-roles » unstable #237</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-07 11:53:30 +02:00
William Hirigoyen 956e644ac4 evocheck: upstream release 23.04
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|3|2789|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/236//ansiblelint">Evolix » ansible-roles » unstable #236</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-07 11:00:13 +02:00
Eric Morino 23b26fa239 changement variable postgresql_hosts
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|3|2789|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/235//ansiblelint">Evolix » ansible-roles » unstable #235</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 17:33:12 +02:00
Eric Morino b7723cfe69 fix bin_dir variable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|4|2786|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/234//ansiblelint">Evolix » ansible-roles » unstable #234</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 17:21:14 +02:00
Eric Morino 8ec5c79ca1 Add new role Patroni in CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|20|2772|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/233//ansiblelint">Evolix » ansible-roles » unstable #233</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 14:45:17 +02:00
Eric Morino 7d75ed1a96 Add key GPG evolix, and fix some bugs 2023-04-03 14:34:03 +02:00
Eric Morino c157450a2c début creation rôle patroni 2023-04-03 14:34:03 +02:00
Alexis Ben Miloud--Josselin ce247dba56 Add role for Graylog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2776|17|2759|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-30 17:58:30 +02:00
Alexis Ben Miloud--Josselin d37f6c0e3f PgBouncer: add handler (restart)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2763|5|2758|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/231//ansiblelint">Evolix » ansible-roles » unstable #231</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-30 13:21:33 +02:00
Ludovic Poujol 34a0dae3e6 generate-ldif: Support for Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2763|3|2760|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/230//ansiblelint">Evolix » ansible-roles » unstable #230</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
The script required few changes to adapt to the new output of lscpu & usage of lspci

lscpu
- Multiple Vendor ID fields (CPU & Bios) > We keep the first one tied to the CPU info
- No more CPU Speed displayed for virtual machines. We guess the CPU Speed with the CPU Name (Thanks intel puting it in the CPU Name). But that's not going to work with AMD CPUs. An alternative would be to have a peek at /proc/cpu

lspci
- Remove the "0x" prefix as it seems invalid with lscpi version on Debian 12. On older debian, vendor/device id are accepted with or without the "0x" prefix
2023-03-29 11:41:26 +02:00
Jérémy Lecour a999ac20da fqcn
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2765|8|2757|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/229//ansiblelint">Evolix » ansible-roles » unstable #229</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 23:36:35 +02:00
Jérémy Lecour 78c70c1d05 mysql: create log directory for stretch and later 2023-03-27 23:36:26 +02:00
Jérémy Lecour 004c85b0ff typo 2023-03-27 23:35:04 +02:00
David Prevot 0ed1fb9f0a evolinux-base: add wrapper task file for backward compatibility
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2769|4|2765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/228//ansiblelint">Evolix » ansible-roles » unstable #228</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 16:13:11 +02:00
David Prevot 09f951de18 listupgrade: No removal (especially of the just installed cron_file) needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2769|4|2765|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/227//ansiblelint">Evolix » ansible-roles » unstable #227</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 11:21:25 +02:00
David Prevot 47e35f77d2 evoacme: Fix syntax that introduced extra ending space
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|3|2765|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/226//ansiblelint">Evolix » ansible-roles » unstable #226</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 10:16:57 +02:00
Jérémy Dubois 939b2358a3 openvpn: updated the README file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|6|2762|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/225//ansiblelint">Evolix » ansible-roles » unstable #225</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-22 15:21:58 +01:00
Jérémy Lecour 70c93310f9 Fix ansible-lint violations
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|3|2765|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/224//ansiblelint">Evolix » ansible-roles » unstable #224</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 23:48:40 +01:00
Jérémy Lecour ee21973371 Use FQCN
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|524|2253|2462|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Fully Qualified Collection Name
2023-03-20 23:33:19 +01:00
Jérémy Lecour 7a73df6bd7 Comments on Dell RAID controllers
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4715|5|4710|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/222//ansiblelint">Evolix » ansible-roles » unstable #222</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 21:33:49 +01:00
Jérémy Lecour 1d3866e3f0 packweb-apache: include_role instead of import_role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4714|172|4542|175|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/221//ansiblelint">Evolix » ansible-roles » unstable #221</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 15:43:35 +01:00
Jérémy Lecour 247a89e928 syntax 2023-03-20 15:43:35 +01:00
Jérémy Lecour 151e6914a8 mysql: fixes for Debian 12 2023-03-20 15:43:35 +01:00
Jérémy Lecour a0986f034d mongodb: prepare Debian 12 2023-03-20 15:43:35 +01:00
Jérémy Lecour f8f5bec8b5 lxc-php: prepare php82 2023-03-20 15:43:35 +01:00
Jérémy Lecour 1d03e73a62 lxc-php: extract variables 2023-03-20 15:43:35 +01:00
Jérémy Lecour 09d3f606cd lxc-php: lxc dependency is resolved manually 2023-03-20 15:43:34 +01:00
Jérémy Lecour 16aabbe091 fluentd: deb922 sources 2023-03-20 15:43:34 +01:00
Jérémy Lecour efd6e8d6b3 apt: add wrapper tasks files for backward compatibility 2023-03-20 15:43:34 +01:00
Jérémy Lecour 45e8132d07 Install deb822 sources on Debian >=12 2023-03-20 15:43:34 +01:00
Jérémy Lecour f1644ed138 docker: source list for Debian 12 2023-03-20 15:43:34 +01:00
David Prevot 49d8c99328 pub_evolix.asc is also needed in lxc-php
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|6|4711|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/220//ansiblelint">Evolix » ansible-roles » unstable #220</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 14:56:11 +01:00
Jérémy Lecour 5974f12b82 evolinux-base: fix conditional precedence
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|4|4713|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/219//ansiblelint">Evolix » ansible-roles » unstable #219</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-18 18:50:06 +01:00
Jérémy Lecour 958109c3b3 evolinux-base: reorganize ssh section
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|90|4627|233|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/218//ansiblelint">Evolix » ansible-roles » unstable #218</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-18 18:40:03 +01:00
Jérémy Lecour 38b106a8f2 evolinux-base: reorganize hardware section 2023-03-18 18:40:03 +01:00
Jérémy Lecour 8f25dfe041 evolinux-base: syntax 2023-03-18 18:40:03 +01:00
Jérémy Lecour 6f61a0744c apt: with Debian, 12 backports are installed but disabled by default 2023-03-18 15:38:05 +01:00
Jérémy Lecour 512b06a513 bookworm-detect: detect also from description
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4860|7|4853|14|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/217//ansiblelint">Evolix » ansible-roles » unstable #217</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 22:32:31 +01:00
Jérémy Lecour 9358efedfe apt: fix many stupid mistakes 2023-03-17 22:32:11 +01:00
Jérémy Lecour 367bda528f apt: use deb822 format on Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4867|51|4816|17|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/216//ansiblelint">Evolix » ansible-roles » unstable #216</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 20:05:45 +01:00
David Prevot 4c4a08f15e apt: Add binary key for our repository (for Jessie or less)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|7|4826|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/215//ansiblelint">Evolix » ansible-roles » unstable #215</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 13:55:48 +01:00
Jérémy Lecour 7052b7bd1e Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|0|4832|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-03-16 22:18:04 +01:00
Jérémy Lecour fac45cb64d Release 23.03.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|5|4828|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/214//ansiblelint">Evolix » ansible-roles » unstable #214</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 22:17:46 +01:00
Jérémy Lecour edeb5bcfcf minifirewall also fix minifirewall_status
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|6|4827|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/213//ansiblelint">Evolix » ansible-roles » unstable #213</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 22:00:36 +01:00
Jérémy Lecour 8bfc4c28bc listupgrade: remove old typo version of the cron task
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|6|4826|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/212//ansiblelint">Evolix » ansible-roles » unstable #212</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 21:37:04 +01:00
Jérémy Lecour be03dfcb08 apt: deb822 migration python script is looked relative to shell script 2023-03-16 21:37:04 +01:00
Jérémy Lecour b7dea8d456 minifirewall: support protocols in numeric form 2023-03-16 21:37:04 +01:00
Alexis Ben Miloud--Josselin eae2eed7b0 Add role for PgBouncer
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4831|10|4821|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/211//ansiblelint">Evolix » ansible-roles » unstable #211</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 17:14:16 +01:00
Jérémy Lecour 8e4e77cb8b Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|0|4826|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-03-16 14:56:59 +01:00
Jérémy Lecour 65ee8c7e45 Release 23.03
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|7|4819|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/210//ansiblelint">Evolix » ansible-roles » unstable #210</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:56:39 +01:00
Jérémy Lecour 0e81eab6fa If you want `exit 0`, well… run `exit 0` :D
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4825|2|4823|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/209//ansiblelint">Evolix » ansible-roles » unstable #209</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:53:53 +01:00
Jérémy Lecour 449103f537 whitespace 2023-03-16 14:46:42 +01:00
Jérémy Lecour 8df930f016 import changelog line
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|61|4765|20|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/208//ansiblelint">Evolix » ansible-roles » unstable #208</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:38:32 +01:00
Jérémy Lecour 6f96f6b458 Use proper python Boolean 2023-03-16 14:38:32 +01:00
Jérémy Lecour 70d34ac18d listupgrade: upstream release 23.03.3 2023-03-16 14:38:32 +01:00
Jérémy Lecour 50216eb5c7 listupgrade: upstream release 23.03.2 2023-03-16 14:38:32 +01:00
Jérémy Lecour 8d698ec6cb CHANGELOG cleanup 2023-03-16 14:38:29 +01:00
Alexis Ben Miloud--Josselin dc6b340081 changelog: ajouter changements sur kvmstats
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4785|6|4779|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/207//ansiblelint">Evolix » ansible-roles » unstable #207</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:21:21 +01:00
Jérémy Lecour fa1935e46c apt: add tools to migrate sources to deb822 format
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4783|21|4762|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/206//ansiblelint">Evolix » ansible-roles » unstable #206</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-15 22:50:00 +01:00
Jérémy Lecour 96a2bbecdd apt: move-apt-keyrings moved in /usr/share/scripts 2023-03-15 22:49:02 +01:00
David Prevot d6959c9287 Revert "Use bullseye suite even for bookworm"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|4|4765|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/205//ansiblelint">Evolix » ansible-roles » unstable #205</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
bookworm suite has been enabled on our new repository.

This reverts commit 1fae737ac4.
2023-03-14 13:28:36 +01:00
David Prevot a9ce436b3c listupgrade: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|4|4766|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/204//ansiblelint">Evolix » ansible-roles » unstable #204</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 22:06:01 +01:00
David Prevot cc3fb051b0 Use our new repository for PHP 2023-03-13 22:05:51 +01:00
David Prevot c7940dc8c1 CHANGELOG: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|3|4766|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/203//ansiblelint">Evolix » ansible-roles » unstable #203</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:12:37 +01:00
William Hirigoyen 419071f470 php: fix error introduced in 33503e4538 (False evaluated as a string instead of boolean)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|6|4764|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/202//ansiblelint">Evolix » ansible-roles » unstable #202</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:09:41 +01:00
David Prevot 015a1bfec7 Revert "Use HTTPS for our new repository"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|8|4761|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/201//ansiblelint">Evolix » ansible-roles » unstable #201</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
It errors out if ca-certificates is not yet installed

This reverts commit 12a0d8d57e.
2023-03-13 11:59:27 +01:00
David Prevot 12a0d8d57e Use HTTP for our new repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4767|6|4761|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/200//ansiblelint">Evolix » ansible-roles » unstable #200</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 11:18:33 +01:00
Alexis Ben Miloud--Josselin 03cd475811 userlogrotate_jessie: Corriger condition compression
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4768|4|4764|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/198//ansiblelint">Evolix » ansible-roles » unstable #198</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 10:22:53 +01:00
Alexis Ben Miloud--Josselin b0d0a7422a userlogrotate: Remplacer «``» par «$()»
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|2|4768|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/198//ansiblelint">Evolix » ansible-roles » unstable #198</a> Details
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2023-03-13 10:21:42 +01:00
Alexis Ben Miloud--Josselin e6199b3592 userlogrotate: Corriger condition compression 2023-03-13 10:15:01 +01:00
Jérémy Lecour b4a63d3d55 listupgrade: upstream release 23.03.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|5|4765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/197//ansiblelint">Evolix » ansible-roles » unstable #197</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-12 11:12:56 +01:00
Jérémy Lecour b57fd16ee6 listupgrade: upstream release 23.03 2023-03-12 11:12:56 +01:00
Jérémy Lecour d64193287d postgresql: configure max_connections 2023-03-12 11:12:56 +01:00
William Hirigoyen 3f353ad072 elasticsearch: disable GC logging
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-10 10:29:59 +01:00
William Hirigoyen fc95f57711 elasticsearch: Disable GC rotation for JDK 8 2023-03-10 10:29:59 +01:00
Alexis Ben Miloud--Josselin 058753bcfe kvmstats: Utiliser domstats pour récupérer infos
gitea/ansible-roles/pipeline/head This commit looks good Details
Remplacer les multiples commandes virsh par une seule commande
virsh domstats. La sortie est filtrée par une commande awk.

Certains hyperviseurs ne savent pas lister les informations d’un
volume RBD (Ceph) avec domblkinfo. Il semble que domstats
fonctionne mieux pour ça et peut donner toutes les informations
de toute façon.
2023-03-10 10:07:00 +01:00
Alexis Ben Miloud--Josselin 8b26f2f491 kvmstats: désobfusquer conversion vers html 2023-03-10 10:06:43 +01:00
William Hirigoyen 4759ed645c lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-08 11:09:36 +01:00
William Hirigoyen af569f8c26 userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-03 14:39:16 +01:00
William Hirigoyen 4d3f92df23 postfix: avoid Amavis transport to be considered dead when restarted.
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-02 17:50:17 +01:00
William Hirigoyen 7ec58bf144 userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:50:58 +01:00
William Hirigoyen cc7c2a7d4e userlogrotate: fix bug introduced in commit 2e54944a24 (rotated files were not zipped)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:22:50 +01:00
William Hirigoyen d9c5563fd6 postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 14:35:51 +01:00
William Hirigoyen e3e589d132 evocheck: upstream release 23.03.01
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 10:08:57 +01:00
William Hirigoyen 19e6d01a34 evocheck: upstream release 23.03
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 09:58:24 +01:00
Ludovic Poujol e896459d06 varnish: add variable varnish_update_config to disable configuration update
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-28 15:24:18 +01:00
Jérémy Lecour d366683acc bind: jinja syntax
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-28 10:12:38 +01:00
David Prevot 1d701b060e apt: Use pub.evolix.org instead of pub.evolix.net
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-27 18:11:51 +01:00
Jérémy Lecour c99e71fc6c Add vscode settings
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-27 13:58:25 +01:00
Jérémy Lecour 17946f7280 apt: add move-apt-keyrings script/tasks 2023-02-27 13:58:01 +01:00
Jérémy Lecour b2c215eef0 formatting 2023-02-26 21:32:51 +01:00
Jérémy Lecour 431ffd5991 evolinux-base: subversion is not installed anymore 2023-02-26 21:31:02 +01:00
Eric Morino 68d34c8528 Add changelog for add feature in postfix / apache and php
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-24 15:46:00 +01:00
Eric Morino 8ec159c444 Add task in postfix for packmail and index.hml + vhost directive for mailgraph
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-24 15:41:39 +01:00
Jérémy Lecour 8cbe837147 bind: refactor role
gitea/ansible-roles/pipeline/head This commit looks good Details
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
2023-02-21 19:01:01 +01:00
William Hirigoyen 2c1db6a222 userlogrotate: create role separated from packweb-apache
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 17:55:46 +01:00
William Hirigoyen ae5c829373 php: Fix missing variable error introduced in b1a602bf7 2023-02-21 17:47:23 +01:00
William Hirigoyen cd8a812288 bind: fix fail in check mode
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:14:05 +01:00
Jérémy Lecour 86a3c78a04 yarn: update apt key
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:09:05 +01:00
Jérémy Lecour 21a4f76330 bind: use systemd module 2023-02-21 15:08:02 +01:00
Alexis Ben Miloud--Josselin 6968128e7c php: fix last commit and update changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-14 16:43:41 +01:00
Alexis Ben Miloud--Josselin d1b2fd8145 php: Fix sury support on Debian 11
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-14 15:49:21 +01:00
Eric Morino 4f5e745310 Add handlers pour php8.2
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-13 10:27:49 +01:00
Alexis Ben Miloud--Josselin 33503e4538 php: Add sury support on Debian 11
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-13 10:09:37 +01:00
William Hirigoyen 32f0561e72 evocheck: upstream release 23.02
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-10 12:32:39 +01:00
William Hirigoyen 7ba743072a evocheck: upstream release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-10 11:46:23 +01:00
Ludovic Poujol 49e92d20b0 evolinux-users: Update sudoers template to remove commands allowed without password
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-01 15:23:51 +01:00
Jérémy Lecour 3f0eecc056 minifirewall: upstream release 23.02
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-01 13:21:01 +01:00
Jérémy Lecour d3765ada56 nagios-nrpe: old wrapper might be missing 2023-02-01 13:21:01 +01:00
Eric Morino 70be09342b Remove task debug
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 17:54:12 +01:00
Eric Morino b1a602bf75 Add php5.6 with Sury on Debian 10
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 17:53:31 +01:00
Jérémy Dubois f354f16cd6 openvpn: Change check_openvpn destination file to comply with recent EvoBSD change
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 11:13:08 +01:00
Jérémy Lecour 8244bd4615 nagios-nrpe: add tasks/files for a wrapper
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-30 12:05:43 +01:00
William Hirigoyen e0c143d9cf postfix: come back to default value of for pack mails
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:35:47 +01:00
William Hirigoyen 13f4578599 postfix: Do not notify errors of classes policy, protocol in of main.cf
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:01:57 +01:00
William Hirigoyen 31e90abe57 fail2ban: add 'Internal login failure' to Dovecot filter
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 10:33:10 +01:00
Jérémy Dubois 5120249e59 nagios-nrpe : fix check_vrrpd
gitea/ansible-roles/pipeline/head This commit looks good Details
grep "17" was able to grep "170"
2023-01-18 17:45:06 +01:00
David Prevot 6864f61343 keepalived: Make sure state file is readable
gitea/ansible-roles/pipeline/head This commit looks good Details
The file is created 600 on Bullseye otherwise
2023-01-18 16:49:28 +01:00
William Hirigoyen 8d16f17354 * clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix.
gitea/ansible-roles/pipeline/head This commit looks good Details
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-01-18 10:30:41 +01:00
Jérémy Dubois 0cb751591a nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-17 11:11:33 +01:00
Ludovic Poujol c27551939d webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-13 11:05:55 +01:00
Ludovic Poujol dcc378776c webapp/nextcloud : Change default data directory to be outside web root 2023-01-13 11:04:32 +01:00
Jérémy Dubois 68017d8db9 openvpn: fix the client cipher configuration to match the server cipher configuration
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-12 14:29:18 +01:00
William Hirigoyen 417734eed2 haproxy: fix missing admin ACL in stats module access permissions
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-11 16:15:09 +01:00
Patrick Marchand 0413f93852 Fix problems with docker-host daemon.json config
gitea/ansible-roles/pipeline/head This commit looks good Details
Docker is very strict with it's json format and doesnt
seem to allow any surprise new lines or extra commas
after the last option before the closing }.

Since this is a dynamically constructed file, we dont know
what the last option will be. By putting the commas at the
start of the line and removing all newspace, we remove
the problem, at the expense of a less readable jinja
template.
2023-01-10 15:16:30 -05:00
Patrick Marchand 08db5a5140 Fix problems with docker-host daemon.json config
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-10 11:26:57 -05:00
Patrick Marchand e5cae4ba78 Fix evoacme jinja syntax problem
gitea/ansible-roles/pipeline/head This commit looks good Details
This problem was introduced by commit 7a0e0d81d6
It made ansible crash when parsing the template.
2023-01-09 14:10:47 -05:00
David Prevot dbef71d791 Drop trailing whitespaces
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-06 09:54:51 +01:00
Patrick Marchand 90ba88e157 Forgot to remove one of the warn: no occurences
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-05 15:06:30 -05:00
William Hirigoyen 4cdf3bb074 postgresql: fix regression introduced in 6c4243f3e in logrotate group
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-04 10:22:43 +01:00
William Hirigoyen 6c4243f3e1 postgresql: logrotate with dateext and right permissions
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-03 10:56:19 +01:00
William Hirigoyen 48e3ced983 elasticsearch : use logrotate for garbage collector logs
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-02 17:29:37 +01:00
William Hirigoyen 8401401716 Update CHANGELOG
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-30 10:46:24 +01:00
William Hirigoyen 1a034af944 nagios-nrpe: Print pool config path in check_phpfpm_multi output
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-30 10:45:09 +01:00
Jérémy Lecour 7a0e0d81d6 Proper jinja spacing
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-28 09:03:37 +01:00
Jérémy Lecour 8eae5bba63 Use systemd module instead of command 2022-12-28 09:02:17 +01:00
Ludovic Poujol 0654fb8ced Jenkinsfile > Creating a temp file to collect lint result is not required
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 18:43:37 +01:00
Ludovic Poujol 1c66a1a5f3 Jenkinsfile > Use workspace tmp dir
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 18:16:52 +01:00
Ludovic Poujol be8c69b4b8 .Jenkinsfile > Add some ansible lint
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 16:19:00 +01:00
Ludovic Poujol 8ca237c5f7 fail2ban: Fix indent in tasks/fix-dbpurgeage.yml
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 14:47:55 +01:00
Patrick Marchand 0e6c2567e2 Fix presentation error in changelog markdown
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-22 11:35:52 -05:00
Patrick Marchand 5611bb73a2 Remove warning ignores as they are depreciated
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:35:20 -05:00
Patrick Marchand 1c6fdbf85a Remove warning ignores as they are depreciated
gitea/ansible-roles/pipeline/head This commit looks good Details
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:32:32 -05:00
William Hirigoyen 7005344a5b evolinux-base: ensure dbus enabled and started
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-19 17:07:18 +01:00
William Hirigoyen 144c723e87 Revert "evolinux-base: ensure dbus enabled and started"
This reverts commit d8238d04c2.
2022-12-19 17:04:42 +01:00
William Hirigoyen d8238d04c2 evolinux-base: ensure dbus enabled and started
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-19 17:02:10 +01:00
Eric Morino a6cfc0159b Add logrotate for mysql_skip log file
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:31:43 +01:00
Eric Morino 506e7ff3a3 Add mysql_skip_enabled in main
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:25:46 +01:00
Eric Morino 2493219270 Add mysql_skip.sh
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:18:33 +01:00
Eric Morino ab3e648f18 Add variable for fix logging
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-15 14:47:04 +01:00
William Hirigoyen 55a64845ce postfix: add localhost. to mydestination
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-15 11:49:35 +01:00
Bruno Tatu ae94f979a4 Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 17:53:20 +01:00
Bruno Tatu 6aac8933b8 Support dbpurgeage if is a number or a string 2022-12-14 17:53:10 +01:00
Jérémy Lecour e1e4f39778 Merge pull request 'Release 22.12' (#165) from unstable into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
Reviewed-on: #165
2022-12-14 12:02:45 +01:00
Jérémy Lecour 27a4f574f1 Merge branch 'stable' into unstable 2022-12-14 12:02:17 +01:00
Jérémy Lecour 0622e9ff1e fix non-breaking spaces 2022-12-14 11:47:53 +01:00
Jérémy Lecour 240ccee12b Release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 11:39:51 +01:00
Jérémy Lecour 21ab9b1e68 Revert ce5e4b12c6
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 11:30:35 +01:00
Ludovic Poujol ac85efe8aa vrrpd: Small fix to work in check mode
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 11:01:03 +01:00
Bruno Tatu fa9d5b8b81 git pushMerge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 09:50:21 +01:00
Bruno Tatu 1acd2f63db on enlève bc 2022-12-14 09:50:16 +01:00
Jérémy Lecour 34fefa1212 typos
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 07:46:12 +01:00
Jérémy Lecour 1728eaee68 Revert "Add “when: not ansible_check_mode” to allow more --check"
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit fafff25c20.
This reverts commit e64471c5a8084f95a8e6f955d3fa918c55b8e846.
2022-12-14 07:41:18 +01:00
Jérémy Dubois 91b40ce72f openvpn: Fix mode of shellpki script
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-13 19:37:54 +01:00
Jérémy Dubois 9918776286 openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-13 17:53:59 +01:00
Jérémy Dubois 0722b84341 openvpn: shellpki upstream release 22.12.2 2022-12-13 17:50:09 +01:00
David Prevot d4f58b9395 Drop duplicate when keys introduced in fafff25c20
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-12 14:29:07 +01:00
Ludovic Poujol b02400fd84 php: (partial) fix duplicate when
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-12 12:36:29 +01:00
David Prevot ce5e4b12c6 Apache: Drop duplicate when keys
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-12 11:54:00 +01:00
Bruno Tatu 4e7a46c9c3 Run VACUUM where there are enough space and always delete old IPs
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-12 11:02:31 +01:00
Mathieu Trossevin bc1facd1ba
proftpd: Fix mode of public key files and directory
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-09 10:19:51 +01:00
Mathieu Trossevin 101c282846
proftpd: Fix format of public key files controlled by ansible
gitea/ansible-roles/pipeline/head This commit looks good Details
The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.

Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.
2022-12-08 17:32:53 +01:00
Bruno Tatu e415800508 Run if there are enough place
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-08 17:17:32 +01:00
Jérémy Lecour ce361c6819 listupgrade: sort/uniq of packages/services lists in email template
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-07 21:05:12 +01:00
Jérémy Lecour 3c2369a3a2 listupgrade: better detection for PostgreSQL 2022-12-07 21:04:33 +01:00
Alexis Ben Miloud--Josselin 982112bd64 rabbitmq: add link in default page
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-07 15:49:03 +01:00
Jérémy Lecour 22f30b59f2 certbot: auto-detect HAPEE version in renewal hook
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-05 14:22:12 +01:00
Jérémy Dubois 6cc3e03864 openvpn: specifies that the mail for expirations is for OpenVPN
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-05 09:52:20 +01:00
Jérémy Dubois 5e63340aa9 openvpn: shellpki upstream release 22.12.1
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-02 18:06:12 +01:00
David Prevot fafff25c20 Add “when: not ansible_check_mode” to allow more --check
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-02 17:40:43 +01:00
David Prevot a1bad43b25 Drop unsigned repository when adding a signed one 2022-12-02 17:40:43 +01:00
Jérémy Dubois cca072425b openvpn: shellpki upstream release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-01 16:56:23 +01:00
Jérémy Dubois cd2c1931b1 keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-28 17:16:43 +01:00
Jérémy Lecour c96f28e47b evocheck: install script according to Debian version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-27 22:14:39 +01:00
Jérémy Lecour 08db230c29 Merge branch 'debian12' into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-27 18:29:57 +01:00
Jérémy Lecour 4156142c85 docker: no need to specify the architecture
We use only adm64 servers (for now)
2022-11-27 18:07:30 +01:00
Jérémy Lecour 54dca82838 varnish: fix missing state, that blocked the task
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-26 19:10:21 +01:00
Jérémy Lecour 665177556e evomaintenance: allow missing API endpoint if APi is disabled 2022-11-26 19:09:05 +01:00
David Prevot 057224fb38 Skip task in check_mode
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-25 15:56:19 +01:00
David Prevot 171ece7bba MongoDB: Dimiss apt-key use (#58271) and allow to choose mongodb_version on Jessie
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-24 11:13:12 +01:00
Jérémy Lecour ecd9d1543f varnish: better package facts usage with check mode and tags
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-21 15:46:46 +01:00
Jérémy Lecour d289c76970 varnish: fix package facts 2022-11-21 14:15:49 +01:00
Alexis Ben Miloud--Josselin 396afa0a75 nagios-nrpe: add ceph checks to changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-15 11:08:01 +01:00
Alexis Ben Miloud--Josselin b797a5059a nagios-nrpe: add ceph checks
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-15 11:06:47 +01:00
Mathieu Trossevin 83138f0a0b
nagios-nrpe: Correct port for check_opendkim
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-09 17:05:54 +01:00
Jérémy Lecour 9d120ee958 php: add restart handler for php8.1-fpm 2022-11-06 15:27:49 +01:00
Jérémy Lecour faeb92230b packweb-apache: manual dependencies resolution
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-06 15:25:17 +01:00
Jérémy Lecour 4050dbea7a packweb-apache: enable log_forensic module 2022-11-06 15:25:17 +01:00
Jérémy Lecour 1fae737ac4 Use bullseye suite even for bookworm 2022-11-06 15:25:17 +01:00
Jérémy Lecour b36d4c4766 various fixes for Debian 12 2022-11-06 15:25:17 +01:00
Jérémy Lecour 4c9aaf6d86 Merge branch 'unstable' into debian12-keyring
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-06 10:19:36 +01:00
Jérémy Lecour a1bf300d54 bookworm-detect: transitional role to help dealing with unreleased bookworm version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-05 21:15:21 +01:00
Jérémy Lecour 573a6e1d97 logstash: fix elastic signature 2022-11-03 14:39:35 +01:00
Jérémy Lecour 28540247f0 Add signed-by option for additional APT sources
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 23:17:08 +01:00
Jérémy Lecour f531460f49 Use proper keyrings directory for APT version
Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings
2022-11-02 23:16:32 +01:00
Jérémy Lecour 7f3f7b3e04 varnish: fix tags and variables
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 22:32:56 +01:00
Jérémy Lecour c9ccda2277 varnish: create special tmp directory for syntax validation
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 19:45:15 +01:00
Jérémy Lecour 4d259d3c04 varnish: systemd override depends on Varnish
gitea/ansible-roles/pipeline/head This commit looks good Details
Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible
2022-11-02 13:55:03 +01:00
William Hirigoyen b1138c07ee lxc-php: Fix register instruction in wrong order and indentation
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-11-02 11:10:56 +01:00
William Hirigoyen 912cec5a78 lxc-php: update changelog.
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-26 15:25:22 +02:00
William Hirigoyen 18fb89234c lxc-php: restart container instead of reload after php-fpm unit's umask change. 2022-10-26 15:23:46 +02:00
William Hirigoyen (Evolix) 2692ac5661 Ajoute l'umask 0007 au service php-fpm 2022-10-26 09:56:33 +02:00
Jérémy Lecour 857b3e0e45 nagios-nrpe: check_haproxy_stats supports DRAIN status
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-20 15:46:04 +02:00
Jérémy Lecour 554c086b79 redis: variable to disable transparent hugepage (default: do nothing)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-20 14:38:12 +02:00
Jérémy Lecour fc52fbf4bc redis: some values should be quoted
When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.
2022-10-20 14:36:47 +02:00
Jérémy Lecour ed4fdce58c clean duplicate
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-19 16:33:25 +02:00
Jérémy Lecour f71075d4ef evolinux-base: replace regular kernel by cloud kernel on virtual servers 2022-10-19 16:33:25 +02:00
Jérémy Dubois 6be2ff3b48 evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-17 11:37:58 +02:00
Jérémy Lecour 05e782c6f8 evolinux-base: remove deprecated tasks files
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-11 17:58:27 +02:00
Jérémy Lecour 2d16aeb41e evolinux-base: utils.yml can be excluded
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-11 13:37:21 +02:00
Mathieu Trossevin 4f9d6868e0
evolinux-user: sudoers privileges for check php\fpm80 and 81
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-07 14:16:32 +02:00
David Prevot 8114f7c89b mongodb: Allow to install version 5.0 on Bullseye
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-04 16:55:21 +02:00
Jérémy Lecour 15d7756881 minifirewall: whitelist deb.freexian.com
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-10-03 18:54:29 +02:00
Jérémy Lecour 8e1b682ccc squid: whitelist deb.freexian.com 2022-10-03 18:54:05 +02:00
Jérémy Lecour c6fb24f7d8 lxc-solr: use default JRE package
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-30 11:39:50 +02:00
Jérémy Lecour 792d1170ab java: use default JRE when version is not specified 2022-09-30 11:39:05 +02:00
Jérémy Lecour 6aeaab078d lxc-solr: set homedir and port at install
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-27 07:47:26 +02:00
Jérémy Lecour d52ab34f4f * lxc-solr : add comments 2022-09-26 23:48:05 +02:00
Jérémy Lecour 46deb04005 lxc-solr: choose java package and download URL according to Solr Version 2022-09-26 23:47:55 +02:00
Jérémy Lecour 26f9d171a4 lxc-solr: detect the real partition options 2022-09-26 23:46:29 +02:00
Jérémy Lecour c3670ce897 Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2022-09-19 17:06:57 +02:00
Jérémy Lecour 8089d90bd1 Release 22.09
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-19 17:06:25 +02:00
Ludovic Poujol a540235077 munin: Add ipmi_ plugins on dedicated hardware
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 11:45:24 +02:00
William Hirigoyen c310482ba6 domains: revert commits moved to dev branch domains
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 10:48:55 +02:00
William Hirigoyen 0964865c4c domains: integrate role into evolinux-base
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 10:14:45 +02:00
Jérémy Lecour 6f04a41557 fail2ban: fix dovecot-evolix regex syntax
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-15 09:48:34 +02:00
William Hirigoyen 55f694f051 Update CHANGELOG
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 12:21:13 +02:00
William Hirigoyen e0ba847e9c nagios-nrpe: upgrade check_mongo
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 12:19:55 +02:00
William Hirigoyen 6ce3004818 domains: improve CLI user interface (messages, option names...).
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 11:03:55 +02:00
Jérémy Lecour d8a2dccf36 evocheck: upstream release 22.09
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 10:55:02 +02:00
William Hirigoyen 25cedd2be9 domains: fix rename inspect-domains to domains
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 10:47:52 +02:00
William Hirigoyen 41e908da5c inspect-domains: Renamme inspect-domains to domains
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-14 10:44:19 +02:00
Ludovic Poujol cd46dd8320 proftpd: Add a warning if config file was overriden
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-13 16:31:03 +02:00
Ludovic Poujol 9631476a06 proftpd: Allow user auth with ssh keys 2022-09-13 16:29:59 +02:00
Ludovic Poujol 7c4a169fb8 proftpd: Add options to override configs 2022-09-13 16:26:10 +02:00
Jérémy Lecour 28276b5d6f evolinux-base: update-evobackup-canary upstream release 22.06
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-12 13:54:57 +02:00
Jérémy Lecour 3c1ec588fd minifirewall: use handlers to restart minifirewall
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-09 16:09:48 +02:00
Jérémy Dubois c3be57410d openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-06 11:27:20 +02:00
William Hirigoyen 7e979132f7 inspect-domains : add Nginx support
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-05 18:50:13 +02:00
Eric Morino c28ded807d Fix command for generate password with mkpasswd
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-05 11:42:49 +02:00
William Hirigoyen 6fa89e69a5 Update changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-02 15:48:09 +02:00
Ludovic Poujol 18b450b8c3 webapp/nextcloud: Updates on vhost
gitea/ansible-roles/pipeline/head This commit looks good Details
- Add comments for SSL settinfs
- Remove userlog
2022-09-02 10:25:22 +02:00
Ludovic Poujol 4f0553c057 webapp/nextcloud: use ini_file for php settings to not destror our zzz-evolinux-custom.ini 2022-09-02 10:18:48 +02:00
Ludovic Poujol 0ec14fa2eb memcached: multi instance check requires bash instead of sh
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 15:48:15 +02:00
Ludovic Poujol 1f52700b47 memcached: NRPE check for multi-instance setup
gitea/ansible-roles/pipeline/head This commit looks good Details
Also some cleanup & split of tasks between single and multi instance

Note: Munin part seems still broken at the time
2022-09-01 15:33:00 +02:00
William Hirigoyen 16e0f923ef check_domains: Fix script and check
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 14:58:40 +02:00
Ludovic Poujol 4bb2edae69 webapp/nextcloud: Use latest version of branch 24
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 12:46:37 +02:00
Ludovic Poujol 5c7a7fe768 webapp/nextlcloud: Reorganize tasks files
- Apache : Split system/vhost stuff
- MySQL : Rename task file to follow same convention as apache
2022-09-01 12:46:37 +02:00
Ludovic Poujol d5e34d0a77 webapp/nextcloud: Multiple changes in vhost
- Have only one domain as ServerName (otherwise you get an invalid apache config
- Add all other domains as ServerAlias
- Remove auto redirect vers ServerName
- Correct indentation
2022-09-01 12:46:37 +02:00
Ludovic Poujol 1ad3e0de37 webapp/nextcloud: Dont add www-data to the application group 2022-09-01 12:46:37 +02:00
Ludovic Poujol 2656b5fc51 webapp/nextcloud: Change default folder mode to 0700
(+ better tasks name for user/group creation)
2022-09-01 12:46:37 +02:00
Ludovic Poujol a03a338af9 webapps/nextcloud: Use var nextcloud_user for unix group instead of instance_name to prevent mixup 2022-09-01 12:46:37 +02:00
Ludovic Poujol ee67ebca8b webapps/nextcloud: Drop support for Nginx 2022-09-01 12:46:37 +02:00
William Hirigoyen 2bda54a7bd Update CHANGELOG.md
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 12:07:47 +02:00
William Hirigoyen 46eab710ee inspect-domains: add role 2022-09-01 12:05:50 +02:00
William Hirigoyen f74b6f394b nagios-nrpe: add heck_domains 2022-09-01 12:05:50 +02:00
Ludovic Poujol d165a104f2 * webapps/nextcloud: Add missing dependencies for imagick
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-09-01 11:28:08 +02:00
Eric Morino 3a59f5b7ca Add variable 'proftpd_default_address' on virtualhost
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-31 17:03:44 +02:00
Eric Morino 18dd64df50 Add load module mod_ident 2022-08-31 17:03:44 +02:00
William Hirigoyen f2e49d7b12 mysql: support for new Debian 11 conf for Munin
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-29 18:05:57 +02:00
Ludovic Poujol 4a3b40d986 generate-ldif: Support any MariaDB version
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-29 17:29:14 +02:00
William Hirigoyen efdbdee6a1 [generate-ldif] Make MariaDB version detection more generic. 2022-08-29 17:28:57 +02:00
Jérémy Lecour c7a6b3e694 evocheck: upstream release 22.08.1
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-29 17:03:31 +02:00
Jérémy Lecour 71aafe161c evocheck: upstream release 22.08 2022-08-29 17:03:31 +02:00
Eric Morino 9a25d5981f add webapps/nextcloud changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-26 16:34:19 +02:00
Eric Morino aee925d667 Add php configuration for apache and cli globaly
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-26 16:28:30 +02:00
Eric Morino f1485451ef rendu compatible le rôle avec apache pour nextcloud01
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-25 17:35:10 +02:00
Jérémy Lecour 5fa7f4809c vrrp: fix systemd unit name
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-24 17:58:46 +02:00
Ludovic Poujol bd6c7792a8 vrrpd: Fix systemd service name file
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-24 17:57:27 +02:00
Jérémy Lecour f0e63c5748 Merge branch 'vrrp-addresses' into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-24 16:24:39 +02:00
Patrick Marchand a12f68fb87 Merge pull request 'evolinux-users: Only create a subset of users' (#162) from P10077 into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
Reviewed-on: #162
2022-08-24 15:59:35 +02:00
Jérémy Lecour 8e7c3a47aa Update 'evolinux-users/README.md'
Add a `create` key in examples
2022-08-24 15:24:54 +02:00
Jérémy Lecour 018eee7ea0 Update 'CHANGELOG.md'
* use role name
* more descriptive message
* order items alphabetically
2022-08-24 15:22:25 +02:00
Patrick Marchand 2c1ec040d1 Simplify user subset creation
Instead of tags, allow only one subset of users to be created at a time.
2022-08-24 09:05:29 -04:00
Patrick Marchand 9dfcfe1ef3 Made it possible to only create a subset of users
gitea/ansible-roles/pipeline/head This commit looks good Details
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
2022-08-23 20:18:45 -04:00
Jérémy Lecour 1972826c79 vrrpd: better process management in systemd unit
continuous-integration/drone/push Build is passing Details
2022-08-19 12:03:34 +02:00
David Prevot 3bd4b92425 CHANGELOG: Document previous ($self) change
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-18 10:27:26 +02:00
Jérémy Lecour d0abfa985c redis: config directory must be owned by the user that runs the service
gitea/ansible-roles/pipeline/head This commit looks good Details
… to be able to write tmp config files in it
2022-08-17 16:53:07 +02:00
David Prevot a55d06f58e PHP: Install php-xml now that it has been split off
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-17 16:25:48 +02:00
William Hirigoyen (Evolix) 541efa78a3 [nagios-nrpe] Ajout check_ssl_local
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-11 15:08:20 +02:00
William Hirigoyen (Evolix) b47a2e46d9 [nagios-nrpe] Ajout check_ssl_local 2022-08-11 15:08:20 +02:00
Jérémy Dubois de0c4fd314 openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 17:23:47 +02:00
Mathieu Trossevin 78dcec8656
varnish: Repair systemd unit for jessie/stretch
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 11:18:23 +02:00
Mathieu Trossevin 08a4f1ed5f
Document previous change
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 10:26:37 +02:00
Mathieu Trossevin 141423f966
haproxy: Take into account haproxy_stats_path for munin
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-10 10:24:55 +02:00
William Hirigoyen (Evolix) 0748a090c3 [evocheck] Add /etc/network/interfaces.d support
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-08-05 09:26:05 +02:00
David Prevot f78e60d72a Revert "CI: Handle [ci skip] keyword"
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit 70225180eb.
2022-08-03 13:55:39 +02:00
William Hirigoyen (Evolix) 6f5bad4a44 [nagios-nrpe] Add 401 error i expected default HTTP code of check_https
gitea/ansible-roles/pipeline/head Build queued... Details
2022-08-02 16:44:08 +02:00
Alexis Ben Miloud--Josselin 644793d2ec Ajouter check_rabbitmq pour Python 3
gitea/ansible-roles/pipeline/head Something is wrong with the build of this commit Details
2022-08-01 17:43:00 +02:00
David Prevot 70225180eb CI: Handle [ci skip] keyword
gitea/ansible-roles/pipeline/head Something is wrong with the build of this commit Details
2022-08-01 10:33:18 +02:00
William Hirigoyen (Evolix) a91479a1b0 [nagios-nrpe] Fix unsecable space
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-07-29 16:34:48 +02:00
William Hirigoyen (Evolix) 2ec3c91ed9 [nagios-nrpe] Add check_ssl_local script
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-07-29 16:33:03 +02:00
David Prevot 7e21b13d6a CI: Explicit registry credentials
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-07-29 08:33:51 +02:00
David Prevot 9aa043d1ab CI: Use Jenkins only
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2022-07-28 17:25:09 +02:00
Jérémy Lecour 6c33e11d5f evocheck: upstream release 22.07.1
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 14:18:12 +02:00
Jérémy Lecour 0f899dcd09 evocheck: remove failure if deprecated variable is used
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 13:58:09 +02:00
Jérémy Lecour 296f081d2f Merge pull request 'release 22.07.1' (#160) from unstable into stable
continuous-integration/drone/push Build is passing Details
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/tag Build is passing Details
Reviewed-on: #160
2022-07-28 13:51:56 +02:00
Jérémy Lecour 25b96c3283 Release 22.07.1
continuous-integration/drone/push Build is running Details
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/pr Build is passing Details
gitea/ansible-roles/pipeline/pr-stable This commit looks good Details
2022-07-28 13:49:57 +02:00
Jérémy Lecour f10ebe8cd6 evocheck: upstream release 22.07 2022-07-28 13:38:33 +02:00
Jérémy Lecour c8898a3d10 nagios-nrpe: use regexp to exclude paths/devices in check_disk1
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-28 13:25:51 +02:00
William Hirigoyen (Evolix) 0c6284667c [generate-ldif] Fix package condition to have IMAP and POP checks added to ldif.
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-27 18:51:24 +02:00
Jérémy Lecour 0d086731ae evomaintenance: upstream release 22.07
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-27 15:49:41 +02:00
William Hirigoyen (Evolix) a8c117146c [webapps/roundcube] Corrige le DocumentRoot
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
2022-07-27 11:09:23 +02:00
Jérémy Lecour b8131ab16a Merge pull request 'CI: Support Jenkins' (#158) from dprevot/ansible-roles:jenkins into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
continuous-integration/drone/push Build is passing Details
Reviewed-on: #158
2022-07-27 09:55:50 +02:00
Jérémy Lecour f7edd565a3 nagios-nrpe: check_disk1 returns only alerts
continuous-integration/drone/push Build is passing Details
2022-07-27 09:24:46 +02:00
Jérémy Lecour b453321b3d nagios-nrpe: exclude /run/shm and /run/lock from check_disk1 2022-07-27 09:24:46 +02:00
William Hirigoyen (Evolix) 4b39f5a998 [webapps/evoadmin-mail] Ajout remount RW manquant
continuous-integration/drone/push Build is passing Details
2022-07-25 17:58:51 +02:00
William Hirigoyen (Evolix) 3f9ac05b13 Homogénéisation du port OpenDKIM par défaut du rôle postfix avec celui du rôle OpenDKIM
continuous-integration/drone/push Build is passing Details
2022-07-25 17:29:19 +02:00
William Hirigoyen (Evolix) fa5eb5aa5c Avoid find warning global options are not positional (-maxdepth after the argument -type)
continuous-integration/drone/push Build is passing Details
2022-07-20 11:02:44 +02:00
David Prevot d67e03e5a2 packweb-apache/files/userlogrotate: tfix (comments).
continuous-integration/drone/push Build is passing Details
2022-07-19 17:24:04 +02:00
William Hirigoyen (Evolix) 66563d0bf3 [packweb-apache] #66841 : ajout tâche update_userlogrotate.yml
continuous-integration/drone/push Build is passing Details
2022-07-19 17:19:58 +02:00
Alexis Ben Miloud--Josselin 8cdaee9658 [php] Corriger installation sury pour les packweb en bullseye
continuous-integration/drone/push Build is passing Details
2022-07-19 15:49:25 +02:00
William Hirigoyen (Evolix) 9742ec078e [packweb-apache] Fix unsecable spaces
continuous-integration/drone/push Build is passing Details
2022-07-19 15:04:25 +02:00
William Hirigoyen (Evolix) 2e54944a24 [packweb-apache] Do gzip logs after web server reload instead of before to address 'file size changed while zipping' error.
continuous-integration/drone/push Build is passing Details
2022-07-19 15:02:54 +02:00
Jérémy Lecour 0b41efd188 mongodb: replace version_compare() with version()
continuous-integration/drone/push Build is passing Details
2022-07-18 15:54:42 +02:00
Bruno TATU 213c6dd6ac Add change for fail2ban role
continuous-integration/drone/push Build is passing Details
2022-07-08 11:28:29 +02:00
Bruno TATU e0c95b4c78 Ensure apply dbpurgeage from stretch and buster for fail2ban
continuous-integration/drone/push Build is passing Details
2022-07-08 11:26:00 +02:00
Jérémy Lecour f8cb5d9496 Merge branch 'unstable' into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is failing Details
2022-07-06 18:03:18 +02:00
Jérémy Lecour 53847d9919 Release 22.07
continuous-integration/drone/push Build is passing Details
2022-07-06 18:02:42 +02:00
Jérémy Lecour a387304483 Fix CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-07-06 14:26:13 +02:00
Jérémy Lecour 0a3bfd7f27 evolinux-base: session timeout is configurable
continuous-integration/drone/push Build is passing Details
2022-07-06 14:24:41 +02:00
Brice Waegeneire 6d73acc866 Add nagios check mount rw
continuous-integration/drone/push Build is passing Details
2022-07-05 16:00:22 +02:00
Brice Waegeneire 4d50bab03b base: Extract dump-server-state in task file
continuous-integration/drone/push Build is passing Details
2022-07-05 15:57:41 +02:00
Brice Waegeneire 71879b999c nginx: Start server once.
Nginx is already started at the end of the main task. Starting the
service before we configure it correctly can put the role as failed if
the default configuration don't work on the host.
2022-07-05 15:57:41 +02:00
Ludovic Poujol e198cf67dc evoadmin-web: Update comment in template on how password hashes should be generated
continuous-integration/drone/push Build is passing Details
2022-07-05 11:26:40 +02:00
Eric Morino 028bfe209a Add change in kvm-host
continuous-integration/drone/push Build is passing Details
2022-07-05 10:18:49 +02:00
Eric Morino 34a3591192 Fix depreciation of drbd-overview by drbdadm status
continuous-integration/drone/push Build is passing Details
2022-07-05 10:16:47 +02:00
Jérémy Dubois 68ac8fc058 openvpn: configure logrotate
continuous-integration/drone/push Build is passing Details
2022-06-30 10:12:36 +02:00
Jérémy Dubois 07c3c0226f openvpn: minimal rights on /etc/shellpki/ and crl.pem
continuous-integration/drone/push Build is passing Details
2022-06-29 16:09:04 +02:00
David Prevot 835072c1e2 CI: Support Jenkins
continuous-integration/drone/pr Build is failing Details
gitea.evolix.org on plain agent00/ansible-roles/pipeline/pr-unstable There was a failure building this commit Details
gitea.evolix.org/ansible-roles/pipeline/pr-unstable There was a failure building this commit Details
gitea/ansible-roles/pipeline/pr-unstable There was a failure building this commit Details
2022-06-29 15:07:29 +02:00
Jérémy Lecour 205e699355 minifirewall: docker mode is configurable
continuous-integration/drone/push Build is passing Details
2022-06-22 17:20:15 +02:00
Jérémy Lecour abb14e5b52 haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value
continuous-integration/drone/push Build is passing Details
2022-06-22 15:32:10 +02:00
Ludovic Poujol 519ef930df Update PermitRootLogin task to work on Debian 11
continuous-integration/drone/push Build is passing Details
2022-06-21 15:13:38 +02:00
Jérémy Lecour 5581801cc9 Merge pull request 'release 22.06.3' (#157) from unstable into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
Reviewed-on: #157
2022-06-17 11:02:17 +02:00
Jérémy Lecour 050c61c220 Release 22.06.3
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
2022-06-17 11:00:51 +02:00
Brice Waegeneire adc89a1b65 Add nagios check for Redis Sentinel synchro 2022-06-17 10:59:17 +02:00
Jérémy Lecour a1995f0e74 WIP: add vrrp addresses via Ansible
continuous-integration/drone/push Build is passing Details
2022-06-17 10:54:26 +02:00
Eric Morino a38a174b83 Add create: yes for file 0-blacklist
continuous-integration/drone/push Build is passing Details
2022-06-16 16:08:10 +02:00
Jérémy Lecour 57ecac01ba evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
continuous-integration/drone/push Build is passing Details
2022-06-16 15:19:44 +02:00
William Hirigoyen (Evolix) dd990fe6d5 Update changelog
continuous-integration/drone/push Build is passing Details
2022-06-13 17:37:47 +02:00
William Hirigoyen (Evolix) 3623363b94 Update changelog for version 22.06
continuous-integration/drone/push Build is passing Details
2022-06-13 17:35:31 +02:00
Jérémy Lecour e3715ca2d6 Merge branch 'unstable' into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2022-06-10 11:12:45 +02:00
Jérémy Lecour 556719bbf2 Release 22.06.2
continuous-integration/drone/push Build is passing Details
2022-06-10 11:11:44 +02:00
Ludovic Poujol b3ac39decd postgresql: Fix task order when using pgdg repo & Install the right pg version
continuous-integration/drone/push Build is passing Details
2022-06-09 10:33:28 +02:00
Jérémy Lecour 31c49a125b evocheck: manual fix of find syntax
continuous-integration/drone/push Build is passing Details
2022-06-09 07:47:00 +02:00
Jérémy Lecour cea1408bba evocheck: upstream release 22.06.2
continuous-integration/drone/push Build is passing Details
2022-06-09 07:42:29 +02:00
Jérémy Lecour 4d1d77faaf postgresql: add variable to configure binding addresses (default: 127.0.0.1) 2022-06-09 07:41:52 +02:00
Ludovic Poujol 1e19418fb0 Fail2ban: Multiple changes & improvements :
continuous-integration/drone/push Build is passing Details
* Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* If jail.local was overriden, add a warning
* Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* Allow to tune the default action with ansible
* Change default action to ban only (instead of ban + mail with whois report)
* Configure recidive jail (off by default) + extend dbpurgeage
2022-06-08 17:55:58 +02:00
Jérémy Lecour bcaacdf57f postgresql: fix nested loop for Munin plugins
continuous-integration/drone/push Build is passing Details
2022-06-08 15:39:34 +02:00
Jérémy Lecour e6ea44ff29 Explicit loop variable names 2022-06-08 15:38:48 +02:00
Jérémy Lecour cbe7985814 Enforce String notation for mode 2022-06-08 15:38:21 +02:00
Jérémy Lecour b677defd97 redis: binding is possible on multiple interfaces 2022-06-08 15:36:47 +02:00
Jérémy Lecour 78ef69bb6e Merge branch 'unstable' into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2022-06-06 15:07:35 +02:00
Jérémy Lecour 1895c549d4 Release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-06 15:07:10 +02:00
Jérémy Lecour 3d70438f7e evocheck: upstream release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-06 15:05:59 +02:00
Jérémy Lecour 16cdd6b326 evolinux-base: dir-check makes a file named after the reference directory
continuous-integration/drone/push Build is passing Details
2022-06-06 14:43:18 +02:00
Jérémy Lecour 4cd7e0f4a1 minifirewall: upstream release 22.06 2022-06-06 14:42:22 +02:00
Jérémy Lecour 56c2c19d61 evomariabackup: release 22.06.1
continuous-integration/drone/push Build is passing Details
2022-06-05 21:49:23 +02:00
Jérémy Lecour 6d0e49ba90 mysql: reorganize evomariabackup to use mtree instead of our own dir-check
continuous-integration/drone/push Build is passing Details
2022-06-05 21:48:04 +02:00
William Hirigoyen (Evolix) c4023a4f49 Détecte automatiquement si le serveur est baremetal pour installer les outils hw, suppression de la variable evolinux_packages_hardware inutile
continuous-integration/drone/push Build is passing Details
2022-06-03 16:22:56 +02:00
Jérémy Lecour 36b11c4455 evolinux-base: improve dir-check logging
continuous-integration/drone/push Build is passing Details
2022-06-03 11:26:13 +02:00
Jérémy Lecour 6c7108a35a mysql: add --force-unlock option to evomariabackup
continuous-integration/drone/push Build is passing Details
2022-06-03 11:14:09 +02:00
Jérémy Lecour 3e4c851c3e mysql: match default value to documentation, in evomariabackup 2022-06-03 11:13:36 +02:00
Jérémy Lecour 8753f59823 mysql: fix comment for evomariabackup 2022-06-03 11:12:47 +02:00
Jérémy Lecour b9f0e0d061 Log BEGIN/END of main action 2022-06-03 11:09:38 +02:00
Jérémy Lecour e718156f86 fix CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-06-03 10:19:35 +02:00
Jérémy Lecour 96493675b6 fix changelog
continuous-integration/drone/push Build is passing Details
2022-06-03 10:17:20 +02:00
Jérémy Lecour 24f34b200c Merge branch 'unstable' into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is failing Details
2022-06-03 09:27:12 +02:00
Jérémy Lecour e8e99bb9b6 Release 22.06
continuous-integration/drone/push Build is passing Details
2022-06-03 09:27:01 +02:00
Jérémy Lecour 9378f5634c add missing entry in CHANGELOG
continuous-integration/drone/push Build is passing Details
2022-06-03 09:26:07 +02:00
Jérémy Lecour 51908f64b9 evocheck: upstream release 22.06
continuous-integration/drone/push Build is passing Details
2022-06-03 09:15:04 +02:00
Jérémy Lecour c4f279cf8e evomariabackup: release 22.06
continuous-integration/drone/push Build is passing Details
2022-06-02 18:27:59 +02:00
Jérémy Lecour 586aa206a8 mysql: add post-backup-hook to evomariabackup 2022-06-02 18:26:23 +02:00
Jérémy Lecour 9af289b2a9 evomariabackup: reorder log lines 2022-06-02 18:25:12 +02:00
Jérémy Lecour db28f0c47d dir-check: change naming and add log file 2022-06-02 18:23:40 +02:00
Jérémy Lecour df0c850ceb dir-check: mandatory action parameter
continuous-integration/drone/push Build is passing Details
2022-06-01 17:49:28 +02:00
Jérémy Lecour f0e967518b small fixes to dir-check
continuous-integration/drone/push Build is passing Details
2022-06-01 17:38:45 +02:00
Jérémy Lecour b8b96bb5b7 mysql: use dir-check inside evomariabackup
continuous-integration/drone/push Build is passing Details
2022-06-01 17:24:55 +02:00
Jérémy Lecour 249e53fc21 evolinux-base: add dir-check script 2022-06-01 17:24:55 +02:00
Gregory Colpart e9bc035fb9 add set crypt_use_gpgme=no Mutt option
continuous-integration/drone/push Build is passing Details
2022-06-01 15:25:05 +02:00
Jérémy Lecour 17a2032a10 evolinux-base: add update-evobackup-canary script
continuous-integration/drone/push Build is passing Details
2022-06-01 10:46:13 +02:00
William Hirigoyen (Evolix) e50fbdd2b8 #66153 : fix missing locahost and localhost.localdomain in postfix main.cf mydestination
continuous-integration/drone/push Build is passing Details
2022-05-31 14:13:13 +02:00
Jérémy Lecour b3dbcb082f certbot: add hapee (HAProxy Enterprise Edition) deploy hook
continuous-integration/drone/push Build is passing Details
2022-05-31 14:06:25 +02:00
Gregory Colpart 269c7242a5 correction du depot security pour Debian 11
continuous-integration/drone/push Build is passing Details
2022-05-27 23:05:07 +02:00
William Hirigoyen (Evolix) 2d98d50943 Fix le chemin du paquet .deb d'Evoadmin-mail
continuous-integration/drone/push Build is passing Details
2022-05-25 17:48:46 +02:00
William Hirigoyen (Evolix) 852ed38b56 Revert "Suppression lien symbolique boucle récursive (créé par Victor en mars 2018)"
continuous-integration/drone/push Build is passing Details
This reverts commit c1f0178daa.
2022-05-25 09:37:46 +02:00
William Hirigoyen (Evolix) c1f0178daa Suppression lien symbolique boucle récursive (créé par Victor en mars 2018)
continuous-integration/drone/push Build is passing Details
2022-05-25 09:31:37 +02:00
Alexis Ben Miloud--Josselin 145edbd3f7 Use is-enabled to check if alert5 is enabled
continuous-integration/drone/push Build is passing Details
2022-05-24 18:05:25 +02:00
Ludovic Poujol 134355d190 docker: Allow live-restore to be toggled with docker_conf_live_restore
continuous-integration/drone/push Build is passing Details
2022-05-24 16:22:49 +02:00
Eric Morino c6dec34f10 Add wmware_provider.rc variable
continuous-integration/drone/push Build is passing Details
2022-05-17 15:09:16 +02:00
Eric Morino 19ca65f55f Add task for VMware provider for install open-vm-tools
continuous-integration/drone/push Build is passing Details
2022-05-17 15:05:20 +02:00
Jérémy Lecour f01f4dece6 minifirewall: add debug for variables
continuous-integration/drone/push Build is passing Details
2022-05-17 11:19:13 +02:00
Jérémy Lecour 40546d077a Merge branch 'unstable' into stable
continuous-integration/drone/tag Build is passing Details
continuous-integration/drone/push Build is passing Details
2022-05-12 15:49:46 +02:00
Jérémy Lecour 1a9c219c5b Release 22.05.1
continuous-integration/drone/push Build is passing Details
2022-05-12 15:49:18 +02:00
Jérémy Lecour f82a81844d evocheck: upstream release 22.05
continuous-integration/drone/push Build is passing Details
2022-05-12 15:47:50 +02:00
William Hirigoyen (Evolix) 36ed916b96 Adapte le check minifirewall pour le cas systemd
continuous-integration/drone/push Build is passing Details
2022-05-11 17:46:16 +02:00
Ludovic Poujol 9973a62c16 docker : Introduce new variables to tweak daemon settings
continuous-integration/drone/push Build is passing Details
2022-05-10 19:04:58 +02:00
Ludovic Poujol 6aa7b89b78 docker : Introduce new default settings + allow to change the docker data directory
continuous-integration/drone/push Build is passing Details
2022-05-10 18:21:59 +02:00
Ludovic Poujol 7762ae64b3 docker: Remove (broken?) systemd override 2022-05-10 17:40:27 +02:00
Ludovic Poujol 1b4d4c98fe docker : Removed Debian Jessie support 2022-05-10 17:39:45 +02:00
Jérémy Lecour c273117c5f Merge pull request 'Release 22.05' (#155) from unstable into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is failing Details
Reviewed-on: #155
2022-05-10 17:01:15 +02:00
Jérémy Lecour 09872fa4ad Release 22.05
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
2022-05-10 16:58:32 +02:00
Jérémy Lecour dd2072b86b minifirewall: fix failed_when conditions on restart
continuous-integration/drone/push Build is passing Details
2022-05-10 16:40:45 +02:00
Jérémy Lecour 378ee04c82 minifirewall: upstream release 22.05 2022-05-10 15:55:08 +02:00
Eric Morino 3663783509 add change in opendkim role
continuous-integration/drone/push Build is passing Details
2022-05-09 10:19:18 +02:00
Eric Morino a7b4db1b57 Ajout opendkim-genkey en sha256 et taille clé 4096
continuous-integration/drone/push Build is passing Details
2022-05-09 10:14:33 +02:00
Jérémy Lecour 4f4c2229e8 etc-git: release 22.05 of ansible-commit
continuous-integration/drone/push Build is passing Details
2022-05-06 18:10:01 +02:00
Jérémy Lecour 1c6561e6f5 ansible-commit: add --no-lxc flag 2022-05-06 18:09:33 +02:00
Jérémy Lecour a93c1a9141 redis: Don't enable plugins in check mode (prevents errors)
continuous-integration/drone/push Build is passing Details
2022-05-05 09:41:27 +02:00
Jérémy Lecour 749d6a78cd redis: Add log2mail user to redis group 2022-05-05 09:40:30 +02:00
Jérémy Lecour 61cd2b7428 minifirewall: upstream release 22.04
continuous-integration/drone/push Build is passing Details
2022-04-28 19:14:31 +02:00
Jérémy Lecour a53159c93b minifirewall: compatibility with "legacy" version of minifirewall
continuous-integration/drone/push Build is passing Details
2022-04-28 12:40:02 +02:00
Jérémy Lecour 5a99185029 munin: remount /usr before writing
continuous-integration/drone/push Build is passing Details
2022-04-27 18:00:18 +02:00
Jérémy Lecour 666487e00c fix ansible-commit --help
continuous-integration/drone/push Build is passing Details
2022-04-27 15:12:02 +02:00
Jérémy Lecour 805a8ecb3a etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible 2022-04-27 14:22:59 +02:00
Jérémy Lecour 381a71aca1 dump-server-state: upstream release 22.04.3
continuous-integration/drone/push Build is passing Details
2022-04-26 18:21:42 +02:00
Jérémy Lecour 49e4e67c2c fix copyright evocommit
continuous-integration/drone/push Build is passing Details
2022-04-26 11:26:15 +02:00
Jérémy Lecour 55356857b2 dump-server-state: upstream release 22.04.2
continuous-integration/drone/push Build is passing Details
2022-04-26 09:56:49 +02:00
Jérémy Lecour daa54cac8f evocheck: upstream release 22.04.1 2022-04-26 09:56:49 +02:00
Jérémy Dubois cf8aa1a5d3 Merge pull request 'munin: Ensure /usr is writable' (#153) from dprevot/ansible-roles:unstable into unstable
continuous-integration/drone/push Build is passing Details
Reviewed-on: #153
2022-04-25 16:52:48 +02:00
Jérémy Lecour 5935d9d4a3 evocheck: upstream release 22.04
continuous-integration/drone/push Build is passing Details
2022-04-25 09:58:07 +02:00
Jérémy Lecour 58909bc395 vrrpd: Store sysctl values in specific file 2022-04-22 09:32:37 +02:00
Brice Waegeneire 381acc830d Add nagios check for Redis Sentinel synchro
continuous-integration/drone Build is passing Details
2022-04-21 11:28:32 +02:00
Jérémy Lecour 4214db4ad6 fix dump-server-state quote error
continuous-integration/drone/push Build encountered an error Details
2022-04-20 11:14:02 +02:00
Jérémy Lecour a5bae6645e dump-server-state: upstream release 22.04.1
continuous-integration/drone/push Build encountered an error Details
2022-04-20 11:07:20 +02:00
David Prevot 5f4f885556 munin: Ensure /usr is writable
continuous-integration/drone/pr Build encountered an error Details
2022-04-19 16:47:42 +02:00
Jérémy Dubois d66248e9f0 openvpn: update README
continuous-integration/drone/push Build was killed Details
2022-04-14 16:38:43 +02:00
Jérémy Dubois 9161fae0c4 openvpn: use a local copy of files instead of cloning an external git repository
continuous-integration/drone/push Build was killed Details
2022-04-14 16:34:43 +02:00
Jérémy Dubois 4bf14b9a22 munin: Add possibility to install local plugins, and install dhcp_pool plugin
continuous-integration/drone/push Build was killed Details
2022-04-14 10:45:24 +02:00
Ludovic Poujol 959d6a8579 redis : Activate overcommit sysctl 2022-04-12 11:27:46 +02:00
Gregory Colpart e3a75b9584 detect OOM
continuous-integration/drone/push Build was killed Details
2022-04-11 16:34:39 +02:00
Jérémy Lecour 84178d6b24 Tomcat 9 by default with Debian 11
continuous-integration/drone/push Build was killed Details
2022-04-08 11:57:35 +02:00
Jérémy Dubois fca895a231 nagios-nrpe: fix copy/paste error
continuous-integration/drone/push Build was killed Details
2022-04-08 11:05:46 +02:00
Jérémy Dubois 5b2fecb49c Make evocommit fully compatible with OpenBSD
continuous-integration/drone/push Build was killed Details
2022-04-07 10:18:08 +02:00
Jérémy Lecour e71201ab46 dump-server-state: upstream release 22.04
continuous-integration/drone/push Build was killed Details
2022-04-03 11:18:43 +02:00
Jérémy Dubois 726735d269 etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/ 2022-04-01 15:47:44 +02:00
Jérémy Dubois 6434adcc62 nagios-nrpe: Add a check dhcp_pool
continuous-integration/drone/push Build was killed Details
2022-03-31 16:01:23 +02:00
Jérémy Lecour f8a146d3ac ajout IPv6 par défaut
continuous-integration/drone/push Build was killed Details
2022-03-31 09:50:31 +02:00
Jérémy Lecour ed6ca9a85a minifirewall: upstream release 22.03.5
continuous-integration/drone/push Build was killed Details
2022-03-30 22:45:13 +02:00
Mathieu Trossevin ef50defc0a Merge pull request 'Commit changes to /etc of lxc containers that are git repositories' (#149) from lxc_etc-commit into unstable
continuous-integration/drone/push Build was killed Details
Reviewed-on: #149
2022-03-30 16:36:38 +02:00
Mathieu Trossevin 5dc6a1d36b
etc-git: Commit changes to /etc in containers
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-03-30 16:33:00 +02:00
Jérémy Lecour 31c2629d31 minifirewall: configure proxy/backup/sysctl values
continuous-integration/drone/push Build was killed Details
2022-03-30 09:42:56 +02:00
Mathieu Trossevin 20abe0e09a
postfix: Skip milters after amavis (in packmail)
continuous-integration/drone/push Build was killed Details
Otherwise opendkim will sign local mails twice AND sign external mails
(pretending to be) from local domains as if they were local mails.
2022-03-29 16:06:12 +02:00
Jérémy Lecour 75459baa35 dump-server-state: upstream release 22.03.10
continuous-integration/drone/push Build was killed Details
2022-03-29 09:11:35 +02:00
Jérémy Lecour 3feacd0c6d update CHANGELOG
continuous-integration/drone/push Build was killed Details
2022-03-28 13:28:48 +02:00
Jérémy Lecour 1ae978c74a minifirewall: restore "force-restart" and fix "restart-if-needed"
continuous-integration/drone/push Build was killed Details
2022-03-28 13:27:22 +02:00
Ludovic Poujol 6ab0cb4fd1 evolinux-base: Fix utils.yml -> Ne pas déplacer inutilement le script qu'on va de toute façon écraser
continuous-integration/drone/push Build was killed Details
+ Correction du cas d'une machine n'ayant pas le script (fail du mv initial)
2022-03-28 11:56:24 +02:00
Jérémy Lecour 214b6e0d6a dump-server-state: upstream release 22.03.9
continuous-integration/drone/push Build was killed Details
2022-03-27 10:40:52 +02:00
Jérémy Lecour d0f8e6c753 dump-server-state: upstream release 22.03.8
continuous-integration/drone/push Build was killed Details
2022-03-27 10:08:20 +02:00
Jérémy Lecour f0b23ffa50 dump-server-state: split backup-dir and dump-dir options parsing
continuous-integration/drone/push Build was killed Details
2022-03-27 09:31:06 +02:00
Jérémy Lecour 54bf9c1854 evolinux-base: rename backup-server-state to dump-server-state
continuous-integration/drone/push Build was killed Details
2022-03-27 09:18:15 +02:00
Jérémy Lecour c17bb03535 minifirewall: tail template follows symlinks
continuous-integration/drone/push Build was killed Details
2022-03-25 18:16:36 +01:00
Jérémy Lecour 85d429295f minifirewall: tail template follows symlinks
continuous-integration/drone/push Build was killed Details
2022-03-25 18:12:24 +01:00
Jérémy Lecour bbc1bae437 minifirewall: upstream release 22.03.4
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-03-25 14:57:10 +01:00
Jérémy Dubois d2fa14fb4f backup-server-state: release 22.03.5
continuous-integration/drone/push Build was killed Details
2022-03-24 18:15:56 +01:00
Jérémy Dubois 42782b7f3d evolinux-base: fix show_help in backup-server-state.sh
continuous-integration/drone/push Build was killed Details
* --uname and --no-uname options were not in help
* --services and --no-services were in help whereas --systemctl and --no-systemctl are used in options parsing
2022-03-24 17:57:58 +01:00
Mathieu Trossevin 1646cc99bf
redis: Remount /usr with RW when adding nagios plugin
continuous-integration/drone/push Build was killed Details
2022-03-23 13:55:54 +01:00
Jérémy Dubois b4f83e54d0 openvpn: use a subnet topology instead of the net30 default topology
continuous-integration/drone/push Build was killed Details
2022-03-23 10:46:17 +01:00
Jérémy Lecour 0d1ccc79c3 whitespace
continuous-integration/drone/push Build was killed Details
2022-03-22 15:31:06 +01:00
Jérémy Lecour 163d5abf7c backup-server-state: release 22.03.4
continuous-integration/drone/push Build was killed Details
2022-03-22 15:31:02 +01:00
Jérémy Lecour ef832c9ab6 backup-server-state: also dump iptables rules without counters 2022-03-22 15:31:02 +01:00
Jérémy Dubois c2f6ff5249 evocheck: upstream release 22.03.1
continuous-integration/drone/push Build was killed Details
2022-03-22 11:03:26 +01:00
Jérémy Lecour 5895f5a99b minifirewall: upstream release 22.03.3
continuous-integration/drone/push Build was killed Details
2022-03-21 14:35:20 +01:00
Jérémy Lecour e7594c6c86 evolinux-base: backup-server-state release 22.03.2
continuous-integration/drone/push Build was killed Details
2022-03-21 11:32:08 +01:00
Mathieu Trossevin 444bd72944
generate-ldif: Correct generated entries for php-fpm in containers
continuous-integration/drone/push Build was killed Details
2022-03-17 17:36:35 +01:00
Jérémy Lecour fb41c81e99 backup-server-state: release 22.03.2
continuous-integration/drone/push Build was killed Details
update documentation for --dpkg-full vs. --dpkg-status
2022-03-17 10:45:44 +01:00
Jérémy Lecour 8a9faa0250 * minifirewall: upstream release 22.03.2
continuous-integration/drone/push Build was killed Details
2022-03-16 23:49:34 +01:00
Jérémy Lecour 545226f6f6 evocheck: upstream release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-15 23:25:15 +01:00
Jérémy Lecour ba90203f21 minifirewall: upstream release 22.03.1 and use includes directory
continuous-integration/drone/push Build was killed Details
2022-03-15 23:07:33 +01:00
Ludovic Poujol 17f884b04a evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
continuous-integration/drone/push Build was killed Details
2022-03-15 11:35:20 +01:00
Ludovic Poujol 913e6d96e8 generate-ldif: Add services check for bkctld
continuous-integration/drone/push Build was killed Details
2022-03-15 10:53:16 +01:00
Ludovic Poujol 0e768809b7 evomaintenance: Make it work on non-debian systems 2022-03-15 10:53:16 +01:00
Ludovic Poujol 5a2dc5cbd1 etc-git: Make it work on non-debian systems 2022-03-15 10:53:16 +01:00
Brice Waegeneire 6df10be6ef evolinux-base: Fix top config.
continuous-integration/drone/push Build was killed Details
The wrong file was used as topdefaultrc.  And we were using the wrong
encoding, as top use ISO-8859 instead of UTF-8.
2022-03-15 10:22:21 +01:00
William Hirigoyen (Evolix) 4a31961ba0 Ajoute le déconfinement d'AppArmor dans la config par défaut des conteneurs LXC pour les version de Debian >= 9.
continuous-integration/drone/push Build was killed Details
2022-03-15 10:07:09 +01:00
William Hirigoyen (Evolix) a565e8f8e8 Add Out of memory log2mail alert to dovecot role 2022-03-15 10:06:21 +01:00
William Hirigoyen (Evolix) ab1f3fd6d4 Merge 2022-03-15 10:06:21 +01:00
Brice Waegeneire c880ce43a2 nagios-nrpe: Improve readability for check_mount_rw
continuous-integration/drone/push Build was killed Details
2022-03-10 16:41:13 +01:00
Jérémy Lecour a733e2794f evolinux-base: backup-server-state release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-08 16:49:53 +01:00
Jérémy Lecour b4f35af35c backup-server-state: skip iptables if nft is installed 2022-03-08 16:48:41 +01:00
Alexis Ben Miloud--Josselin 87a3fd48df Fix commit d455de5
continuous-integration/drone/push Build was killed Details
2022-03-03 11:54:32 +01:00
Alexis Ben Miloud--Josselin 3ef6381ba6 Fix redis' README title
continuous-integration/drone/push Build was killed Details
2022-03-03 11:52:03 +01:00
Alexis Ben Miloud--Josselin d455de52b3 Check if /etc/libvirt/qemu/*xml exists before sync
continuous-integration/drone/push Build was killed Details
This will prevent sending e-mails saying the file
does not exists.
2022-03-03 11:48:39 +01:00
Mathieu Trossevin 9c84e95182
Repair keepalived role
continuous-integration/drone/push Build was killed Details
2022-03-02 16:23:01 +01:00
Jérémy Lecour d7d58bf158 Merge branch 'unstable' into stable
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/tag Build was killed Details
2022-03-02 09:42:28 +01:00
Jérémy Lecour e5dc503cfd Release 22.03
continuous-integration/drone/push Build was killed Details
2022-03-02 09:42:12 +01:00
Jérémy Lecour 270d03b6a6 evolinx-users: optimize sudo configuration
continuous-integration/drone/push Build was killed Details
2022-03-02 09:40:52 +01:00
Jérémy Lecour 1dc4d0e133 redis: always install check_redis_instances
continuous-integration/drone/push Build was killed Details
2022-03-01 14:04:05 +01:00
Jérémy Lecour c8ef7e9b75 redis: check_redis_instances tolerates absence of instances
continuous-integration/drone/push Build was killed Details
2022-03-01 14:02:22 +01:00
Gregory Colpart 53af37e055 We use now TCP/8891, cf HowtoOpenDKIM
continuous-integration/drone/push Build was killed Details
2022-02-24 15:31:34 +01:00
Jérémy Lecour d9e95218ce apt_hold_packages: broadcast message with wall, if present
continuous-integration/drone/push Build was killed Details
2022-02-24 11:49:12 +01:00
Eric Morino 6321f32e81 Add zzz-evolinux-custom.conf to dovecot role
continuous-integration/drone/push Build was killed Details
2022-02-24 10:42:48 +01:00
Ludovic Poujol 69a9cb9591 elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux.options` instead of default `/etc/elasticsearch/jvm.options`
continuous-integration/drone/push Build was killed Details
Note : Files in that folder require the ".options" prefix
Fixes a2f73bb7df
2022-02-23 10:14:43 +01:00
Ludovic Poujol 39949ea921 generate-ldif: Add support for php-fpm in containers
continuous-integration/drone/push Build was killed Details
2022-02-21 11:31:00 +01:00
Ludovic Poujol e79141d2d2 lxc: Fail if /var is nosuid 2022-02-17 16:25:20 +01:00
Jérémy Lecour 799466788f lxc-php: preliminary support for PHP 8.1 container
continuous-integration/drone/push Build was killed Details
2022-02-17 14:50:21 +01:00
Jérémy Dubois 03c97f2d0f openvpn: fix last_openvpn_restart_date variable
continuous-integration/drone/push Build was killed Details
2022-02-15 18:06:45 +01:00
William Hirigoyen (Evolix) 1fdc0f2566 Fix missing evolinux_server_custom file copy in Nginx role.
continuous-integration/drone/push Build was killed Details
2022-02-15 17:46:14 +01:00
Jérémy Dubois f3c443d076 openvpn: now check that openvpn has been restarted since last certificates renewal
continuous-integration/drone/push Build was killed Details
2022-02-15 15:52:21 +01:00
Brice Waegeneire ebfa8df6bc nrpe: Add check_mount_rw
continuous-integration/drone/push Build was killed Details
2022-02-14 12:00:09 +01:00
William Hirigoyen (Evolix) 68b4b0803e #60953 Désactivation AppArmor par défaut dans LXC
continuous-integration/drone/push Build was killed Details
2022-02-10 18:03:32 +01:00
Ludovic Poujol 9995fca35d varnish: update munin plugin to work with recent varnish versions
continuous-integration/drone/push Build was killed Details
2022-02-08 16:16:24 +01:00
William Hirigoyen (Evolix) e080b37be2 Add Includes in PHPVersion search.
continuous-integration/drone/push Build was killed Details
2022-02-08 11:11:09 +01:00
Ludovic Poujol a2f73bb7df elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
continuous-integration/drone/push Build was killed Details
2022-02-07 15:18:46 +01:00
Jérémy Dubois 981128dc17 openvpn: make it compatible with OpenBSD and add some improvements
continuous-integration/drone/push Build was killed Details
2022-02-03 18:35:16 +01:00
Jérémy Lecour 0cbdda840d Explicit permissions for systemd overrides
continuous-integration/drone/push Build was killed Details
2022-02-03 14:18:20 +01:00
Jérémy Lecour 9e27d9707b kvm-host: add missing default value 2022-02-03 14:16:45 +01:00
Jérémy Lecour 5153b88d01 evolinux-base: option to bypass raid-related tasks 2022-02-03 14:15:33 +01:00
Jérémy Lecour 25563ee0f0 Merge pull request 'Release 22.01.3' (#146) from unstable into stable
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/tag Build was killed Details
Reviewed-on: #146
2022-01-31 11:58:23 +01:00
Jérémy Lecour 3dd78fbf7e Release 22.01.3
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-31 11:57:21 +01:00
Jérémy Lecour cd4822488c Merge branch 'stable' into unstable
continuous-integration/drone/push Build was killed Details
2022-01-31 11:56:10 +01:00
Jérémy Lecour fcb0b8c80f backup-server-state: 22.01.3
continuous-integration/drone/push Build was killed Details
2022-01-28 16:27:39 +01:00
Jérémy Lecour cd26081add rbenv: install Ruby 3.1.0 by default 2022-01-28 16:27:20 +01:00
Jérémy Lecour 8beb1e7460 evolinux-base: backup-server-state: fix systemctl invocation 2022-01-28 16:25:28 +01:00
Jérémy Lecour 6d5aa67045 evolinux-base: backup-server-state: add "force" mode 2022-01-28 16:25:17 +01:00
Jérémy Lecour 359719d0d0 Merge pull request 'Release 22.01.2' (#144) from unstable into stable
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/tag Build was killed Details
Reviewed-on: #144
2022-01-27 14:13:53 +01:00
Jérémy Lecour bb30402df3 Release 22.01.2
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-27 14:12:40 +01:00
Jérémy Lecour 6ccd0ea440 Release 22.01.1
continuous-integration/drone/pr Build was killed Details
continuous-integration/drone/push Build was killed Details
2022-01-27 14:04:41 +01:00
Jérémy Lecour 88cd8a0976 evolinux-base: backup-server-state: rename options and use mysqladmin instead of mysql
continuous-integration/drone/push Build was killed Details
2022-01-27 12:21:32 +01:00
Jérémy Lecour 519228ff9f evolinux-base: backup-server-state: add disks and uname state
continuous-integration/drone/push Build was killed Details
2022-01-27 12:09:04 +01:00
Brice Waegeneire 6dc17658a9 evolinux-base: backup-server-state: Add options.
continuous-integration/drone/push Build was killed Details
New options:
- --dmesg / --no-dmesg
- --mysql / --no-mysql
- --services / --no-services
2022-01-27 11:50:18 +01:00
Jérémy Lecour 2849039fad remount-usr: use findmnt to find if usr is a readonly partition
continuous-integration/drone/push Build was killed Details
2022-01-27 11:21:19 +01:00
Jérémy Lecour 80f8a94798 evolinux-base: many improvements for backup-server-state script
continuous-integration/drone/push Build was killed Details
2022-01-27 10:29:08 +01:00
Eric Morino 0a244894eb Add fix repository in source.list for bullseye
continuous-integration/drone/push Build was killed Details
2022-01-26 11:07:10 +01:00
Jérémy Lecour 2c6a3601de Merge pull request 'Release 22.01' (#142) from unstable into stable
continuous-integration/drone/tag Build was killed Details
continuous-integration/drone/push Build was killed Details
Reviewed-on: #142
2022-01-25 18:30:07 +01:00
Jérémy Lecour bff8fcfebb apt: upgrade packages after all the configuration is done
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-25 18:25:47 +01:00
Jérémy Lecour 93929864be lxc-php: use bullseye-php80 for php80 container
continuous-integration/drone/push Build was killed Details
2022-01-25 17:45:17 +01:00
Jérémy Lecour 52fff750df evolinux-base: move "/sbin/deny" install to utils.yml tasks file 2022-01-25 17:44:42 +01:00
Jérémy Lecour 0e34d4cd4b Merge remote-tracking branch 'origin/bullseye-swap-top' into unstable
continuous-integration/drone/push Build was killed Details
2022-01-25 15:15:05 +01:00
Jérémy Lecour 8f8c024163 Merge branch 'unstable' into bullseye-swap-top
continuous-integration/drone/push Build was killed Details
continuous-integration/drone/pr Build was killed Details
2022-01-25 15:13:10 +01:00
Jérémy Lecour 1f4ee2de79 Prepare CHANGELOG for 22.01 release
continuous-integration/drone/push Build was killed Details
2022-01-25 15:00:03 +01:00
Jérémy Lecour 0fce412cf5 add WIP warning to check_async 2022-01-25 14:56:39 +01:00
Jérémy Lecour 544b213529 evomaintenance: Upstream release 22.01 2022-01-25 14:56:39 +01:00
Jérémy Lecour 266289c72e whitespaces 2022-01-25 14:56:39 +01:00
Jérémy Lecour 51bc48623b dovecot: switch to TLS 1.2+ and external DH params 2022-01-25 14:56:39 +01:00
Mathieu Trossevin 7a969a0be2 Merge pull request 'lxc-php: Fix config for opensmtpd on bullseye' (#137) from mtrossevin/ansible-roles:opensmtpd-bullseye into unstable
continuous-integration/drone/push Build was killed Details
Reviewed-on: #137
2022-01-25 12:00:01 +01:00
Mathieu Trossevin 1902c40c3c
lxc-php: Fix config for opensmtpd on bullseye
continuous-integration/drone/pr Build was killed Details
2022-01-25 11:57:41 +01:00
Mathieu Trossevin fec9e49c18
Repair munin role
continuous-integration/drone/push Build was killed Details
2022-01-25 11:01:45 +01:00
Jérémy Dubois 3822696db6 Update CHANGELOG for new openvpn role
continuous-integration/drone/push Build was killed Details
2022-01-24 19:23:26 +01:00
Jérémy Dubois 4effe91b9f Write an openvpn role
continuous-integration/drone/push Build was killed Details
2022-01-24 19:12:48 +01:00
Brice Waegeneire 168b0fa9b7 nginx: Add snippet for custom server block config.
continuous-integration/drone/push Build was killed Details
2022-01-20 10:44:02 +01:00
Jérémy Lecour c4fab71d7a evolinux-base: add new states to backup-server-states
continuous-integration/drone/push Build was killed Details
2022-01-15 18:51:03 +01:00
Ludovic Poujol c8a862c5e7 nagios-nrpe: Amélioration du check phpfpm_status et phpfpm_multi
continuous-integration/drone/push Build was killed Details
Pour phpfpm_status > Ajout de la possibilité d'avoir un seuil de max procs actifs
Pour phpfpm_multi > Utilisation des seuils max (calculé sur le pm.max_children) + timeout
2022-01-14 17:06:48 +01:00
Jérémy Lecour ea382a1686 varnish: add additional options
continuous-integration/drone/push Build was killed Details
2022-01-12 13:04:22 +01:00
Jérémy Lecour ca1f465aaa nodejs: default to version 16 LTS 2022-01-12 13:04:22 +01:00
William Hirigoyen (Evolix) bd39adaf68 Fail if /var has nodev or noexec option enabled.
continuous-integration/drone/push Build was killed Details
2022-01-11 11:48:57 +01:00
William Hirigoyen (Evolix) 14883aa95e Ensure that /var is mounted with dev and exec options prior to LXC container creation.
continuous-integration/drone/push Build was killed Details
2022-01-11 11:02:09 +01:00
Brice Waegeneire 4c6d30a52c apache: block access to .git* and .env* files
continuous-integration/drone/push Build was killed Details
2021-12-28 16:27:05 +01:00
Jérémy Lecour 1893b6dea5 don't enable alert5 service in check mode
continuous-integration/drone/push Build was killed Details
2021-12-23 16:56:43 +01:00
Jérémy Lecour ec346a42a5 munin: systemd override to unprotect home directory
continuous-integration/drone/push Build was killed Details
2021-12-23 16:56:23 +01:00
William Hirigoyen (Evolix) 1c754f7eb0 Fix Filebeat role for --check mode.
continuous-integration/drone/push Build encountered an error Details
2021-12-21 15:27:46 +01:00
Eric Morino 7bb7b22d1f Add redirectMath 404 on http request /.git by default
continuous-integration/drone/push Build encountered an error Details
2021-12-20 09:59:25 +01:00
Ludovic Poujol 7c7ccf07eb generate-ldif: fix typo in var name (cap)
continuous-integration/drone/push Build encountered an error Details
2021-12-13 17:01:59 +01:00
Ludovic Poujol 64b632c000 evolinux-base: Donner le choix (ou non) de virer apt-listchanges
continuous-integration/drone/push Build encountered an error Details
2021-12-10 11:37:56 +01:00
Ludovic Poujol 8b701e615f evolinux-base: Donner le choix de changer (ou non) le motd 2021-12-10 11:37:33 +01:00
Ludovic Poujol d27d6b69cd evolinux-base: Add missing dependency dmidecode
continuous-integration/drone/push Build encountered an error Details
2021-12-08 18:35:55 +01:00
Ludovic Poujol bd429275d1 generate-ldif: properly flag virtual machines on vmware as virtual machines
continuous-integration/drone/push Build encountered an error Details
2021-12-08 18:07:53 +01:00
Eric Morino cd7c488713 Add rule .well-know to allow letsencrypt challenge
continuous-integration/drone/push Build is failing Details
2021-11-26 16:37:00 +01:00
Eric Morino 7e36d03804 Add new location by default for /.well-know, fix some warning in Nextcloud check setup
continuous-integration/drone/push Build is failing Details
2021-11-26 15:42:39 +01:00
Eric Morino 2ec026c2b3 Change variable item by kvm_pair and disable loop on all 'hypervisor' group
continuous-integration/drone/push Build is failing Details
2021-11-26 11:08:43 +01:00
Mathieu Trossevin 53cd3ba342 Merge pull request 'nagios-nrpe: Fix check_nfsserver for buster and bullseye' (#138) from mtrossevin/ansible-roles:check_nfsserver-buster into unstable
continuous-integration/drone/push Build is failing Details
Reviewed-on: #138
2021-11-24 11:12:11 +01:00
Mathieu Trossevin d3eef71127
nagios-nrpe: Fix check_nfsserver for buster and bullseye
continuous-integration/drone/pr Build is failing Details
From buster onward the nfs server doesn't run NFSv4 over UDP (it is out
of spec, see RFC 7530). As such the check broke as it attempt to check
the availability of NFSv4 over UDP.

Right now the check doesn't check for NFSv2 over UDP as it would need to
check if it exist first, as on bullseye it isn't supported by default
anymore.
2021-11-24 11:11:39 +01:00
Ludovic Poujol 82694ef5e9 generate-ldif: Don't miss detect deb11 as VM
continuous-integration/drone/push Build is failing Details
2021-11-22 17:40:49 +01:00
Ludovic Poujol a35139fcee Add missing sudoers line (for old debian 9)
continuous-integration/drone/push Build is failing Details
2021-11-22 16:28:30 +01:00
Eric Morino 8dca949564 Add *xml to crontab for sync libvirt xml file
continuous-integration/drone/push Build is failing Details
2021-11-22 11:44:07 +01:00
Eric Morino c9af7db827 re-activation task ssh.yml + modify crontab for sync list of running vm + add tags
continuous-integration/drone/push Build is failing Details
2021-11-22 11:38:10 +01:00
Eric Morino 21bd4021d3 add virsh list --all on kvm host and this neighbor
continuous-integration/drone/push Build is failing Details
2021-11-22 10:42:46 +01:00
Eric Morino 4fb885a33b Fix right for redis log dir and log file
continuous-integration/drone/push Build is failing Details
2021-11-15 11:33:34 +01:00
Jérémy Lecour e4bb0c6f55 filebeat/metricbeat: version 7.x y default
continuous-integration/drone/push Build is failing Details
2021-11-12 10:07:43 +01:00
Jérémy Lecour 039c740ef3 mysql: add evomariabackup 21.11 2021-11-01 10:16:55 +01:00
William Hirigoyen (Evolix) 51aaac0cbc Fix evocheck_force_install VARIABLE IS NOT DEFINED (validé par jlecour) 2021-10-29 14:54:44 +02:00
Jérémy Lecour 6cf8195744 evolinux-base: fix alert5.service dependency syntax 2021-10-29 07:52:38 +02:00
Alexis Ben Miloud--Josselin 0247216429 [kvmstats] Sort domain list 2021-10-28 10:27:44 +02:00
Eric Morino 2ea8d279d5 Add replication graph for mysql 2021-10-27 10:43:17 +02:00
William Hirigoyen (Evolix) b9c1e9eafe Fix missing quote, option createhome -> create_home in Ansible 3.10, no mode option in user module (fix error introduced in e75eeb8c3f) 2021-10-26 15:34:13 +02:00
Jérémy Lecour dcfea674a4 listupgrade: old-kernel-removal version 21.10 2021-10-25 14:23:52 +02:00
Jérémy Lecour 646a7b1813 evocheck: package install is not supported anymore 2021-10-25 10:08:40 +02:00
Jérémy Lecour dd53c01027 evocheck: upstream release 21.10.4 2021-10-25 10:02:12 +02:00
Jérémy Lecour 0e2b43a1e9 backup-server-state: add virsh and lxc lists 2021-10-22 15:33:58 +02:00
Jérémy Dubois 90acb99c2a nagios-nrpe: new check influxdb 2021-10-22 14:51:57 +02:00
Jérémy Lecour ca28df1b75 evocheck: upstream release 21.10.3 2021-10-22 13:57:56 +02:00
Jérémy Lecour 1706361e8d evocheck: upstream release 21.10.2 2021-10-22 13:43:43 +02:00
Jérémy Lecour 72e8200d5b kvm-host: reorganize code for kvmstats
* add -V|--version flag
* add -h|--help flag
* normalize options parsing
2021-10-22 13:30:34 +02:00
Ludovic Poujol 03f846b94b remount before the task 2021-10-22 11:56:43 +02:00
Jérémy Lecour 7cb6dffd6f add internal VERSION variable to kvmstats and add-vm 2021-10-21 17:32:37 +02:00
Jérémy Lecour dcdde5f7f6 evocheck: upstream release 21.10.1 2021-10-21 17:32:11 +02:00
Ludovic Poujol 9b3bb39bd0 mysql : Create a default ~root/.my.cnf for compatibility reasons 2021-10-20 16:31:05 +02:00
Ludovic Poujol b120a92203 evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc 2021-10-20 15:59:20 +02:00
Eric Morino be5bb73675 Include role remount-usr to backup-state-server 2021-10-20 15:57:58 +02:00
Ludovic Poujol a9d0d0958d packweb-apache : Support php 8.0 2021-10-18 18:30:47 +02:00
Jérémy Dubois d38119eb0f nginx : fix variable name and debug
nginx_minimal defined the nginx_package_name_default variable which was not
used instead of the nginx_default_package_name variable

also fixed debug which was reversed, and add another one to be sure which mode
is used
2021-10-18 15:01:59 +02:00
Jérémy Lecour 7586881f4d fix module name 2021-10-15 10:54:39 +02:00
Jérémy Lecour bbd16dc5b4 evolinux-base: add script backup-server-state 2021-10-15 10:50:42 +02:00
Jérémy Lecour 33cb1dd8ef certbot: detect domains for SAN certificates 2021-10-14 17:38:42 +02:00
Jérémy Lecour 6a4b250b5d etc-git: better output detection 2021-10-12 18:23:50 +02:00
Jérémy Lecour 520cba9c5b etc-git: evocommit has an Ansible mode to report changes 2021-10-12 11:15:33 +02:00
Jérémy Lecour 9aff38c0a7 squid: add ZeroSSL to default whitelist 2021-10-12 11:15:33 +02:00
Eric Morino 2dfd0c0706 Add squid logrotate 2021-10-11 11:03:34 +02:00
Jérémy Lecour 3e80c98a05 etc-git: evocommit should be present 2021-10-08 15:46:45 +02:00
Jérémy Lecour 2d11580a6e forgotten file 2021-10-06 16:54:52 +02:00
Jérémy Lecour dfd6aa0315 evocheck: minifirewall is not ready yet 2021-10-06 16:54:11 +02:00
Jérémy Lecour 679875d00b mysql: install python dependencies earlier 2021-10-06 14:43:43 +02:00
Ludovic Poujol 73d6979e72 Various changes on mongodb (support 5.0) + fixes & compatibility
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Add missing remount-usr for munin plugins
2021-10-05 15:49:47 +02:00
Brice Waegeneire 616ead41d5 lxc-php: Add php 8.0 support 2021-10-05 14:38:40 +02:00
Jérémy Lecour a6fe0397a6 etc-git: back to 2 tasks for each commit
"test X && git commit" generates a failure and a lot of noise.
2021-10-05 14:31:53 +02:00
Jérémy Lecour 7d63f20336 evoacme: exclude renewal-hooks directory from cron 2021-10-05 08:28:47 +02:00
Jérémy Lecour 86e5df9c16 etc-git: simplify commit tasks 2021-10-05 07:48:37 +02:00
Jérémy Lecour 7b14296503 etc-git: optimize maintenance tasks
* manage commits with an optimized shell script instead of many slow Ansible tasks
* centralize cron jobs in dedicated crontab
2021-10-02 12:50:01 +02:00
Jérémy Lecour 37cb18f676 nginx: improve tasks naiming 2021-10-02 09:35:17 +02:00
Jérémy Lecour e089ddf091 evocheck: upstream release 21.10 2021-10-01 18:27:44 +02:00
Jérémy Lecour de843cb91f mysql: fix task settings temporary mistake 2021-10-01 18:26:22 +02:00
Jérémy Lecour 6cb2c66924 mysql: fix task settings temporary mistake 2021-09-30 17:52:49 +02:00
Jérémy Lecour b293cf2cf9 Install python 2 or 3 libraries according to running python version 2021-09-30 17:05:10 +02:00
Jérémy Lecour dc1a01ce37 lxc: fix dependencies 2021-09-30 12:10:55 +02:00
Jérémy Lecour 5cbfda8f52 docker-host: install additional dependencies 2021-09-30 12:09:11 +02:00
Jérémy Lecour b2f8095d14 mysql: fix task settings temporary mistake 2021-09-30 12:07:39 +02:00
Jérémy Lecour 9b479f9c05 evolinux-base: logs are rotated with dateext by default 2021-09-30 12:07:02 +02:00
Jérémy Lecour 4a035d248d evocheck: upstream release 21.09 2021-09-30 10:45:07 +02:00
Jérémy Lecour 3de5de5304 mysql: improve Bullseye compatibility 2021-09-30 10:13:11 +02:00
Jérémy Lecour 4c52719561 php: fix assert condition 2021-09-29 18:39:42 +02:00
Jérémy Lecour 437d2986ae better python3 modules management 2021-09-29 18:39:29 +02:00
Jérémy Lecour 0eb7332a34 php: enforce Debian version with assert instead of fail 2021-09-29 16:43:55 +02:00
Jérémy Lecour febc76b26c php: fix tasks names 2021-09-29 16:40:25 +02:00
Ludovic Poujol e130728034 evolix-users: Add missing sudo auth for check_raid for HP hardware 2021-09-24 14:33:56 +02:00
Jérémy Lecour 73efee9caa etc-git: purge old .git/index.lock (default: True) 2021-09-23 14:45:24 +02:00
Eric Morino 3fcb79a3a3 Fix path to dhparam certificate 2021-09-21 15:55:25 +02:00
Eric Morino ae2be6a009 Fix indent for generate dh_param 2021-09-21 14:47:41 +02:00
Jérémy Lecour 1d55965527 logstash: no more dependency on Java 2021-09-21 14:43:58 +02:00
Jérémy Lecour 8233264d2a logstash: logging to syslog is configurable (default: True) 2021-09-21 14:43:58 +02:00
Jérémy Lecour ef1472cbba logstash: elastic_stack_version = 7.x 2021-09-21 14:43:58 +02:00
Ludovic Poujol f75354bb84 generate-ldif: detect mdadm 2021-09-16 17:26:58 +02:00
Ludovic Poujol de4d814d74 generate-ldif: detect hardware raid card 2021-09-16 17:17:32 +02:00
Ludovic Poujol 6a2cd59e6d nagios-nrpe + evolinux-users: new check ipmi 2021-09-16 16:48:03 +02:00
Ludovic Poujol 51fd2337f0 nagios-nrpe + evolinux-users: new check raid (soft + hard) 2021-09-16 16:40:57 +02:00
Ludovic Poujol fa0c668cec evolinux-base: install freeipmi by default on dedicated hw 2021-09-16 15:58:10 +02:00
Brice Waegeneire 45b7ce3486 lxc-php: Use Debian bullseye package for php74 2021-09-14 14:42:31 +02:00
Jérémy Lecour 2b549af7d9 evolinux-base: split dpkg logrotate configuration 2021-09-09 10:23:53 +02:00
Jérémy Lecour e429f7aecb squid: add *.o.lencr.org to default whitelist 2021-09-07 14:01:52 +02:00
Jérémy Lecour 0cab062431 kill/list all queries at once 2021-09-01 17:41:27 +02:00
Jérémy Lecour e76f2fe448 mysql-queries-killer: use a config file 2021-08-31 11:58:52 +02:00
Jérémy Lecour b908fc6cee certbot: don't install legacy Certbot on Debian 9 2021-08-30 14:07:46 +02:00
Jérémy Lecour 51e414df31 certbot: syntax for "no-self-upgrade" variable 2021-08-30 14:07:11 +02:00
Jérémy Lecour 887c1552cb certbot: sync_remote.sh uses quotes for variable export 2021-08-30 14:06:32 +02:00
Jérémy Lecour e45ee59801 mysql: script "mysql-queries-killer.sh" to kill MySQL queries 2021-08-30 14:05:15 +02:00
Jérémy Lecour 73f55a42fa forgotten file 2021-08-30 09:26:04 +02:00
Jérémy Lecour 65750d2aa6 evomaintenance: extract a config.yyml tasks file 2021-08-30 09:24:57 +02:00
Jérémy Lecour 74ab96d67f loop syntax and whitespaces 2021-08-27 11:01:28 +02:00
Eric Morino d2ef3fe27f Fix syntax on task "plugins are installed for" 2021-08-27 10:50:34 +02:00
Gregory Colpart 5e794cd2b6 commit whitespace 2021-08-26 12:24:00 +02:00
Eric Morino 6c21c3b505 Add configuration for listener stats write and read with correct right 2021-08-26 09:51:53 +02:00
Jérémy Lecour ecba57ad75 evolinux-base: install molly-guard by default 2021-08-25 17:57:38 +02:00
Jérémy Lecour 2c7380240c nagios-nrpe + evolinux-users: new checks for bkctld 2021-08-25 11:56:26 +02:00
Eric Morino 999efb3983 Add "may take several minutes" for task generate dhparam 2021-08-25 11:52:10 +02:00
Eric Morino 916138575a Add generate dhparam and update variables for dovecot 2.3 2021-08-25 11:49:08 +02:00
Jérémy Lecour 5a83a30a4c whitespace 2021-08-24 18:16:11 +02:00
Eric Morino bd92ff95c8 use absolute path in evacme cron
continuous-integration/drone/push Build is passing Details
2021-08-20 11:33:30 +02:00
Brice Waegeneire 2448168008 evolinux-base: Add swap column to htop and top
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details
2021-08-17 18:03:00 +02:00
Ludovic Poujol 42189ba613 Configure php7.4 for evoadmin-web on bullseye
continuous-integration/drone/push Build is passing Details
2021-08-17 16:38:21 +02:00
Jérémy Lecour 066baf3538 Revert "bullseye-detect: this role is obsolete, Debian 11 has been fully released"
continuous-integration/drone/push Build is passing Details
This reverts commit c9f25f4638.
2021-08-17 15:33:06 +02:00
Eric Morino ca7d8e9739 Add variable mysql_performance_schema and configuration in evolinux_custom template
continuous-integration/drone/push Build is passing Details
2021-08-17 15:11:10 +02:00
Jérémy Lecour ad457dd7ba apt: use the new security repository for Bullseye
continuous-integration/drone/push Build is passing Details
2021-08-16 14:12:31 +02:00
Jérémy Lecour 969a5bce7d apt: remove workaround for Evolix public repositories with Debian 11
continuous-integration/drone/push Build is passing Details
2021-08-16 13:50:53 +02:00
Jérémy Lecour d186e21239 evoadmin-web: simpler PHP packages lists 2021-08-16 13:49:13 +02:00
Jérémy Lecour c9f25f4638 bullseye-detect: this role is obsolete, Debian 11 has been fully released 2021-08-16 13:47:33 +02:00
Jérémy Lecour 139b342fbd certbot: silence letsencrypt deprecation warnings 2021-07-20 17:19:57 +02:00
Gregory Colpart 491407953c We want LDAP listen on ldapi:/// by default
continuous-integration/drone/push Build is passing Details
2021-07-08 19:22:00 +02:00
Jérémy Lecour bf49ec8df5 mysql: script "mysql_connections" to display a compact list of connections
continuous-integration/drone/push Build is passing Details
2021-07-08 15:10:35 +02:00
Jérémy Lecour 32b5efa30e evocheck: upstream release 21.07
continuous-integration/drone/push Build is passing Details
2021-07-07 15:20:24 +02:00
Jérémy Lecour 73352f55d7 evolinux-base: add tags to hardawre tasks
continuous-integration/drone/push Build is failing Details
2021-07-07 14:32:38 +02:00
Ludovic Poujol b362fadc80 typo (again) + not using trusted.gpg isn't restricted to debian 9+
continuous-integration/drone/push Build is passing Details
2021-07-06 16:22:45 +02:00
Ludovic Poujol 8e6c08b81b evolinux-base: Change the pattern of MegaRAID detect
continuous-integration/drone/push Build is passing Details
Seems the card names may somethings between 'MegaRAID' and 'SAS'
I'll take the short and easy path as I think MegaRAID is enough in most cases
2021-07-06 16:12:14 +02:00
Ludovic Poujol 7a089f88af Correct typo in var name
trusted_gpg_keyring.stat.present instead of _trusted_gpg_keyring.stat.present
2021-07-06 16:09:54 +02:00
Ludovic Poujol 49cb5adf92 evolinux-base: Fix hw card detect
Run the shell command as bash instead of sh; otherwise it will fail because of the set -o pipefail
2021-07-06 16:09:17 +02:00
Jérémy Lecour c77e0d73f8 Merge branch 'bullseye' into unstable
continuous-integration/drone/push Build is passing Details
2021-07-04 22:09:14 +02:00
Jérémy Lecour 29ec7bdcf2 Remove embedded GPG keys only if legacy keyring is present
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details
2021-07-04 22:08:47 +02:00
Jérémy Lecour ffd7d0e504 evolinux-base: alert5 comes after the network 2021-07-04 22:07:51 +02:00
Jérémy Lecour 6f66ab8e93 Merge branch 'unstable' into bullseye
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details
2021-07-03 09:56:12 +02:00
Jérémy Lecour ba3ed5e903 Merge branch 'bullseye' into unstable
continuous-integration/drone/push Build is passing Details
2021-07-03 09:50:49 +02:00
Jérémy Lecour d1829e7000 metricbeat: fix indentation
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details
2021-07-03 09:16:12 +02:00
Jérémy Lecour 4167b6d2a9 fix CHANGELOG 2021-07-03 09:10:22 +02:00
Jérémy Lecour 3721c2ab38 squid: improve default whitelist 2021-07-03 08:56:23 +02:00
Jérémy Lecour 04e41b5dc9 squid: improve default whitelist
continuous-integration/drone/push Build is passing Details
2021-07-03 08:54:05 +02:00
Jérémy Lecour 5905751a82 squid: must be started in foreground mode for systemd 2021-07-02 23:45:42 +02:00
Jérémy Lecour b5bcd666c6 fix apt gpg keys after rebase from unstable 2021-07-02 21:23:14 +02:00
Jérémy Lecour 58cd1fedfa fix path for first_found lookup 2021-07-02 21:19:07 +02:00
Jérémy Lecour a5658b7f26 packweb-apache: install phpMyAdmin from buster-backports 2021-07-02 21:18:06 +02:00
Jérémy Lecour 5c1ae6ed0c spamassassin: change dependency on evomaintenance
Fail with an error if evomaintenance config is missing
instead of trying to install a package that doesn't exist anymore.
2021-07-02 21:16:43 +02:00
Jérémy Lecour 8a784c39ab mongodb: create munin plugins directory if missing 2021-07-02 21:16:40 +02:00
Jérémy Lecour 9c8dd743c8 Use python3 packages on Debian 11 and later 2021-07-02 21:16:15 +02:00
Jérémy Lecour 6b87ead5b4 update changelog 2021-07-02 21:16:12 +02:00
Jérémy Lecour d40fad662f kibana: 7.x by default 2021-07-02 21:15:40 +02:00
Jérémy Lecour 613a11d119 elasticsearch: 7.x by default 2021-07-02 21:15:00 +02:00
Jérémy Lecour a60189eb3e better bullseye compatibility workaround 2021-07-02 21:14:04 +02:00
Jérémy Lecour c80c354d65 fix keyrings permissions 2021-07-02 21:14:01 +02:00
Jérémy Lecour e8a8e85819 redis: instance service for Debian 11 2021-07-02 21:13:42 +02:00
Jérémy Lecour c5ab0c0ff9 squid: remove obsolete variable on Squid 4 2021-07-02 21:13:05 +02:00
Jérémy Lecour f673ea85d1 Force Debian version to buster for Evolix repository 2021-07-02 21:12:33 +02:00
Jérémy Lecour 2c441f176a mysql: mariadb-client-10.5 on Debian 11 2021-07-02 21:11:27 +02:00
Jérémy Lecour c5bb8f06ae mysql: use python3 with Debian 11 and later 2021-07-02 21:10:52 +02:00
Jérémy Lecour 51d4ec1bb2 php: remove php-gettext for 7.4 2021-07-02 21:10:04 +02:00
Jérémy Lecour 5e09906c8f fixup! temporary bulseye-detect role 2021-07-02 21:09:28 +02:00
Jérémy Lecour 380c50b999 evolinux-base: increase minimum Ansible version to 2.9 2021-07-02 21:09:26 +02:00
Jérémy Lecour 008cb6a3c9 quote numeric values 2021-07-02 21:08:59 +02:00
Jérémy Lecour 52d06a3987 temporary bulseye-detect role
Overrides some facts to add compatibility with unreleased Debian version
2021-07-02 21:08:07 +02:00
Jérémy Lecour 4a158ac819 Reduce verbosity 2021-07-02 21:08:07 +02:00
Jérémy Lecour 2f68ae5339 Preliminary support for Bullseye 2021-07-02 20:58:09 +02:00
Jérémy Lecour 6bfef35729 Add bullseye APT repositories 2021-07-02 20:54:38 +02:00
Jérémy Lecour b8ac36e673 Fake « testing » as Deban 11 « Bullseye » 2021-07-02 20:53:42 +02:00
Jérémy Lecour 83e8a3d75a listupgrade: add repository URL
continuous-integration/drone/push Build is passing Details
2021-07-02 14:52:23 +02:00
Jérémy Lecour 27a09ce682 listupgrade: update old-kernel-removal.sh from upstream
continuous-integration/drone/push Build is passing Details
2021-07-02 14:37:22 +02:00
Jérémy Lecour 90cbd17f9b listupgrade: crontab is configurable 2021-07-02 14:01:46 +02:00
Jérémy Lecour b0b24744d6 listupgrade: upstream release 21.06.3 2021-07-02 13:59:42 +02:00
Jérémy Lecour 11813c31a4 certbot: add script for manual deploy hooks execution
continuous-integration/drone/push Build is passing Details
2021-06-30 14:29:03 +02:00
Jérémy Lecour 51462c724c certbot: sync_remote excludes itself 2021-06-30 07:39:57 +02:00
Jérémy Lecour 1b8de7c524 Merge branch 'unstable' into stable
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/tag Build is passing Details
2021-06-28 16:01:47 +02:00
Jérémy Lecour 2ed1dac16b Release 10.6.0
continuous-integration/drone/pr Build is passing Details
continuous-integration/drone/push Build is passing Details
2021-06-28 15:56:19 +02:00
Jérémy Lecour f082cb652a postgresql: rename GPG key 2021-06-28 15:56:19 +02:00
Jérémy Lecour f473e99d6d php: use sury.gpg locally 2021-06-28 15:56:19 +02:00
Jérémy Lecour b8c5ac3097 remove whitespace for stream redirection 2021-06-28 15:56:19 +02:00
Jérémy Lecour 6d757f971e typo 2021-06-28 15:56:19 +02:00
Jérémy Lecour 55ad6882b5 evolinux-base: forgotten case for first-found lookup
continuous-integration/drone/push Build is passing Details
2021-06-28 15:26:54 +02:00
Jérémy Lecour 0fe0244116 Update Galaxy metadata (company, platforms and galaxy_tags) 2021-06-28 15:26:28 +02:00
Jérémy Lecour 1890a79702 elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
continuous-integration/drone/push Build is passing Details
2021-06-23 22:38:24 +02:00
Jérémy Lecour 4c1ef1bd56 elasticsearch: recent versiond don't depend on external JRE 2021-06-23 22:38:24 +02:00
Jérémy Lecour 22145a29b2 whitespaces 2021-06-23 22:38:24 +02:00
Eric Morino af9b1a4766 Fix main.yml for postgresql role
continuous-integration/drone/push Build is passing Details
2021-06-21 11:35:17 +02:00
Eric Morino cb257ef927 Add support debian 13 for postgresql rôle and PG13
continuous-integration/drone/push Build is passing Details
2021-06-21 11:31:50 +02:00
Jérémy Lecour 6190c66445 listupgrade: upstream release 21.06.2
continuous-integration/drone/push Build is passing Details
2021-06-20 12:06:49 +02:00
Jérémy Lecour dd32ab5688 listupgrade: upstream release 21.06.1 2021-06-20 10:32:16 +02:00
Jérémy Lecour dbc853a815 listupgrade: upstream release 21.06
continuous-integration/drone/push Build is passing Details
2021-06-17 18:23:13 +02:00
Jérémy Lecour 81730de78b kvm-host: fix typo in add-vm 2021-06-17 18:20:32 +02:00
Jérémy Lecour 4c7fed77c4 squid: add Yarn apt repository in default whitelist
continuous-integration/drone/push Build is passing Details
2021-06-17 18:19:20 +02:00
Jérémy Lecour fe9b7ee5f7 evomaintenance: upstream release 0.6.4
continuous-integration/drone/push Build is passing Details
2021-06-17 10:57:07 +02:00
Jérémy Lecour 53eaf085f5 kvm-host: manage dependencies
continuous-integration/drone/push Build is passing Details
2021-06-10 22:30:00 +02:00
Jérémy Lecour 9d0bfec87e kvm-host: add-vm: shellcheck (quotes, braces…)
continuous-integration/drone/push Build is passing Details
2021-06-10 21:22:38 +02:00
Jérémy Lecour edfcbbad0a kvm-host: add-vm: split assignment 2021-06-10 18:03:32 +02:00
Jérémy Lecour 5d7d62b284 whitespaces
continuous-integration/drone/push Build is passing Details
2021-06-10 16:30:22 +02:00
Jérémy Lecour 4e8c622cc0 kvm-host: force link for munin plugins 2021-06-10 16:30:17 +02:00
Jérémy Lecour 7f3eebcfc6 kvm-host: move cron template into templates directory 2021-06-10 16:18:12 +02:00
Jérémy Lecour 4d7e6fd271 kvm-host: update kvmstats and add-vm
continuous-integration/drone/push Build is passing Details
2021-06-10 11:24:16 +02:00
Jérémy Lecour 3d715bae35 kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
continuous-integration/drone/push Build is passing Details
2021-06-10 11:09:48 +02:00
Eric Morino e75eeb8c3f Changement version nexcloud par defaut + modif droit home utilisateur
continuous-integration/drone/push Build is passing Details
2021-06-08 15:54:56 +02:00
Jérémy Lecour ca40fad186 nodejs: change GPG key name
continuous-integration/drone/push Build is passing Details
2021-06-08 11:19:26 +02:00
Jérémy Lecour f6dcce239b certbot move hooks
continuous-integration/drone/push Build is passing Details
2021-06-07 13:04:12 +02:00
Jérémy Lecour 856d11aced nodejs: update apt cache before installing the package 2021-06-07 13:03:18 +02:00
Alexis Ben Miloud--Josselin 965dc2d20b Update rbenv-installer version
continuous-integration/drone/push Build is passing Details
See e017714f3e
2021-06-07 11:06:42 +02:00
Alexis Ben Miloud--Josselin dbc06c1c59 Update rbenv-installer version
continuous-integration/drone/push Build is passing Details
See e017714f3e
2021-06-07 10:51:03 +02:00
Jérémy Lecour 454d4c6d30 explicit permissions for APT GPG keys
continuous-integration/drone/push Build is passing Details
2021-05-26 13:47:34 +02:00
Jérémy Lecour 2c47871fa7 Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
continuous-integration/drone/push Build is passing Details
2021-05-25 15:10:04 +02:00
Jérémy Dubois 89b0bd5a2b Fix duplicate dict key : check_mode
continuous-integration/drone/push Build is passing Details
2021-05-19 18:19:30 +02:00
Jérémy Lecour dd42c3673c whitespaces
continuous-integration/drone/push Build is passing Details
2021-05-19 17:02:20 +02:00
Jérémy Lecour 06b8314211 evolinux-base: fix motd lookup path 2021-05-19 17:02:20 +02:00
Ludovic Poujol 56c064d86b Update 'packweb-apache/meta/main.yml'
continuous-integration/drone/push Build is passing Details
Quick hot-fix : Add dependency for php 7.4 to packweb-apache
2021-05-19 16:33:51 +02:00
Eric Morino 547272eefd Add create diretory for munin plugins
continuous-integration/drone/push Build is passing Details
2021-05-19 16:17:08 +02:00
Jérémy Lecour 02451f1e67 add default (useless) value for file lookup
continuous-integration/drone/push Build is passing Details
2021-05-19 14:35:08 +02:00
Jérémy Lecour 4d83f25ae6 fix pipefail option for shell invocations
continuous-integration/drone/push Build is passing Details
2021-05-18 14:04:54 +02:00
Jérémy Lecour cae0de17df listupgrade: fix wget error + shellcheck cleanup
continuous-integration/drone/push Build is passing Details
2021-05-17 23:05:18 +02:00
Jérémy Lecour 56af68e5b3 listupgrade: print error if wget fails
continuous-integration/drone/push Build is passing Details
2021-05-17 12:19:57 +02:00
Jérémy Dubois 60f2f19402 Delete OpenBSD support
continuous-integration/drone/push Build is passing Details
The EvoBSD repository must be used for OpenBSD
2021-05-17 10:44:07 +02:00
Jérémy Lecour e65340cb56 Add pipefail option to shell invocations
continuous-integration/drone/push Build is passing Details
2021-05-13 15:34:27 +02:00
Jérémy Lecour 7dc6f0b849 remove trailing whitespaces 2021-05-13 15:23:39 +02:00
Jérémy Lecour 9ca68a16dd evolinux-base: quote values
continuous-integration/drone/push Build is passing Details
2021-05-10 09:07:18 +02:00
Jérémy Lecour 9b2a3a6db2 evolinux-users: convert uid to string
continuous-integration/drone/push Build is passing Details
2021-05-10 07:42:19 +02:00
Jérémy Lecour d823c8116a update CHANGELOG
continuous-integration/drone/push Build is passing Details
2021-05-09 23:21:21 +02:00
Jérémy Lecour 3c9be8d913 fix more Ansible syntax 2021-05-09 23:20:15 +02:00
Jérémy Lecour 2ed77c60f0 Improve Ansible syntax
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour 3dde4ee6d3 Rename Sury GPG key
continuous-integration/drone/push Build is passing Details
2021-05-06 13:44:22 +02:00
Jérémy Lecour 58bf79218f remove apt keys specifically from embedded database 2021-05-06 13:43:59 +02:00
Jérémy Lecour 403ea45eeb Add forgotten tag
continuous-integration/drone/push Build is passing Details
2021-05-06 13:03:28 +02:00
Jérémy Lecour 7d08b0a30a rename the tasks for embedded GPG keys
continuous-integration/drone/push Build is passing Details
2021-05-06 11:33:19 +02:00
Jérémy Lecour b41a2fd04f fix indentation
continuous-integration/drone/push Build is passing Details
2021-05-06 11:31:42 +02:00
Jérémy Lecour b049ad79d6 fix indentation
continuous-integration/drone/push Build is passing Details
2021-05-06 10:50:57 +02:00
Jérémy Lecour 83705a48b8 remove key from trusted.gpg only if file is present
continuous-integration/drone/push Build is passing Details
2021-05-06 10:42:12 +02:00
Jérémy Lecour 9f2125e287 packweb-apache: fix backports for phpmyadmin
continuous-integration/drone/push Build is passing Details
2021-05-04 16:43:48 +02:00
Jérémy Lecour e5e4dc95fa packweb-apache: install phpMyAdmin from buster-backports 2021-05-04 14:57:18 +02:00
Jérémy Lecour e7ddf9d46c Use 'loop' syntax instead of 'with_list' 2021-05-04 14:31:22 +02:00
Jérémy Lecour 485ec39674 Use 'loop' syntax instead of 'with_nested' 2021-05-04 14:29:50 +02:00
Jérémy Lecour 07fd6451e1 Use 'loop' syntax instead of 'with_dict' 2021-05-04 14:20:53 +02:00
Jérémy Lecour 5138065059 Use 'loop' syntax instead of 'with_items' 2021-05-04 14:19:18 +02:00
Jérémy Lecour debc4a82ca Use 'loop' syntax instead of 'with_first_found'
continuous-integration/drone/push Build is passing Details
2021-05-04 13:39:47 +02:00
Jérémy Lecour b3a62aa9d8 haproxy: use loop syntax instead of with_first_found
continuous-integration/drone/push Build is passing Details
2021-05-03 18:02:57 +02:00
Jérémy Lecour eacdd2c7f2 cerbot: fix regexp syntax for sync_remote 2021-05-03 18:02:35 +02:00
Jérémy Lecour 9cdddd50a8 Move all trusted GPG keys to file repository
continuous-integration/drone/push Build is passing Details
2021-05-03 14:23:13 +02:00
Jérémy Lecour a7971abb04 apt: store keys in /etc/apt/trusted.gpg.d in ascii format 2021-05-03 12:02:31 +02:00
Jérémy Lecour 92f28d85fe certbot: configure remote servers
continuous-integration/drone/push Build is passing Details
2021-05-03 11:44:59 +02:00
Jérémy Lecour 1caae2437a certbot: fix remote directory initialization 2021-05-03 11:44:44 +02:00
Jérémy Lecour cc6acdbf34 certbot: sync_remote.sh is configurable
continuous-integration/drone/push Build is passing Details
2021-05-03 11:25:24 +02:00
Jérémy Lecour 6eaeb90f6e ldap: fix edge cases where passwords were not set/get properly
continuous-integration/drone/push Build is passing Details
2021-05-02 23:28:09 +02:00
Jérémy Lecour 43c726e86a spamassassin: change dependency on evomaintenance
continuous-integration/drone/push Build is passing Details
Fail with an error if evomaintenance config is missing
instead of trying to install a package that doesn't exist anymore.
2021-05-02 01:24:03 +02:00
Jérémy Lecour 8716ffbb1e apt: fix keyring permissions
continuous-integration/drone/push Build is passing Details
2021-05-02 00:34:19 +02:00
Jérémy Lecour 047605a2a2 evolinux-base: use a dearmored signature, stored in the correct location
continuous-integration/drone/push Build is passing Details
2021-05-01 17:20:06 +02:00
Jérémy Lecour 920cb7eaeb update changelog
continuous-integration/drone/push Build is passing Details
2021-05-01 16:51:20 +02:00
Jérémy Lecour 66ea07ec29 evolinux-base: copy GPG key instead of using apt-key
continuous-integration/drone/push Build is passing Details
2021-05-01 16:50:38 +02:00
Jérémy Lecour 2386733231 bash syntax : `` → $()
continuous-integration/drone/push Build is passing Details
2021-04-29 10:22:21 +02:00
Jérémy Lecour 5b9d2a2776 migrate-vm: do not display drbd error
continuous-integration/drone/push Build is passing Details
2021-04-29 09:56:39 +02:00
Jérémy Lecour 5d79c31dc3 kvm-host: add migrate-vm script
continuous-integration/drone/push Build is passing Details
2021-04-28 15:53:38 +02:00
Gregory Colpart f260fedbae fix GPG key install for APT
continuous-integration/drone/push Build is passing Details
2021-04-26 22:36:03 +02:00
Gregory Colpart 75675a96b1 add info for NFS and Apache-ITK
continuous-integration/drone/push Build is passing Details
2021-04-23 16:24:52 +02:00
Jérémy Lecour 94a5d7daa2 mysql: variable to disable myadd script overwrite (default: True)
continuous-integration/drone/push Build is passing Details
2021-04-23 14:59:29 +02:00
Jérémy Lecour eab68545fe evolinux-base: add default motd template
continuous-integration/drone/push Build is passing Details
2021-04-23 11:41:27 +02:00
Ludovic Poujol 3457b14fed ntpd: Add leapfile configuration setting to ntpd on debian 10+
continuous-integration/drone/push Build is passing Details
2021-04-21 17:22:45 +02:00
Ludovic Poujol d56c545183 apache: new variable for mpm mode (+ updated default config accordingly)
continuous-integration/drone/push Build is passing Details
Also, itk package will only be installed if required
2021-04-19 17:35:49 +02:00
915 changed files with 39481 additions and 9070 deletions

64
.Jenkinsfile Normal file
View File

@ -0,0 +1,64 @@
pipeline {
agent { label 'docker' }
environment {
ROLES_VERSION = "${env.GIT_COMMIT}"
}
stages {
stage('Anible Lint') {
agent {
docker {
image 'evolix/ansible-lint:latest'
}
}
steps {
script {
sh 'for role_dir in ./*/; do HOME=$WORKSPACE_TMP ansible-lint -p $role_dir || : ; done'
recordIssues(tools: [ansibleLint()])
}
}
}
stage('Build tagged docker image') {
when {
buildingTag()
}
steps {
script {
def im = docker.build("evolix/ansible-roles:build${env.BUILD_ID}")
im.inside {
sh 'echo Test needed'
}
def version = TAG_NAME
def versions = version.split('\\.')
def major = versions[0]
def minor = versions[0] + '.' + versions[1]
def patch = version.trim()
docker.withRegistry('', 'hub.docker') {
im.push(major)
im.push(minor)
im.push(patch)
}
}
}
}
stage('Build latest docker image') {
when {
branch 'unstable'
}
steps {
script {
def im = docker.build("evolix/ansible-roles:build${env.BUILD_ID}")
im.inside {
sh 'echo Test needed'
}
docker.withRegistry('', 'hub.docker') {
im.push('latest')
}
}
}
}
}
}

View File

@ -1,36 +0,0 @@
kind: pipeline
name: default
steps:
- name: build tagged docker image
image: plugins/docker
settings:
username:
from_secret: docker_username
password:
from_secret: docker_password
dockerfile: Dockerfile
repo: evolix/ansible-roles
auto_tag: true
environment:
ROLES_VERSION: $DRONE_COMMIT_SHA
when:
event:
- tag
- name: build latest docker image
image: plugins/docker
settings:
username:
from_secret: docker_username
password:
from_secret: docker_password
dockerfile: Dockerfile
repo: evolix/ansible-roles
tags: latest
environment:
ROLES_VERSION: $DRONE_COMMIT_SHA
when:
branch:
- unstable

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
.kateproject.d
.vagrant/
*.swp
.vscode

4
.markdownlint.json Normal file
View File

@ -0,0 +1,4 @@
{
"MD013": false,
"MD024": false
}

8
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,8 @@
{
"files.associations": {
"*.yml": "ansible",
"*.yaml": "ansible"
},
"yaml.format.enable": false,
"ansible.python.interpreterPath": "/bin/python"
}

View File

@ -1,12 +1,13 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
This project does not follow semantic versioning.
The **major** part of the version is aligned with the stable version of Debian.
The **minor** part changes with big changes (probably incompatible).
The **patch** part changes incrementally at each release.
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
## [Unreleased]
@ -20,6 +21,719 @@ The **patch** part changes incrementally at each release.
### Security
## [24.03] 2024-03-01
### Added
* autosysadmin-agent: upstream release 24.03
* autosysadmin-restart_nrpe: add role
* certbot: Renewal hook for NRPE
* kvm-host: add minifirewall rules if DRBD interface is configured
### Changed
* apt: add ftp.evolix.org as recognized system source
* autosysadmin-agent: logs clearing is done weekly
* autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart}
* certbot: use pkey to test the key
* evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
* lxc-php, php: Update sury PGP key
* openvpn: earlier alert for CA expiration
* redis: create sysfs config file if missing
### Removed
* autosysadmin: replaced by autosysadmin-agent
## [24.02.1] 2024-02-08
### Fixed
* fail2ban: fix Ansible syntax
## [24.02] 2024-02-08
### Added
* Support for PHP 8.3 with bookworm LXC containers
* apt: add task file to install ELTS repository (default: False)
* autosysadmin: Add a role to automatically deploy autosysadmin on evolixisation
* check_free_space: added role
* etc-git: add /var/chroot-bind/etc/bind repo
* fail2ban: add script unban_ip
* generateldif: new Services for check_pressure_{cpu,io,mem}
* kvm-host: Automatically add an LVM filter when LVM is present
* lxc-php: Allow one to install php83 on Bookworm container
* minifirewall: Fix nagios check for old versions of minifirewall
* mongodb: add gpg key for 7.0
* nagios-nrpe: add check_sentinel for monitoring Redis Sentinel
* nagios-nrpe: new check_pressure_{cpu,io,mem}
* remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
* vrrpd: configure minifirewall
* vrrpd: test if interface exists before deleting it
* webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
* webapps/nextcloud: Add condition for archive tasks
* webapps/nextcloud: Add condition for config tasks
* webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user
* webapps/nextcloud: Set ownership and permissions of data directory
### Changed
* add-vm.sh: allow VM name max length > 20
* amavis: make ldap_suffix mandatory
* apache : fix goaway pattern for bad bots
* apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
* apache: use backward compatible Redirect directive
* apt: Disable archive repository for Debian 8
* apt: Use the GPG version of the key for Debian 8-9
* bind: Update role for Buster, Bullseye and Bookworm support
* dovecot: add variables for LDAP
* dovecot: Munin plugin conf path is now `/etc/munin/plugin-conf.d/zzz-dovecot` (instead of `z-evolinux-dovecot`)
* evocheck: upstream release 24.01
* evolinux-base: dump-server-state upstream release 23.11
* evolinux-base: use separate default config file for rsyslog
* kvmstats: use .capacity instead of .physical for disk size
* ldap: make ldap_suffix mandatory
* listupgrade : old-kernel-removal.sh upstream release 24.01
* log2mail: move custom config in separate file
* lxc: init /etc git repository in lxc container
* mysql: disable performance schema for Debian 8
* nagios: add dockerd check in nrpe check template
* nagios: cleaning nrpe check template
* nagios: rename var `nagios_nrpe_process_processes` into `nagios_nrpe_processes` and check systemd-timesyncd instead of ntpd in Debian 12
* nagios: add option --full to check pressure IO and mem to avoid flaps
* proftpd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
* redis: manage config template inside a block, to allow custom modifications outside
* spamassassin: Use spamd starting with Bookworm
* squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8
* unbound: Add config file to allow configuration reload on Debian 11 and lower
* unbound: Add munin configuration & setup plugin
* unbound: Big cleanup
* unbound: Move generated config file to `/etc/unbound/unbound.conf.d/evolinux.conf`
* unbound: Use root hints provided by debian package dns-root-data instead of downloading them
* vrrpd: replace switch script with custom one (fix MAC issue, use `ip(8)`, shell cleanup…)
* vrrpd: variable to force update the switch script (default: false)
* webapps/nextcloud: Add Ceph volume to fstab
* webapps/nextcloud: Set home directory's mode
### Fixed
* Add php-fpm82 to LDAP when relevant
* Check stat.exists before stat.isdir
* apache: fix MaxRequestsPerChild value to be sync with wiki.e.o
* apt: use archive.debian.org with Stretch
* certbot: fix hook for dovecot when more than one certificate is used (eg. different certificates for POP3 and IMAP)
* dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »).
* dovecot: fix missing default mails
* dovecot: fix plugin dovecot1
* evoadmin-web: Fix PHP version for Bookworm
* evolinux-base: fix hardware.yml (wrong repo, missing update cache)
* evolinux-base: start to install linux-image-cloud-amd64 with Buster
* fail2ban: fix template marker
* minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.
* nagios: fix default file to monitor for check_clamav_db
* nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
* nginx: keep indentation
* nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
* php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
* php: drop apt_preferences(5) file for sury
* postfix: remove dependency on evolinux_fqdn var
* proftpd: set missing default listen IP for SFTP
* roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL)
* ssl: no not execute haproxy tasks and reload if haproxy is disabled
* unbound: Add a apt cache validity to enforce an apt update if needed
* webapps/nextcloud: added check that nextcloud uid is over 3000
* webapps/nextcloud: fix Add Ceph volume to fstab : missing UUID= in src
* webapps/nextcloud: fix misplaced gid attribute
* webapps/nextcloud: fix missing gid
* webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice)
* amavis: Add variables for generate "ldap_suffix"
* proftpd: fix error when no SSH key is provided
### Removed
* evolinux-base: no need to remove update-evobackup-canary from sbin anymore
* evolinux-base: no need to symlink backup-server-state to dump-server-state anymore
## [23.10] 2023-10-14
### Added
* apt: disable `NonFreeFirmware` warning for VM on Debian 12+
* apt: explicit `signed-by` directives for official sources
* bind: add reload-zone helper
* certbot: deploy-hook for proftpd
* docker-host: added var for user namespace setting
* dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
* dovecot: fix old_stats plugin for Dovecot 2.3
* evocheck: add support for Debian >= 12 split SSH configuration
* evolinux-base: add split SSH configuration for Debian >= 12
* evolinux-base: configure `.bashrc` for all users
* evolinux-base: New variable `evolinux_system_include_ntpd` to chose wether or not to include `ntpd` role
* evolinux-base: reboot the server if the Cloud kernel has been installed
* evolinux-users: add split SSH configuration for Debian >= 12
* evolinux: install HPE Agentless Management Service (amsd)
* fail2ban: add default variable fail2ban_dbpurgeage_default
* fail2ban: add `fail2ban_sshd_port` variable to configure sshd port
* kvm-host: release 23.10 for migrate-vm.sh
* metricbeat/logstash: fix Ansible syntax
* mysql: new munin graph to follow binlog_days over time
* nagios-nrpe: add a NRPE check-local command with completion.
* nagios-nrpe: add a proper monitoring plugin for GlusterFS (on servers, not for clients)
* php: add new variable to disable overriding settings of php-fpm default pool (www)
* policy_pam: New role to manage password policy with `pam_pwquality` & `pam_pwhistory`
* userlogrotate: add a `userlogpurge` script disabled by default
* userlogrotate: new version, with separate conf file
* userlogrotate: rotate also php.log
* java: allow version 17
* timesyncd: new role, used instead of ntpd by default starting with Debian 12
### Changed
* all: change syntax "become: [yes,no]" → "become: [true,false]"
* all: change syntax "force: [yes,no]" → "force: [true,false]"
* elasticsearch: improve networking configuration
* evolinux-base: include files under `sshd_config.d`
* evolinux-users: remove Stretch references in tasks that also apply to next Debian versions
* evomaintenance: upstream release 23.10.1
* lxc-php: change LXC container in bookworm for php82
* minifirewall: update nrpe script to check active configuration
* minifirewall: upstream release 23.07
* mysql: improve shell syntax for mysql_skip script
* nagios-nrpe: set default check_load --per-cpu for BSD
* pgbouncer: minor fixes
* postfix (packmail or when postfix_slow_transport_include is True): change `miniprofmal_backoff_time` from 2h to 15m (see HowtoPostfix)
* postfix (packmail) : optimize Amavis integration
* postfix: disable sending mails via IPv6
* postfix: new spam.sh update script that avoids reloading if files did not change.
* postgresql: fix file `postgresql.pref.j2` for exclude package
* postgresql: fix task `update apt cache` for PGDG repo
* redis: standardize plugins path from `/usr/local/share/munin/` to `/usr/local/lib/munin/plugins/`
* varnish: allow the systemd template to be overridden with a template outside of the role
* lxc: purge openssh-server from container on install
### Fixed
* elasticsearch: comment the `Xlog:gc` line instead of changing it completely
* evocheck: fix IS_SSHALLOWUSERS condition
* evolinux-base, evolinux-users: Fix files mode under `/etc/ssh/sshd_config.d`
* evolinux-base: fix file extension
* fail2ban: fix cron `fail2ban_dbpurge` (should be bash instead of sh)
* lxc-php: fix APT keyring path inside containers
* nagios-nrpe: `check_ssl_local` now has an output that nrpe can understand when it isn't OK
* nagios-nrpe: remount `/usr` **after** installing the packages
* nagios-nrpe: sync Redis check from redis roles
* nginx: set default server directive in default vhost
* opendkim: update apt cache before install
* packweb-apache,nagios-nrpe: add missing task and config for PHP 8.2 container
* postfix: add missing `localhost.$mydomain` to `mydestination`
* redis: replace erroneous `ini_file` module for Munin config, fix dedicated Munin config filename (z-XXX).
* evolinux-base: use lineinfile instead of replace under root task
* evolinux-base: Corriger autorisation pour evolinux_user
* docker-host: Retirer directive state en trop
* rbenv: Installer libyaml-dev
### Removed
* dovecot: remove Munin plugin dovecot (not working)
## [23.04] 2023-04-23
### Added
* graylog: new role
* lxc-php: add support for PHP 8.2 container
### Changed
* Use FQCN (Fully Qualified Collection Name)
* apt: with Debian 12, backports are installed but disabled by default
* openvpn: updated the README file
* pgbouncer: add handler to restart the service
### Fixed
* generate-ldif: Support for Debian 12
## [23.03.1] 2023-03-16
### Added
* pgbouncer: new role
### Changed
* apt: deb822 migration python script is looked relative to shell script
* listupgrade: remove old typo version of the cron task
* minifirewall: support protocols in numeric form
## [23.03] 2023-03-16
### Added
* apache: add task to enable mailgraph on default vhost and index.html
* apt: add move-apt-keyrings script/tasks
* apt: add tools to migrate sources to deb822 format
* fail2ban: add "Internal login failure" to Dovecot filter
* lxc: copy `/etc/profile.d/evolinux.sh` from host into container
* nagios-nrpe: add tasks/files for a wrapper
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
* php: add `php_version` variable when sury is activated for each Debian version
* php: add a way to choose which version to install using sury repository
* postfix: Add task to enable mailgraph on packmail
* postgresql: configure max_connections
* userlogrotate: create dedicated role, separated from packweb-apache
* varnish: add `varnish_update_config` variable to disable configuration update
### Changed
* Use systemd module instead of command
* Removed all `warn: False` args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
* apt: Use pub.evolix.org instead of pub.evolix.net
* bind: refactor role
* elasticsearch: Disable garabge collector logging (JDK >= 9)
* evolinux-users: Update sudoers template to remove commands allowed without password
* listupgrade: upstream release 23.03.3
* kvmstats: use virsh domstats | awk to get guests informations
* nagios-nrpe : Rewrite `check_vrrpd` for a better check (check `rp_filter`, `vrrpd` and `uvrrpd` compatible, use arguments, …)
* openvpn: Change `check_openvpn` destination file to comply with recent EvoBSD change
* postfix: come back to default value of `notify_classes` for pack mails.
* userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
* webapps/nextcloud : Change default data directory to be outside web root
* webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
* yarn: update apt key
### Fixed
* Proper jinja spacing
* clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurring failures in Postfix.
* docker-host: fix type in `daemon.json` and remove host configuration that is already in the systemd service by default
* evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
* haproxy: fix missing admin ACL in stats module access permissions
* openvpn: fix the client cipher configuration to match the server cipher configuration
* php: fix error introduced in #33503e4538 (`False` evaluated as a String instead of Boolean)
* php: install using Sury repositories on Bullseye
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
* postfix: avoid Amavis transport to be considered dead when restarted.
* postfix: remove unused `aliases_scope=sub` from virtual_aliases.cf (it generated warnings)
* userlogrotate: fix bug introduced in commit 2e54944a246 (rotated files were not zipped)
* userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
### Removed
* evolinux-base: subversion is not installed anymore
## [22.12] 2022-12-14
### Added
* all: add signed-by option for additional APT sources
* all: preliminary work to support Debian 12
* all: use proper keyrings directory for APT version
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
* lxc-php: set php-fpm umask to `007`
* nagios-nrpe: `check_ceph_*`
* nagios-nrpe: `check_haproxy_stats` supports DRAIN status
* packweb-apache: enable `log_forensic` module
* rabbitmq: add link in default page
* varnish: create special tmp directory for syntax validation
* postfix: add localhost.$mydomain to mydestination
### Changed
* certbot: auto-detect HAPEE version in renewal hook
* evocheck: install script according to Debian version
* evolinux-base: `utils.yml` can be excluded
* evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
* evolinux-user: add sudoers privilege for check `php_fpm81`
* evomaintenance: allow missing API endpoint if APi is disabled
* java: use default JRE package when version is not specified
* keepalived: change exit code (_warning_ if running but not on expected state ; _critical_ if not running)
* listupgrade: better detection for PostgreSQL
* listupgrade: sort/uniq of packages/services lists in email template
* lxc-solr: detect the real partition options
* lxc-solr: download URL according to Solr Version
* lxc-solr: set homedir and port at install
* minifirewall: whitelist deb.freexian.com
* openvpn: shellpki upstream release 22.12.2
* openvpn: specifies that the mail for expirations is for OpenVPN
* packweb-apache: manual dependencies resolution
* redis: some values should be quoted
* redis: variable to disable transparent hugepage (default: do nothing)
* squid: whitelist `deb.freexian.com`
* varnish: better package facts usage with check mode and tags
* varnish: systemd override depends on Varnish version instead of Debian version
### Fixed
* evolinux-user: Fix sudoers privilege for check `php_fpm80`
* nagios-nrpe: Fix check opendkim for recent change in listening port
* openvpn: Fix mode of shellpki script
* proftpd: Fix format of public key files controlled by Ansible
* proftpd: Fix mode of public key directory and files (they have to be accessible by `proftpd:nobody`)
* varnish: fix missing state, that blocked the task
### Removed
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
## [22.09] 2022-09-19
### Added
* evolinux_users: create only users who have a certain value for the `create` key (default: `always`).
* php: install php-xml with recent PHP versions
* vrrp: add an `ip.yml` task file to help create VRRP addresses
* webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
* memcached: NRPE check for multi-instance setup
* munin: Add ipmi_ plugins on dedicated hardware
* proftpd: Add options to override configs (and add a warning if file was overriden)
* proftpd: Allow user auth with ssh keys
### Changed
* evocheck: upstream release 22.09
* evolinux-base: update-evobackup-canary upstream release 22.06
* generate-ldif: Support any MariaDB version
* minifirewall: use handlers to restart minifirewall
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
* openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
* nagios-nrpe: Upgrade check_mongo
### Fixed
* fail2ban: fix dovecot-evolix regex syntax
* haproxy: make it so that munin doesn't break if there is a non default `haproxy_stats_path`
* mysql: Add missing Munin conf for Debian 11
* redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
* varnish: make `-j <jail_config>` the first argument on jessie/stretch as it has to be the first argument there.
* webapps/nextcloud: Add missing dependencies for imagick
### Removed
* evocheck: remove failure if deprecated variable is used
* webapps/nextcloud: Drop support for Nginx
## [22.07.1] 2022-07-28
### Changed
* evocheck: upstream release 22.07
* evomaintenance: upstream release 22.07
* mongodb: replace version_compare() with version()
* nagios-nrpe: check_disk1 returns only alerts
* nagios-nrpe: use regexp to exclude paths/devices in check_disk1
## [22.07] 2022-07-08
### Added
* fail2ban: Ensure apply dbpurgeage from stretch and buster
## [22.07] 2022-07-06
### Added
* evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
* haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
* kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
* openvpn: configure logrotate
### Changed
* openvpn: minimal rights on /etc/shellpki/ and crl.pem
### Fixed
* evolinux-base: Update PermitRootLogin task to work on Debian 11
* evolinux-user: Update PermitRootLogin task to work on Debian 11
* minifirewall: docker mode is configurable
## [22.06.3] 2022-06-17
### Changed
* evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
## [22.06.2] 2022-06-10
### Added
* postgresql: add variable to configure binding addresses (default: 127.0.0.1)
### Changed
* evocheck: upstream release 22.06.2
* fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* fail2ban: If jail.local was overriden, add a warning
* fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* fail2ban: Allow to tune the default action with ansible
* fail2ban: Change default action to ban only (instead of ban + mail with whois report)
* fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
* redis: binding is possible on multiple interfaces (breaking change)
### Fixed
* Enforce String notation for mode
* postgresql: fix nested loop for Munin plugins
* postgresql: Fix task order when using pgdg repo
* postgresql: Install the right pg version
## [22.06.1] 2022-06-06
### Changed
* evocheck: upstream release 22.06.1
* minifirewall: upstream release 22.06
* mysql: evomariabackup release 22.06.1
* mysql: reorganize evomariabackup to use mtree instead of our own dir-check
## [22.06] 2022-06-03
### Added
* certbot: add hapee (HAProxy Enterprise Edition) deploy hook
* evolinux-base: add dir-check script
* evolinux-base: add update-evobackup-canary script
* mysql: add post-backup-hook to evomariabackup
* mysql: use dir-check inside evomariabackup
### Changed
* docker: Allow "live-restore" to be toggled with docker_conf_live_restore
* evocheck: upstream release 22.06
* evolinux-base: Replacement of variable `evolinux_packages_hardware` by `ansible_virtualization_role == "host"` automatize host type detection and avoids installing smartd & other on VM.
* minifirewall: tail template follows symlinks
* mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner
### Fixed
* Role `postfix`: Add missing `localhost.localdomain localhost` to `mydestination` variable which caused undelivered of some local mails.
## [22.05.1] 2022-05-12
### Added
* docker: Introduce new default settings + allow to change the docker data directory
* docker: Introduce new variables to tweak daemon settings
### Changed
* evocheck: Upstream release 22.05
### Removed
* docker: Removed Debian Jessie support
## [22.05] 2022-05-10
### Added
* etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible
* minifirewall: compatibility with "legacy" version of minifirewall
* minifirewall: configure proxy/backup/sysctl values
* munin: Add possibility to install local plugins, and install dhcp_pool plugin
* nagios-nrpe: Add a check dhcp_pool
* redis: Activate overcommit sysctl
* redis: Add log2mail user to redis group
### Changed
* dump-server-state: upstream release 22.04.3
* evocheck: upstream release 22.04.1
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
* evolinux-base: rename backup-server-state to dump-server-state
* generate-ldif: Add services check for bkctld
* minifirewall: restore "force-restart" and fix "restart-if-needed"
* minifirewall: tail template follows symlinks
* minifirewall: upstream release 22.05
* opendkim : add generate opendkim-genkey in sha256 and key 4096
* openvpn: use a local copy of files instead of cloning an external git repository
* openvpn: use a subnet topology instead of the net30 default topology
* tomcat: Tomcat 9 by default with Debian 11
* vrrpd: Store sysctl values in specific file
### Fixed
* etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
* etc-git: Make evocommit fully compatible with OpenBSD
* generate-ldif: Correct generated entries for php-fpm in containers
* keepalived: repair broken role
* minifirewall: fix `failed_when` condition on restart
* postfix: Do not send mails through milters a second time after amavis (in packmail)
* redis: Remount /usr with RW before adding nagios plugin
## [22.03] 2022-03-02
### Added
* apt: apt_hold_packages: broadcast message with wall, if present
* evolinux-base: option to bypass raid-related tasks
* Explicit permissions for systemd overrides
* generate-ldif: Add support for php-fpm in containers
* kvm-host: add missing default value
* lxc-php: preliminary support for PHP 8.1 container
* openvpn: now check that openvpn has been restarted since last certificates renewal
* redis: always install check_redis_instances
* redis: check_redis_instances tolerates absence of instances
### Changed
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
* evolinux-users: check permissions for /etc/sudoers.d
* evolinux-users: optimize sudo configuration
* lxc: Fail if /var is nosuid
* openvpn: make it compatible with OpenBSD and add some improvements
## [22.01.3] 2022-01-31
### Changed
* rbenv: install Ruby 3.1.0 by default
* evolinux-base: backup-server-state: add "force" mode
### Fixed
* evolinux-base: backup-server-state: fix systemctl invocation
* varnish: update munin plugin to work with recent varnish versions
## [22.01.2] 2022-01-27
### Changed
* evolinux-base: many improvements for backup-server-state script
* remount-usr: use findmnt to find if usr is a readonly partition
## [22.01] 2022-01-25
### Added
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
* apache: new variable for MPM mode (+ updated default config accordingly)
* apache: prevent accessing Git or "env" related files
* certbot: add script for manual deploy hooks execution
* docker-host: install additional dependencies
* dovecot: switch to TLS 1.2+ and external DH params
* etc-git: centralize cron jobs in dedicated crontab
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
* evolinux-base: add script backup-server-state
* evolinux-base: configure top and htop to display the swap column
* evolinux-base: install molly-guard by default
* generate-ldif: detect RAID controller
* generate-ldif: detect mdadm
* listupgrade: crontab is configurable
* logstash: logging to syslog is configurable (default: True)
* mongodb: create munin plugins directory if missing
* munin: systemd override to unprotect home directory
* mysql: add evomariabackup 21.11
* mysql: improve Bullseye compatibility
* mysql: script "mysql_connections" to display a compact list of connections
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
* nagios-nrpe + evolinux-users: new check for ipmi
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
* nagios-nrpe + evolinux-users: new checks for bkctld
* nagios-nrpe: new check influxdb
* openvpn: new role (beta)
* redis: instance service for Debian 11
* squid: add *.o.lencr.org to default whitelist
### Changed
* Change version pattern
* Install python 2 or 3 libraries according to running python version
* Remove embedded GPG keys only if legacy keyring is present
* apt: remove workaround for Evolix public repositories with Debian 11
* apt: upgrade packages after all the configuration is done
* apt: use the new security repository for Bullseye
* certbot: silence letsencrypt deprecation warnings
* elasticsearch: elastic_stack_version = 7.x
* evoacme: exclude renewal-hooks directory from cron
* evoadmin-web: simpler PHP packages lists
* evocheck: upstream release 21.10.4
* evolinux-base: alert5 comes after the network
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
* evolinux-base: install freeipmi by default on dedicated hw
* evolinux-base: logs are rotated with dateext by default
* evolinux-base: split dpkg logrotate configuration
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
* evomaintenance: extract a config.yml tasks file
* evomaintenance: upstream release 22.01
* filebeat/metricbeat: elastic_stack_version = 7.x
* kibana: elastic_stack_version = 7.x
* listupgrade: old-kernel-removal version 21.10
* listupgrade: upstream release 21.06.3
* logstash: elastic_stack_version = 7.x
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
* nodejs: default to version 16 LTS
* php: enforce Debian version with assert instead of fail
* squid: improve default whitelist (more specific patterns)
* squid: must be started in foreground mode for systemd
* squid: remove obsolete variable on Squid 4
### Fixed
* evolinux-base: fix alert5.service dependency syntax
* certbot: sync_remote excludes itself
* lxc-php: fix config for opensmtpd on bullseye containers
* mysql : Create a default ~root/.my.cnf for compatibility reasons
* nginx : fix variable name and debug to actually use nginx-light
* packweb-apache : Support php 8.0
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
### Removed
* evocheck: package install is not supported anymore
* logstash: no more dependency on Java
* php: remove php-gettext for 7.4
## [10.6.0] 2021-06-28
### Added
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
* apache: new variable for mpm mode (+ updated default config accordingly)
* evolinux-base: add default motd template
* kvm-host: add migrate-vm script
* mysql: variable to disable myadd script overwrite (default: True)
* nodejs: update apt cache before installing the package
* squid: add Yarn apt repository in default whitelist
### Changed
* Update Galaxy metadata (company, platforms and galaxy_tags)
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
* Use Ansible syntax used in Ansible 2.8+
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
* certbot: sync_remote.sh is configurable
* evolinux-base: copy GPG key instead of using apt-key
* evomaintenance: upstream release 0.6.4
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
* listupgrade: upstream release 21.06.2
* nodejs: change GPG key name
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
* packweb-apache: install phpMyAdmin from buster-backports
* spamassassin: change dependency on evomaintenance
* squid: remove obsolete variable on Squid 4
### Fixed
* add default (useless) value for file lookup (first_found)
* fix pipefail option for shell invocations
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
* evolinux-base: fix motd lookup path
* ldap: fix edge cases where passwords were not set/get properly
* listupgrade: fix wget error + shellcheck cleanup
### Removed
* elasticsearch: recent versiond don't depend on external JRE
## [10.5.1] 2021-04-13
### Added
@ -37,7 +751,7 @@ The **patch** part changes incrementally at each release.
* apache: new variables for logrotate + server-status
* filebeat: package can be upgraded to latest (default: False)
* haproxy: possible admin access with login/pass
* lxc-php: Add PHP 7.4 support
* lxc-php: Add PHP 7.4 support
* metricbeat: package can be upgraded to latest (default: False)
* metricbeat: new variables to configure SSL mode
* nagios-nrpe: new script check_phpfpm_multi
@ -87,6 +801,7 @@ The **patch** part changes incrementally at each release.
### Added
* bookworm-detect: transitional role to help dealing with unreleased bookworm version
* dovecot: Update munin plugin & configure it
* dovecot: vmail uid/gid are configurable
* evoacme: variable to disable Debian version check (default: False)
@ -110,7 +825,7 @@ The **patch** part changes incrementally at each release.
* tomcat-instance: fail if uid already exists
* varnish: change template name for better readability
* varnish: no threadpool delay by default
* varnish: no custom reload script for Debian 10 and later
* varnish: no custom reload script for Debian 10 and later
### Fixed
@ -198,6 +913,7 @@ The **patch** part changes incrementally at each release.
## [10.0.0] - 2020-05-13
### Added
* apache: the default VHost doesn't redirect to https for ".well-known" paths
* apt: added buster backports prerferences
* apt: check if cron is installed before adding a cron job
@ -234,6 +950,7 @@ The **patch** part changes incrementally at each release.
* bind: enable bind9 munin plugin for recursive resolvers
### Changed
* replace version_compare() with version()s
* removed some deprecations for Ansible 2.7
* apache: improve permissions in save_apache_status script
@ -279,6 +996,7 @@ The **patch** part changes incrementally at each release.
* varnish: remove custom ExecReload= script for Debian 10+
### Fixed
* etc-git: fix warnings ansible-lint
* evoadmin-web: Put the php config at the right place for Buster
* lxc: Don't stop the container if it already exists
@ -301,16 +1019,19 @@ The **patch** part changes incrementally at each release.
* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
### Removed
* clamav : do not install the zoo package anymore
## [9.10.1] - 2019-06-21
### Changed
* evocheck : update (version 19.06) from upstream
## [9.10.0] - 2019-06-21
### Added
* apache: add server status suffix in VHost (and default site) if missing
* apache: add a variable to customize the server-status host
* apt: add a script to manage packages with "hold" mark
@ -321,6 +1042,7 @@ The **patch** part changes incrementally at each release.
* redmine: enable gzip compression in nginx vhost
### Changed
* evocheck : update (unreleased) from upstream
* evomaintenance : use the web API instead of PG Insert
* fluentd: store gpg key locally
@ -333,23 +1055,26 @@ The **patch** part changes incrementally at each release.
* apt: Add Debian Buster repositories
### Fixed
* rbenv: add check_mode for check rbenv and ruby versions
* nagios-nrpe: fix redis_instances check when Redis port equal 0
* redmine: fix 500 error on logging
* evolinux-base: Validate sshd config with "-t" instead of "-T"
* evolinux-base: Ensure rename is present
* evolinux-users: Validate sshd config with "-t" instead of "-T"
* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
* nagios-nrpe: Replace the dummy packages nagios-plugins-*with monitoring-plugins-*
## [9.9.0] - 2019-04-16
### Added
* etc-git: ignore evobackup/.keep-* files
* lxc: /home is mounted in the container by default
* nginx : add "x-frame-options: sameorigin" for Munin
### Changed
* changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
* changed remote repository to <https://gitea.evolix.org/evolix/ansible-roles>
* apt: Ensure jessie-backport from archives.debian.org is accepted
* apt: Remove jessie-update suite as it's no longer exists
* apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
@ -362,8 +1087,8 @@ The **patch** part changes incrementally at each release.
* tomcat: better tomcat version management
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
### Fixed
* spamassasin: fix sa-update.sh and ensure service is started and enabled
* tomcat-instance: deploy correct version of config files
* tomcat-instance: deploy correct version of server.xml
@ -371,20 +1096,24 @@ The **patch** part changes incrementally at each release.
## [9.8.0] - 2019-01-31
### Added
* filebeat: disable cloud_metadata processor by default
* metricbeat: disable cloud_metadata processor by default
* percona : new role to install Percona repositories and tools
* redis: add variable for configure unixsocketperm
### Changed
* redmine: refactoring of redmine role with use of rbenv
### Fixed
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
## [9.7.0] - 2019-01-17
### Added
* apache: add Munin configuration for Apache server-status URL
* evomaintenance: database variables must be set or the task fails
* fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml
@ -397,6 +1126,7 @@ The **patch** part changes incrementally at each release.
* proftpd: add FTPS and SFTP support
### Changed
* redis: distinction between main and master password
* evocheck: update evocheck.sh for source install
* php: added php-zip in the installed package list for debian 9 (and later)
@ -404,6 +1134,7 @@ The **patch** part changes incrementally at each release.
* java: update Oracle java package to 8u192
### Fixed
* fail2ban: fix "ignoreip" update
* metricbeat: fix username/password replacement
* nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
@ -412,16 +1143,17 @@ The **patch** part changes incrementally at each release.
* redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
* redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
## [9.6.0] - 2018-12-04
### Added
* evolinux-base: deploy custom motd if template are present
* minifirewall: all variables are configurable (untouched by default)
* minifirewall: main file is configurable
* squid: minifirewall main file is configurable
### Changed
* minifirewall: compare config before/after (for restart condition)
* squid: better replacement in minifirewall config
* evoadmin-mail: complete refactoring, use Debian Package
@ -429,6 +1161,7 @@ The **patch** part changes incrementally at each release.
## [9.5.0] - 2018-11-14
### Added
* apache: separate task to update IP whitelist
* evolinux-base: install man package
* evolinux-users: add newaliases handler
@ -442,11 +1175,13 @@ The **patch** part changes incrementally at each release.
* mysql: logdir can be customized
### Changed
* evocheck: update script from upstream
* evomaintenance: update script from upstream
* mysql: restart service if systemd unit has been patched
### Fixed
* packweb-apache: mod-security config is already included elsewhere
* redis: for permissions on log and lib directories
* redis: fix shell for instance users
@ -455,13 +1190,16 @@ The **patch** part changes incrementally at each release.
## [9.4.2] - 2018-10-12
### Added
* evomaintenance: install dependencies manually when installing vendored version
* nagios-nrpe: add an option to ignore servers in NOLB status
### Changed
* haproxy: move check_haproxy_stats to nagios-nrpe role
### Fixed
* evoacme: better error when apache2ctl fails
* evomaintenance: fix role compatibility with OpenBSD
* spamassassin: add missing right for amavis
@ -470,16 +1208,19 @@ The **patch** part changes incrementally at each release.
## [9.4.1] - 2018-09-28
### Added
* redis: set masterauth when redis_password is defined
* evomaintenance: variable to install a vendored version
* evomaintenance: tasks/variables to handle minifirewall restarts
### Changed
* mysql-oracle: better handle packages and users
## [9.4.0] - 2018-09-20
### Added
* etc-git: manage a cron job to monitor uncommited changes in /etc/.git (default: `True`)
* evolinux-base: better shell history
* evolinux-users: add user to /etc/aliases
@ -494,9 +1235,11 @@ The **patch** part changes incrementally at each release.
* nagios-nrpe: add check_redis_instances
### Changed
* dovecot: stronger TLS configuration
### Fixed
* apache: cleaner way to overwrite the server status suffix
* packweb-apache: don't regenerate phpMyAdmin suffix each time
* nginx: cleaner way to overwrite the server status suffix
@ -505,11 +1248,13 @@ The **patch** part changes incrementally at each release.
## [9.3.2] - 2018-09-06
### Added
* minifirewall: add a variable to disable the restart handler
* minifirewall: add a variable to force a restart of the firewall (even with no change)
* minifirewall: improve variables values and documentation
### Changed
* dovecot: enable SSL/TLS by default with snakeoil certificate
### Fixed
@ -519,11 +1264,13 @@ The **patch** part changes incrementally at each release.
## [9.3.1] - 2018-08-30
### Added
* metricbeat: new variables to configure elasticsearch hosts and auth
## [9.3.0] - 2018-08-24
### Added
* elasticsearch: tmpdir configuration compatible with 5.x also
* elasticsearch: add http.publish_host variable
* evoacme: disable old certbot cron also in cron.daily
@ -544,6 +1291,7 @@ The **patch** part changes incrementally at each release.
* nagios-nrpe: add check_postgrey
### Changed
* etc-git: some entries of .gitignore are mandatory
* evocheck: update upstream script
* evolinux-base: improve hostname configuration (real vs. internal)
@ -562,6 +1310,7 @@ The **patch** part changes incrementally at each release.
* kvm-host: install kvm-tools package instead of copying add-vm.sh
### Fixed
* apache: logrotate replacement is more subtle/precise. It replaces only the proper directive and not every occurence of the word.
* bind: chroot-bind.sh must not be executed in check mode
* evoacme: fix module detection in apache config
@ -573,12 +1322,14 @@ The **patch** part changes incrementally at each release.
## [9.2.0] - 2018-05-16
### Changed
* filebeat: install version 6.x by default
* filebeat: cleanup unused code
* squid: add some domaine and fix broken restrictions
* elasticsearch: defaults to version 6.x
### Fixed
* evolinux-users: secondary groups are comma-separated
* ntpd: fix configuration (server and ACL)
* varnish: don't fork the process on startup with systemd
@ -588,6 +1339,7 @@ The **patch** part changes incrementally at each release.
### Added
### Changed
* apache: customize logrotate (52 weeks)
* evolinux: groups for SSH configuration are used with Debian 10 and later
* evolinux-base: fail2ban is not enabled by default
@ -599,9 +1351,11 @@ The **patch** part changes incrementally at each release.
## [9.1.8] - 2018-04-16
### Changed
* packweb-apache: use dependencies instead of include_role for apache and php roles
### Fixed
* mysql: use check_mode for apg command (Fix --check)
* mysql/mysql-oracle: properly reload systemd
* packweb-apache: use check_mode for apg command (Fix --check)
@ -609,6 +1363,7 @@ The **patch** part changes incrementally at each release.
## [9.1.7] - 2018-04-06
### Added
* added a few become attributes where missing
* etc-git: add tags for Ansible
* evolinux-base: install ncurses-term package
@ -626,6 +1381,7 @@ The **patch** part changes incrementally at each release.
* redmine: added missing tags
### Changed
* elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`)
* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`).
* evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues)
@ -641,6 +1397,7 @@ The **patch** part changes incrementally at each release.
* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined
### Fixed
* dovecot: fix support of plus sign
* mysql/mysql-oracle: mysqltuner cron task is executable
* nginx: fix basic auth for default vhost
@ -649,21 +1406,25 @@ The **patch** part changes incrementally at each release.
## [9.1.6] - 2018-02-02
### Added
* mongodb: install python-pymongo for monitoring
* nagios-nrpe: allowed_hosts can be updated
### Changed
* Changelog: explain the versioning scheme
* Changelog: add a release date for 9.1.5
* evoacme: exclude typical certbot directories
### Fixed
* fail2ban: fix horrible typo, Python is not Ruby
* nginx: fix servers status dirname
## [9.1.5] - 2018-01-18
### Added
* There is a changelog!
* redis: configuration variable for protected mode (v3.2+)
* evolinux-users: users are in "adm" group for Debian 9 or later
@ -675,41 +1436,49 @@ The **patch** part changes incrementally at each release.
* redmine: ability to install themes and plugins
### Changed
* rbenv: Ruby 2.5 becomes the default version
* evocheck: update upstream version embedded in role (c993244)
* bind: keep 52 weeks of logs
### Fixed
* squid: different logrotate file for Jessie or Stretch+
* evoacme: don't invoke evoacme if no vhost is found
* evomaintenance: explicit quotes in config file
* redmine: force xpath gem < 3.0.0
### Security
* evomaintenance: fix permissions for config file
## [9.1.4] - 2017-12-20
### Added
* php: install php5-intl (for Jessie) and php-intl (for Debian 9 or later)
* mysql: add a check_mysql_slave in nrpe configuration
* ldap: slapd tcp port is configurable
* elasticsearch: broader patterns for log rotation
### Changed
* split IP lists in 2 default and additional for easier customization.
### Fixed
* minifirewall: allow outgoing SSH connections over IPv6
* nodejs: rename source.list file
### Security
* evoadmin-web: change config.local.php file permissions
* evolinux-base: change default_www file permissions
## [9.1.3] 2017-12-08
### Added
* evolinux-base: install traceroute package
* evolinux-base/ntpd: purge openntpd
* tomcat: add Tomcat 8 cmpatibility
@ -721,6 +1490,7 @@ The **patch** part changes incrementally at each release.
* elastic: option for stack main version
### Changed
* nginx: rename Let's Encrypt snippet
* nginx: simpler apt preferences for backports
* generate-ldif: add clamd service instead of clamav_db
@ -732,10 +1502,12 @@ The **patch** part changes incrementally at each release.
* mongodb: comatible with Stretch
### Removed
* mongodb: logfile/pidfile are not configurable on Jessie
* minifirewall: remove zidane.evolix.net from HTTPSITES
### Fixed
* nginx: fix munin CGI graphs
* ntpd: fix default configuration (localhost only)
* logstash: fix permissions on pipeline configuration
@ -746,14 +1518,17 @@ The **patch** part changes incrementally at each release.
## [9.1.2] 2017-12-05
### Fixed
* listupgrade: remount /usr as rw
## [9.1.1] 2017-11-21
### Added
* amazon-ec2: add egress rules
### Fixed
* evoacme: fix multiple bugs
## [9.1.0] 2017-11-19
@ -761,6 +1536,7 @@ The **patch** part changes incrementally at each release.
_Warning: huge release, many entries are missing below._
### Added
* amazon-ec2: new role, for EC2 instances creation
* Move /usr rw remount into remount-usr role
* kibana: host and basepath configuration
@ -771,6 +1547,7 @@ _Warning: huge release, many entries are missing below._
* nagios-nrpe: add opendkim check
### Changed
* Combine evolix and additional trusted IP addresses
* amazon-ec2: split tasks
* apt: don't upgrade by default
@ -781,6 +1558,7 @@ _Warning: huge release, many entries are missing below._
* ldap: better variables
### Fixed
* fail2ban: create config hierarchy beforehand
* elasticsearch: fix datadir/tmpdir conditions
* elastic: remove double ".list" suffix
@ -791,10 +1569,10 @@ _Warning: huge release, many entries are missing below._
### Security
## [9.0.1] 2017-10-02
### Added
* haproxy: add a Nagios check
* php: add "sury" mode for PHP 7.1 on Stretch
* minifirewall: explicit dependency on iptables
@ -802,9 +1580,11 @@ _Warning: huge release, many entries are missing below._
* docker-host: new variable for docker home
### Changed
* php: install php5/php package after fpm/libapache2-mod-php
### Fixed
* mysql: add "REPLICATION CLIENT" privilege for nrpe
* evoadmin-web: revert from variables to keywords in the templates
* evoacme: many fixes

5
amavis/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
ldap_hostname: "{{ ansible_hostname }}"
ldap_domain: "{{ ansible_domain }}"
ldap_suffix: "dc={{ ldap_hostname }},dc={{ ldap_domain.split('.')[-2] }},dc={{ ldap_domain.split('.')[-1] }}"

View File

@ -0,0 +1,2 @@
#!/bin/bash
find /var/lib/amavis/virusmails/ -type f -mtime +30 -delete

View File

@ -1,5 +1,5 @@
---
- name: restart amavis
service:
ansible.builtin.service:
name: amavis
state: restarted

View File

@ -1,18 +1,27 @@
---
- name: install Amavis
apt:
ansible.builtin.apt:
name:
- postgrey
- amavisd-new
state: present
tags:
- amavis
- amavis
- name: configure Amavis
template:
ansible.builtin.template:
src: amavis.conf.j2
dest: /etc/amavis/conf.d/49-evolinux-defaults
mode: "0644"
notify: restart amavis
tags:
- amavis
- amavis
- name: Install purge custom cron
ansible.builtin.copy:
src: amavis_purge_virusmails
dest: /etc/cron.daily/amavis_purge_virusmails
mode: "0755"
tags:
- amavis
- amavis_purge_cron

View File

@ -44,7 +44,7 @@ $max_servers = 2;
$enable_ldap = 1;
$default_ldap = {
hostname => '127.0.0.1', tls => 0,
base => '{{ ldap_suffix }}', scope => 'sub',
base => '{{ ldap_suffix | mandatory }}', scope => 'sub',
query_filter => '(&(mailacceptinggeneralid=%m)(isActive=TRUE))'
};

View File

@ -9,16 +9,16 @@
aws_region: ca-central-1
tasks:
- include_role:
- ansible.builtin.include_role:
name: evolix/amazon-ec2
tasks_from: setup.yml
- include_role:
- ansible.builtin.include_role:
name: evolix/amazon-ec2
tasks_from: create-instance.yml
- name: Install Evolinux
hosts: launched-instances
become: yes
become: true
vars_files:
- 'vars/secrets.yml'
@ -51,7 +51,7 @@
- mysql
post_tasks:
- include_role:
- ansible.builtin.include_role:
name: evolix/etc-git
tasks_from: commit.yml
vars:

View File

@ -1,36 +1,36 @@
---
- name: Launch new instance(s)
ec2:
amazon.aws.ec2:
state: present
aws_access_key: "{{aws_access_key}}"
aws_secret_key: "{{aws_secret_key}}"
region: "{{aws_region}}"
image: "{{ec2_base_ami}}"
instance_type: "{{ec2_instance_type}}"
count: "{{ec2_instance_count}}"
assign_public_ip: "{{ec2_public_ip}}"
group: "{{ec2_security_group.name}}"
key_name: "{{ec2_keyname}}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
image: "{{ ec2_base_ami }}"
instance_type: "{{ ec2_instance_type }}"
count: "{{ ec2_instance_count }}"
assign_public_ip: "{{ ec2_public_ip }}"
group: "{{ ec2_security_group.name }}"
key_name: "{{ ec2_keyname }}"
wait: yes
register: ec2
- name: Add newly created instance(s) to inventory
add_host:
hostname: "{{item.public_dns_name}}"
ansible.builtin.add_host:
hostname: "{{ item.public_dns_name }}"
groupname: launched-instances
ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
with_items: "{{ec2.instances}}"
loop: "{{ ec2.instances }}"
- debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
with_items: "{{ec2.instances}}"
- ansible.builtin.debug:
msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
loop: "{{ ec2.instances }}"
- name: Wait for SSH to come up on all instances (give up after 2m)
wait_for:
ansible.builtin.wait_for:
state: started
host: "{{item.public_dns_name}}"
host: "{{ item.public_dns_name }}"
port: 22
timeout: 120
with_items: "{{ec2.instances}}"
loop: "{{ ec2.instances }}"

View File

@ -1,5 +1,5 @@
---
- name: Remove admin user
user:
ansible.builtin.user:
name: admin
state: absent

View File

@ -1,7 +1,7 @@
---
- name: Create default security group
ec2_group:
amazon.aws.ec2_group:
name: "{{ ec2_security_group.name }}"
state: present
aws_access_key: "{{ aws_access_key }}"
@ -12,7 +12,7 @@
rules_egress: "{{ ec2_security_group.rules_egress }}"
- name: Create key pair
ec2_key:
amazon.aws.ec2_key:
name: "{{ ec2_keyname }}"
state: present
aws_access_key: "{{ aws_access_key }}"

View File

@ -23,3 +23,5 @@ log2mail_alert_email: Null
apache_logrotate_frequency: daily
apache_logrotate_rotate: 365
apache_mpm: "itk"

View File

@ -24,3 +24,6 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
#<FilesMatch ".(eot|ttf|otf|woff)">
# Header set Access-Control-Allow-Origin "*"
#</FilesMatch>
# you need disable EnableCapabilities to use data on NFS mounts
#EnableCapabilities off

View File

@ -3,41 +3,65 @@ Timeout 10
KeepAliveTimeout 2
MaxKeepAliveRequests 10
#MaxClients 250
MaxRequestWorkers 250
ServerLimit 250
StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
<Directory /home/>
AllowOverride None
Require all granted
# "Require not env XXX" is not supported :(
Deny from env=GoAway
</Directory>
<IfModule mod_ssl.c>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
<IfModule mpm_prefork_module>
MaxRequestWorkers 250
ServerLimit 250
StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxConnectionsPerChild 100
</IfModule>
<Files ~ "\.(inc|bak)$">
Require all denied
</Files>
<IfModule mod_status.c>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 100
</IfModule>
<IfModule mpm_itk.c>
<IfModule mpm_itk_module>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<IfModule ssl_module>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<IfModule status_module>
ExtendedStatus On
<IfModule proxy_module>
ProxyStatus On
</IfModule>
</IfModule>
# Go away bad bots (define "bad bots" in zzz-evolinux-custom.conf)
<If "reqenv('GoAway') -eq 1">
Require all denied
</If>
<DirectoryMatch "/\.git">
# We don't want to let the client know a file exist on the server,
# so we return 404 "Not found" instead of 403 "Forbidden".
Redirect 404 "-"
</DirectoryMatch>
# File names starting with
<FilesMatch "^\.(git|env)">
Redirect 404 "-"
</FilesMatch>
# File names ending with
<FilesMatch "\.(inc|bak)$">
Redirect 404 "-"
</FilesMatch>
<LocationMatch "^/evolinux_fpm_status-.*">
Require all denied
</LocationMatch>

View File

@ -4,7 +4,7 @@ set -e
DIR="/var/log/apache-status"
URL="http://127.0.0.1/server-status"
TS=`date +%Y%m%d%H%M%S`
TS=$(date +%Y%m%d%H%M%S)
FILE="${DIR}/${TS}.html"
if [ ! -d "${DIR}" ]; then

View File

@ -1,15 +1,15 @@
---
- name: restart apache
service:
ansible.builtin.service:
name: apache2
state: restarted
- name: reload apache
service:
ansible.builtin.service:
name: apache2
state: reloaded
- name: restart munin-node
service:
ansible.builtin.service:
name: munin-node
state: restarted

View File

@ -1,18 +1,24 @@
---
galaxy_info:
author: Evolix
company: Evolix
description: Installation and basic configuration of Apache
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
license: GPLv2
min_ansible_version: 2.2
min_ansible_version: "2.2"
platforms:
- name: Debian
versions:
- jessie
- stretch
- name: Debian
versions:
- jessie
- stretch
- buster
galaxy_tags: []
# Be sure to remove the '[]' above if you add dependencies
# to this list.
dependencies: []
# List your role dependencies here, one per line.

View File

@ -1,21 +1,21 @@
---
- name: Init ipaddr_whitelist.conf file
copy:
ansible.builtin.copy:
src: ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
owner: root
group: root
mode: "0640"
force: no
force: false
tags:
- apache
- name: Load IP whitelist task
include: ip_whitelist.yml
ansible.builtin.import_tasks: ip_whitelist.yml
- name: include private IP whitelist for server-status
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/mods-available/status.conf
line: " include /etc/apache2/ipaddr_whitelist.conf"
insertafter: 'SetHandler server-status'
@ -24,33 +24,33 @@
- apache
- name: Copy private_htpasswd
copy:
ansible.builtin.copy:
src: private_htpasswd
dest: /etc/apache2/private_htpasswd
owner: root
group: root
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: add user:pwd to private htpasswd
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ apache_private_htpasswd_present }}"
loop: "{{ apache_private_htpasswd_present }}"
notify: reload apache
tags:
- apache
- name: remove user:pwd from private htpasswd
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ apache_private_htpasswd_absent }}"
loop: "{{ apache_private_htpasswd_absent }}"
notify: reload apache
tags:
- apache

View File

@ -1,22 +1,23 @@
---
- name: add IP addresses to private IP whitelist
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
with_items: "{{ apache_ipaddr_whitelist_present }}"
create: yes
loop: "{{ apache_ipaddr_whitelist_present }}"
notify: reload apache
tags:
- apache
- ips
- name: remove IP addresses from private IP whitelist
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent
with_items: "{{ apache_ipaddr_whitelist_absent }}"
loop: "{{ apache_ipaddr_whitelist_absent }}"
notify: reload apache
tags:
- apache

View File

@ -1,19 +1,19 @@
---
- name: log2mail is installed
apt:
ansible.builtin.apt:
name: log2mail
state: present
tags:
- apache
- name: Add log2mail config for Apache segfaults
template:
ansible.builtin.template:
src: log2mail-apache.j2
dest: "/etc/log2mail/config/apache"
owner: log2mail
group: adm
mode: "0644"
force: no
force: false
tags:
- apache

View File

@ -1,10 +1,9 @@
---
- name: packages are installed (Debian 9 or later)
apt:
ansible.builtin.apt:
name:
- apache2
- libapache2-mpm-itk
- libapache2-mod-evasive
- apachetop
- libwww-perl
@ -14,8 +13,20 @@
- packages
when: ansible_distribution_major_version is version('9', '>=')
- name: itk package is installed if required (Debian 9 or later)
ansible.builtin.apt:
name:
- libapache2-mpm-itk
state: present
tags:
- apache
- packages
when:
- ansible_distribution_major_version is version('9', '>=')
- apache_mpm == "itk"
- name: packages are installed (jessie)
apt:
ansible.builtin.apt:
name:
- apache2-mpm-itk
- libapache2-mod-evasive
@ -28,14 +39,13 @@
when: ansible_distribution_release == "jessie"
- name: basic modules are enabled
apache2_module:
community.general.apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- rewrite
- expires
- headers
- cgi
- ssl
- include
- negotiation
@ -44,32 +54,44 @@
tags:
- apache
- name: basic modules are enabled
community.general.apache2_module:
name: '{{ item }}'
state: present
loop:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
tags:
- apache
- name: Copy Apache defaults config file
copy:
ansible.builtin.copy:
src: evolinux-defaults.conf
dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
owner: root
group: root
mode: "0640"
force: yes
force: true
notify: reload apache
tags:
- apache
- name: Copy Apache custom config file
copy:
ansible.builtin.copy:
src: evolinux-custom.conf
dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
owner: root
group: root
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: disable status.conf
file:
ansible.builtin.file:
dest: /etc/apache2/mods-enabled/status.conf
state: absent
notify: reload apache
@ -77,47 +99,49 @@
- apache
- name: Ensure Apache config files are enabled
command: "a2enconf {{ item }}"
ansible.builtin.command:
cmd: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- z-evolinux-defaults.conf
- zzz-evolinux-custom.conf
notify: reload apache
tags:
- apache
- include: auth.yml
- ansible.builtin.include: auth.yml
tags:
- apache
- name: default vhost is installed
template:
ansible.builtin.template:
src: evolinux-default.conf.j2
dest: /etc/apache2/sites-available/000-evolinux-default.conf
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: default vhost is enabled
file:
ansible.builtin.file:
src: /etc/apache2/sites-available/000-evolinux-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf
state: link
force: yes
force: true
notify: reload apache
when: apache_evolinux_default_enabled
when: apache_evolinux_default_enabled | bool
tags:
- apache
- include: server_status.yml
- ansible.builtin.include: server_status.yml
tags:
- apache
- name: is umask already present?
command: "grep -E '^umask ' /etc/apache2/envvars"
ansible.builtin.command:
cmd: "grep -E '^umask ' /etc/apache2/envvars"
failed_when: False
changed_when: False
register: envvar_grep_umask
@ -126,7 +150,7 @@
- apache
- name: Add a mark in envvars for umask
blockinfile:
ansible.builtin.blockinfile:
dest: /etc/apache2/envvars
marker: "## {mark} ANSIBLE MANAGED BLOCK"
block: |
@ -137,13 +161,13 @@
tags:
- apache
- include_role:
- ansible.builtin.include_role:
name: evolix/remount-usr
tags:
- apache
- name: /usr/share/scripts exists
file:
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
@ -153,16 +177,16 @@
- apache
- name: "Install save_apache_status.sh"
copy:
ansible.builtin.copy:
src: save_apache_status.sh
dest: /usr/share/scripts/save_apache_status.sh
mode: "0755"
force: no
force: false
tags:
- apache
- name: "logrotate: {{ apache_logrotate_frequency }}"
replace:
ansible.builtin.replace:
dest: /etc/logrotate.d/apache2
regexp: "(daily|weekly|monthly)"
replace: "{{ apache_logrotate_frequency }}"
@ -170,19 +194,19 @@
- apache
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
replace:
ansible.builtin.replace:
dest: /etc/logrotate.d/apache2
regexp: '^(\s+rotate) \d+$'
replace: '\1 {{ apache_logrotate_rotate }}'
tags:
- apache
- include: log2mail.yml
- ansible.builtin.include: log2mail.yml
when: apache_log2mail_include
tags:
- apache
- include: munin.yml
when: apache_munin_include
- ansible.builtin.include: munin.yml
when: apache_munin_include | bool
tags:
- apache

View File

@ -1,7 +1,7 @@
---
- name: "Install munin-node and core plugins packages"
apt:
ansible.builtin.apt:
name:
- munin-node
- munin-plugins-core
@ -11,11 +11,11 @@
- munin
- name: "Enable Munin plugins"
file:
ansible.builtin.file:
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- apache_accesses
- apache_processes
- apache_volume
@ -25,7 +25,7 @@
- munin
- name: "Install fcgi packages for Munin graphs"
apt:
ansible.builtin.apt:
name:
- libapache2-mod-fcgid
- libcgi-fast-perl
@ -36,7 +36,8 @@
- munin
- name: "Enable libapache2-mod-fcgid"
command: a2enmod fcgid
ansible.builtin.command:
cmd: a2enmod fcgid
register: cmd_enable_fcgid
changed_when: "'Module fcgid already enabled' not in cmd_enable_fcgid.stdout"
notify: restart apache
@ -45,7 +46,7 @@
- munin
- name: "Apache has access to /var/log/munin/"
file:
ansible.builtin.file:
path: /var/log/munin/
group: www-data
tags:

View File

@ -1,7 +1,7 @@
---
- name: server status dirname exists
file:
ansible.builtin.file:
dest: "{{ apache_serverstatus_suffix_file | dirname }}"
mode: "0700"
owner: root
@ -9,61 +9,71 @@
state: directory
- name: set apache serverstatus suffix if provided
copy:
ansible.builtin.copy:
dest: "{{ apache_serverstatus_suffix_file }}"
# The last character "\u000A" is a line feed (LF), it's better to keep it
content: "{{ apache_serverstatus_suffix }}\u000A"
force: yes
when: apache_serverstatus_suffix != ""
force: true
when: apache_serverstatus_suffix | length > 0
- name: generate random string for server-status suffix
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
ansible.builtin.shell:
cmd: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
args:
creates: "{{ apache_serverstatus_suffix_file }}"
- name: read apache server status suffix
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
ansible.builtin.command:
cmd: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
changed_when: False
check_mode: no
register: new_apache_serverstatus_suffix
- name: overwrite apache_serverstatus_suffix
set_fact:
ansible.builtin.set_fact:
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
- debug:
- ansible.builtin.debug:
var: apache_serverstatus_suffix
verbosity: 1
- name: replace server-status suffix in default site index
replace:
ansible.builtin.replace:
dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}"
- name: add server-status suffix in default site index if missing
replace:
ansible.builtin.replace:
dest: /var/www/index.html
regexp: '"/server-status-?"'
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
- name: add server-status suffix in default VHost
replace:
ansible.builtin.replace:
dest: /etc/apache2/sites-available/000-evolinux-default.conf
regexp: '<Location /server-status-?>'
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
notify: reload apache
- name: Munin configuration has a section for apache
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]"
create: no
- name: apache-status URL is configured for Munin
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "env.url http://{{ apache_serverstatus_host }}/server-status-{{ apache_serverstatus_suffix }}?auto"
regexp: 'env.url http://[^\\/]+/server-status'
insertafter: "[apache_*]"
create: no
notify: restart munin-node
- name: add mailgraph URL in index.html
ansible.builtin.lineinfile:
dest: /var/www/index.html
state: present
line: ' <li><a href="/mailgraph">Stats Mail</a></li>'
insertbefore: "</ul>"

View File

@ -35,6 +35,15 @@
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# Mailgraph configuration
Alias /mailgraph /usr/share/mailgraph
<Directory /usr/share/mailgraph>
DirectoryIndex mailgraph.cgi
Require all granted
Options +FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
CustomLog /var/log/apache2/access.log vhost_combined
ErrorLog /var/log/apache2/error.log
LogLevel warn
@ -118,6 +127,15 @@
Include /etc/apache2/ipaddr_whitelist.conf
</Location>
# Mailgraph configuration
Alias /mailgraph /usr/share/mailgraph
<Directory /usr/share/mailgraph>
DirectoryIndex mailgraph.cgi
Require all granted
Options +FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
# BEGIN phpMyAdmin section
# END phpMyAdmin section

View File

@ -8,10 +8,13 @@ apt_upgrade: False
apt_install_basics: True
apt_basics_components: "main"
# With Debian 12+ and the deb822 format of source files
# backports are always installed but enabled according to `apt_install_backports`
apt_install_backports: False
apt_backports_components: "main"
apt_install_evolix_public: True
apt_install_extended_lts: False
apt_clean_gandi_sourceslist: False
@ -25,3 +28,5 @@ apt_check_hold_cron_hour: "*/4"
apt_check_hold_cron_weekday: "*"
apt_check_hold_cron_day: "*"
apt_check_hold_cron_month: "*"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=buster-backports
Pin-Priority: 50

View File

@ -21,7 +21,12 @@ if [ -f ${config_file} ]; then
if [ -n "${package}" ]; then
if is_installed ${package} && ! is_held ${package}; then
apt-mark hold ${package}
>&2 echo "Package \`${package}' has been marked \`hold'."
msg="Package \`${package}' has been marked \`hold'."
>&2 echo "${msg}"
wall_bin=$(command -v wall)
if [ -n "${wall_bin}" ]; then
"${wall_bin}" --timeout 5 "${msg}"
fi
return_code=1
fi
fi

168
apt/files/deb822-migration.py Executable file
View File

@ -0,0 +1,168 @@
#!/usr/bin/env python3
##########
# This script takes a multi-lines input of "oneliner-style" APT sources definitions.
# It converts them into "deb822-style" sources.
# Each generated file will have only one stanza, possibly with multiple Types/Suites/Components
##########
import re
import sys
import os
import select
import apt
import apt_pkg
# Order matters !
destinations = {
"debian-security": "security.sources",
".*-backports": "backports.sources",
".debian.org": "system.sources",
"mirror.evolix.org": "system.sources",
"ftp.evolix.org": "system.sources",
"pub.evolix.net": "evolix_public_old.sources.bak",
"pub.evolix.org": "evolix_public.sources",
"artifacts.elastic.co": "elastic.sources",
"download.docker.com": "docker.sources",
"downloads.linux.hpe.com": "hp.sources",
"pkg.jenkins-ci.org": "jenkins.sources",
"packages.sury.org": "sury.sources",
"repo.mongodb.org": "mongodb.sources",
"apt.newrelic.com": "newrelic.sources",
"deb.nodesource.com": "nodesource.sources",
"dl.yarnpkg.com": "yarn.sources",
"apt.postgresql.org": "postgresql.sources",
"packages.microsoft.com/repos/vscode": "microsoft-vscode.sources",
"packages.microsoft.com/repos/ms-teams": "microsoft-teams.sources",
"updates.signal.org": "signal.sources",
"downloads.1password.com/linux/debian": "1password.sources",
"download.virtualbox.org": "virtualbox.sources"
}
sources_parts = apt_pkg.config.find_dir('Dir::Etc::sourceparts')
def split_options(raw):
table = str.maketrans({
"[": None,
"]": None
})
options = raw.translate(table).split(' ')
return options
def auto_destination(uri):
basename = uri
basename = re.sub('\[[^\]]+\]', '', basename)
basename = re.sub('\w+://', '', basename)
basename = '_'.join(re.sub('[^a-zA-Z0-9]', ' ', basename).split())
return '%s.sources' % basename
def destination(matches):
for search_str in destinations.keys():
search_pattern = re.compile(f'{search_str}(/|\s|$)')
if re.search(search_pattern, matches['uri']) or re.search(search_pattern, matches["suite"]):
return destinations[search_str]
# fallback if nothing matches
return auto_destination(matches['uri'])
def prepare_sources(lines):
sources = {}
pattern = re.compile('^(?: *(?P<type>deb|deb-src)) +(?P<options>\[.+\] ?)*(?P<uri>\w+:\/\/\S+) +(?P<suite>\S+)(?: +(?P<components>.*))?$')
for line in lines:
matches = re.match(pattern, line)
if matches is not None:
dest = destination(matches)
options = {}
if matches.group('options'):
for option in split_options(matches['options']):
if "=" in option:
key, value = option.split("=")
options[key] = value
### WARNING ###
# if there are multiple lines with different URIS for a given destination (eg. "system")
# each one will overwrite the previous one
# and the last evaluated will be what remains.
if dest in sources:
sources[dest]["Types"].add(matches["type"])
sources[dest]["URIs"] = matches["uri"]
sources[dest]["Suites"].add(matches["suite"])
sources[dest]["Components"].update(matches["components"].split(' '))
else:
source = {
"Types": {matches['type']},
"URIs": matches['uri'],
"Enabled": "yes",
}
if matches.group('suite'):
source["Suites"] = set(matches['suite'].split(' '))
if matches.group('components'):
source["Components"] = set(matches['components'].split(' '))
if "arch" in options:
if "Architectures" in source:
source["Architectures"].append(options["arch"])
else:
source["Architectures"] = {options["arch"]}
if "signed-by" in options:
if "Signed-by" in source:
source["Signed-by"].append(options["signed-by"])
else:
source["Signed-by"] = {options["signed-by"]}
if "lang" in options:
if "Languages" in source:
source["Languages"].append(options["lang"])
else:
source["Languages"] = {options["lang"]}
if "target" in options:
if "Targets" in source:
source["Targets"].append(options["target"])
else:
source["Targets"] = {options["target"]}
sources[dest] = source
return sources
def save_sources(sources, output_dir):
# print(output_dir)
# print(sources)
for dest, source in sources.items():
source_path = output_dir + dest
with open(source_path, 'w') as file:
for key, value in source.items():
if isinstance(value, str):
file.write("{}: {}\n".format(key, value))
else:
file.write("{}: {}\n".format(key, ' '.join(value)))
def main():
if select.select([sys.stdin, ], [], [], 0.0)[0]:
sources = prepare_sources(sys.stdin)
# elif len(sys.argv) > 1:
# sources = prepare_sources([sys.argv[1]])
else:
print("You must provide source lines to stdin", file=sys.stderr)
sys.exit(1)
output_dir = apt_pkg.config.find_dir('Dir::Etc::sourceparts')
save_sources(sources, output_dir)
if __name__ == "__main__":
main()
sys.exit(0)

55
apt/files/deb822-migration.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
##########
# This script changes all "one-line" APT sources into "deb822" sources.
# It is responsible for searching and processing the files.
# The actual format migration is done by a python script.
##########
deb822_migrate_script=$(command -v deb822-migration.py)
if [ -z "${deb822_migrate_script}" ]; then
deb822_migrate_script="$(dirname "$0")/deb822-migration.py"
fi
if [ ! -x "${deb822_migrate_script}" ]; then
>&2 echo "ERROR: '${deb822_migrate_script}' not found or not executable"
exit 1
fi
sources_from_file() {
grep --extended-regexp "^\s*(deb|deb-src) " $1
}
rc=0
count=0
if [ -f /etc/apt/sources.list ]; then
sources_from_file /etc/apt/sources.list | ${deb822_migrate_script}
python_rc=$?
if [ ${python_rc} -eq 0 ]; then
mv /etc/apt/sources.list /etc/apt/sources.list.bak
echo "OK: /etc/apt/sources.list"
count=$(( count + 1 ))
else
>&2 echo "ERROR: failed migration for /etc/apt/sources.list"
rc=1
fi
fi
for file in $(find /etc/apt/sources.list.d -mindepth 1 -maxdepth 1 -type f -name '*.list'); do
sources_from_file "${file}" | ${deb822_migrate_script}
python_rc=$?
if [ ${python_rc} -eq 0 ]; then
mv "${file}" "${file}.bak"
echo "OK: ${file}"
count=$(( count + 1 ))
else
>&2 echo "ERROR: failed migration for ${file}"
rc=1
fi
done
echo "${count} file(s) migrated"
exit ${rc}

Binary file not shown.

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=jessie-backports
Pin-Priority: 50

View File

@ -0,0 +1,32 @@
#!/bin/sh
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
#
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
repository_pattern=$1
key=$2
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/*.list")
old_key_file="/etc/apt/trusted.gpg.d/${key}"
new_key_file="/etc/apt/keyrings/${key}"
for file in ${found_files}; do
if ! grep --quiet "signed-by" "${file}"; then
signed_by="signed-by=${new_key_file}"
if grep --quiet "deb(-src)? \[" "${file}"; then
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
else
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
fi
fi
done
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
mv "${old_key_file}" "${new_key_file}"
fi
if [ -f "${new_key_file}" ]; then
chmod 644 "${new_key_file}"
chown root: "${new_key_file}"
fi

87
apt/files/pub_evolix.asc Normal file
View File

@ -0,0 +1,87 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGOsRdcBEADDPJ8Tsqr5Z4crmQlNQM32hfufe7gTUrXo0cAL8clt92y1QX3N
YyMv0Re4+Ugo7JZd4jsF2Q1twJMxsX5rA12xDnHHcZRSc/E0DIYvPnfLzEHkwseN
OK4f9lI+xo06k+B3KQQKMeI/RjVaN6AiSply9ZGaZVeGGqd4es4PsU1VQMTWdclV
Bn54HBWUnL5dPStPMnNkt0bMQYIqc5733Yby3qMiUKcql2bl9TYBw8SaJXvClsLw
ERqit6FjljUOEeWtB4WZFpjhc/aqcxGcUTPHRrNTlNF0HCvk8JicEu4/lr99pwy7
7z6SRql++WGMSG06E4MBtUt+wWAmDDHNj3fdZPnoCaDFp7vxy/FEARB2aygTtu11
mLk4XOKheqU/WibWxoXRzyUCuclJ247Fh+YPxkYVG1dnDwpWGbYuRmzUapGLv4ma
dnKsQN0KhXzUqkSoybBgV208dGOP7BqdY6TVnyU0v/7XDeUqFEwnllRKMSYLilV3
huTifiCFTK45HACM/x2yckx8dyAuYg6cJaAR1yn1iaTexoyYPG9ZFifvMB6ranEm
vkmQq1e8/7xiNSQsh5F3Ybl5hh4GVLwsR6esfZsHG0Ve+CitsmcZgWnr0JJ2PZOk
+XHxMwo7Gb0/KVH9XGeoXk+eiNNW/kdcgBMkGkU3nWooVHDm7Dy54I5CzQARAQAB
tC9Fdm9saXggUHVibGljIFJlcG9zaXRvcnkgPGVxdWlwZStwdWJAZXZvbGl4LmZy
PokCVAQTAQoAPhYhBP+vfRvzUK1F+rMpCUaPWta4YwY9BQJjrEXXAhsDBQkHhM4A
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEaPWta4YwY9V6oP/iYfZceiA1Sy
x9t/7CL3EReuvpdZtZYf2KklBfxEFtzkERV/KKMMpf8mKoGD6BA+ryUc7b4a8npq
yvKbSKDHGZW6gAbq8hneW71vRuNfPNqtfO98JbJO694nqX9sIYU2xQn0UIh0G6N7
D2bOcaicn8AgV/8cQZfgN9yRM4VhCoWZwhLqgROUqMYfDn3szamfkPcFiw10ToVt
c2PIFdqj2soKO9OrF5Ct/pztSGy1f+orDFiJ0AtRlqqRk9z18VB893qspfyd6y9N
q7IrQbYsiP+D8DcXYWZA1KURsI4LVQwsudNXokvGkYdnZitVgXI2lIaY7odDou5F
btZsCIEa45m7Vmvu0Wvtu/90EFbu9iwbOVrNpC7lLnfJpDObVXMiY1r0rQVuweEZ
ZbBcv1NUa3R0SPsPLPKf7L6dCx8gCpZjDVJLsgBeeSEV7XFQiYDbl8THasNTKCOa
C6v4h00mg0H6GhZvGMx+lcx8TzW6l3XXRoptHl4vkdE5usLFjy8/JWG3yJ7e2W3D
jVbPQ0UKJAnkGn1t+UJB1GP9O4annks0nPfcomjZzaDweIL8zSLPy5R9DGNgYLjp
5h/baLoNAOkaKssZrusq/P+BM2tdr3i/N6TK+dbrffz3hNgzSFFYVg51DspV7XWo
JKGqhqCgQpkms+NPJiKr4NDs6DdXn0IKuQINBGOsRdcBEAC9i5qcrYLTfeGrWPo3
Zok3jikNk181HC3HR7Wu8a5whCe/88GgJDY00sU2zZEF9hN/4Vtqq9FICVXUcs+F
5j+Gcb/sqAgwXuwk8LKuhbtR2cnz6I0GCsqNPuj+5uM7MXQlVWeIN5Z6zA/Jw++o
aENZHO6cnuep2KDNPUZzjmTHAa4+qXRL5cRXEOmMB1vtA8mm/43c7wicJ7MrZpba
mqzmiQPsQ2qfmCABfx8BwBgXCVON4sgtzCa+rYOPScsDtv0pv6uG+h/GJp4MdKBp
g3BfShQEAmOwwy3Pt2vo9Rw2s0uJJ9AM2O6tJ3x93YkUP5qj3Etr/eTcgVUiVvSs
h2Rrz2FLen3GMAcqUUDPViCy9nEWRAo7iWQgAKgr8WjeGerOmtsYPyjIQE47eX5M
Gomx0LVCGigYfkSAFIYzm5I+depmn1qTUyizfklvPr0bA/8Cs4zbqx6Pf6Rk5wvb
sJ4envk3dzQRNTH1Vt7Yoktyx1+VX0HFVEaPTQ3JlFORaHYwQQ97LaOZ0VmztE0A
5+CIFFdqp/0H7zGPol+LsPgqnzZZEQ2XFYPOy7/gB17zI2eWNWPAQmOdrUM/v12A
etnLEthZyALcjjBpJEVIHFnuaabYp+mdotycjDkBNSh+P+8H/UsMSrNVhheKQLB8
smzwFcSrAcnQbtiCjFWANTWyKQARAQABiQI8BBgBCgAmFiEE/699G/NQrUX6sykJ
Ro9a1rhjBj0FAmOsRdcCGwwFCQeEzgAACgkQRo9a1rhjBj0FZw//fNhJdx55ACvX
mpa8wz6eZOvzhr5GWSW5/Qie9nRjInPPI3bJ/jU0S/4ENqFBD9RSvY5F+0xCU67F
V2R3a3FFcB81HLIcUrkN0GH6fLcex0Js+grq/U117e2umdfGMKQG0UFJ+XonhtlT
foBcBjXPFr2NUaJB2SPo/RPQ3U+N3wMSm0ZbB/Xvxi5qMEb971dfObvsXTkQZvn7
b0TvccfHhyzs2IM8pZO3PamTwA5e16/2QqisRX4CeL0a/q3Yxfw4R8RPCrz/l0k5
FPdbdXaQuk5s+CiV+Nse7yFGoEoSlLpJM2BpueBsIg92joyOstZRm+tuCb5QefWI
7yFPfJU6xG1CMDqIGjXNU1tzSIoReGUBCNrE9UgzBQPPVD0jNM1WdW6HWSVR7jBb
+dvAeJNzQjJYlvKLQ383mAiVcwmCWBUp+R/kBPlLMGEpLlspti5fkmEc8xvtCaHc
fCLVWd0r2lUFUz+W53r8IXaRcxLtFinz7SHZPrlhaVwErdtlo+5X3kq39Mc4KCmF
bevT+qxlgzHXof+WGTYoc9IHkhDrvZ/TWeAUnBPvVn88dsBRtOC9f5wSCK4r9SfR
Dnf0lAsLWMpNtt812W8sA82RGXRUBwonZKa7YoGNKSa2vPJcUgmpIiHNtoLWpNa+
7pYGN7bV51zyQ1ERaLU5TBC9sPE70p25Ag0EY6xJaQEQAKsxFCb4Vxe8VuUEAKp/
RSRNGX/v9KqXVwbnf3kTYq9FMoplZBeqj4LQ22BqRzZ74ywoyfvHHtvkAtCbmrlc
8iLQEmicLug3Ibk97qm1lvvHnK9fqFOWh+Tx/omlaiSzEfAFbLEjNcplmq1ooqmX
fkI9zcefLZHtUFx6Clw3rwp79d/V5XJDM+2jwB47HfIhrW6jEubUuaXIHNR/GSSd
gTYuw55g9K97LhONX6ZvSBhjp4pOeUUbtFuG1fRkjPiObsB54fJ2R32yfm4jV53/
YgG/Ih/o97tKV+ishQIrr85SB3XiLFlGhQuu/0a/+/vfGVTbJOzrQrE+OCWt9Xm1
4b91MiVSSzXy6TGzPvpNXYR2PQZzVwvz7UctCikaE4gGB0lSH0LemDD0LZIZUwBL
1G9mlwFTkMYK0+iMyHFOKeAlUnSSpO6hFYr4GHOxAMGTjHqqEJZ3lBi9SBPc7AEK
3NcEp4etuiLOeaSBtqmUs+y7g8yMTrnyWPVxa0l5q4OUitbb2qvWYbaD3O22xYyj
9BlqzpG9uO6/d8HefDK8XMNCHlmwFoJj3HJlHJg7oN029vYsXEwBIhFyolAPzIvB
jpLKcebq9DJSObs1nHjAyVUpL4ZzRmujFcJYDYSixiqaWc/1aGTgUZQ/JDXcODiC
LgFu1vLTRf6hwKSb/vnZP5OtABEBAAGJBHIEGAEKACYWIQT/r30b81CtRfqzKQlG
j1rWuGMGPQUCY6xJaQIbAgUJA8JnAAJACRBGj1rWuGMGPcF0IAQZAQoAHRYhBA7H
BbTwXPF0hLMgRYefxhvnjx3ABQJjrElpAAoJEIefxhvnjx3ANpUQAIFLkLcx2z3M
jV0SgoAYertib9T/OOy/rsfeQjE6DFk6IArrHolZPA9g/PpTPuRwK165n5xw483q
BMyssUT9IK7SZxt0gbKpvZ0HFSCwSp5wdSJZymwB4AOcgRBU5rwC/9fFxYihgIym
Ig7TH9aWW4hDbEuGJDrKbhK+DpIL7lK3A5WUZk9ltGOpCcFctV3YnVgbMIwX5gO6
lZ5Zi6NHJEB3HauVZJ59NIPJ/f0xe5GMte/LXckyijs9ei4WOFOjstiW64EWkOBH
El0tj+LUxLznCP2szdXjkDN1P6/NDrY1Nid6/ECOfkh4xO/VHhkdSRAlhdP9FHiV
sy3KUUoPH5B805z1MyOI7UYUD/8CK0juIXcbw7isbVUmLf/VV8jEDmq3WWDj8YZp
IStn2AvQeo3VWGWUfkf3v7UthKandIUTIGc5isD+i6KvzzbggyyZWNtvb3/1wMrz
DUKGlFi/IjMhhElJ0oF3YGsBwz2V2UKP7pPIYo+f5zthc7SbmO9yxAQebEOc3prM
G/Br8JOZ90w1dy6CeIYxkM4YEhhG1K8CzD3ZTTI7vh8mwRc92A6HI2NFyxeYJCr0
IsUcFQpCyXMtcLRN75DGLIjIKdYrYJuwSiUgcH5FtgkuxMYfJEX9UX8rV7HAxUvs
UdIyHLl7k+khGlZa0/W6uCioFNiygnBEp7oP/iSj4Q2Xh5yKI6Jjw/IsfRcsiaac
lHc7uF0caYGMkqRNHiX17d5EtaidTbiqQii1W9slSPXmUuUcKfD1xUfLng7TbZVm
AdEbpHCT+q037cGCYFpHPMvw3OYhhGzYeh3+1oN9t3ZvyGlvAhkrtssDQB+gxX8r
adCpihziFLjm+6IvCLYHEh3gILVFbbhdYDDUduFFjf/snlJW7j8OVc7Cxa7FbPdf
SHLT9VESzf7oiwkP5/ijGmHiEQoJd9EWYkGGz+LZAXemBwe5ZnPPWVZvDEQRMe8v
2V8pa37vyReaK//O8xxGg3NzGTn9otwVr/4Ti9OxrSzmDWpd967oZ42IZSeSY2bz
kOaV8z4C8AIgIA7vWOS83Hncbrgf2nMCXmRjf0KTMm1P7Z0BQDWpxK9lP0nRpVAg
2T3/OjJ9KcAsTz02NFC3/kOUz//NcfDP747HsQB0sltIty140B7CfcWk0a0eKSad
OxGUehskjyKhO6v3dYF+8oR9p98Q8/Rh8r7evYy2mfhgJd7a9Cchn7612Y6k1SLf
nmPGYu3s0lf/k6GoHLfXXQIJDgWeua4ZBr6cgpGONLSvWBeCVaqnk8nhbNIiSBHk
jnrcX8xAtoPLgqg0+yi7rZ3NAauZcQE6UaNB+xjJxDOIpgVLUWtFyAG4MDeIh6GH
oA9QflpnDubMnCve
=ZCml
-----END PGP PUBLIC KEY BLOCK-----

BIN
apt/files/pub_evolix.gpg Normal file

Binary file not shown.

920
apt/files/reg.asc Normal file
View File

@ -0,0 +1,920 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBEoHZ5kBEAC680PjynWTcP3ZtVfWWL6zQAcD8JoC+c5MbnpFScqtBc2MdlVZu6zED+B5
sw2SSLf1EZlfbTPc3GcWTwdiXj2GQKzjMra1MZKUnVOD/uMVkj0ZTszUQziW01O9sWPhxbMu
Qr7OD04jQ7TjtBBEJD+yf0HJsDVC7TCbpcNNtmhXByXqw7bgo0rzxeOB3hL88I7AcC7ve5iR
xwXoXJYs1hgJMPmZXJmhKb0a3pVk075yMsXnxlOqM7XBk++zodDR03Ym21GLFOu+3DLTX9aC
aU/AjXb/udtEBAHv+iVxZChzka/KkYMY+KX8A7niE/UN2PIfhWDTmLLcTyBAOuis6cUqDm2a
w0IbXh359dfBbgV4/QLoafcM841W47Menp9tb0Qz1uHYwV6jjDEmbpGgEJRGIqd143j/zGBP
xffmtPq1zn/QFVBQNltLiMyclAR1Yb4fksDkt8JGmvI+FwaHdx3dn1VU0hbdYR/5CHtsxN4V
P/juUOrjbagp5zBBXLlVIVceGoD0mNkNWPyZh8C3SHg2Y+Q7t+cz4xysQN5BUHL4DX6nEIJA
u0cZdBtr8dtkJToYlhSFaLFwZh/XmOgOndSNmeJz4ll29Xc3V2/hCQlllHXux5E79rRNRKK/
rSydUzYir755udPWw18+6mPUzT6NDaVDDAwSOLOn99OUJt6bBQARAQABtB9HcmVnb3J5IENv
bHBhcnQgPHJlZ0Bldm9saXguY2E+iQI3BBMBCAAhBQJWEagEAhsDBQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAAAoJEESXUni4YStdYDAQAKuwOHT+wDS6vL6Xqp/59eKLaB02lTQuTDFq55K4
dK9TNYOTmPoxvgeJigT3pHHfKQFS/wwigkOfv8VebBZAcjY03N+Joau1Vi+Er2VNR5Pt0jAf
ApwZqe+8NMAfefculZvO0g91g2lcqJoMUIaUemAqOD/CoAMMXGQSNlX4BLsI7dbvkLLjbPSa
wEODAMvuSLilI38dj7wBC30IAOQkOdkB34I/eL/sGruOxYSK7UFJfNU1aD2oQhTkYEQ5cgNK
vE325fOx7m/sZ5aAlNvtZ3jS4ym45feT9xrbG2qHTbJiVAhdtfHMXGOU6/0UHJ3+YHHdzZhu
0NCWinu18nDVeDWLmkqkZd77QtTpC/zw5s3+t8lpyqUAF+bN80ZHbB47bFphIupmWGDP2ihM
NBWBwwFZb7ry27mLyyXKVOFWrYZPrdlNheEjUP7x0GzEO0kuxYO4fyTic5lu594hxwt/LWV1
s48SV95dXqpQIRroV8ePZoJxlD4hXh1x23AgkWgG+SS3perIGypmouOdl9CQ3yAYSCfcTKw2
dOWOxGubseyBWw3EDlWKZLkrqbBGxfBz8XJ92iCJ27rRhtpd6XEbqhRfPR9TGTliIfaruTLp
MPrKZh74Hs7LAhHo0nkwcOoE/iYHhQpNXHMnj0hqMcwzzf6MlSrgJ/VPgQ721d5nTwrjtCBH
cmVnb3J5IENvbHBhcnQgPHJlZ0BkZWJpYW4ub3JnPohGBBARAgAGBQJMa+/FAAoJENXKmwTy
xCO8ggsAnAzhqo1IQ+3qwCWD9ifx4niyPiAFAKCo1ou0sB38EuQXnWCyp1ajblx37ohGBBAR
AgAGBQJQn+UPAAoJEHDzXiRtUx5z2B0An3U1rm/gCkoWtAcsC/IYQ2hMVaMDAJ9ddV8IywsM
vnKJ35rfg1PLT4KNFohGBBARCAAGBQJKB3HmAAoJEDIXXA3BAnoOiOgAn2tHyIuAGEY2ctJC
yM+C7hmyMNMKAJ9asA/uRkG4wiJwEP8DCnNB7Obfq4hGBBARCAAGBQJMXHEgAAoJEOFVF/Ir
CSDAnq0An2xcCMh6H6vIT9rmbxHgGbc8VfTEAKCopbM+QMAGQvOROMfqWJhiCB0fHIhGBBAR
CAAGBQJMXT8rAAoJENTl7azAFD0tTz4AmwaE8zBHaUWbUnsYwWXqxavmf8BCAKC1hL9GKk60
yXTEW1W1QUm8jIYILIhGBBARCAAGBQJMXzSgAAoJEPmF40AK/HR2eqoAni/Hvg2M4e4vrju5
wPT+dONsA9/vAKC1X1c4YL1XiJ0fXpT02U13r9e8AIhGBBARCAAGBQJMZ0yhAAoJEJ94+Dzo
xDRhLFYAnihJShfS/zRoG7iTNhgwqyLxGqczAJ0WIP7yfVZbP1N5oe6LwhQsZ1BdVohGBBAR
CgAGBQJMXlHCAAoJENoZYjcCOz9Pjd8AoMdNUjbpkScdndClI4EqT7tn6PI/AJ9Luiw8fIEs
iD5yM8NOkdykX1LPyYkBHAQTAQgABgUCSttnewAKCRAtDVq4fCU9UlJJCACTQKre8pA3ud/V
esa7/TmJI1S1cVWj8FlS/gatvLJndd90i50p9uGm1yA4g8iwMnGdcIWCuRfBlhjUnUJnTX4B
QdnUU6HCv9RQ/OlJ99k7vNhswtgoEGQWq1mH1opSviZ3xhMwFTiXISQ12i4TiGSiUfbXItzq
yxOf/gtjAMGrfnNB4MUYPrHL/lSMs24evYFR5DgOKDwVE3vVY2Wf2ytWKZJQNvKcm7sxIxKq
W3OlW4wzG2IMxMSTl6SHYOqIhRGS9xAj9hpIfD5XzZjl/iHmMZMcuRA1LPxQjqdZ5CeF391P
p6vEobkSyX0LyDvqcvy//VHn0l8cRuyEmgrTpdmTiQGcBBABCAAGBQJMdo7oAAoJECI64FW9
lOFUIpkMAJ/obi1HblArRgKmxiCIMD2/nTcj/ML3tL9HfZ8bpWZ6YJIUsFRcmHCVWaOaCBMJ
omiICZbcot3v7/1p0D/AE57i0IFPZpXXu4utC8B70JjWaMJT22kVi3hvhrChxlZYNZlkXr8G
mKhGJpzEfVlg3hp26jbj3jEEGmjJlii7uuSrV1VJjyZaDfTNbgXMbUL/3sISsKODINCLlgCG
iVqa6Xc8bIo54zQ1Rx30Ijn/6ElFvBMSdZPu4wQ9hKrJGhrqY9FZ/U0xfaawEzxbmdZKDxVO
Xdd/qD3lNAi8Jg6m6qQO9/A4c/Ln80ll8St6MrfLwJ58QRWawTQcl8wSTxouC/ag85VwW1lX
FfnulWVjqRAY41gVY2SaBb78A8pwuwy+ixBWGqAyGRVjahNj/uznD3kwQh1DUwjyDe9lV0TV
5IpQy4YfXjkukwt8kVvQUL/p9w3/gmPZ2lXBuEgMT/NKZWKszgp/JZ45qDUD8hgPlK9bICRm
iQ1KjcAV3mh6dYLwJ4kBnAQTAQIABgUCUipIgwAKCRDvc+baWDa4Gqa8C/9aWvMONUnoDGjS
H6gIsnJn0pGQ4zx/SU+Bt8MG0SPbtv8Zu1twofiX7xSV8p7/RmESaQyjbzOD9mMvXwl5mF2N
q8IbDhvJmEcCCgVolhM1g1YtF8uM/Az74tNLmI8gsIiX/Er8045jMANp+UozOLvrzx9NpVBj
InDRhXt5ZF4YeMdB44cZL2OH8juSbpZAPFAi3Lm39gSMj3eUiUavT6r0Ok7AC3qMiaTvvtb1
VU5vl/CcevaFE0DfZQ3+1iXsshnUu6ql2NvFPSn0tR1S8Ekk8NfItbAGComC4BF71MXxY9Af
RW21ROLzRR5Szm93E5DirjTC+vfxQYwEmemn9v8KWxMlmFTu08GbBhi54bBb0iuaRc9lf5E2
dixJqLU4JVUPxjOk6tFvQHtZQRj7e5fu/lusZ++WKXnZsH0AiRekbN/j1Qh65aDi17w0ebXX
lsKc1kqryHNTq4PBrhrKbNBa+tlFDcmn3yUReIxfcZ1Bm3N6PxNiQSxx9Wf6LL/1rPuJAhwE
EAECAAYFAkxccZ8ACgkQ8aab5CnA/+7HvQ//dhkVGegUq2TyePOTWBxK7EyLVEZEBr2HXa+y
Xqg2i8Fdou5smHNEd0q8dz9oMBEWcZtRYmGKzinGcmxzArdmVyXV4fEkUab9zfL8g6dGxo+N
wqoHt9DteuJEURwakSJ7oDW+DlfzxMJ924sg5cuUtqcnZwy73a58Y5fkPaZVf+/HrkadZT3f
7fM8pb7JgJSRhgmdi3MfbUQcDgbZ604MifdEVIbXX56ex/9OuthbQ3lp6jHsvHcXPG5qt9th
RXkztoyKcArSimHcOFrLqWAQsF8u8PIYNaTKyJO8uRDYjMGcJQv6B8HqV2eiLCZtIEdcoWev
Y/oeflGDh0PbGpswAiQzoSxjvVdPgPUTqNnsl/eWvup4govByKV4y8dxgyM5a68a2N2t4ki2
TwVu8LpCRzuiin0EvgkM4jKSFU/KPiZemdLq31D6o0dQorx+Im31XWv/H8XoI2jGbNeMVWHq
5WumzPhTfgFVajQEc94Te29vea9OV+mlgIDuTzqLD2Je5G6BDqu5EmTlO5sPDJAwM1c2ckJb
fHjtUih3Vw2B339NqF+aneOX9MH4blAlX2V5vuz0xtmEcd7Dy6wKjzmX1Tcec4VjDDgtCoH7
vWzCeQmlWLzf1tF9keUvRn7eUktyAqozvNdE4fs6+3igdFKoI1RHNkFO45AuFe1goN+uDFOJ
AhwEEAECAAYFAkxgK4sACgkQHnWacmqf3XRTUBAAtb4DXxkzn14Qo9JME9KfZ3QA1ZfoNffR
PgxHkLX3q/KzGvbQYQc86kh6b/19aV1ahcUBrpABOkV/0k6tASrs9N6V6KBcIQbJwRETyWU6
G/rG47h+4fWIMew5XwCzUzvqAD5GDp2XfivDQuVt1Ta2WcEAmKVYNlHYowpnEqxvLNSSbXuX
Afe+OK4XxaFr7i4zr8zS6S7NRigAdENCt2Mr4slo0ldnRn6uQ57ixfs23g8LO4/89zW+GxKG
PPUQbo9epE4hCewTAyWwrpVz9NxrodvDL6D1W7kY6caiOd5tArNKpwF/GCH/vsGPU3NsFISI
+P8GJUwtmM/47xgcteHthx2yC0HUArTV0w4+PnAaelpxzAyqd3KxLLUNJ3vjv3xpwV3eGWSG
zd3UZ4AYTJmSlbgzuJzQIwwyxHsA7ypUUsbdrsoQaTkACUOsHO1l/oT4P+z3/tWPuXqUmO+D
Ly/pBiCRrV7c4cHMzud/dKBXuAK/gS7VD4Is+K8/srdEJTrPB88zleiLOdffymHtCAmZPn93
bvPXUcJk1PiNQYRwQIuIjHJbbZL8rxqVo4NCmi2HwjqMaow4GLEPSEdqEu83LpSU0Ts0BJvF
/6UTUEs04zDjSXpAGrPhWoom2jxUllAJq5Aek+f662dZpxVLxzMHWrLly7Fb1WPLbCrWhqIl
k+SJAhwEEAECAAYFAkxgNzgACgkQ14hMRxjhj0QJqg/+LKFGM1orBnYv+DZeVGbcPrBJVkeK
nAVgX+HpIo9uY7F6rRMZU8BHmxqM66k/tPwwrVzrgrLScK6spQTUjxKbjGkktT+LPVdFdB9F
2QdEYCwX1AB+0InLVtrXF/yFFTqlxxgLCRamRziO6w/1QDFMsDdNbIgxErjMb7d0MqRFNlvR
fO/ElovAPWlf+4zA0xiCRVbV3tbNl1/ILh41C8gc1VoTYdmUP7W3F6xCpy4MirSkY8LLDcax
wF9blsfc+gj8mW5yegBZnEoZchasl1thZ7Jt05tMkcEFTVYMfeReo/5Ww/dEpSfhjhryq5MH
0sSBT/1YGwbdgBRVzmocrWtQJ9i22MY3RboKNeAFs/wx9L38z570rOdemtfuXzKmI8jlcfQI
BIrE0p1zHE0OzgdfAI/uiJMZ3dRZJXsr8iVWuER97QqYZZkgDMaSHxvuKcNKQol9AbnDWbpl
q0J7CBo5si41rXpUIb/18FydC3k2KzjkCAaZs7VUCguWU/YKVw68kfrksJB0gIGqh66wYda9
dpJVmjVNTR5bWbo8//ZHQXFfGccWoRImEZ7dD4xKTl1B1ihmgad0H7Bynd0IiORVs5zbdbIE
FCwnMjjB5nr4teU0wq20H8CaR36Rw38KgRrcJdSrJVDrmg+A4PPsW3aA1K3oCvREoR2+p322
8j2c0pyJAhwEEAECAAYFAkxljxgACgkQE8C1Zno4sLCijQ//VodIvktCD/rmvxmbby+tjTFp
yNPRgiIdLyXU0Wfoi0TqzLsATfOluWVpJqSqIQ36g0wYc9T8BemqcBepDhj5e9NpYe4oq5kF
IxIJHzH5jHSM32vPVxJU4PzYcZzAMEVWCEBx0CHgW2cYc/Sq+YNq8Y/c69R8WNjse0qOZP7g
zTInr4JqL181TVvGHt9Ak4KNakxEVLXGIXVSV9QDDGCpYMkfpEy7pwvtV68DFVj2nHHetzCp
3gYi90nsVvk3t8iowNUTlKkxnj4dZ2lFMJfZBBeNev31JLkhyqExUoBzZMDmW+c58nye8Ode
hXnvZ9nc0pe2Z6XWLuraYDqNDKGMWsOTG8gCPVrZL5BtHr4Qh5uuAwT44PzkdPCdw9NaHw1n
0s47Uuailgg+ZuZgFXxNcRD5A93Ovl6/skln7KyTr+kJ6BsDcdWzcXpgQ62/3ayxgaOEZlKE
VLJsngKhcjlINiIXc6t0AVZhAlgLrLAvi1G19ISqNPNBRGUWeCYjC++RCaC7i/vAFWIQOTLA
NfCtzwhF+kopF2tmmt0ubapaH2CycmWLr0EIvPUIJ7GAW6tkjjv8tfkn2VtT59+gE1WmwR4q
55XkJ8zbX9tJx62w84zkQA6nMnbBQ9nfWY1eThRk5IOXKElyk8cNIZlqIPPH8RVP/Ng9Pjj4
+vSOAjkT8LyJAhwEEAECAAYFAkxmx/gACgkQHAH0Q8nJPFo1uw/+Nu1AJqt6ifpA/EaWoDnU
9hSYcpVq3mGivwEE08U5/2trXl5fcAe8qvdPB8JIYRROTLSUIsTkERftzxMzsCIb+iMj7bKx
5Ip18GSmTOcJU32hin/l/DZlDxB9/bo8LqCurbpEDeZ84zV//F6AqMc0mUyxhdVA/y8gEp6x
YNnVHU+AmIxzHkE4n+Rrc6JdGUODOL4iZcewBl2IKcYzRzcELIFMzjnSNbA/uxKE9g1kTa0F
QUTTpy/y5f36ykfWWdrz9OZFR81/UlZ//gv+sr1UHs6uMs0QayF2QJW4iF0KX4IQWCcbSRyn
iHuOzpmJuTFu0KNmU2cfRFLgyer80glsqicj0MwI9shdtpp2+ulfi2itC/gGM00cynt2WP3d
arrohFDOwCuAVWjp5dtENk8LNCK2aYEXlHiW10kaGi9k67AVfrV55p8WVTWcpT9oQ76wafnp
jUb6XPou4DM0Z5ItJqvDQv8823b5BCnMeyG61x9qCTMhGMEzDLFFkXalViQtIjsS0tzF+S1I
B+dVVvCC0tMnPWoyyqYNqtC0rIS0I+89uQuDD/4jAf6hL7sKLUzdLs8NByjQoV9nIaXEHzp7
jBlgAZgx2SX+eK8wF/Lo4d0a0jddX8PRZEjkx0HOhaYcW59tui/ZXr2UDwlTTuyfsSpo35K0
+VdJ+mtz8gHZ2lCJAhwEEAECAAYFAkx25QoACgkQryKDqnbirHtS6w//Xt2HPPu9r9Lp4Z7C
U1EtWEDzBHZoiYrX8GBjfx7XJqX0kJWAXTHoN9HtGDwCil2bTb3WwopNrFUShR2yEs2Tbo8I
j1n4veQxx5japTb9b3gwh/8lRRPCfF++jn9q6927D+0jJde7hx3G/o0OoJP2H04kEM5wrzup
1nOkH/L5+bFerw4eYir+hl0oVfrnK40RKSnzy+6sD+FCFwLipOofDX+qVp1VguzwkfAwLTSD
PVxsjfvxKdRCj49RbI0Q1svMu8iS0Hu+i6e+pPVgvy2Bh9iPQiPNaGG9IeHy5mnq9T8yxKd3
KY0mj6ipuHm3c1HPJln5bFlt1K6mrysbZtxafo+O6XeIUoRNqKi9eyA9udgIdHPuMAypsYFq
M1Pn7TLdSnRCyuhG0UFlr/nx3VVH7PLOerxMCZf7ApfcWA/s/iBG2DLpeB698UKOSfogcbWO
JW7Dteg4ZCL9zLxRiTZHLsMHnW/aZAAwoh/zV2Kpd6qbrZSyqgn3Pys8kwiFnnf9aWdqXmls
oNswHZeh3JvMOgs2QyY9X/+Bz3k1vf4a2aU2gINvL55aRmtgd3VDvWVk41WcRAvOfBPCC9TL
0UKbIBT+/rxuse6UiS/lVRNngvOpuUBmd0Zo/PiXxsxq+aKX6FQzZs0HsqAR/Ov7bmbh7Z+c
WwE0ZEogPivsD97qv2aJAhwEEAECAAYFAlVxpVAACgkQ2oKDDjzMOjq1exAAo41+8W0VSibl
OmQWDesxI8T+Qlw1v3Luf1CexMx9UsEktH5yP+guCeVpADMupSeKis8q0ayOgqXim6gyRjHS
1HklDGwUnhUyfDu5VNqy7BOrbUKq32TOqudwtq5PEyohof89/hR0UwfC18hBkumW7NfCmEY+
kUkvlAVzVwbSAm1bjkFu3DLD3RKN4d4UG3kFc4tqY0BweC85UvJaFFnY362RLCBV4gTjXVgl
UIHXpDSt863NBTtbNJUTIf1tt5sFqknZh2N5UzgtkTz6t4N47+k0VZfxuk/f9MmuDEHAEBBp
lj4X+ofPXbxbr2iaAZjT/LjU76tYq7thkbU2NRB6RtDv+Tqfib5z5ecwNEKIgQ6BelCh7pRI
wnMYhx3wj2aeY28vJ9vE76NizPWiZpYzD3MHyWfN+kIuSDRZPBhSNLnfA5uUuBQNjS1Ad+QR
Xo6CtWZ1cE/7Xv6DCKmk0ThbGrvwkHKJGrpJeaaf8lP0fo0L9cIipqx3NSSKHGe+B7zhQZO0
QBlTfXRlErjuZ/j+V8MTZqsmlhdVi+hElTioj24MQJiXfB956RuOM+g4P9v2QT5RRD0C4XaS
+KSC3eejZGYEeJAmB0uRztsRntyryw2LF6WxcSyEg0pY+/SLFxMfRIPlcAxMM0SB7HSAFZ5V
nQJHc7bBkNpw179YqexsIKaJAhwEEAEIAAYFAkxccTMACgkQ8RQITAhhERF8zQ//R2Bls2xP
vxotETrAPF5MOjDqlK6aeOnSyI7shiWWXL+7ds52SWsmD7IL+7XW0t+fwvfEVOb+qNWIiVaS
Yg4nvZQnTkCqTnDxTzdxipEaiK0MC0bXmAikBQjZ0iiveOMYOeRx2PWuUOHrymcvJ+atlkq6
pk/mycZGpVitnO9crTb17SLsm71k5aV2u7EBCEUcbakmrx1mDvBoi/tSns5y9YEPTc6JcKtz
VqbyiSAY5dZSaLc8IW9Aqn533kPyIwYXnbxd8cPFDxDLhIeBmZnVTLURE3517RXZu1ngZEFh
pSoT3w0Xg0cgh7eJ4Vmo8MnW3p33+dSHbWRlgrNZcB0PBWZrByS/iS1b9REgFTyU4UeI7lH5
zLgPdxPKBvCNObRhKg/dAmqSDq5EHYgWxn50p3TCfhrDrkoD+3seeee+mNARjLP4EDyBF4/k
57SqT7ytj9TWQoQuGAodQqNXwMKNcldz4FRZ3rMFrUpJj3uD9x2tlT/3bCVKQ1QcPSzKcEcq
zq9AZzjH7cVEbgpKI5zBJlejWB6aGvHLIhYZb4EYuO03OgEDDj9AUvIBFBxKdRvCzeTZOCTM
/8oAgSSVmFewEI4E0yNxvZu7wjSV5LI0AiyhwnCWlfYM9Hgxbai3cv2osIK2p5GXbaRykhwc
jc4lPrIsEE3At2UzlzO4TTI202GJAhwEEAEIAAYFAkxdPzMACgkQhy9wLE1uJahHJA//a9iV
wDsx+OxFu8+vPEXmJCKt1o17+PyhskIvNSXlVPvpYIpqNKUJQXpqBkiNASrCOQSHrQtw6p28
9i011TMqmMZsUkjqk/Y3Yzx+SPT6KUfny7qQzGW2DpHL1qILDFMywzvt9djzWT6hmH5LCLSB
3aWMHIwPDvtvylzHPIN2XIABSBxnHgeEi+2ZZoLZE7HlQbwsAU7Xguj0K1DHe+urOBYvU0rq
ceqiJhnY8b71bwQRhFqVhoFkW/IPp7dujQxeJVvHZQLLNkB4RMqG+kR2Ku04U1Fxbh7oc0vr
e8EAYdMfutU3ZRWZ4D8Ltr+q/hxy6dm/bHrpFu6NIxox6KrR8zewcoGDQKI9BlQn8mrIof0W
YWNUusb//Vbz58iOh3POcjs7VkD7aPo9R/TaruBIWv77kbjszlQaKKHWV4aIVS9EXW0cPpeF
OQUaq91aAxB8Tw0Clx1TfVc/QZJB7/l6k8deXgo/+4JCU/BBmsplR6mG5mhY1Iq5PnuutU+W
+sHQRYSiq0EKdwmAaq3AIz7D+rWafv83Ea1cZaMph23ChqVX/e+YVI7rxxYCY1bubd7TtYWb
VG2W8ufTwemZBxWFq8HXc9d+Qm3LHV20Qxp5fAoYr6O67XYgQicIFW7f0lJ54igqH67wFjOf
zOTHfWK0izIeLVtp8xmj7hbFrXXd46+JAhwEEAEIAAYFAkxdRNoACgkQU5RHndNSTFGQ7Q//
YTQ8KFH7n9MYRpb83fTRfkyreyQyTdbcBsQw7R8Tksx/qbidiZZfI2cILweIqsumN2bF+ibQ
VYx/PpKEStaW1VQI5Crx/kSRmBaOlipbbfO+A3sbp98hpKMmaIxvV7IhN9qKhjcQR0YGXcam
5oVVwjIb2n89nqiS0qnGIUSTLzK5IR8Chob6tpnD3jQAnxE96wyhADedhCVMf799HSoQiiAH
TUarSv/HMIws34LRgZ2voFXADq+CE1Q2rBEapwrcDSkEQEZ79LImeuS/S1Be2ritRO+TFLzc
982LuHBxUa4MlcwWtWaQQ6PW/c5J7QJz0RiqaaL0DZxCw/Cr2e3MIfTCdK0zPg4A9BrNsQkR
/zYmePPTejvbsYpsWbpOknwZNqoYRc4cEaukAtdhZhFUDfL7jfh5HppCIM6EN3ovmTsRhauv
LeAI3J7JqrPp2yLDbL43U+1ejsD22+l2rmJQcQpRsdD8KlJX8bD3J0fCRhhIFNABjMmy3e4T
bij7ZM3ovNZLCgjHmNa5ASMyS3l/T2Rqu9rh/pZbPWS2hPTlmYTStpb2T+Ax/anpXSW3ZiAW
fHGOSjNrl9+LFqCdjyzvk/u2kbgd9VtjjFfpPS8xS1dGk7iIHHQQ1GZXc8s2WB9XkGGpD/j3
8bvLJG9EXtqVWwJLo6t/PMOgnHK9dneq4I+JAhwEEAEIAAYFAkxfI2cACgkQeo9J6LY0gL4z
KQ//YgbbsU+C4e9A4L+b9lOTh4ICrmYg0jD86oBtjTsomMO+UP3T+mVH/meHWTzr+6ib1vsu
Nz85E5OWHeHL1Mzj60gbZSn/PMcfL++kKVCMhJs/HN6z4t/hY+GkafkeZgglnqItkZGK85ME
SmpoecuYsExEj9fQaNjHuCOrp3c+B0PJ3PSQ3qTknsOnUwkOgAhgeni1RusUqckryre1pPrb
Oy9RrTroHGsbvzfbYEYS8IVoaMP1AJj6o1kb6vomTmWlh7r5UM5iZRcFrKK3qjQaTYr9f8vf
vpJZ0GlWT6T4szOmekTnYuZJGOumkLScn66qSihvxXXlurPP0XzVObz7YrZ+GEDNJxXwPJpw
fpYZHsuSXv9Pu8S1wjbvL1xq8WEjwd9q4kgch6r5SD4+syLydwLHiBXTc5dfVO5Xs6KzWtXE
MNsFBrDO3pgHtWvS2V6peL/yG7RJJztzZUc/IYZWuEJIU76rzU4YK/SC2Vse9lVA3I4s0knw
5TCFvZHTV9KIjqT95xOgdlZKmQc0uXSPNrVfoi28JOfcAGnSnRX52KFt6yBrhCBCWuVTZTgk
hKSIktI9PPC/C3xyLwxJjz1jPwEomhtnNx9B04W17G5c8nW1yCjxPxY4Q9LCYpMYXGB2Nena
YydDbgfA6ua1exRQ+ZkWpnHqsmCLL7B0C/7oTOeJAhwEEAEIAAYFAkxfNK8ACgkQ0V0xOIIA
QXMoXhAAs79q+JHo7ulKZvKDkh+OVOXrSh5eKGUmuqK4RJuxrHmthUFkNTsyNBEZc2+QWw4B
8q8ka0x2/1eIDqwsKwHOfcQdyMepGiKnGWm58vL5CeoV/pZW/Yzrs6Q13o6/mm02bcxiVlqs
ZGFiRaueY2QJ66viPY0TJPlK3CavKKgZQ4xQtfQ/MDg8sdEnu3G/1PWyyHfMVsq7fG6MXCdY
TisgHAEyQJXgpCnk1YIuwxZQPKbMhcjiGbkKBMeQi9uZDiDUtY6s6S5MZGsG5v0KTuoBt2Kw
XHbTgkFT9wKaQnK4rfMjGtZFuwiZw8MPsFgz2QAR+1s4mIkCbLPPl+jwL+F4UkEUJvpKWcPI
AHnDe2q82vOc5ToWfm/C1cSf7cuLi2hGuSKw8JHuJ4hBF5NaMhmsrBOxjS9BC1OrutNvjoa/
bBihJxX6pyz6Fhd3wnjtF8f+H2pxu9/9M6bv6lkHZDQxfnt2+muwsRncx/wU5JJcxzxUzcLl
wctSMFHmNU2egx6Kw+vPgPdkthrOZjkLQZZj9DZxHK2j2ENAm4jVF2Z6cUHHm5tVTsR7XF5t
CeFRNPUlhoEz4zdJiN2qflMY0pm9MjBpF44O8usWrEpUiPN53bIOpbPM08zYZ+BBGPOgxZbh
6Y68YUAq9XfVn9okE73HeyLLS/bpBj1QSe6QapV7sg+JAhwEEAEIAAYFAkxh7k8ACgkQcDc8
8SkNuc7NWg/+It0T/mHuye7+PG1kQbutyVw69/C7yyZkoICrcQQ+Oh81Ba+DENSKrPVkmt2o
U3HR1bL+QbFDjUa+hnLHXh4N9hlREDbsaYdYz3xLbXeGOPDt0QrLn3mdZ2cZrZwLjcqsu+bz
5sRZMbKKTXqKkMQaDcJa2CU60aEoH9d+QJkIhOHiqkNvVyrKbiMoGnJoKDppwG1e3+Ri/oXA
6Sx3cWwmdVrNlwNAKraTFlw5Xh0RUQ5NJstxX56PN7tMm+PEnY94bPTJHiyzG1obm2Ona7sg
+P3DIvqMFIkldhNz/DdeCjSN4qrB2u71tC7xwAneqqLpPuYhpMpFtD/JX2lOhoOvo43n+atM
jqIU7xhZ2W0L7n64Ym31+wqqz6NEx+aVp+OgYVJPH6MA6jel3/KFhHoWpdnLJIL3XLq3Op4U
tCio5JfouHfuHVdslmKlH/6rO8SFY4VZGF+RZURMze0I6b3HN3WQb9Qv78hg0ZrI4E7JIbhc
oQQDIXgASS575vjK63/WRuMDxEpLEUflESKBsG02GJWe6knx5lACdIyD/8kZ6MIV9mE31Nqd
zVKv+i7BBomu+ci/4B4LXn5LcPphmGPAvL1aabC7D/9lxLPA5Ur6LHDU08LA7S3j5Z7Iob4m
KbS7pKaBdYPLm+kfAlw88bDnPioZwkWSggD5/6iwEN2XseeJAhwEEAEIAAYFAkxh9TkACgkQ
dzH8zGPk4neH6A/+PTNKtYOQmFxM+1QJEqK8+4ZOyeIB74wHGI0VyFWRb6Bt6K7OIYAfp8Vr
F4kH3DYPqRYWZLyG8Krkff3HUwdgBdrsRRQKN5Q1YwpwpofCcdDY9l3fmlUNx4MQN4Cx9uBT
XY1OGTOMHHCog2eIOIkc3sT4xZ/zIcgFKM245lXl+fLvbJId8jZjYFwefNerUX1bucNoaloC
drmbUN2OItXISlczLhSZlXcOyxU2Q1DICK4EksZy0y6XRnYA4/7JK209AS5jIZb6UvV4kMGU
y0/CBTW9fJx1jZthN4bLxHMSVFHvG8oqRPmr7bO6KyvnxeGY/0bd30nA0hoVyDtKuIAuBYXL
nrnjHogjF5sl4LCXLNDmIqbYoXMCAuYrlGaGsLzqGqjPX22yb+5B3zYCB17nCP4/l84auAJL
6/EOrkOjTRPWIqsRO+dK8QENfp2zYfWmr0G7xBQPdeDvyFHbY6LO+PwzVfzESGranmiliTDq
fGUGT/F6F3eBhKb392zDllJgfeKLt8V00vqaY8jqXS4AB6ze7XkcEXKsshN2atVsstUmjLKZ
iSO73irt1X/Cg6SrKkjDgUhwTmOxywkHBYjsot2NSYcrdkYEfK3nPpesB19dgJYzPn0Mborc
vJ3ixf5c2mjT1GHIdrp6XEjqLs2zu8dKLDiTJPSV/Q1H1nEasMKJAhwEEAEIAAYFAkxi3k8A
CgkQd8b7Q+PTCCRE8A/+OY2000flzIxhqxc23BzEOXWxwZ+tH2r0UQTq8kwZiSsva+NIjN5G
bx3MMcT4IyGF3VaxKZRJDPGcK3ByJS8HnCv58OE2iF9sUT2BZJEIfgniHgDA6iLyyQDmM9N6
9UVoYYqIWff6Ve+4gPYebafy3UAgUJLHdrknfhE2fseE3jEtdsn9AizP7hc46xPkeuaAD474
4jtM8h0zVk36l3gdRwFZEWMsxATskct3hLjKv4R/EFdEgIo8x7hK0uxvc6JyyguOznrwAgP4
0LgXv+Ci2BWrf0awhOyuDJ+BiViKtEuzcqgwPR4GgOKkvzti8jkPNAvjCEIHTpWJwkIZ+SNW
aaIZVfbZdSTMf3tfVkUJ8tLImtfHwJ9b+BPxpiP1DENZtxmbOsKPKeH1SIGO2BUt/Y+i0KYM
rJmhQiL4k62PIRRhMKuYjQ5sasa9oyAACxg6nJMJoeJalJtcE0ZynCwdCFIkhYLXVPAgHCUo
/c5Wq20YMW0sqerdf/oLwTHe8Gyru8JfcRS1mLBuTPWQUGIt2h37WMysv4hCHT29N98w6zJL
jIGHH6Sd8PBw+WBxg6rpeGH8VVuLfHerB6XEMxoQM7FVAefDUCrHzWUrNHgSl5qG14HQ+46y
xxegb5XNGM+ku721W/t7YsA15ASgZi8ehaQ7iSl56TGu8vQCTaDqPmqJAhwEEAEIAAYFAkxn
Ti8ACgkQs0ZPiWqhWUgz+BAArOWNP1VqUSh1LpZ2mgjMLCW8cPChtEKI4/RHUElI9r6BVMGR
/35Ww1HMcayD+H7WZDXXiBqG/yPJJtmMfBW0xWH3dbo1pEn8IUZd6mWSlbhzxRkVr6AFhDKo
4T6QVQQ6nwJg9aBveBAXGnsr9/PieQNsp9IyACxZCvjoEh+2TV6xE4r0WaPKGLai5qPuvzSN
2efP1Fl6gtmoxgI0yiLDyMlQZPi+/jXC7qcae74qYFUqih1hAq3EaCfiUNCVCulAEYnzhu+Y
qJorF+Xl3vV/i/NT09k7GwvxLy1waPAi93yekg/QwkJMSrvehxXJlPdkUXUKCsgE9o+1CztW
iIK37utWFTnkApQaKUyHJA8T++ReyRXDCEq3Mu82ZMQDzsWRhJuWmX7/5MAw/1H6yG0HLxC8
sGH64oduKWZIlWwjkox0pUrA/ZkEDaznUxUK0ay0exYtcPJ9uUcmXsFvxCe0SOGwarNKbEjs
FkZ/lelB2LZprKk/10BqRg3AzPEix8IK9hRRM5jXK1ZDEYRGYw/c9VoQPf7eMpF52zAZ45h8
UjL/q6oAg3egW+ddbsEEXzsAgpcfNKhN/edoUKhQd5d2h0S8IpmPMrwvqrRaRSlOrqMhbqro
GQhFOV4+fO6zwkV0P6Y9QSIKibjZDS+QUZPXCLfpKRSYVQlkFwGVeVUcZzqJAhwEEAEIAAYF
Akxsv4oACgkQ5E+AFtNjD4l5ohAAtgotU7QYfbvY/6b2DKShrm0guTeROOi1imRMfMD5Nvy4
CazA7qm07G9Jxo/yFYHMaXXeG02vx0pSb6Gbx9Z/jtwrOALmtIUAajTFmcC1Koshn1KAlqtV
FriWzwAz/jYIK8BL8Db3LCgGP0SSyIaD86x3VXm4JE04AJeAtFUikQwBU6iNA8Mue0rmdIgz
vQ2Fg7qk11Nafx4xT7XU/K4BAy8U+6Ai4F8VPxdh94zc+Z5qVd5lRZ9fYsdzztYoc8xtOzjJ
YzDACo6j6covoSD56gQi9htJzraPtKaWu+gz4P0ijZ/naX/hsXlOnZ7IQzaByetVgXoU2Hg5
D6UN7YCrQ75TB+Q7Mh702dvihXCr2smUkBOBnEqKoxrLqLtrDYPLw7ELuM+bRzZb2nfBYzh7
/o5hEG3NO1rXIQ21cYvfPSggkI1fq8kOsWbd9uIXR4iHycohZ9DsSW4iQ7+IwVu1Giypf/R2
Fpz+cL6aGI5DKFRBuz5ucjyhJrl9wes8v1hsTDNAPSbOyd3I4PHa3N4gxWbFvV6TZfSwHKm2
fot2bglB+n9otZaPBVnHdsntQsRnS6K7Ptft/EZ1zJvWJcOnAjZEtj62mbrP2bQ48r+wkWy0
LbOoQZ20auH/YaqOO8ZdA3QGpvK2GCfYB6JzD3bQomsQWMlaAkx1wfFQUBQ5xtOJAhwEEAEI
AAYFAkxvKsUACgkQfFas/pR4l9iqyQ//el6hebIh5S7ekU/6R/msFAmuluGh03OAMYa+JwUm
YqXR6iGf0Ftw7XgYJt2NiY5ZtaOULtZe3zOslFio4KRAwjKgEOzSzEDc0wFtZnj0/LlSTk9c
zrrymcJQCAgKKV4WTffgiPpzDM1ajaHxY0WQfYJng/5pVxWb6QXjtB5mupf4T1Yv2blWAKpK
Fw67Fz/iN4DlWil21vx3FgpAHY+7JVB/129BnbdHtbzP2CiQxZ9PoQt40bhrinI4cHyPHcHk
EPKBD6GnyuyIoPGYRsILp76rH9vWQJWtY71DQwlB9+w/JTVP3TRinXJ0BSBvFGNcP4hqY5b+
8tKmSBPJM0umER6Q16HosZtI+8rY+4yvaHjtEIqau/AdBnCW/EBeG1YyjDOQAQzVdOR84PLf
Nyz+eqeZI17fZtokRjTg41J2b1+F0GbUOTQueqzlTK3spWYrPgDe54luHoYmgVqlsj71Zv7F
cWEf7L9RdcA7sqCQXpDggcOTRDVg+eR6eCLGJetBfq4fsX0ae10TRh/pGut8Vu6NTcFGw5c8
vt74h+WFIXPknpBeKl1HcKUXTLJxQP5CDrZF/HzUaLYI1SaKv1jVm36gV2YZvuZQyim4vBgg
V1/9K1EMgUW7GRnQoOpQP6zxFWnpPXPY3TDvdleaqeET3xET75mGgD0WIUreBaKjp+CJAhwE
EAEIAAYFAkxv+OAACgkQnQteWx7sjw4tUw/9FgAffwwit35JdS4S0LQqmkmGXlMvfZEkfezj
GH6ITG/YWri9QE0ktGJqyCbP9tnL3WCno8bs90tmrQyagjbp7EsADz8L36vbYrOU72mNHaeL
qbJcCoztUSWAe9aPJ4ESwTXbXCkl8xE0fm1zTF0MLq3T40Qqw67oMTBygYqhb8zeY43bKOzZ
f0fBLqFE8+LTZDEk00Ucc72M+W+J87rdiHUuJDFdAZbuAvBGT9p1YNkcqaRWSmgRddJ9nBTD
a/Qe9IBnAXBblouKiVvSTGpcyAyGKJ9cPtaviCLRXk17rGli43AymorBdGPpliZmMtrInMm4
FAhSoU3nwB6b8oI5gMh46Dze05PYkVVZylO4Vo2AILUkeo6tagy3t+BEFAmonnpluJKZkfcY
/FvvoaT8oej2U13tXStA0FXMOJd9fGLruJ+yZnAFPrVHZWA3ziyO/u9iprB7ZjqrT1OM1Nob
ZP7NwGxdqED3AYJAb3H97s4dMGAJO3WzGgHOfuZEMsH0/vIc3nWAkj9jsFcDxJ8uTVM6uy2R
oIfBM3/XspyZvm2MBTuEJvwhXW7JTnxsUEpZ7aJQVJLT9Z8PPj7rPLJCkDQsdwBw+e0heTl+
BspMqppnKw0mXmrRfnqGGxgLtlIRn8bNEp4K3AVuNP2iWp9rMSVPg0qLGSFgEH1DtoN2DsiJ
AhwEEAEIAAYFAlWS7hEACgkQ66DGxxwAJW8VIhAAtBkHOqKPOA4A5MKAzWSIYAfX6FiUfFaI
Edwqm5ZmxHItPQk+Ze8VN8jUEzzArrvGOZnctSZy7dMgT4WY+CNy3FUtg4WbmuvflcvCHlSr
ontSVeFjxL8qhkBgUzaxqohesB899mszzDyaM0GMD7FKt4UisOV4K9VqhXKHBhcKi0foQKgx
+VMD35N4+SqgSUF4+td913DNxdxvF5BKICwp9edYv6NpP/u9DMqG3lceVCy+rR3VEGTsFGNa
HpJI0Sny797FR3w4k18wKQGaGwUtdMz6GcmhnDxgiV2V1StLloK6wbAVA4YY3BfE4l7XmJZS
bStlL54h9tffDi0Dj1oJkSKXMdnI8FdpQEvGTGP9ARUz7MCxwiRzcJfOpfxATt3793o6fMLU
2dOzrCCl+09bgG5+wls8nda2RB2RE1EHksoaNyz4OGpq9seYGe0qhNLN+lvIJsv1BaZNdD0s
CaF+xbUGCoYQgvOh3DCiZbg+Ao138YEQw9eKE+Xifi8M36IeBTdq7S1OcRCwaDMmVchLFT5X
AHmFeO3L3zCO1C95WmNsFg04+4avHqgOp5MolLSrOEvKTnFW1Ebv2BJizs45d28VAI/JhgPx
T0w69M9Jpybd+Cbg93fHTXclLAPyQWXzhlfDPmKhukhSsG5JXIt0gyBUsq6lUygyWZcewBwa
uy2JAhwEEAEKAAYFAkxdthEACgkQXTKNCCqqsUB3ZA//S25k6cAkZpIddDahnJxDIon8VWhe
JzGmOMfb+hMbQ0y7xeCKRdNBa5yw3LKttLugofqcrGV3V6lmE9jWz5hK2we+ZAdCo/wXUWuL
FJQW8WKY7hmDBwxROJ4jgC0LTgeRZhYEvhKpCH/rtSQuymstcTJd+5jkEE2FU1AOsoAOsaPx
1DAb+uqSv2VefP/TG4sZ2vg0fdEuJd1+SiuTTLLEAnsG2yQT9brcXDvXPOckawFAM1KOwk7S
fkYekg0iSA4Ii9RlXOhpxNcW/zZf3WuS/wrCCVYoY6OgH/+rp8LkBG7hdeAfRsMjozqtBYUE
JwPSvLfRnG76neTa0DSi1bigpOMvHDIeATuS/hR7UdmTkSMwZ8AvQBOaSRHobjQwjfDY7WYM
kvErANQkevWiWA4WshsS/MpEKxiUe6SGlLVeJZfX1dy6Jmh1WzswqoQ9eXQXX8zBltPAfKFs
KRmf+OpHT94qYZsMhqAXOd51joUtCBmqeuzvdp9KM+R8cmuoPVqmZ8ZMdMbD2dQUap5yVxw5
yO3CfGMXGPGfvA/8fOav/3MwWXUL5Zqv/ZhdjpP/ZNEB4txLJk1rIg4kjKrZxz2PggbMcCGQ
0uf3SBZa6qXPVT0KbMjzvRKao473eNX2OPqk+K2hIYuZTVhAcKKuvN8qQu+o003Kzw1SWlLj
1zrwaX+JAhwEEAEKAAYFAkxeUcQACgkQORS1MvTfvpmBNg//eJFnqXakbedse6wPpmk56CxU
47abeG6ZCu/0FTwhwnagYfGXUKGTCepVjI/wLpevVeoXDbYmrUOT9zxqIL2Xssp/wz3Qb+HX
deft/drFmb4XMrdUGwi+N1nhvPCXjWOtyUrzuYXnpCz8e0vjSfn6RpJ6qdgTs3Psyca9kPPo
1Zgx29sumQMx7b0hcmRbSxNOmm/vGCpJKb43sHsYN2ESMCNzazQtpbt/HZ/xA/HqJCfEiKJm
GUQ5rboqvhpruhbUFnuLIpGRvLJqE3kRm2iq1XfnfjXqUVbX2aHxNXcNKa601Yla3HGisEAB
ILGvCRa12hrmh43EPpwLCnTOIB3Sejndl+8waKd0smV7Ox0oT1nSo5MHl/VtVLJzPnCX+EfB
bzOepXJ5HRRsX5sHOTPHjJTOUuQvzfKen5nAu6iKsQnawpwQvIN1C7/OtEhqDAjWFr+eqG49
bqN9a+EKu53bnXqM46N0/kRWXJAsHKfllki9e0bRKV5rIH0grsCN8P8qq5003cp/owAyySX+
Pu9jFs9Hw4nGmEkuZPYXkjg3wTYClaPjrmbKfWXgVl2BjW+N7xU1yJZaAJSpd8vqGtLK4qz4
wk0CrGr59EHPeAE9fAxNg+oonDQ7YcuDnHkVY7LNpIGXQkChrv1YgBzzAN6CFBI8GgG3C5Gv
bYCj+NsHFyaJAhwEEAEKAAYFAkxlr5QACgkQMiR/u0CtH6b0ZA//atTqqwPfQWupcXoA/doN
nXnBZDHUePFkCBan7YHitR0kPBVPP10dRfyd9ShKs25+DgAFTr2JKKk4ofc8ib+2SB4rTPIf
gvc1h3GgtI7CXzuwKdcHojmOYXQQsLaxcQDNqEJqS6oGh1oHd8DQJTn/OiARVUvxi6LkioOp
eE0KAkUOfZfnROz5E7ox2ImvMNvhy6VcD6q2q4E4nuWXaSVw13/MqZ8lGHRhytdrVLvVndSK
U9EP79Tm+nIRwgqeJ0CttcSESoKLngTAvHSwVpiMcO9rLfWqYZB6FmhEjCyPl7hV1e9jXf80
PLDihKscVEroxww4nflbIFOPsKP12vXuQs7cQr3BFE9yCowLz0X961WM2V4Cc6o6txY1MzU7
FY7mFrwIy9b/WNLBXJUB+dpnKzmY38ECLJQ+gTxahgumxaNe0wQclIrkrnGLszOrIgLyVAL6
/qD2qUywoNb3WWOHg6fOabKfTF3zBdzSYPNRXbhWNxt05EXARXRwYR/mkwpAdT3TUgbGlOcU
hNAqmtzEvT/Q/Cu0nPvwXnJ1Foix6S+zrFAM8gs6zeUc8Q3k0EQvi8m54jILnt5QqYFSGM40
FLgryKBF9hjwcPN1Hu1Qij8Z3H9MllV6Df36YSgKN1XpG3Jy9ktJcHvQPgHYVmXNsmQlmQxE
ei/ZYehdgLeU0Q+JAhwEEAEKAAYFAkxsD/QACgkQeFPaTUmIGtMxgw//TrRErKK8vl8VnvHO
8TK8KAMFi/GaRM0RKze4nJp72CGSrY5/bg2jAlS0hEKmSirlbLD8+U5/wWa5SrQT36AcyXYm
I3weWgzNSvbCS3N1WnefhlUhkaC1PRMX3AI7EqwyTUX7o8Q8A/HVTgbgHnIKxO1y1EhcfY1I
WEvA1wTR29928n63dmy03rKB2cJvQupGd/xRPXBx55h79NlLOJOadlYsUrk3B+RWBZHsn7xp
wWXn+38fwuIFs7DJye3Eh1ceDootTd6wlI7Km8Nh0+bCCVbeInxp3THavrz1ohGhQ8O6AmPx
wX7TN2EakX5mrwePFgHasLpgciOVRpDsaoQPF7taQg+d7knrrgbD9Xf6JkDl9/sxnlZ//t72
eQR3X+CGQFmfhl5rw+h28FkPxrFO+n6nk6opm1z1n8FFjQnTzFxp2taqVs3s58ondUiPWb2p
E8HOHQX9b4iYY5x6hrZehkSwoJOlwGssiJZSa9eCWs+yvJoJOG8yHunh48o91gY7kaqxGT9o
K+2MzW/uwh7ztZ/ElJj4Vg4XTOqHgSDmUKZjA6e8Z1xuXoVT7D7axP0NvgIj1jjeCD1ncQsf
Ay6tynZm/+Mz/PLwfe9uYGt5ZncwY9aKZRr8a9sUnaaIjeq7ywugKfQyxr1v4sjcQqELKfsM
NLrvOMjw2eLg+3UC9p6JAiIEEAEKAAwFAkxi3T4FgwlmAYAACgkQzNLtlNIXOemGQhAAo5Zp
Oa83tEIyfPOcj7HkQPTutAs8H+kgxzPMLYFhXSYKLPMsoH1TGMFC1JH6PjrzRdk6g7jmoUEK
2F6EL5QpFFKFNVWahRWY49F67jryslVdeZKvFMEY0qjqsJ9nEBIZW8wJ/7BNvYmZxBlWq7PU
0SKbbGNVexMagwctygY+mdnknS6vI3aom/yFByVcVXIdF52GJiAWA9nIx/poKS0ecCd4UuZr
eQd+d+x/z4Bww5E62k2mB9d+VDik1kjzL7bXfPV3+bWoyBmfl9zEYgNnQ3ICurKztkRmu1/k
1+68wHfU/0MR/1nJ9DkEfBi9Z7T3shtCiU+993wSHPeKgurkQwn+wzkthCNRNs3kOwee5Whs
/zD/dyZgH+lrJDHmW6C8zaa/K6Om9+AacXLId1xjQpmmkO83Tkf9qQvtC/UlocllGxHo3hAJ
dfxONF/jwY6Zs8NvRWPuswTEQOLCLeww5AhVfapOLBhcG7xZEye6VLArPNq4OsD2b8NyCd39
GxtBdxR6/8OQbGoEmrYf7aGS+ga6oygj/+ut1M6w4YkQCbLd+OjL2ZUG85tALP/1KdCp1pTg
YW/TmF0BeT7ICa/MmZeYyO0DUKqvsbH7Dyk0aiYgu+Gm3ob6JNC7MGadUkWIyjLUHkPNmnXV
rGT4KAkRtX+cQl/R+rR+ewB6RErUtCmJAjcEEwEIACECGwMCHgECF4AFAkoHaOQFCwkIBwMF
FQoJCAsFFgIDAQAACgkQRJdSeLhhK13PHBAAiyiTX8GMp3CgLyIiieHJnBIQS5fxBICbsSrO
j8OHWnNAVwkiRbtXZQ2g4D4NvyGBuPN2hskjuGOj7aCsqpE4Ln23RfBTAI3fF3JgMGwkqWh3
9a7Sjnw8DwxqaHB3zfs2AvPnolSUNyzc45VslNsE2j359UmvwZAGpqN0A1GfobFMWjmt3QoD
q58C8EyFOWx/Mzcl0qUrvGRbQjQ8najAYugpBjdRZ0MzGfro/pmoETJnTgrZimHNXvDtSTmZ
HTVYYbxj/99Iw5DeYschcK0yvbPFXGo12ndRrEs270LpOMmBpdBaW8bCj2uzATQLZbuaM/je
py3bzEFcCHUMkF+ekIf9zp6IUkSc2B3kkbQmVJKxOeiKWzCXvuu6pU1nRqrG/565CRkwWWol
p4TvlktQgHSZ6CoIxzDnYRE0eiGpsLxA10nE9VrUCjME5a+AYLQxj7ztDdDfb5r9Lq+1/bUN
gtiiQ0fbaNVXXe14+daezFw0sCGB14MWSPQz62rkG6piKB4ZMilRijiicWg/k/Rvlbi+QzH3
PGhqaVOV0JpCTfh3rolf54x3JN3bdlW8wcev0DLPJOAuhv8nXoBBdilH999RH0lGv1NzbAIy
7goaG+XOe/fmxiZwhUQhmTdfFnXEtR8UL9/7+dv9nfVY+kIZIdSN+Sa5+pGs7bik8dfi1xy0
IkdyZWdvcnkgQ29scGFydCA8cmVnQGdjb2xwYXJ0LmNvbT6IRgQQEQIABgUCTGvvxQAKCRDV
ypsE8sQjvNDlAKC18LdtboThQEnkx1lTvZZSZfApWgCfdj0UAdJxB9OLNqm3L8ukPYl8DW6I
RgQQEQIABgUCUJ/lDwAKCRBw814kbVMecylQAKCzW0oYdLbYjN2+VkMFlr9WWoeWugCfTyfX
Czqy8U9NJX0KMsEsVBmwB7yIRgQQEQgABgUCSgdx3wAKCRAyF1wNwQJ6DvPzAKCBblkNp8NA
k+lQwKAeqyjGAr+kawCfXlAQCvjXpRb6fYYu9X0S4r3gdfiIRgQQEQgABgUCTFxxIAAKCRDh
VRfyKwkgwGBWAKCXP+R5VvROrrh366WPoeX552dN6QCbB8aK562QKVhd4OGwbqhHAJzpE7KI
RgQQEQgABgUCTF0/KwAKCRDU5e2swBQ9LSl6AKCpl0Sd/zaVE+rXCmCg9lF4Z/DyJACfVE+x
FXdayyRPKh6cy6g1x+KeMQCIRgQQEQgABgUCTF80oAAKCRD5heNACvx0dlAxAJ9JA62AWyTp
1xpVLyxGchSp7G1I3ACeIJGHywtqpfbJfG6YiFjt2C5uVVeIRgQQEQgABgUCTGdMoQAKCRCf
ePg86MQ0YfqTAJ9hOim0VRfs5+pf6rsMNStUWZXksACeODXRe1BY90f2o28VOFpxoDQMhZmI
RgQQEQoABgUCTF5RwgAKCRDaGWI3Ajs/T8IZAKDCaii1ecrI+HP8NT7zero94/RE5QCdH9zl
k7ui4NR8EuEegYPvqFw7cI+JARwEEwEIAAYFAkrbZ3sACgkQLQ1auHwlPVLxQgf/Y5PQaqBd
FXEs9QkD2Ei7WaD1AZkGwpICpVmV1kA724sJ0uXgLavd1E9NtjhMVKWYwdjEl2556oZL2i/H
XfRz+VgRcysjLM/ICcGDxy6OygziguJRpwBWk0xMowNgWFGIDvTt+Hlc7f5UnBrSE4hGmWHQ
9Vxc4qFiADKL5IuiLssYgJY31xkwSyWcEnUe8WolOb4BOX7SLuuTIO6u/Ud+Zh+N3o2amWBn
3l/OBfi2lM/TTrjFEiJ0KOfyutiGV6a6/SkfGKBzhgdzWj4M8vIMthxFAapU++3WXF7qNQAX
f50EN2TKXKHgmidfpWFqmbPhIkEaoheUYYOCaiaXY/IKgIkBnAQQAQgABgUCTHaO6AAKCRAi
OuBVvZThVI98DACKydotmw0GE4sNu7CHhGMZJqvSu2MSMK7IyjoShr/JU9PO9yXEB6TQpfLw
E5b9bso87SouahOJV+bYvBaLx7JTT0awNSMRxlGnf4il8F0FOcl3RgXpgv14YxXxs8KJHLV4
GhHRwVxzJu8hdNltsTJ7JjJQS3kUYjBpIfJlyp4yNvZvUeRQJWTs1l31CkPwU6fXP6pxCP7s
loh/zL1zVGY2q0GrTkFlrCJIxceiPNll44Rl4PrIMTmBQHVipToRinsrFbyD5QTAjiorVol2
il078fK2IeavCxtRUR6jTiHx4/IWqt+kPycq11EK4bFMKQIAJeF0aBoAX4fWOoSPIFWI/Nz4
m+EecHCk5frctfxNV6VAB5Lf4XwjEho9HFZwqmSQ9snMi3zrEZnhnrCJ1/Gs/ALt9vu0Z6d2
ZoLFgxW2hdOyaXrE54rMKillYoTLZ5d8+uTQVoN8XFz5SliSNb1tu1//i8U9Y1tpSUUTD87G
SuNV6q49gYSeDqZ54EZEiHeJAZwEEwECAAYFAlIqSIMACgkQ73Pm2lg2uBpHzAv/dOSlPdQx
6o4MrM1lB6imRf4KPTmjkIwnO4N5iFrsZch+BNJ64PdGukhuAi1EXY7LBJlXRO9BPxdJI6IF
R91ELvM5VzNzZDdwZVPDV8wJwkpBTQTgNJXCjETePf6adpQ1ORMm6Kg40WIH67BLBN993Bfz
dQbskas89BxmEdqaz1eGDaBTHO2N39jOG4vTNouatsTsUlDxCxNW/razg0uLgMPpL8dJpZ0B
4cCi7z/+r+OYrV2DQlJo6Cc/vieROA2ElFa3p9unYRcuY4Mcn6Hl4gA3QnuQDsn00GPDTqBG
OEvhjcrHghhB0WzxAu+lc6te4vOTS0OCVTWMNU/ROaG7x8vQSFqaNWxEigkVlRDofxsyGQw7
CxNS1mwsYAc2kbA84N4OxMZ4sHkLnheoVjUYaXz3JmLMnlA0AerkZVQRfzm/+rlEwLW79G1G
tsVaRP0WmG9/nNZXAr2wfD8menJAIV1lB/pCSkNlHmEM4uGFAb1lA/EENQS8sz8NvvdvLNYs
iQIcBBABAgAGBQJMXHGfAAoJEPGmm+QpwP/ujggP/1V5FTQ8rwB8uw4u7Zg5EEta/aM4E8Pb
idUJ8KDr6p5Zad+hGWCPKT3nloPbN3iaYXblmxDuAYhHl1neH96tWYU6vygmiR2Xo53y06tY
EKQbdIF3+pfOCSFh9NnFlAqw72cMWsL0VqSoZL+SgY4IojwupFWPNIJbB0JaOSW21kFf6/U1
juAbtat4J8+l4j8mNgWCUeHBENN78lYD506VIuuJRlsWiUBhH0unzY33A1BoJwyXo0TmL3wd
0g2JIGT5sJmpeMkMlKminVjZCcY7AzoTS60QrCj2FCGBtfbUOH9OQvBojWOPz7ALmKj/aOl7
3UtGnvlscJPeilteNQFWEib1e85ufAG0Ry1AEDtR0GsdARJhqiG6jRn3v0lBxfG2dVWbHrFq
a5FkUm73c9r+xjDC5NquWhd4GHyG3IgVPMvkw8sciL33o9A/XhNdjQiZmpok77nswvbuNOEX
diQVnHcylh7bNaoXR6+3R8FVA/TThpW2EjxIg9TwAPfJFKWV0SWfyJSOZLFOiEYDEqBI190j
3WSJNV+p0+lN8CDu8jFHxehsTGOAALCSQq0mZTKJJh0GH7d2YD5BV9isUvsfne52GLx/xmoJ
+cKJfszaWq2FoMhIPD/tnVYA/LPodylTRC6/8C0WIMR0eAaF+ByCoU7aEMWJDEJfX2MoyQHa
fBV8iQIcBBABAgAGBQJMYCuLAAoJEB51mnJqn910WK8QAOJQVb/ihBQC0IsBpJwKyOH5B/XI
jwE6BeErvO0rnmcYTr57AXwKNYxOvtIV8uS8gFzfaZJM4YHsF5BNToT3l2UIrWGK+O5nUL7S
UM32plf7QPI/NSfyCtBxKWfXgbFQ8X/oNdwq7HMzCtRqZDoYv5btUajFsTP8gykqXqH9Ry4G
hCFmnP0UNUWwTq4D2/bImt+iOOw4C7MXyROQ8aZd69aUsAln340L7rXz/yGTGvabdLXKuVDE
QJtiZ1m/bewAw3A7zw3mKtMAA8Em8EJuTfmFvVQEpBBdacjwIn+ZpSzuY11arLIWNp78Yegp
mFsuCANZDr/V33Xxo2Bb+4cbuOzSlXw+mOx1WYo1Fkj5Ga2IGkTbijqByIPwnCB03T/3nG/u
hde1SS9YGGNL17Z2qDOlNtufKsbfPJf9xtiEN1vJ2cbOEDD+WbC2nvJQju4t4WaX06Kyok6b
HPqupuGSOaa9VMYk6TzPAOG9hzcD8SBjO6S59z/qtGNqKZOcTWpeXWI/4qdvWtAPmafB4fVt
2XS+vOwn1c4gNQFK+nCatlYywfuKxoQqGC+i/ld8wuniugtOjX4XbK2HzvuKMuCo0z6x/7Nx
pOJAOf1jgWuQWruIt5VEULh56mhglEV1vL93aCUxOE7kKAcas7Ojbve/EQruWlFbzxJW6VgE
1ncxHX5yiQIcBBABAgAGBQJMYDc4AAoJENeITEcY4Y9ExdYQANMHDBB1HSdVXEmkfVjMgW5O
BF0AphUt1r9ptI6NvzcuJ5lFTIXHDa263UBRpHb65EgaHYqKC5LKLSXmUoKXcTU9fBLWFRYG
N11qVpdoO1WSD7R7U7ZDbix76ujLCfOtPlqrh0TzHEzE3U22X3hxL+rHjDbvrLQuEhKbVYaB
WaY1THCJjB4SA4YcWOXUNNA1i+baXlDw2XKqZrEriv+zARTxlF1GzpXBoh9ymH9TsyPg1dg9
BbzzGy6r99LMMHmt/kB8BrOX6BfnzeLwSmg4VZ/aUWSAKK2cxbvmQFA5HkuFJ2sUc2VXmuPR
DRY+vurz9PHMF5WZI8ait4/2m+W4zvsYZdgOPPkGr63+DVKssczpZWSq4zX5Ykmd9e+bsCUn
E9jAI0iH4P4SKyFt1IkRWMAaUxQjN2v5/CIyydaavQGKM7AB0CjZL2835LwqiboOmptxzuWJ
5HJM5JSqr1HMHP8vokNKcbrU0taV9IuTuBjPl198TR1vxPhHYcACIt6TP4wr1ApAsax3yoDd
T/KrmCaczIeX6BmFFqXjDM/azhpQKIyFGgbDzrRAQ/CatG8Vy1baA5uJIsmiLxc7imwtUf5r
uJOlXSi72uQd9eBx55mlt+zNHbrxULPYBIL4zOe3g1SXb0leZsvPjVAWcj21AgH2QJx1IoV0
POwfFLEVCjTxiQIcBBABAgAGBQJMZY8YAAoJEBPAtWZ6OLCw8NEQALA9UfSTm/Zqc2pJn+nN
q4sfhPUhYlTUxE1D49FzF4GmUHDYzMlU8VVZub5LahrITDINOIidmf49wXc3BcjcEKCUjND2
aL/0JMtyMMORH+3g/Vz8HvktL3EnOiTw+Z9p1GNbEROI195VIWwNRjU/EYv78ErcrQ99MzJu
O5yz+Qibp6JUSIzMGVTAiGIPzdJvnbd9JQXfg+fhanWKIIzj0dqNmH7tqYuld0K1nD/5cf5j
o8Gc2L8GQgIStjUF5OwkElnO45iSYz4rgw2PfHVQBX8GsLBGRhKcxUK9psNBHIP0eWUk7sTG
4/cbLgkQow+u0ryitmu+IJ/Q79NUiRNrw6a0rf2FUY3Nh/AbVqLVdQChKrxGtDQuJtpwh+uV
RYTmc1rPmyPbsWj6xmgfvkLgX14E+5EPx8H1wyRsRpBPEW+Wb397I5eEt+gCEjfjrCprD/xX
eNSRMdOT9NVG1HJ3wmeTEddkpbDNhtY09ydMzS1O3auJReh0L7ZRn8gPmnXk4EPamDNzY8N2
OVByXKEPhb3bHD9RCHEaSe02BDcR1nbpbVAX3onquvK4ejZMuZIXXktbBcnqHz+zbRGRyoQO
Jsgh6bv3qun3fer12w22PJ8Q8ifhAmcS+Lhadvq4hskVprr5tRmvxHRKPgZF0ZqGOmqvikyV
YhFvZabdkKACAYCZiQIcBBABAgAGBQJMZsf4AAoJEBwB9EPJyTxaJbQP/1OgrWHtcJ39T7gf
wh+3lbFvmcQ4ggc45PfnM7jM+OZbkPZOMnTmXgDXIz+0SKbPUVH86XPbeZAXHXavtIFvqbPC
yC284oQeG0gzwS5yxygry5jj0fZmw2W0MfSQWEuUkj4HBkqEhgXGmbsYhCbbN6+O8XvBvIvY
EIYO5a7wSzi/21NPuG3hcGMFV2yzr6p2FtvXfO5biWGcf0yvkj0YeBzaCwdty4F+1qGAIHcH
oPhXCEggJKZtOYVZmsHz6/6RYghmRaSoGoG7Jj9+6udgZCycn6EKPVTE+p3tMiHxJzviEFRD
Ov6iNBC55cFhSbMplkW7fH/M6rkW/e6+1zhxP1K11gwNTtoMJelrePLRpf/w12lNJl9jhe6h
fw07mluEogjhXLVOQWSFjz3Y1Tfb0ez53ev/ooucvk9XT/svl2UM/K6RqyWYl1A8KCp5OgW5
nXzRZ6fc4Ht9OY0sxMNLTLZ3enwrVa857n2VrnOgRTe8bFqNSMcR39QMAD6h9qmJR7cNbFKn
IyQQiOtKCDFbZ7wyMroepw8wNLXPlvtMvS2zSBmMC/gJsdZVHK0u3O1Rpp1Jhq/qsve7D/fE
NhHih8FBKPH1YXUOILdR0zDkyBUdXHBUpZlcRovaznkigKX6LL7f2SbXZo/jO0L1FHDhYQs7
kl7OmWIXh8XW4m0ocB3IiQIcBBABAgAGBQJMduUKAAoJEK8ig6p24qx7z1gP/3wRRaEX7n5p
oZUnpEcNy3ZRQPAfVAAX07aBSnTuHzuphX0smAfJu5fqEuYP1XzBUV/WSxuQ6nGtFoVSLEpg
W3EX+KgLUGEv7Y4NI9LUNd47CNcZ3Fo26hQ1ur66c0asuLjseHbHl1aYwRgOarMy3X8JO1b8
x3z9edPan11kBIeLpjlBnnScZVB9EB2ezptxaXvyvyq/+SAfRMnGKKO6qx5vG9uK2g7GOPJk
dzS5LGeguixNjh7pN1ewiSHO/AqPyywVGYiYB9dnVWT0RwCZMXs3YmytZHfc58EpmKDoI19W
MFA4Hsdgwp9ucXJMfZZ1Xw0i02fJQKs911aw0dF/hVjHSOQfVAiNvBFn8u5l4hgFG3JkZ6Yl
rktrC6HThK3mo+KUNlynB70xSLXwxIHYkQUTxGr0HqZgRQJL03pPqk2Y+Lx4ndu4g0YwnInv
1arb5Yfg/y4IJ6GDY6W6gvPP4wUrxue1w6BwqRwO0rD0vRMJtJqzoIRNCE8aqtQP96OmH5iy
xAQo39Mvz5cntzaNMV9LOm7RgSaBvt/hLwxfhG2KX6Fca8hAXo0Q9dg5FbHSyLxF0mSZTRpO
NPFzMz5zc2yUpjW3Holt9+5n9pzi8EUVwfNnFzijagzbL9bwuyc37M9wnPp5x2wLx3MF2o/3
fNzpyo5Lh+IH7efZcG4XnUsYiQIcBBABAgAGBQJVcaVQAAoJENqCgw48zDo65e0P/2RDhlCL
zEUuut3KmGhBmPbiTX7CnpwFhatNFIb+C1EJ2giPmmrwn0O25ED8dJFC0GhZrwNatuRzSefI
yc75hGrTr/BFqRLAOD4xfMqOE5U4+z0frVTyuxB9Gdr31EmZ9miykKnfzcz1YY4MpQtzQOWj
SiYFgjofwcpI+b5MjnqG3T8q1PzONnvvx7BrXt0lRNqL5MyByaV51CPbENyhWeJMu5tX3hAR
rsuWoBP3kw6Df/ij5I71EfO4vD8C8F6AKWt8mBjyOfIpDmHkxNU0HYrmOnxzqXGqHTu+II83
vgJOurjZ7TnqEe9jB4XMNF7w6+SPL6u3bNfzH0KPpEjzBV7jQKFUhllkRbcf2PeLnmzex3+U
pEJjS5HLOkJt3B8wyANnZB358921snsv4LVJmgx1aVpeYWNo8vRgzKRMZT5Qk3ckXmuzHN3O
FGKwLJnHmnha6rXG0ShlYjNY2wJjfmwaed4wU9k7T73tFbzoWJ1NXP37iQuEnOINVbNCQdfK
cvL/82Q3LcpiapN1E/QYdfYjNju9NVpnSFICDEEYOfvodDlxbEQegZdd8zVHayYQJuc62sUd
zPvMYLvQTq+x5tk1vJD+VSJ1sAbVZ3gzAANyMyYQ4670RK9H8z4ygxa09lAunkcJ3cUHRFat
JyRM/u5NYxmCxxL5l0/UqOJg775tiQIcBBABCAAGBQJMXHEzAAoJEPEUCEwIYRERgesP/1xd
2SPeYmC5X4OpUDsbqQoe79ojCbmd+2CoFHm+GM0WbtJHFi3BEJcVW//QNQJRSE5dKXCHtIDb
jDhzlTKYT4q0f0p25mWMJFOXqb8sNiorXXdDz7k7GwrRZFsi/XlyiIrCwVHwLpyDGkY5IPBz
p5JMXuxViM/TYn9BIX58rP7eVwAcazSBIs+QpAvUi4pfxNdPhrHh3Pczllxg6DamsEPBZsjM
fz7pJxiddkJgAlDpIa8C3ZX4HdMnoPZhMh3JHxry4CIceMC8BOuX4c3GyXuFkKTMJSlRViKG
57WyN7eQe17UZni23QLifLYD7V1r4cY7cWj1s/qsGtLsvtuVL2brOvHeHVEE7s6dWpQea6lo
jLtlWjNXvb7WQ6XNFqpal5x7MG95QbBKWGHfifhVt7WrDSW6kbouXYYEgRhSZBkPPjSZXTEv
54YkBVwCsb9fykKLOTy+wyJ5Ttj1kxtrMWsaofhDYOo9OtywwKL4AnfBMhE3NcrZ5Yf5MHHx
NK/A95j9p8/HY1dKSHNDRub7PMM73Xp0fc/6cCyl9sTM9SFymKvvcMFChRcy1ZF9kVkXP3w4
ZzoJz2YSTK4zIRY/Qqc+Z+BhX/rRuhwiILuCH9hXhhvBx9rKBxxKcTw1Gl5hZ8nP2CGXNkAV
qSXL/0H8hschAtxw203KMvqbpSq7bYkniQIcBBABCAAGBQJMXT8zAAoJEIcvcCxNbiWo+oQP
/2mKGGHKVA63SdyOkyAaz+mV2y9jIw+0hf2D6eoQ/OJ2l6vQqc4atQ9NsMBH5SKo+kPLhfof
NcO6axy4ngb27YK1czUS0oyF+Vv618k+1WePw4Kh4afVZGrGsHBiv8DcKbeAoEn3gVORu5UY
ElINIsW9ZIuIypyFXhV/zf30zR8MOd1uuJjif4ac7V+n+O0GpBgzCkKZoCdO7NJ3QH7RmpJ/
TYAug0UMY9YvU1P2ffTvZuHxdY8adJGnieFnsLrO7yYHlva6Y2T47m0QwM6BXe673hj45H7s
rZpbvNIEyRiXpucEm7YBCboiA8vBTjXOo8D27Aa5MoZUHF+znB9gRKWKUnkCyCT409yo8qJI
5uSm5LWOa3Dsje3jlzfQh0BVLbq2f/g/kgm06Sb8jWzLYHUvA/+K774sOQu2gSG0FkV8BQJc
M9RMdImzIMpNpV9JYOWZCzVbTe2ZzzZuNXQJFG7reuZ8SoB8JyrLEqNbfzJ4G+pNbXZbrSA3
ybMgkaIvt5xDujQSwH/we/V3W296WHmVbU1U1W6lfW43KbOXriCrLl/j6qiy9ln/gkVc/Amx
Mh2RC5bKOCTRJ2TgPms2+a4tSpOrqapcpa0OnZJJTG/sifz9/3eDGPTKoVkN1fYZqTp+0s8m
NohYO6YMJsuqkYNr7UAHOTE1p8nhrq4RQlaIiQIcBBABCAAGBQJMXUTaAAoJEFOUR53TUkxR
rf4P/jp1G3yjSGwglzqEbvu4rzO6LrC8ZqnxOSWjKd8xN/CIje6naB5P3gRFLphJaDUgnlpx
nQYODkDZlMPsSmUY6+GrM+XDPIEnw2Yp2Vb6OVTSeDzgpjgNsdKptNGR2ENFpC5ReAKEKAUy
7bLcraD04IV35hnuHNevjq86VO+Dev/SQ2NJf0NrOuC3iW2YA5SEXcJYGp1vXAZjRUprOnxK
n/e04kTTA4b3cKzoEo/bQqk7C+7fLG1vHziDDPszsZ09G7eAhnhZmFVTk/jvBxJ9ra56Bo8l
ArknJ7A/LHvGe2SEd9MVcoKIHGpM3IPhJldZiXNeyz/HuUA+xKAY2Ox+p0vDlKUAF/koME7u
2wwx4ncMnRdbVOGNGDJTJhJGWk3VIUsicbQQ8M+wKnkJmLNI0ZGWdoNADdIR/xSIhL8bUaVu
PC8amQwK3VD7iNRcbNnIw0+Xbzev892lbBvav1Y/V6G9lBeS4KrLu1s5h+cmCq84RlW3xCzY
B3yZhWUeojvuplyNKPApJwkjWXGC1LK6VldZzYksXMb+9JxtoE6A/9F++NKqEmDilKl15YFV
Dy/beTjoSK1+6T6RrTKOPt6kFu2460PTa9KOqjpQ60hxOn/YpyAeEK/MtRuBjAT+wBCIX+NY
UIxHNX3mcl35l6Gb1nYtL4CxBG4h557CGM4s65IJiQIcBBABCAAGBQJMXyNnAAoJEHqPSei2
NIC+Za4P+gLihkZlHwFEM0pNSR9GoL6OsaEnsUebefwcLSrX10Ee+5mpODki11Sf1flIWJ7J
I+2Gj7U2NtFFXBvzNCUDN30Xb+QJBSU+pgJERtXThl8hKYuot79wg7FclsIo9P/NEQ60/tji
2iSQ/w12NIApczn6FmX/xVaKafJyf/QRnI0mxQvd5w7JEoeIKvaUVjt5Zz9fUhTiM/9kDCv7
E4a+PuVP7nyQdSCoduhFYQwLf+727mxtdLjK5OHXl1jYx5tcFdTyumZpB7bG/R6U2wb55kxd
iAltk4U+59p7NG7JSu5Lnexq+p5/281vVH33PrIINuZUhmpPovFNeDz6lFqEICQvaiS2STte
/BY6yBwIDx/1nUhiBF3yUU1TOQrtQUfRjox4QRj1g8YpGspsUXagBltN04l4tev6Hw8tCn7A
/f/RkdQ/7U6N24ZP3BdBx1R9nKvksE+C+v5QwlqpufU8Zaj1YpmPBn/yfSzSCvd9cE8pa4zO
KujACMEsPh0c/BDoiWsmxKLTzOoeKGwl15x6x1Y1yTKOLD0wXXvEM0TVF3x3RJgvpdnvonN6
c7URWq31zKcISwLOKCK1c0UK7hyD8zFISiPChiUUdGicZ1Jo0me+xp7R9b2QQnwVj4kO94gY
maw/3ouaDqOrU80N5pVC5vC8XSp/iGAY8wR0fc0qsPY6iQIcBBABCAAGBQJMXzSvAAoJENFd
MTiCAEFz+XAQAJo4XauT6qsxxS3i4ADlzeesoE5g+QPzg5mpVP8NA+kEXqLuvW7ZZjDzMClh
bpnhT9L6lgMdKOzODa8PzMMe8lMlQtGQsfby9Jy7c15wFwO3YLr0OesnS0gGMV0cxpu7XVmZ
ROPqOn1eVk25eaZHO3dHrc4ve2OMP3ZG+df3+kwQpiMgrl5x+9UHOWfqEtyT590yzofK3FCj
qHZwMUt2pYeCksErljI2hmrKDqp1zVcjE7OoQwc6M14i2HvhYwAtvEJTuqyIjFZL/XzGS4La
2q43fiLlAJalwlvIBEtRH7E5qWJEiS8gs47+Qcwigw16RhVp0FxhD7kT1vHrCoqwMFh5ULQB
fEYVQVbfVaXU9vL61LOvPfnE7QVCMnREwzCyYlD+FonI/LK1pqbzXgEJjh48rXEVuzic1G3Z
zipxiAbJNattO5aWuQjlEQv1ykWGIwh5Fa+LEQ6Idcxi32CsD7FFCYI4dg9GpZwM0NjJYrYN
sN+Nl8/o96LBGzCsminV+M+jXyGN7S08DoEyuuoAwmiY/48lAQJQChMH+M0M/UthALdcTooe
epFC3AiHiIaKUouRyqo60vNbAixbv1olxZpu12KlgCAg/ra9VcYjvt48msQTtmDQLz8/aY2L
eoFLm4L4NMqIQ5Dxywqen1MTKkk6GIx+7pAJH5Z3izmQJEYpiQIcBBABCAAGBQJMYe5MAAoJ
EHA3PPEpDbnOyQgQAJcCcEi6GZBjFHjNE3N2iLVUMItWSEdx93NabuJi7FpuhorwaJphZiYY
3ehgSa4t0/gNzkRkscCmbzjAr/auQsS+iSpINgCKUJ+dwOO7t03owH7ARXb4gmWY58poL+J5
ZgkqDok7ZtW09G+OenTaAccIpmb1IaGHDASwZ74EuH5M2P3iP42h7Q7Slhxer1GVloLD4SPs
8W/3Rslwh+/ccYfweNC3gLvU1q50bj6kvO6OWemcI1NAWtxEDTGjsS+BsXBPlYQRF3tqtoQF
Ht3xUKlGjHBO0DYymOMAlQzXfW7uqUYenrOXmOV048rqZxRtSdQwlXUHyaGIuyCRWqzzqYip
ArtquhHSSKedxe5wltdqeB9G/D/zwHR1fz4VFkECxRp0rWnnOnWJEp6+uxYPiIV/36qB7X9d
NFxlt0Vu3vZZiXgo9RMLjdQdYuBBJrshlwKkOlYPDzpYjHWmXJjKUIhDTqD5Kr2CTw3TrRyu
mHevt0nbqlnzoHd935ZssJdbYGDC+F9aUfcyzwJN+CH34zKz5gtteGP48DewptBF61Dyl0Pa
rHthrkwMqdZBA6cHE4lGpvrGh3GXASqf/rtAHwLM4brOhtH/LYYjvO81wThRmtjyjmSsokSl
0p496fHxPDuGr7kbBDMtdfVdty8zJ8IaWI11wTYExu/6VgY9dlhuiQIcBBABCAAGBQJMYfU5
AAoJEHcx/Mxj5OJ3X+MQAIdfUJP5Pmxv6T+yNRYSZ44Kx6cJJVvPtWkV+h5gx2sY/uTAS4/y
oiBrtnxilEr1D3MbWyElI6jZPlDXxl/Jx42kEEur5BkVOFmAmAJYRork7qCds2RAWGnhqlNH
vuMIz1/PfJlcB2hS5qo+JZLxTFk4ltOTUT6W8ENacKzcpzWGeQvqG/dY8H8FL2hnvNLiGITY
XZY6hWGvW5Ti5xzIBXj7QN1C3WZAmxTOt9C/t6PHHktfC+MNGN9zQEBAn9MLkE80oSwEX38q
/ukX1RpXCUTZmxIbXOaLc6deaTcxjJbBOX+YE1dSXrg3KxhXg1IUsMVBhQx96p+yhTUwznfE
F3pZQiWZhVP9/qGa56tR6pejRM8nfgZaLNcT7nVibIk/7Js+fXRYp5nWUKf3f0BoymQss9MU
cQLFs2Dm/l6iX1gFUgqoiOVIAX8DRc7MfJ+UTlHBOMGDKVok9nVsZegQYe6P/C88vfFlI1Qy
fV4KAdAb4YwD2HatpcjDcX5TRX49mD+pmK0bx4+L3toRG6W3OPvTcsaubE9peNfjwS5L6CF/
M0Fq6IhIUobcDRjmUNtiXk77WmI0ZM1RiaaknHHCHXGQgS+QPd82Htox2ndOwP0ScgbqlL4D
LT3ZJqRJVWgnWK/n2BrctT63KFAZa68Epm4v0GZtTjpJpL1DYnUd/J6OiQIcBBABCAAGBQJM
Yt5PAAoJEHfG+0Pj0wgkbVQP/1NGXS+oar0Y3GuQZ+HwYq4t7Sh8CbCIZlei01oDcC95Fl65
HtTZJcd8RTPCkTilZV4orC+gHppLVGi2GQdSJ6C4whlnliwDtgU6uJ9uuP6EKTsGh1jAoTlq
eSDx1n8/F4JG6A1xVOekZ8NzTIfpfdFlAYANe+z674ZrRPi6tL5euQ9/iJpi//bZJMVvmttM
2QJ+XxNn/CrGKGZbA1PjBYYol3s7DjZLhR3IhgK/rvmVCo+0waZzPqI0CD/axU2OXT8B4lIG
WvDcccX/8p1tzIjlXNNsDV804c+VtUVX3jZMISmVMWLfkShhnUEhfwi5CUNtctL1SPlqwvbK
q3bxZjol/OFu2KbW1IjhZ2dJ2e1hQ1V8jUjSYQ4xdDDwzS/Z6EWWn7cLycAR8xF4CQd92hCx
o5AIgkQGG1R6iraztY5H/fdhXjzySby6q9Zvfa+rw0GkXpJzffKwrjZu27+QCqvNGX/3b1f2
s0eZ3EkFam9cMD3df8PCPU7Wt/IN8Sxv7JQqkb6StQF3NjI/lnFLcb7qf4dhZItGZBbkWfwj
M2PMEIbCl66bi8XqviJUUskn2XWfhaodv13VyXGeGzVEw4+N4auDM1w3WZ5SnSXWrFazIXCw
IBWYFSyHlKawy+Rd3I9ueYyA7PqgwdczNxTwILXhB0+pBd0Z9FMxjL85C1N7iQIcBBABCAAG
BQJMZ04vAAoJELNGT4lqoVlI9tEP/0yGcqKoQuNUIsuMasD3zVuh5j77i4wo/FCqQvMQIlzd
PWl+gC9W0xDA7vILOcqZEErIi4PPGwqpQYGUgh9KynP4HQau+43qe2BrvdauFCIJPsmuwfER
OwrgdSkKyvdXA08WG77v0a1V+u6nsnmbXg5/xZZdwCAKt+kILPVemxeIy+f1AAHj2zLnDGfy
0JE1jN4w+JZrhdWtsYXWMnfRFQQqPbnVqi5BkFDeRalBn0R4mLTCCOZn/fGodA7EdmRL1dLN
X9FbnfD8AWMDEPMDZ/h8HdK7dD16XxW7i5o6ZbVvftyf/yaF+bhtOyTHabkdSlMJXHzl5mnW
mH8NVlTTQt05SJ86NhOjr98dhSvcQOxFT/fVajDcXAQbdKnylAWHEjnejGgt9QwpM99l/Mp4
8j2rLgqfexF54y53km5ssTub3QJ19FG0FPLvRB5fnXfzOvn8iDhcC5V7dA7q08afUjaLDTVG
6byCHe8TR9weCaCrV7vvGHzmEEPRNzu02C86SXGZw05eRMWFKJL0AG1avj6k24hsnatuoUke
6IA5zcx81GbkqPDiOiiYJOEZFY1Eokm6MhIQ30HwUO0TQ93TdNgD0pJdAiElPyhs6csf6/Jr
ijOSajEDcEOuKzqYnrmY2AmDgfyOrjoW44ADKOcRTnnhAF26ljBzwqa4xguz9HEUiQIcBBAB
CAAGBQJMbL+KAAoJEORPgBbTYw+Jb74QAIQ2ADLJSvn+c5MBWYwc2NcFrRHIc0JXwmn+wzG+
QLeFDGO9SV//LM9L0XIIbsFFn71Rv+/KqyFLn9SyeGdJakuL/AMC4qF1m6bCzwSMdoZeYBwK
2r3bgPU4xW94O8zKOfRF9kwxP+QK2adfR1y7j3X70rICZYAua2ugkZcIDkN549PBze+2LYnR
3CIhyOV6nYTArKhYuaDiNnS822l8VThOgk/Dmdof0+ExQfl7Nc2oAk7wljhmLX7nMonNZcDI
ct+fDsVS856UYg3aJR8EuDCAayZHZvo24/bKPwroxl26+tEEfsqks7epWZZRGY0lH+IY2qoP
oFhHPodpAw+faiafD5/06Vo3SzH2i/btYQEwwCCA21cRLwpv9432Ia4ekvjPQ2E3fjBWGyNs
UA49MYhtllX/8jk6LE+AIU43PFit6ZB2BzVBunsy/LH4ZLxdi5sLTA1f0dO9jNkqf3xGbRIp
PVXtQ6t/9PUXAy1evqWBQgRNHVScKL6pjuoLurSIenQCbcNQo1iNLB9DuenAHNUBP6Ny3cby
hqMpazBoCIb4HqtdeUBmzdDZ3okIdjXQaxsHZhDsLNQM1ggj9mu0vJWSkXfdXpew2Z/J3Cco
lOuTcTqfGi5kdoDHPLvFDEYyrGKiHTV6P7TxoIxml4A0rY6gHFYlF1b5SXmUiCt+cKMgiQIc
BBABCAAGBQJMbyrFAAoJEHxWrP6UeJfYj6EP/0SlRe8esTX01wSot7D9mZfjK/yvpA3g2YQi
3U86Nb2vvLvJAamLzV+Ka5GL34lPASAIgwfilQyVhmAsyTOQ1sIU+rPav4olOoUTBaORlzL6
1AmhtI5N0HpjgnIDLmtKF5F/kRxm7JmcgnHgiKoSZCzZH2tomVVIGA9/aSDznr4N/uJZ0yWT
6MxKbmS3udM8WAgKxNN8IB2Z/xVDJ2dXMt0a4IgHNAn7wgfaizOiOKaJ77c4c/LNRiyhomA3
VgHDBTP+WgDwEcJupo6RiXWyvd1yDTEsHCApieODSIlniWUePiuwjBPNNKwH0/yRo1fkK6cY
kqbCD8Dk10p7HUr1+BEGW2fns45mpwJH9PvbJ7e7VldPs7AKmEKC0HHKZ9BNa3AJiujwnaUj
EYt6hq+/DRUQp6iqTPDAKE1bNTA4JD55zd1gGthsGHKfTSAydT/kdvxWH8fK6F0vOssQy7iD
o+8VVoVpbl3qJ1MtvbJTxum4ElFhPYaG4Oh/JPK1vhWVXva9T1PX6sGskdC9DPgDLStCweq3
RqzAhjPvcqgpx39mZGU/SQzwVUFN7aqASNl0ZFUMmnZ/4aNNYXY9yEAvx8GetdZm8s+0gw4O
zecerDlVf6xykodTT9sK3qiiRF53P5A8HlgyXoewut6MyKGEwhItfUshFSp7MMMJcycl+I8Y
iQIcBBABCAAGBQJMb/jgAAoJEJ0LXlse7I8OrucP/jRV886elnIly0yuYX3ALXDPgGKFwbRZ
GWC1qjf3ESdrqjC+On7jMLnT3/A4l03F23bpHEAOnTl5Ounb1PrhDnvo7msJUH1ZdtqsoT16
sAPbq14Rsg4+n7f72KYKwcQaNVkgizg/W6a8VJDOxQQgkrZh3Lp90O8krIp6MDgd+XKEQRjV
HxyhzpHHyqAaY+/nhRY3VXATZ/5K4+pdyRt0aWlpvftYTvX/iZnGBrsfjgYkBZnix/+PfFtF
A2p0AXfiFfFuU3BlE/kG35gGDgbYf9SouHuYeR6TLgEMOekxeqPacbTTpM051Mq4tewfFQHM
raLLSMCucl+duu7kyDRXfwZ+zoQ7I74UT9gRkI/jSYecRKAoSYnoewDo2bNMEsnYjFwyf+Zt
MEV3glEDcE7FXgm20YYjFb7uMQIVbiuXnFho9RQFyu6z67cfIcJzEn1pttMdV0vmMfi872Cr
BKGHxYu4gP1a+yQWx6N4Xgm1eJVdAdzhmkX7mH5C2GKLPIWzwT+onyi3qCCUWp4NL+2QescH
IVkc8daU0AH4IGp0A83dpRDb91vYWFImVW2brurAsBwNtKRhpd6yG+ufE8+9PBzQ+hZD4+C0
jyR/T5HAsuMQNSfcDDEi70E6wRLEd/KYp0YePkoAKES5CB3n46XS+WESddBXfeK0OZpAbXye
45lyiQIcBBABCAAGBQJVku4RAAoJEOugxsccACVvHtQP/1218tsrXF0nLofFs9edddWw4NLo
ZYc3HvELTHfyq4/41ERGOQoevO5/3tMzSyAG5C2lmKOz8SDHjAwkLmbqiYI2EbwYxLg1lTzw
1jZGpjzBfKm+dll3SWroKiyesv/iPrExc6fJ1mxLWtP6G7R4m6ibmz46uywwreT6WvhKRKzs
IPQdf84W13y2ItpFe9n2U3/Sy50brOnqAiLj/zIP5PIaaHzrqUIevdINFgyIWee2s7tTDcNm
zV8TV6+cMs4jT8nqguNy0lBGjMsSm4BviQRZJON7h/v3/yf67TctHMWJxeD62STnXS6wjEIk
TTYSNSEZGvMw6Ti3lVB4nlx7WW8wLX9X5/1QdPc9jZyVpsh8QzqUtp+jDo6dfXPBYfUlwm1v
Q84BVfcknpMkVMDLX9EMS8M2HLWBGCOEa2/n88ocUnjX2ZL5C2MGlK1TTyxSWCA8D9beVpKa
PdYP8JfUiZpC5nLKKBvyEGJhUa2dOY6jdbPRZX+V2TWMIwGWq03kSv4VBHdErK+HUXXcFvue
OdQBEOcN4H78RPd20CNTEIE4bsxgT+riXcjUDDrfIH4EQsA4oh1Z5fXpE47y3ZMMJuWfRzrg
es5QTKNFKDfLsDwPvgyJV3iLbJeKp3G/Te+scm3UDYi9dCB0eu1MiKM6SIxrJIGzl068Xndh
QNLOTpCjiQIcBBABCgAGBQJMXbYRAAoJEF0yjQgqqrFAvAsQALNsAqgOJrnudiKERxnGU8dD
YlxWPADlESd/DfsoEFkyd87GXVzfOE3ZaGKW66PB/D8eEfiT3wWVNpmAfIoHePXkPsA7NSyD
CORROlpxXE9zFaiRYMzY3EdCsvSjSn2F3K7pymCC5yuYFXTW1J6x+CS8YCEautV5h6oIsGsD
4zqXyHLWM6Htm1J1Rk0vW9tJqtfO39CFD/McuOUC6QMNLeBlWri8VDFmdGixOmLNAtBoZkPv
i7AE3BFa4utWcLLjm5gMDsPW2xag21LAwX+xiZ/G0xkDfwKM6w01KcIp03wVzWBwtaUApsmu
6fsH6gFPFuqrAKadAJY/L/U0A5QI8Lw8joq152skYYwzwC0INYTw+gst4IJDWPtjd5sK80Q9
NJpnqLJv91KAn5+Ya/i+K3jjFQLwII8x1rX+B+hxsbofh95VdfPJW7W2ZMFAc5kpiN6Vmw6O
X5i0x407cMV2TslvGI5L0aQ1T9mnMipqMnQNX9sMjCUSRNVa1DTYPr4ANkPy4ssXxenRN6Y6
J1Y2KORYgm93FfUpQaUUHOPzBT8PlfuTn1rNZpIABEl7RB2qpsJIWytQjZ8U/9epUiiChMXk
1zmB8izRWAoX9NtLM7KttiFht1nRYgB+8Q9/Ta5mros/htAW4slcFzNwEqFFEYNpgdtfh+S5
50o9SeOpmQQqiQIcBBABCgAGBQJMXlHEAAoJEDkUtTL0376Zk/AP/2NHH69E18cRAOuET57I
oRZmJqa+a+cIdmXFIhWlxUtQfEBdXwSDDcCNVZCWWabiHieSEahXSbCQIpjsjfTLHVVmBBCY
a1XFHixF3tnR8auN/KONFQ5tl5IViAw0tYBX1zbx3FqZf/XMqzOr/twpKrbI2VaslvjPpu1E
sZ7KiXnqjWU1Dp9ydwK7sdb34V6w/N/uonaulFq6IZ4GzQzIaF7/SkOwm9am9TKON/OmE9HL
hz4kGimtnvztfaGQANF/YxBdjXEvtUp76y8QwXrxOD8f7EFQmascGPIJqgR9KLYp1Tsw6EFJ
eKpDGJjzevkBN8eeIDLOWfcG+qlhNHHtnbfXnv9Ojr8b1idvSsdqvwFBAjw2svZAK5f0wkrx
KU3U5/hTIz89EQuT0o/oJWBj67ONQYHyh4CYMZi3oTiqFWQH10utKi4kGnM8jaDA2No4q4xk
n6L99QIU+RClkamJVBQdmzoSYpjiFoAlXDIhwQGt+QmhbizZLp6NqxXJOOHJ8ictRpRlzHOq
ERlLNkmaaf4YTyBeEIH+GYad/xiqDQqm5NQHFBira2dZskxKC3SND1e5sTd0nYIur09wbJG+
z72oKoiPMCf4Lzawpi83Yz3Swks8hZ32fbObhuiAmfXqEfDlhbf6Hz9NqTxE57faXm8pWrRy
o1QgHe7WNpM8vth/iQIcBBABCgAGBQJMZa+UAAoJEDIkf7tArR+mQ54P/j192Qx1SS9xW+Ao
2V6IdWidRtV25Pkt4LckZAIJHfVEvjpM8z1uuY34YacjFeZWtfI3mpM9JUQ2Zx854oSX9z0S
iQ0u5XnPNBavYZ+DKgGygOyDQdNdjvdzR13IT3RIu+OAnAFkBfwS2r8i2rrWpeZxltPR1Uc8
J0ZtJ+DLgdbtWZxCGIl5eupdbf03oNQ0GHP/h4W9Ls2kvJOzILQx24+9tCZBIi6ZuHjlawhV
uZwTvhuc9HNhl5knHeyOZCFfBcNTWFnxuHIzYq0AU/12+WYuZ+SLll7+yA1yHpP7tQrz6oSY
rQGLzsBq0/kONM4WYmhMQVtgxuxjZV7DK8+1f1YlbKCGrk/R4lZ2JklJ2+qI2WMiiW4BdZ3o
CkEi8z5Z2vISsbTe9LujYnEbiTyCiEZlrz5bkavOgMP8T/0NlA0GSUt1Jo4hkLG9eWUfYgq/
7N9vMQd0ihpUVKciJyqaSixVZVX2OdUW0nCh2ftwOzfvjhBG3GydQDb6Q8tdiOeLL4kB/zpO
VfZu3UydE7CAtqzvNj9DRR6hfyuELHULoxkP7DHCJIx2k4ZZwgUmLHYIyni8ITsRUnapzqwO
Gy4wmQM9ZGvI1vFXINsV8FUKg55scO7baXwizGX6UQ4jwvCBkt7i/1lYhY5udn8vmQ0cRf9Z
HjKhTYfZ05hp1dAc9Z7piQIcBBABCgAGBQJMbA/0AAoJEHhT2k1JiBrTtIEP+wRhrJcz3w7K
y8F8xF7+ihU9k/lvDjqZLlYKuX6kJsTupTygmC7bNVw4uBfGzlujY5kroa375kGK0Q6Uh4PT
ffiySDUmKj4ap29rlLT3JzFuu5CIH2jskPEAYhqgaf1NZUKAcIncDtVGZWi5J/Gi8faVyRnn
tE86gVvHzlgsDoz4WLE/Wer/LUkotK66I9sn6t877lm948GIrJ0pknNHB1bCcR6YhNRS6fI5
n9W3bkHBBs+ilCd1GlWKl+a/NmBnr3yMKEYrM8hdh8RVJlHW1puyLruumoxolSToGvhAIPV5
E8D8dc92Pa5N0tELtw4a1Ao9zl4X980QQ9XPqp19LdgrN4ipqxgaxlVywzSq1fObqtSd5IYo
NuLz3PvoFeoDyP0degy+4PxXX+hERcpe224No/Oo6cPvyxblgftFpMlRVuxLJx79m2B0db/A
lIEN4RAa6mO77ZcJnAeInD6ZWnHw+bVPTbGnsz/9L8EJA/SjILpBcG9UO9pqUYu+aL80AgDF
FoWlq/Oy5YOjTIBBMcE9iN4V7RV0S7ygA7xXQ8JEon3lrgVNRQ3tyrqclXKw90ehPS8ntYJe
8rr7M7hw9SGC/UwLlZctG0BO/Le1aoRI7U6NTnfKgdhfn2UAPX7tgSAX/xgZDcuF3T8KeTwH
/GYjjUzgeoKuZMtfMjXtEOfxiQIiBBABCgAMBQJMYt0+BYMJZgGAAAoJEMzS7ZTSFznpEuUP
/ih8u8cHaYsnA0vQnfXUB3NDtKpwPA39yTh12Em2QWP9ezw9CizD9VRBmR3kksbxvFI7lNHF
bBR26jzHvz5wh0OFAoL0QpnwqO6YVDYAnDbwU+9Gyk9zFz5WAiTaj1AFMA2Y6tfq9M6eYOG8
7eNVVdRI6NOwmjO5cO1NNFO6fo4zxa93VLX8CS+4Xgt+qYnJc6bZDbwUPdmfSr0UgRVVbZAO
CGE4f2tSeLQwEOkO44XB1rgRilyGu9dRShgxLQoauAXzsQvqMzaNwjal2bz+yunhj14Q81xk
xJZ96I0w7IzMPmu5tjyPa/1Bhn+f8cHkqQQKcu4Bf2OEtANNU6M98reiS/K4cHEj0ChdFiHX
l2z4WxSsihbC3megEX96l9A2uVgJK0VsSPQQkGKzVsJkEAsld8tC4XK4OzukpXB184h68huy
TL1jdJkYcZoBQ/3Lo6Z7TJ5ZvnUhdpuvQdRfmBYK1AuRuNuhmPDYV2/qqmFOYBrpUY2/qv0k
xOYUduergCG6cI8zFK+KWn3S3sfxVt/032qe7oa9/VsloGBRwiaLl7MAwzHJfUgZCMIcfJgx
6sQRhrvZbwWg64UyG+xFuocSqTRkcCU2fezMZHhLA6B6CZgk0sY/VBQLBBOy4bmtb54AslmW
f39NNnD/VzkSqURypo3aDKn/f/v9+JNBfcCJiQI3BBMBCAAhAhsDAh4BAheABQJKB2jkBQsJ
CAcDBRUKCQgLBRYCAwEAAAoJEESXUni4YStd9mcP/AtRNozdY/n06hAVJCnI2W0U0/BknKBd
z8SXGItd3Mb++tWs8tMvZw40hB3C6oQJu9CdZ4tzZtf1jSUxoAJjGTGOiz0pooeINAuN0xRa
eLzUPyQNJpd1/CsZPFgtn4FeUa/T9WwHxZn/XzDBPd+N3uKzM63ZRpKU2lkSvSrh7fvqP13A
h8Zq/quMgOsCbQR6Dp1swJIm0s9gPfN4mEVXeknXnd2vRGrblJYL3u8V7cfjUjnCUlFmB7U5
TiROYZYeP3OIuDsAqv8+xweBswWxCxX0LYsuRHRxmLKWEYHAV6e0czRSJYKQdV90+URoOZin
Qdeo24cWK6caJEavAHFnDcKP5aMCrCtp9hM9EB1J5/w0zOEXLotwhD3cWVDv1k2s0w9wkNZp
PJKRdXL9f0en47MpqJqR9/8U9X9j8t8tTUbo9PcUcf3YB4hvmEBauBHrCBNslMx58uPYOFjV
YqbwHUzhTKHhUGVHbCkQrUOjD0z3sjKlzXFqO8Ba3sDAP+hs9+g3YUQX+A403rYJoI/b4Bvy
eZ4ryKanz4/zhskMDdSBZ/UvduPm+gHEyq8Xtj/jxRDX0EqLvkphDdUgZqnmanx3FkkH9EOx
fUxnqpdwJvAj6k3diWEuei7pSbTBlqi80fLRUm43135UP6AryHtUnraBSsaGskH4pznmwUfW
Kh5WtChHcmVnb3J5IENvbHBhcnQgKEV2b2xpeCkgPHJlZ0Bldm9saXguZnI+iEYEEBECAAYF
Akxr78UACgkQ1cqbBPLEI7xL7ACghnGFWacQR2ySOwHGcuP3y2NepV8AoLz9sWYoqYd0SL5T
192WWkJWAboKiEYEEBECAAYFAlCf5Q8ACgkQcPNeJG1THnOB7QCghdTeFj/8kaopb1WjUCof
BrrhzNQAnjYiGUchyKzDS++2vV4VPwxvMZZIiEYEEBEIAAYFAkoHceYACgkQMhdcDcECeg7B
0gCfXpPTRYvu8+YGBrnl3ryzbBrYCiIAnRMek3cGNpJrDT76nPCVkp9J7zqjiEYEEBEIAAYF
AkxccSAACgkQ4VUX8isJIMAYjQCfRZD7k69DKbhcMYOYWt5paHpg6SMAoIPdjQhnId+yPSTL
h05O6LtJU7XOiEYEEBEIAAYFAkxdPysACgkQ1OXtrMAUPS2JYACeP1vgz920Qbq9CMig1p7V
9Bve+7sAn0FIeNCiAGp7owWq6mZX4BOD0o/IiEYEEBEIAAYFAkxfNKAACgkQ+YXjQAr8dHYl
2QCfa1lGYuTcxswPc6nqR8P9G1KoS5gAoNsq+dtZCJmYMIflfGNOxlzLUsNziEYEEBEIAAYF
AkxnTKEACgkQn3j4POjENGFPMQCeNYzQIXlYtcurpdjQru//evWc084AnA4MQEEKUkVvRLOl
PvkCi847vss1iEYEEBEKAAYFAkxeUcIACgkQ2hliNwI7P0846ACgm2JlzfNk5w49MB4cGDwy
Aodz+MQAnjanm/JlttRZCU+zLaxHxEj4JovdiQEcBBMBCAAGBQJK22d7AAoJEC0NWrh8JT1S
LqwIAKQmrdBXWS2UmANTYLBfDuytJJm+mHj1YSJ8ro92xzst6WBmqxMwQ2EscOv7S0rI/LGr
8PfXBnpp7Mf3zhwEXeUts0ZUt/Vy6s8UAVPTGPSQlj/Ya8u0mFfXkdGsLMgMdds9Cz8fLbZr
SycslmVmLtK4S+rhjQhJ0vXt2sL5VJ3HRznCpmSP5+ZQOlH/PenHLmV0kC9KcOsrxgvV6Rls
HIZ7oiATogYm/kuwXwQ+0qQAMsTY3AGwE0yuMXvDuDUnGdUBzaZJJZ/wodDFYlDxTJb9NOh5
P7PDBQghiR0LrnU+Y4b4Oh6ne61EyGRhP5ULvZ8RZsvDCO27gjNxRH1nJkmJAZwEEAEIAAYF
Akx2jugACgkQIjrgVb2U4VSOeAwAsBhm8cj/o2YZPP0gFdUCUyr6ecydoD1d0ER8wwvOci64
bA6Xeu+i8LtcAHKowj0h1uVye9SXK7FpfyPlD3j6hbikG5CKXSwwEfEOUHmBIdY+UarL2Att
791yM3hADK/LjKObU/hEFs+b50xsug4pbYGbnDgitj4AG7mrqLLReCAV708jbizQyxizDl2w
/aXbgRvjjVczuxFeFYGlkIFv+da3NoeYCV1oH7Wcg2vrBb+TrxgIbAMW4V36v+fIPaTsderL
QQTv86Rq5Uv+FvZaoA1y7rXMpDbD8OJ1DdRv5BeDAGOAWUFYj+XDDdpfKt91zOlzfr74hikP
1NWx0NEyG09wxvkV/6P1zjbv8NVedwhDBs6QQsco/oYx25Pqsin+x0mnc1NiDpR+9Oe7c4ha
6JzzN3ufllxydLpK4D1RC/ITKhNhIrG26qSEtk9K6zM4QQbD/Ngh/hztcHMObLYv4MIz/Uus
K+CoJDI9kPAISK7zKTHfGTbM4O+gST0gqcFSiQGcBBMBAgAGBQJSKkiDAAoJEO9z5tpYNrga
fAoL/0E2pxy8oF9vH2d87G/tYfJB1sndWixltZtLYJMZ6HVAwYBsq6ju02893SllpZ6xp99x
xAss+xeJF8PlpH5nauQOn07IyUNTytxa6kJ/xHcIuVEVFEBU5SUaXStqfugM/EE/V8pbW5di
oIILQx52NKli/JhrBWlW4/1k8moyuCkZqYsdwwp2QgLrJhcTNB1nWx4DBgonAL7GOGy7s2DP
6zoQT2rDmlMY+Y0GrYkt6dwwed0y8mP/6c1ayLP/5E7ZlJK7Lj/3WFxYXeOOP3rU2xm+Brym
u1ND4gGC9P+p3rlEBJ/loSruk9bbviULqiO5s7dB4Xzr2joED4u0suutYtSPnuY1fNV0DGxG
qgYvhwxcuOHVD3zBMuAfYoGSRQNsMrpzBnfytP2pF2CcS9L7maaTBxyKF7UbpqdvDDh74i+A
/J2O0TmMuraSX6r/szqCS8B5UdetjxWHpaEViIy4TiFBMIzkhhJIn4nngn8lHniRT6ex+TWp
dM/vkeO5f9ea24kCHAQQAQIABgUCTFxxnwAKCRDxppvkKcD/7nyjD/wIQDebpZRkWpthmHaP
NtpU8vn2WWtxigo4D/crBIrhWCvJGqm9P9n33AXpGGc3T6VEJGyq4lxdwBP/K5FC8a3hgCXr
dXAA+V5knfURy8kya5FBGK34YtrGXBcNv77I9GdGdum+tooYNnNJERueRkBLA4aIImB/W3NL
eL1f8vWVi4vys8Utpj8+5pg5GLstbpmzewtc2LQFstMDeCjBsrDiuZZrsp3fO6zKnizg0SOS
jTkSdXwvCma9j4mlmU2Ry9QJf3EBqyDwhe5Rcrl8TopaP75wOKD3r5npo+e95Wjvxy06PjjK
1ntAYLMuEODWiKAhQ31YYYg8v0yMvBRFLfFmtgmSoFcIiGJw7azkxJefqIhQr6SWUF2G3keQ
iD3qNjrriIqxdJQqj1XZjbwwHMKlvtvokf0xCWltpqzgW9YBcKwqr80Sp5Z2M5wjeB9TWhSu
uoG44r8dtz7GEVllGwGd+hRYbyhdaEjdgFjZtJ/T2n5ESYQ5h3V3vjJbbxVZ3fOE4ksVNEkR
5cv/h1x631SuU/287bb/ObGieYIbaIxpaQPedcPuX1+hHbLCrtZ9FAx1COzhIJbXG/2mS+2b
hTUyax9RQ4n01fgsU/C6FPeGqfyrrfijS2XKQAGsigRGm7rIjENjXM2fGqNsWGEPt9v3YoAl
vVv216XE3sCRMz4Ua4kCHAQQAQIABgUCTGAriwAKCRAedZpyap/ddM2HEADRXZZx9vRiIKFC
taquk6DZB15B+CTJSe+rhtiiRiSH8GZcifbF2ARqZF00OctbKkbBNycNV8FuxRiaZZSZN1fu
ZckgOKwMK83Llj0tHd+BTrjmOiZqrZ20l9j4CMfvoTQZLOqxbf0XKpfkx+WEf8HaJ59+2GDy
CvqYrzYW4oQLdc1wwQ1mI/6XcP5YyTPaOai7WzrRhL0ClYj6/kKrcyzUm3G91SuC/AXPGs5n
8QVINq1hidCyEjuRO29Pi9YjOIRA0YSmWwmF1Jq0CAWDlSeWZf6oZZq232UM4OnDosjp58pj
ldIf8YS8TcNLjFZUSq3ilfIJgTLZIfMj0H+YZyBRvHL8071X6xmqcQXmZb2xGOJHu/Zn1qrq
BjN7HIOrohVvVqccR5rbmQp2m763vqGCPL8nxZszGvH7v5PFCTdrfa8tlqiugadUvYW+SCn7
RI1QMijJJjrlWolD6ZJLSiA21a9B/y8XmUluedCQ+RiJLzYBVSZhHI4j6EdavCKbTZfeUZEW
PiYbpjltZ5oOjoTzI/C7GKn/btPdY298tHPIRPJP2P4Ybi0Xzx1tsZIApFEn/uHxzxndigef
Q0EtTz/ikmVN3CAPo2i9dj1urBixB2QuoESumF2hjUHs9rZDtug6CuskojI0GAb2wPNf/U6x
ugU3APwb6c8O+66de8wHNYkCHAQQAQIABgUCTGA3OAAKCRDXiExHGOGPRLxnEADsBFKXFFK9
8wUfiWk8b5ov+XJRvYhrOQZz7fX0iIxUaZCLaSIViyOD8RYFXr9KKuhGc7pcEvU71ccRdmN3
SoHz+RQDrCJlRgBosEAY5hfIuqtuCEF/njo1cNSR7kjkYc5PKXpbHL2G+15X8aOBdsd/Wa0W
E6vLxMerhS5ILRbRs30W/VzcNnlb/3dhHSvJPVF9FGBeZuOahY1edZKU7xu8k+udND6lV1Xy
j25Ty0mb1WfQ6ORuqLhXPbfIycqLD2sNmpFBNVlRkRejEhJU9IiOrqkgECPjqKUMo9cnCCt1
rVO0EZYvJGD75wl1PySqbQus1MMLep6FJsqvnUpEh/HzS6+Q3/2AL3a9JLITDm2h0TkCeX6q
o7b27aoe+J4cjiApF5E643OduBA6Ox2iauEr1t5d1J8ewFWx929EQYHnLgHtBx0CzZGUAZqU
NJEqLwfgxZaN86Kdw1xP6qKCuCdkhrsLt7gsACvSpkIEEhVxoAHqJleWF4MqozwfpsEO9BSg
L071pyc0Czw0XJlNNq2sn/GomNRvXLbYeSpqzsLdOAYxsG2l7aNRHVb81ml/OEvIuxHZE4Ae
cjxfsvnONarc5jWIA7iFgk3sLaTVejP4Y8cbn4rXn+98QwseRPBMHRPx84W0Rx+YUXQSAvVG
2GboFMP1PvnEEv0Qqq6JsdMmZYkCHAQQAQIABgUCTGWPGAAKCRATwLVmejiwsLktD/9ALTT3
VOyGLPKCdTYn+kXo/R4x1+VpRdoLLkUnxKBzfTVqtHg6X9GAqMn4b8PIgIh+9ULPiK9OLV5k
bdko3T/cbP+Cl2iqSbVZoKuYpf/xd49oIdiJm/omruVotTDbz5vOHwxzmrSRcxXNzKrnmptr
f48dZjoDdrirUJNDlPE7yvM0IvBSwPv5R+t7gcti0/ZZFWDSEQ1fphx5q5fD47+t2Oqeyq9s
oIC1uO9xnzB7tTmQ4m1Up0mwRsf/r0JdTkcT2Q1PNOttWUY4aDncF+d8wCraPW7715C7iP/U
saAW2h+MwAVC3yMT6iu1dcufRJsgFg0iEd7G4Uxp4IcCfwSLWD1mh4NEXZ8Tis4hTnfpbICs
Go7qPAFDdPhWRw7ZGs/aLV0+E6hu0t5hE2CWaOCS7hfx8Z9W1heEuMBqDXZeSEfkiA6/sNHW
ocgNXiDXVMdyHm53xlswdbSDxDT6CPcdvzHsyNP9/pYd6+CFgTBAw60XqLrjYPr3tyTHBWgt
vFS0tmSq2h6zMht+yMu0WCoZgw4iTYKtwoE+8RE0aaqwxUcNw1w5h8TTFY0b0NyfD16pHX94
TruaZnlnpNWZtHgYEqtobMH6SKyOsy0G+BJ/XM3jLKczi1U5osqH0yBRCWxVk0uUAOT7Y8fi
wkUSNQl8wnUbDoRSOtwCn1AQ0LRgOokCHAQQAQIABgUCTGbH+AAKCRAcAfRDyck8Wux1D/4y
7uso609rTdbQTInHqA2XUshIOCgsk9aW9Vphgs4hY0VEhhfRyajEa6RrjdYs68BuWUWO8qs8
PKe3LhgTDv2ZmSBMdXEowYVY0CvvHhyHHZwdMl+6vRZX1uI3SHf3TKqT0eci7gNNvYnCbdMO
nXiBCM8nYUbbPOzSBKFEq3CE7EhNOvSMZwTu6pnOdH0qiVUvqNTx/hEo9qg+brPrPcLho7Yp
cGu/Kuqp30r2b/HVv4U5X5mOy/OebqzCAb8WEdWoY9V9sDo0bf4or5DZaY/JB6tozg7bQ4Zv
CTwyu4x9D1SqnySE9/wsu9xSlhni8e43o9ujv3jxABpbbOPqt00wA43wSoCbdfv4mWLsbGk4
byKR3eWEh1XcUwRfaPk08fh0ssskKBk8C4sUMIk5oTiT+VU7IZ50gh8+XgMxrwdMcWAQH/Qs
VtsYhDGA0UTw7C1Qp8mCmeqLVw9RA11d/S47UgYlXBQiv+3LXuYfmz/sALy/ktIpz/tp5CtY
PeP3CPuFMTlKpVScL7+DbeW4pwwR3pkm1QAVaG/lb3Dqc4QpYcucetSyfdof1E7ZQtCRTR+L
BXBHkfqQT4xnqYOU8ULraaLaUGOd3y17rlYUXlHijhNtytzSbn+GPDnbteQYqZPx16IS1H/6
buaSwB5ZRHBbfsF9O8JP9+ldLkbjaodxpIkCHAQQAQIABgUCTHblCgAKCRCvIoOqduKse+8L
EACKRmLci/pI12k8kF81SrF1TEZG4Mlqtij0vFQNTvaLJW9PSX5xE9ln/WcsLwUPf0ciV7bF
M92bdaPiiEDOzpC3MFEV8Kx/cBGPdGNx42SHbOrxzbriIt+OCFxylsqlElW+Wbo8chPtXWzi
/G39v1a/xHVxzBg4uUPFRL6zOOZ12M+l+TCijja4EKgctCb63t+x82GCW8UspmTTaEn8UT5F
STK+qp4+cQeIYBRBcHAGKyfzKJ6Chbv3MlNq+zhmg3b8NYLTKWOgpP4th1v44EeO/R8Oibnt
KJ9hqQF7a58hb2JLuoEmXXBJVk552hKD5UjKm1DrfZAapUTbWvVv9L5IdozaDph+GZzpXQ4C
Mxlwil3JVEe9sWPoT35iApFSgoWbDNYGW8M/CRiyLzYtCqcAzExJbU9KnKOV9kbebiZ8J7CZ
gxot5en0OaXrc/ALPHjYKrNmZEQ+B7dlUcN7KzFMEJHPC5Jb9xsV3Jje6T17lA+W4skejqPC
ZB1mi9D6SHTN0MYajeRLasFq7F1Vytd0H09MLkQ3i2lymE50Su7cOsMk1+KjA63C0JmMquMp
4rvuBt6Sh3qVaXDTPEUV5ZT5by7z6KCb4iYg7AB3IsCTsP9njUCZh19YE8IKxd4y1XXD+ymW
FwxcQs8Fak4HdGfmXLf7G55wI1E4GHFEwWMJ1YkCHAQQAQIABgUCVXGlUAAKCRDagoMOPMw6
OpY6D/9xPI7IEHZCcGdZV1C5JH93KmiqARv45K0p36nAxmGH16mpFYtTOuK9oJ3ZSAZtbGp2
oppbQX5AZHhRUvHcjwv33ME0RduosJqeMA8GT/xZKfXNGvQpn/ZG/pDyDLbL0LyEngRR1R+E
JCPNAna+op7ULQSQ/gf/HSwPI6ImnirMwXFAGOBSW0s29z0ilC/BYRlr4xt5uGwWugYnyhJK
/SSwrGBaDxB7hakk2LTeVOe18etFCno07VPoI8pUtNLBiLmySM2aK2Muy4NR+jZjU9x6oDoB
tTq40fkFln64nK82hqFoJP6kDPkzdQx5NaRiH4PAr1DOydHyXofs0MghS0UKlCZR6rkyAR2k
9r+b9+KUDEQYrHXXDqhpeCunQv9LGzTi9GmaCatNHJTwTmVk1+oydWiruYLQCQHETCzQrK2Y
FEonJnwJO8XremTXw+V3jyKZLee311I+ggQmtI5StRF7fFh7OGzdJXBVw5hI1VlISketFvAz
rllAI8Txt59l45NFNkZDZlJlJeadffen6GOXsWr5q5JfS9XlfLbGlzlrcZCG0uxGfKoYaUJM
0SNa5rvWO04pEK6AjBufkinWJBIJ1l9bz1uSkDY8g2tQWvdZrqGgih2DAXDhv+lu96U62fn6
k+UtKx1D2Y6JI+KEdeGffuVp+4SnydvYIAH4GgSaN4kCHAQQAQgABgUCTFxxMwAKCRDxFAhM
CGEREQw7EADTPt7E7JjfPg5B5r8xEQwvWnQ09/dE9xie4ohfzCOfGVpvTquyG3xKrbw9SKhh
akS8HPLGgBvvodqvZOqPGP6eZKfAAZmlER5fAEtw42deAGhL074S4XOeuPmRPnYlzPZW8cy8
HhcmjbuwXbhC7SJs1KtQ+sHZ6ihtTqXoqjsC1ArMOuA0Lsw9d4IOT5sXILtqnk92ynkX420i
yAiRU5RXlASnBNg5fAmMGZbW2/EGrHtfE+zzpqX0N38qKmBnE7kRgPM8OGYxYGpUl8x+M1zz
KY8BLhJx+gwCzI4L22uKwqv8dz3kzdWD1RBUUKJycCDzwrR+RI+xO9cQzaU/HOykH3HoRfIG
TmaewYDxl2vsVeHVDbGdZOmhVRzLqQIS259eRjQe6ZjdMiRJe15j+udFF/iVMgSgq93vWWNF
WB9Q7dKRZyPHjBuFuL9YP1VmxiNELX/BkQlDXcnlXHvK+KSFuEgV8RgQenmFtHy64YBC0MoS
ka4NtWkPl9EimPn3iAHNLBCfqqs83TaG9Fl8+V9se/B//AcsNoM0/3vBU/L/5F0PppPVO6fk
ELDY2V11zy7L5KcLJWm8f4YwOKCdyDYPYVTpl7xGM+30n5h3xto8Mz6f5NWVZbfxfErLU5iK
aeDdSebdqns+FUXmZYUlWJGCXEnY1aAzy/9MpRSz+mtXAokCHAQQAQgABgUCTF0/MwAKCRCH
L3AsTW4lqMf4D/9oxFxZbLh/kRIjys0wNgeiq0oBLh+KgN83Rf+vc74A2q2T9/XiopuEtk0T
ywbz3Xw9KlidyGr9Rrbl6O6aWpy0csxUOWvprE7jaTwjqZxqISNCcsPFbsWQieJ1bVv6upjE
j/wrTRh4IEC/P+K1OU0lWblbeDDEv2K8aj2uiO8g5Ckp9X8Y47Lh9VMPvSOPN6aFyX0s1DDV
fweQtoYGQOmteY/pFDP+K+FV8iBw/wjEVEWflqWUCIOAWBT4w2sJ49KDdi3RGmFk6PSp/JsU
SLGrwUU3YnRiVh2vsK0X5nukWk41jm/1XdvPzEEpMK/RYiSAzGXKvs+UUWFi8g7AHQNfJOl0
hmB8LYFV7mQOLdbNIVTRB/ImbexKtuLDxU35CIxrJFvg7Ry3ulIZgDgFZEM0D/xu+2tBd28X
GjppOjqp2W6Zwnn4uwqBXMrggtNRVSeGASTDs8WPdwR3PxYKxx237f8J/aC3o2k08q8KbjmR
QVRLlOo1huZxmXpn+SUUKUJ0dqrrQHIEyzGtS/VSRRI+Kj4wiThPOS6zmc/vFaLjl5T69sOA
LS5TJqoGZz7j+GDK2MINkWWNM61SNyzomtdQc2PIICR7TP9zJbOvad1QDfT7kyM1JuhpvV/6
7XIP/oxk6OfgMT7yHTF6rh+G8UUNt/ZBCYAipcFByCKDwNB5sIkCHAQQAQgABgUCTF1E2gAK
CRBTlEed01JMUcebD/9aEHlc3TtXSGHF/gxVl0zsi3mFM/wibd2n/2Zv2gRrL0Su7BunKEMc
l+7SECKbDzWC3LYucKhjgVuPHSgGakk3ANiXiDw4qFqiYil1Prf/MK8F6RWye00IIG7yZamG
+1kLA5ft7sjO/emappGvW7bicXqgoEsazImSi9ekfYhLFKHn64IR4UjynHibKjoXA+EatPnN
pT+IHnBRRHRq2uaU8ycQoxiwUT8WMPyjlIg7NT+IIYqQm7DRjSTsUoTwhdaMlH7YCbi/dX0y
SlfG0LF/5fdg+MV0h/hPqy6gq2oRouILZlfEGtvv0vBmqagmPP+m4KJ/6/Ikf5ysMtC/NlN7
exkyj4M8Nl1U07ijha5CQCvn6DyQmy7xT/rmbJ0i1zjZauFmPf1ZaqennMkz2ndC0glSAYIh
d76mDDWGjvszrYpbO7KdJJeiO0LkoSW7fKxgabNm6x5MaPVhcynmjlC8BFbn8xuZQst13Pit
VmFtIDX+SJVFQCK0Ypuw0NhkXx4sRqkBukASSwCRrDxPPWqlg9/Ji9uKjInS7M/y3RDZqwJK
UZqLw2pdlzdAStExWfA3YAX6lI7IrpHMuoPUt+aKNyO6XBLMOGmAGo6LUP8vOvwfkFI72nWL
IgHSbB7MzHLFcMxyb4CvGjpZQzu3VDt7sDIweT4ZqWMuMIxreik+M4kCHAQQAQgABgUCTF8j
ZwAKCRB6j0notjSAvpDND/4nzSbiS1pMCum5H8dhR6odBPIRanEa8fLaltUQCfwG+CXBfuH0
nguvR07j3oMWLZJ0YqZIfGWy+FRMAqFjkY9Wm35ddEO4fm5O7j662mJn32S7ouAWvMXeZa7i
uhz7pe5o5hxoN9dzr/jD0qNIUwWzCl8C1KC6Gm2Szhnzr4jMM6fxol3i1TIjzqcRACqIFM9k
rJdpHe18XEE0Ao/cNC4bPdPFEqFdDi+zoYXNrHqyCl0FqnWOkq9IVa6Sizy/8+ncgLt7mxpR
CeA6v/N4w55AGlxfS284QzDWUDzAoMzMibhnqoY/3p9xup1tMtOZe+2R6/AOfSa7nB3BSGDi
g3INNT37Xh3OiwYtiGoAPGnBvMdVQYeLd0ySC1cTls+HsXuhfediraNnzRRgioi+r7Ew29Dj
H4O0gWhunw0gqn5NO/0sqQyN5cW70iIjhJlXA2pJYXSLvONRzQ9GmvhYIq+UA89UmriycCBd
u12zi0NfEY85B8qqzFP1c0EJrHclHNm4SuSh/cXFlejRbIiSejp9uCHXQqELSRWzxRWOSy9T
4iARC/twBSE+rJYfCrTMLKZznBzz+FgY/NU91w+teGbKanrKLKjRJtlXanm5kMSVXpmeTnc4
x46OO8QjHGto4hyaILX+H0+jYcTFZXV1wXPqgevaGLL5fZ2EwfdURZOMI4kCHAQQAQgABgUC
TF80rwAKCRDRXTE4ggBBc1JWD/9xj+Vpx8DaFRrmDwND90I7bFDux0MrxxGZ1NJc0WhF03+t
1rqP5aoqgXTx6UxMHTTQXRk6dNKpqRdWCiacxd9LUpUIFj8QrSE6zwWweW+5e1lCa4cIC69y
AHRN7LwdWV/s8dTbBWxPuCspDXrb3wPNmNaouw76T2Ny5Qwt13PnkaHmoNGIDju8yOpVhcAM
mRIeAHgJn5X3WkMPi9dGfKr94Vv+K1dAKzl1VQ2DHUcS8dVUTqugYcaq1NXeZ8ipacQtTy6o
4+aiY1iBJDvKdH1MxJGsS2EvcXT14r5YzOz+KTwIExlrKK98+3XI/u1L3VkUHqY9rILN03Q+
cKxX/3dV3j9YDu3mUNL9at+cZ4FjZG/rJ0B/7frBxf9fy+7RnqKHsrr5H7jFK+mZlqyAWqLn
Lxi1kW9tliiEZ5RgqLsYQk/nvvA/hr01rAI/todTvFHV7RIByNQVrp8zBbpmSUhyGaycc3q0
aNStTXoy6dFS5WLAirq5o0W2zKRbWF6RAZLCwYAz8BAvKfbdDNAjTeXQ1X6kEYxEmsOJL3UQ
UYLUHm8Ko8pPeaFLjMfRNZYVdQhpyLQbKxEDWwmzuAxODTHPa+bWmD2QRP6g/be8ff43L+zW
Ti+1bglSk5xCncsGp5ydPfxYhAQiizIySbmVGV0u+hVPSB+vGJTelgw8p0PMeokCHAQQAQgA
BgUCTGHuTwAKCRBwNzzxKQ25zl+FD/0TkiEx7eq83NaPbkxw4fQGgIfV+ZQHHZPHZxQmWQe5
Nw+o6jBv4spK4iTQOgfcyZQ9vcNoxDyvFXTPxD1SA9VhJKY/pvZYgFk4chfIAwqsuLhL2B4x
fL7XRU044MIy12YG24mQ6wq4Yp4CLX0J7XTkqF4o5gZ53W2lZ8IBhGee13vY658Ie7OmSwXd
HZwLABOIck59PBOnDQmbIWHw2nO8esxPuCG7A1vJ9oX71PRYGe53310L/vqRWliGwgINI+Lc
ghnn/GIxdBNAQzvn1vrBtLvZB50Ck5WxRZdRyAh29i8IQKVt43X3CeXatFqPke30n1hudgXN
f5zu7aJAHA3TvIghig9L9uZtHUMIZzxSovTF75ACmxfqiCXxS2pxqzJacDpahog4rJ/AZbsG
3787vyhM2zjCiSZIrA2GE53M4M3TQpV8gKAZy54Gdjy2S8FcOiFARFGXVu/l6j3vf2dDrTdI
Hlr+Ta/f2eKfKhyCLT5ShZwem9O10mpDfP/Lznb4kPKygCjT24t/UdY21mvVKwAiXDtkeeSI
LhXVj+I4ddyx4xf5mrH7khCxwDiYKr/sPmzFUg6gHHPsxIMoV/8+DA/VU+x/r2thuSH2rdKp
IuPcN1fLI3R/Buy2Pv3KGHzzOHQyHv2UbfGK5ijKY/lF5Y3RWYynInUcjQLbx9g+V4kCHAQQ
AQgABgUCTGH1OQAKCRB3MfzMY+Tid/cSD/0XD2h3/YcPxSfN1Wc+CRkbtw/14V3lgDOa83Q1
Gr6GySQZMeZ9NeBIeC03fvlfmQl4EwFebqGR7jsuRRVZ03P9I9fKoPXJhlx/hpbavP8mkAAd
Ye/ziA5xjzIi6j7GIpID9ULMvAW9nwPtL6p0ritjvkfx7EOJ1D30ID5Gn0BzyhgPUKiqLsR9
zdP11Z4u85ja1cgkVXMl6IEMflMJ/qUonGX51sEGvAC9OfbshoASv9g1cohRJe0MAVG0arWj
KkxekFXTaChVOSuzfavExtlW2eCHy2IH4LVRT2VlOiPA+dyRZuhjBMaRr9raeYnNtB+7SLWu
XeRgMcAiwWdvKSJRIS1H1sVAlP02APy67wBeHEcMrURx0NzAZaw/7XeyPAt7+S00LJNp6qNQ
fnecBTF5LZkfKGIentqjKKN0Ns20lyMuo5TGb2mZSdhlYRixsY/z95STNhsGe3SNzgdSpbG1
2eB8j+uaoLj9Gjd4UF0uAhfS/xqDXF3MONZX+IjKbGnVx1MMwg/ECPjtfRu0nzm2o3jpYQgU
XlnM/kAjGDcHgWsWyWdKVeMB+bXOwGPl6wDmcAkaj2GoUJP2B2bDnd6QHmtBQSD0jiRmqoXb
ARisPDuTJ7VywYSND/zTkYfBpXh9YLikxYS+Vl+NtLuvILXsyOt9FV5pxNOoWKVbj3X03okC
HAQQAQgABgUCTGdOLwAKCRCzRk+JaqFZSNlnEADIAMz9GZZwdKchx9VqWzsHKetF7ASrZuv0
5DSzfPH9lxJQZskWDRnLLtTzpSkrMDqueu7bgKE5XIoRcPgIfKoBI/iJBZPQaoxN9aRyxrNa
HM/F3AF2H0hc3fqUyi5+s58C5/El8Bc8oq1ePKGrOWFAFoNTYIvQJ3CNbXfw3tm56TGVKKws
SMiH+9xk2fIBj1m8mSpAwZKo6CMjlVU3Mz3h7DNiEa0yCiESl3USCIBO1dmIRs08DNn+MZyE
oeXSXM+eJtw+GpWGwDflnwOlKDlDj42y4K6pH6BubyfXe9ylb5DI19TV1X3wtvsqyhE+nPuT
4V6j8Bli1YKm/KhwjkXw7KggkStS+6TMlT6EF9f7JiLbDjAqhCZ0eBvgCm/p0/TNL0lBwrf5
90vD8QpXfnxAprdGR8O9ZEyviUqpw4JRnlRiH7TMBHVDiNCJ0eX53oyFd/TuDSTcvfyp3i2J
GO38NQfoO0u880bpRbCiBsLcZfEAByaXp2hV/9oPEvBP+95GwbnMAR8PlmL8EDzygDElweDc
F11FvcD6pgKQdXPubxeM6vJgcrFEozzW0mLZxXLUlv0n64YUMy/7JVoETPIEFJqAKwsMvaJy
OHJH7ycbs2dTeWNT3KDigSM49VE8ERd7XzyncZUbRk3ZkhGgRAE0Fe1prHPDx86PClBV76hm
hIkCHAQQAQgABgUCTGy/igAKCRDkT4AW02MPibaTD/442P0Qwf27NHs5RV+n/M2CKeG4sZmB
epDU0XjnqjTZJYYcMtKvVJ3EPvB8qh3Y69d+pCy92pE9x+4TXj+59pSYxSaZFacW+3s1884K
BQYe4256NjbVnxQEIStYtS4wRL1xjYBoNnPu1hq+vj+zArQ1pCWjCcM9Wzpl2tUPu7Lat7Os
qB7HnDvgDB/HUbNgpni6EmfrWN3YlbGthnBXfGvAf3nyPwuM++GKs7a7R/6+it/dnPdke3Tb
/aJKAC8YXlUSo4mEqpuBzz4Sk+5wBv+xS0h2GF4z+mnwsMY7ChqlyX1eLqfx+WWdO7V5CuPM
sHMp0WxsCw4x8NPhzBzEPFlYSvYlS2z5M/RMie0g5JuXvs/ajDHZItZYJoVbeRAIVZ5q3ru4
jR2tuSLQNo8qoqll+u7qA01zeEh3heov+FZXqoe8I1z7XOS6i7ZP745+zdbyRhi2beqEQ6XB
7ub3jSSOUPM+x+LKxXC7bbhKLlAat5256wZnTTKRVNEUuoCFPtUR8FwzwRXl9AOl1Ekmqdfq
M1F9TKYq3dPATHCxw/vV1QrCaIbqdJBAtf7ZLHH9B0sAZ8kudVPQeB+Ghr4KYaSPyX8Vstx6
tl+qTyuVlkWd26OZo1mFUc9kPej7cjiXtf/XOp2mI73piU4bfTAOBHAopiNiKe25M/75bGso
bAWSh4kCHAQQAQgABgUCTG8qxQAKCRB8Vqz+lHiX2Nc0EACkkjvmLuJz2Wp9Lq0fvdjBhGCp
95dZFpvcBFJfX0rzifUEmbWRp9fiU9P2SJaCy392PL0gEhEi4P7Aos1rRfyXjGhxcy+TYSUA
HaP/jQF59XED6t2ElW8+NnZNQ3NE1NnZ2ivcig09GdxvfV/Ivi3dAjYXslsd0um4pVCEEBlc
lWw9lWRfm1V9/Zmz+/83CNuc6yVGmch9lckcq/1zxqcBE38WyP/cR6nvvuiC4NY9W6e3LobD
eLkagJqFtsThM06Hy2mI3pDsC33nu0Za1tOV1ihJCUTxArZBDqUYWBN7C7hfx6/+IO+as+2Z
hi8bav8mjY9j7chXREqnmJq5uTXGyI0LDuTABn+Sfr8861zPeev56GhS3/gBIsvhEik+Hym1
1qnvlFhICo6Gq8qtXiJ9KQE+XI/bWZgFuflJdDLWT7V+DUw5+Rdqo3Qay0vHvsto+EMQLCiL
8qLdw3eE5/lVOn9vHPccypGq5saMyS2hdS7yF8x+laj9xfIwMyp3CKTJ892K/NOh+dEhAo4J
ZNw5tHCviE2KVRxDWNjjBOcrpONkp8o/OPe5bxCXVnV5F9oZqHCfWtXc+MTlI4dkk2dPRB3P
JNUnKbSgX4x63th/m6oAB1JJ5DE1iT+fdDre4zBpSI3ILCxegWL4ve+hLHUWS/ubfkJtlO5z
4w4wiLmfPokCHAQQAQgABgUCTG/44AAKCRCdC15bHuyPDso6EADTyj6fKEvSzHFo4caqYOVX
d5kZir9ss0hzplt/csBDosMdW+wO+wxzt7jXXtfPlA0OGoFqCVEtxUGQG4qYHSbCKPd9PEHS
ruWlcqNFAqRBi6k0phM8GeKbE0+B1u0qiyEvuG8IuP+1DlXla3yG4yEUWqprBMjl46OnTd7u
ZKS24zOqnS4Hx9fId3s7bW1JwrVmodbx2rdHDyZKXqCpwXFJsVWe3cbh/h2lXYalDKzwbdcm
rgDZUJp75YxlxerMiTG9Xc/4e+XOs30DKGy2cHAMitswtjXm7ZKZ8yL5pmbmDeP99XASwByB
7Mm6KuvQSA+8ByLmkvu9XBrRq5WUG9Cx3m0Shxy7e74w5/u4LJkqrmr1wdw+gZIvWG3UuTWR
kqJw6rEoiv8WTjJSWE5rTFVaN6YH2OuOFsTWNaUH1bc01HpEKivhk3ZiOOg2Bhxbt7i7oYJc
Y+UHCbC3PwwktM3wEnANz9UMoIFxn/2OHdIWl09t50iaDErTmtgbfkENDdsXEcLA7qs+8vpr
8qY+M7ycCuRat7Vu2dqopwpkhRpKtddoMNYZ5/51vFcSuz9BdCk+y+q06Ri494UPVFJsHTvn
gjtEcxsJopZn4pddzk8g2z69BBWRv31c8xiV5X5QTf9zmRUFD06pux6dn1CUI4zoul5kW0ah
LwQysmqgG40apYkCHAQQAQgABgUCVZLuEQAKCRDroMbHHAAlb97dEAC8oQamwtIj/SWT2PJS
Kl3bdPdQaYI8+9ZL9xXLYyhOl8aduFVMlJ7rqkWSdwg/AGnp8nh/pQiaGsnRweqFoSte3poC
QkNmRR3pgsZ1qqWMxqVrE37R51MSGRBEZq50diQ0sG63tzX7GSnsHXyxDjVfR4J0/ohZzyXn
UubBB8X/C72E8CaxrFAzyrLY0zqJBMzub+b2zg5Ac0V+GK45Iz4duftmvnWf6d9aOvXsPqe9
/BPbix8l8lCWUjfAPh0sSskI48mIi+jK6rm7+JmsF+9zIoVxlnnlFcmDxMGtapUl73BzpCKI
tbplOogAKpA9/2pcSvf2JO26cjQm2gN7BHGfApB4qYFHb90fmSt7XUQEwxyCbsQyhS7Tb6bN
wI8mTqajGoRZydB8WZVjRgsnnCHa9ecY3Hs1IrTMKM3gl7Kmm1tzbtAK+NMSH0mxPG3dmTbv
NIkjOcgGTYo4r9Qt4Q6rV0zfm43dZs7AP6nECRYyMggEoHHBDh1PaPUjoUsJ4Q/b0R8yvNNC
8defastUYtUkepBJ90FzlIJeMLf/1t/1cYX0or5wfp7DPAGxTx3+5EtyKC2Vk3JltR5QkLaj
blZ2PIq8TTtdDprXJuOtucF33p3SwXRjA59DrxEofOf1B2cAcxvb42QgZ0ToJmfeTz9TfGDS
adTRh+oqbbjogv0A8okCHAQQAQoABgUCTF22EQAKCRBdMo0IKqqxQBAND/sHFnas21+PsxN5
Uo2Gr6ieI6NqP2347xT3ZAugQFDhobNJkdXexShpW/PAAxN8/JdndFtuF3nNCy6gSt9c+eLx
uZ1srzyE9nZeXne59TDI4+ubXhuu/oXIfj0n2j7m53st6+RI5JJ3SuI9kJTOhIYA+7AHBpZp
XUu+m8sS+Jhyy3h7tqJw4IrwwOfW9/WEwhp3Yb2zDoEBe2Na5whcjFRtCJkJub4YwL3L/D5G
w31dFnTFQV9C8BNmyPfoHiTWRQovejmORLdNOzaHKy9a0c4fF6C92j4s9wR3KM/eaVJxM5bD
NvP78usX8LQY5A6C/3+e7kRo1gzDoDhgYii3gDm5hItXXU0V6sTcFWWVSPGwrm+628G3VWmm
1b57mxWn6+7Yzw01R/CyqEzovFG+M1BZrJn2JqJ8Y4pM7T0oRpi0/Ee9Dqiw4+v5I8wKCTag
713ZLx2IdMQxIsMnmBq/819ZqjKkYpAbgteov/foku+Y8RvymE+afjxcE+aYQpYOyMPNRMRp
Dq6CKkVErPNpI758Eav7UqUi5KyfMQ6tMh09F+mKBZvAVE7AGIbrQWhHlTCOYdSRA7uFtgSX
TUQlMSsj/2xkorXaPoFqShOr1hiWIG78zduIGT5FxSG06j8h7j2h6W7nCj0rYaOzDNOBM9yt
3il8eu9SeAgl2cEosRL/4IkCHAQQAQoABgUCTF5RxAAKCRA5FLUy9N++mdKJD/9Lclk6nEQu
xlcgA/0ugEKmWn5JsNnq8ZUl78nZP6fKY0syx9v4bMA+ICQrokfwY4o6dMxcj2Us6JUp/FBV
Z5lo2T2iPE+ucxobFslNdpZtzOQGOsOJ0N7qirafFXJ7ACtydbnCUaPfzkPYwwplHFqT+yQH
k4RxBysHWw9a9YoBMl9KFjIwZ7Q8v0x4ywySwfRAKEzFp+ESP+hDwhlOqTBKFL1/P54lmbhG
JHDCNbwxGLIjiAeCjomyoxpg5YdSZVyWttmsy1rxMV+ndERK5vELfZYqdlhL0quVPzd1L+g0
m2iA4QdeGfqrCxex7olq1su60PFrMee2wFzH8YEYY70nCi6/JRTb/Vk0wNqgyNjKY434EzHn
liuyhFvsTkQy+ciegx1lQixRxJfVnyz1BkHNDd37qL9lbzPwVqLhhh7jkjW8koPbExQGjVcH
St2HCGDcAxyOJK9sG5a2GxPn1K/SzHXWwhVCSQN7sJSkpNmRNgjpJdOTnEtsfRC7keUEG853
cKtWtqJw38/ye6RbXXHM9y4oiLkSWLneGH3sQFtbmdtjubLQNXE7rfuUHarwCnVHV5FaeAn9
FNBoo9MCAZL1cuxe7CR/awAuH/JAkuZOanj2jFwvqeyfNgsB/LIlHIBTLPwVXDOZ3E7+KUMJ
lQ45DOfhGPOSzv3QTL4gP6lcvIkCHAQQAQoABgUCTGWvlAAKCRAyJH+7QK0fpgPsD/9gJRwY
37FXgq6tqiUO+q8H1m+VQ4y64cKNA/SMOGxV04h7o5tC3B9D/ZghAyfQ71Li88PIk8n7PAV0
Wnbv+V/9kawa7C7Bfq4OJOGzMU0Y0JPd6LnupBtq+jtE9H1TLneCiBu05bjeLSQde438Or9w
SV0sLwqKncwqRJY8iIjz9O44X+6+6p4CqdMYmsZV9nGM+cES6uytQ/sB/mh5PutZahslWurz
ouec1uqTY4uuGNwOz+MJvYUNPyajcgtpH8JNQ0phlUvV+nAOJuiNXBHw8MbxNzTdLfsdtdpy
zRH6NAMN3QHrtEGAQ8XgFnCtu6BEPpgOQIB1pMw9OiRMhkcu9uCNCY5p9NMhL1tEx92DkSyW
lmFIF/h1Ohd4yaxnn9jwTVxxhdAxqK0rIORy+sHUSuc5LrtItNe+AnTvQeY7MRgZwJuCCohQ
L3OLXULZajB98g6cZQJmNmtdUeqMY/QymIOH8IoY3SCOws4h4QZSSVxNczo2Ag5R5QKSpBA6
jjsFo/VHUX0wB/KbJTb1Hl2vtID20kR7MfzACFTI9AEbwvG6CX7oWsnciom7bHEiyHWR4Olp
tlpQk2RQ4T3RG8r9kDgJuX6KmDH6uI9CdYTuBxQgIfpEm+tfSki3LVfnOKgkRDqAJciBv+ua
qeW7KSjNDpBC4u8pn9tyX8RhpYUP7IkCHAQQAQoABgUCTGwP9AAKCRB4U9pNSYga09OUD/9X
xTiFFzcuev5k8MtYx7+T30Z549gFnOx6GdFgCK7GzW7ZjnofKt8e0NIQmzzCf0g1vxdulqeZ
7Oh8iFrxpPZyOKJoO2BDKS9VnYEANQf+quUJPTdyhGqdMSDQGbSEqjLF3oNp/+jdIIMjuo3Q
nShdK/BJPcluN7AoOFLQ3QH4Q5fEbtwc+bEJL9TfFqAhUhcY3TYnqWtsMRW3tkrgCvcp0Bo7
LMSJB6jH4Dx5q60Am4V1Zz7C9wxtZeZP+P0h0YYWCbOmQWhzT2aCRYDrp1o3SsuatHm/bPkv
rliBzslW8i5Hh3gv5Atn/P5bhMaXtJiGepkat/MGw1hP8BYaSb/mmy9XbdMlfDijcsAF2+w6
w1b782oCGXgz2ISqPLsFYWccS4GOAwSytep22iwsWpIx2JNNndg4GVfgBxx3QIhci7EVN5Pv
/586PwxTetIZmQ+FNNHcAzqBzi3oe6J8o7HlMEHjG6Dps/D2clTNHtD0vSk5ECfhSC3W8OAD
VSuB8NxZVfI2UfnyCsdjyDLUu06fMR4gNW+zlSHI1FJBSVuU8CCQOtMPJ5fHPq3hEc0DFyLx
8fPE02n8It0wm5RrdUkgOjiVK2n251SyAwSM6zATCFOIt6zdZWx6T/HrJw5wzI+wgsZHibVt
i0vOA0GsAXzobE5yyhhWTnhqJgW2vKNHjYkCIgQQAQoADAUCTGLdPgWDCWYBgAAKCRDM0u2U
0hc56aYKD/4gPLkcER4nlKdsMN5x4MuUjBbv/+Hab1+hSDxEiA0Ya2Lt3J64y03fz7J1RzIB
djH2QGhdvuZtEohiad44DUdLNGJ98q7PPll2KPeuuth+bDa3P4h8ynVbCJRSmIkSVCRG90eE
AibHWOgTNOmn48Rwq5zMEgwNvmgsX7ZRm7Mwggt24LIK93iBMqH7WqS1CujF+WqQygpk671e
GUIWSUc/iBmaHZ/yoElL5cSBSPHm+ePyQsPSN7ooaWfodXXTADpQN4d5Tl1WzwZT8G5cRVLP
4CZ4sqbzJ9EKWFMlohcf3ibT4r8H5ij8btgq0TvNcoMvCbO2P94KChQWxQSwJRftJ9/GPPo1
7zK7pXGK1QMZNMYhvbYSdcbxG/AsmC4qJb4NVdrrxBiEye41+M+nQiT7g2GbbJ9gBCv8k7lH
iw3B+KfNoAkQ2v2CaVMrguQuzxCs8Zpl7iKuFG+d3SGqnn8rRrRPE5AOlSk6bOr22jLyGsns
URt6Mvh5QyVrk0G/6YW/5IMIVNuS/i12m6ireKvpPBkUIkNlS938vNqZ4LnsZ/+gBlZqmY8H
sZEt6Wfq7efDBw8z1FLRW58xOqCY0vh4tteFJkcY1LgzK5GUddIHfYcO/Y6p/3/Vq1/ao4VJ
Jq+HSIsqrdW1nF3EDSbwyy96uAdxuhfZLxSgRugCKyyOk4kCNwQTAQgAIQIbAwIeAQIXgAUC
Sgdo4AULCQgHAwUVCgkICwUWAgMBAAAKCRBEl1J4uGErXaQAD/9wcX8JM24NI9mCjnHOGOuV
eo/1Z9sefzYvhlbbTWvJsEdt5eaL0FRl+kErHtwNyEqvOTAmt860GrpekjkFYQObCsmDOiEy
i+vJBScub9YK6TJSOQJ7f7zyIwzHgvilktujiS+/YDqd1IEyxD3QxQ9PTdjcQX/Z7enfBeei
sBFfgRwbH32p5EtdwovrmBYtgyXUqp+lSg9kG3vvdj0bt/Fkq7Es1eEW8Sp9QqaBpo2fuzNS
rojYfZu68coreRIV/nhuA7/ehjiVXlvzi3su+0ybJwGZXLXaM7kxXoYm5i8NDxp4p+7laXe2
J6HUuIQM5ea4NuPu9BKIpKGxqNXQE+n4tmX3lp6QwXuZShwOXjSFsKxXvipKI4sAkxPfrPFa
xzz/EDqUf9lzCBZ5nl6+OLv+GyTz6Meq1NGIX1N7u6XBPtdCujVbKzXd5PbEk0Y00skLFcQ4
9FwAwDFw1XIPljQ6WttsQlV6k0yoVJZc6HHovnV1zGDviSyUdegDX9uKBmgGG8ApliPLvZ6r
haU4yHykFHBMPfwBNBwrmthTShdPS7xh4bz5xYlay9wm2CzIVB6muK8PIyTrRfouuFivJuYA
zoEcPBbubalC3OCocLl2xv+Qb5G7cz2hTDx9JZXUD18IeG2A2mcLeGp1zTc1qz/7h9qa0TLe
fWpC75exhIgXVrkCDQRKB2tdARAAqsQbw2Qd1WfbJr9U1KRdwTKm2OsDODftgNv0zmfaiYCN
iOKEsrsJdtonmaisMi+Z+5/wrf3Q0bV54qmwOMTlCVvqnpxwbVik8VVGWgUcLJYYK5Lkn0dz
rtZs6AaT/sbFewir8q6m3ADbq9hTXxt9uUfe5Z/D4sdbhgbWtQa/DeJwWZr6VeyCHcY8BhR0
FXYmYDZ0c1rmbZZBt+vIF4UNTNU4x6me9va6QPW0nWTEjae9ExGSPwm1B4hQd63Nop6E2Vqu
ahdJqKVRYYmD/IqVXOxAhFRA/w9vqF95aV2BB/ZrF0FTA8iCEbFy3oNrZfq8KlJRCtcUH2qf
igMndOt8P65omM1DQhlvterVgm2PCb1GmwLEbMi+HtLntziFozYGLTlAMcUJt7Pyu/iinzx6
Sc4U108dmNTJLxqSZtvJFaRyHml9x7oP2gWjpuyVgo1KuEXKq2Z96S+sxE/YtPyB/cBpazZ+
+o/i7PLhxKa1RTIA8NgkDelWeNalvYzjNkB+tXeH0UnxtBTC+PW8dyUP8OmmM/2V1Dzcj9Tm
Ky/G04TFQyL1NjvFjzXyIUO5WpdEbSs04h5J3KM6YZJlicqB2aKAUslOi9wUIpKRK+UZBTSj
886jynsu+HA1Ob6tcTSlwtj95RV7nBTiTM6MpPuxTmZ2DR/vLE6c7yE+XgrOx9EAEQEAAYkC
HwQYAQgACQUCSgdrXQIbDAAKCRBEl1J4uGErXVFeD/9Q2vtN0FeOiveLwN4KAFbMLZP97bT/
sRJkQQUZoawfbINwzGDuFrZSsWipoBLam6BnMH6OfHkUOrCToZROHYagW/nv/WTjBTX8lJt8
SFhHh4ONPBaxF90z/YrpWlNcs/z/rqu+sm1KgCA9mkheENGOj3t97udZNfA1N4NZu67Lo6HZ
yUUCK+eJtX6BS2HgMGokHuGha/LokTor1lkl52Y3CVfds9YDrJmlSQVhxI/S6/IajLwKFyHd
pMiK/o8q3mYuZ7JKCBOooNnRpa4myUrBetf1p6xZqbhEAALMFJc7/8NXxesqvG7RQJ7VWyYO
5BhgzPutqTUOVZskc3r4cvaB7CT1CsKPdW+af/I8q/C7dhTWWthirPN4DCdcTIlK9ECpba+m
S7MQG/3ta7+/3lT3yyMKlhLkAaUlUNa/VbzUHOlVA1txJk6jcuEzWIzebEtoT/aYJZwNE+jL
CFOC75HTGlxp7/8ngHCXn1rcBS9TQJ7CGX31HhbmNak0LtzhAS4B+fWQLrFfShTREcYD+31z
yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
BWcdiQ==
=iUyJ
-----END PGP PUBLIC KEY BLOCK-----

Binary file not shown.

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=stretch-backports
Pin-Priority: 50

View File

@ -1,17 +1,23 @@
galaxy_info:
author: Evolix
company: Evolix
description: Add repositories to APT sources list.
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
license: GPLv2
min_ansible_version: 2.2
min_ansible_version: "2.2"
platforms:
- name: Debian
versions:
- jessie
- name: Debian
versions:
- jessie
- stretch
- buster
galaxy_tags: []
# Be sure to remove the '[]' above if you add dependencies
# to this list.
dependencies: []
# List your role dependencies here, one per line.

View File

@ -0,0 +1,18 @@
---
- name: Backports deb822 sources list is installed
ansible.builtin.template:
src: '{{ ansible_distribution_release }}_backports.sources.j2'
dest: /etc/apt/sources.list.d/backports.sources
force: true
mode: "0640"
register: apt_backports_sources
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
when: apt_backports_sources is changed
tags:
- apt

View File

@ -0,0 +1,35 @@
---
- name: No backports config in default sources.list
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list
regexp: "backports"
state: absent
tags:
- apt
- name: Backports sources list is installed
ansible.builtin.template:
src: '{{ ansible_distribution_release }}_backports.list.j2'
dest: /etc/apt/sources.list.d/backports.list
force: true
mode: "0640"
register: apt_backports_list
tags:
- apt
- name: Archived backport are accepted (jessie)
ansible.builtin.lineinfile:
dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
line: 'Acquire::Check-Valid-Until no;'
create: yes
state: present
tags:
- apt
when: ansible_distribution_release == "jessie"
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_backports_list is changed

View File

@ -1,45 +1,13 @@
---
- name: No backports config in default sources.list
lineinfile:
dest: /etc/apt/sources.list
regexp: "backports"
state: absent
tags:
- apt
- name: Backports sources list is installed
template:
src: '{{ ansible_distribution_release }}_backports.list.j2'
dest: /etc/apt/sources.list.d/backports.list
force: yes
mode: "0640"
register: apt_backports_list
tags:
- apt
# Backward compatibility task file
- name: Backports configuration
copy:
src: '{{ ansible_distribution_release }}_backports_preferences'
dest: /etc/apt/preferences.d/0-backports-defaults
force: yes
mode: "0640"
register: apt_backports_config
tags:
- apt
- name: Install backports repositories (Debian <12)
ansible.builtin.import_tasks: backports.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Archived backport are accepted (jessie)
lineinfile:
dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
line: 'Acquire::Check-Valid-Until no;'
create: yes
state: present
when: ansible_distribution_release == "jessie"
tags:
- apt
- name: Apt update
apt:
update_cache: yes
when: apt_backports_list is changed or apt_backports_config is changed
tags:
- apt
- name: Install backports repositories (Debian >=12)
ansible.builtin.import_tasks: backports.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -0,0 +1,45 @@
---
- name: Change basics repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_basics.sources.j2"
dest: /etc/apt/sources.list.d/system.sources
mode: "0644"
force: true
register: apt_basic_sources
tags:
- apt
- name: Change security repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_security.sources.j2"
dest: /etc/apt/sources.list.d/security.sources
mode: "0644"
force: true
register: apt_security_sources
tags:
- apt
- name: Find one-line APT sources
ansible.builtin.find:
paths: /etc/apt
patterns: '*.list'
register: list_files
- name: Disable one-line-formatted sources
ansible.builtin.command:
cmd: "mv --verbose {{ item.path }} {{ item.path }}.bak"
environment:
LC_ALL: C
loop: "{{ list_files.files }}"
register: rename_cmd
changed_when: "'renamed' in rename_cmd.stdout"
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_basic_list is changed or apt_security_sources is changed

View File

@ -0,0 +1,18 @@
---
- name: Change basics repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_basics.list.j2"
dest: /etc/apt/sources.list
mode: "0644"
force: true
register: apt_basic_list
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_basic_list is changed

View File

@ -1,32 +1,13 @@
---
- name: Change basics repositories
template:
src: "{{ ansible_distribution_release }}_basics.list.j2"
dest: /etc/apt/sources.list
mode: "0644"
force: yes
register: apt_basic_list
tags:
- apt
# Backward compatibility task file
- name: Clean GANDI sources.list.d/debian-security.list
file:
path: '{{ item }}'
state: absent
with_items:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list
- /etc/apt/sources.list.d/debian-buster.list
- /etc/apt/sources.list.d/debian-update.list
when: apt_clean_gandi_sourceslist
tags:
- apt
- name: Install basics repositories (Debian <12)
ansible.builtin.import_tasks: basics.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Apt update
apt:
update_cache: yes
when: apt_basic_list is changed
tags:
- apt
- name: Install basics repositories (Debian >=12)
ansible.builtin.import_tasks: basics.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -1,55 +1,41 @@
---
- name: Evolinux config for APT
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apt/apt.conf.d/z-evolinux.conf
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
create: yes
state: present
mode: "0640"
with_items:
loop:
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
when: apt_evolinux_config
tags:
- apt
when: apt_evolinux_config | bool
- name: DPkg invoke hooks
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apt/apt.conf.d/z-evolinux.conf
line: "{{ item }}"
create: yes
state: present
mode: "0640"
with_items:
loop:
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
when: apt_hooks
tags:
- apt
when: apt_hooks | bool
- name: Remove Aptitude
apt:
ansible.builtin.apt:
name: aptitude
state: absent
when: apt_remove_aptitude
tags:
- apt
- name: Updating APT cache
apt:
update_cache: yes
changed_when: False
tags:
- apt
- name: Upgrading system
apt:
upgrade: dist
when: apt_upgrade
tags:
- apt
when: apt_remove_aptitude | bool

View File

@ -0,0 +1,59 @@
---
- name: Look for legacy apt keyring
ansible.builtin.stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
ansible.builtin.apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
tags:
- apt
when: _trusted_gpg_keyring.stat.exists
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Set Evolix GPG key format to ASC
set_fact:
apt_evolix_public_key: "{{ apt_keyring_dir }}/pub_evolix.asc"
tags:
- apt
- name: Add Evolix GPG key
ansible.builtin.copy:
src: pub_evolix.asc
dest: "{{ apt_evolix_public_key }}"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: Evolix public list is installed
ansible.builtin.template:
src: evolix_public.sources.j2
dest: /etc/apt/sources.list.d/evolix_public.sources
force: true
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_evolix_public is changed

View File

@ -0,0 +1,69 @@
---
- name: Look for legacy apt keyring
ansible.builtin.stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
ansible.builtin.apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
tags:
- apt
when: _trusted_gpg_keyring.stat.exists
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Set Evolix GPG key format to GPG (Debian < 9)
set_fact:
apt_evolix_public_key: "pub_evolix.gpg"
when:
- ansible_distribution_major_version is version('9', '<')
tags:
- apt
- name: Set Evolix GPG key format to ASC (Debian >= 9)
set_fact:
apt_evolix_public_key: "pub_evolix.asc"
when:
- ansible_distribution_major_version is version('9', '>=')
tags:
- apt
- name: Add Evolix GPG key
ansible.builtin.copy:
src: "{{ apt_evolix_public_key }}"
dest: "{{ apt_keyring_dir }}/{{ apt_evolix_public_key }}"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: Evolix public list is installed
ansible.builtin.template:
src: evolix_public.list.j2
dest: /etc/apt/sources.list.d/evolix_public.list
force: true
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_evolix_public is changed

View File

@ -1,33 +1,13 @@
---
# - name: Fail if distribution is not supported
# fail:
# msg: "Error: Evolix public repository is not compatble with 'Debian Stretch' yet."
# when: ansible_distribution_release == "stretch"
# tags:
# - apt
# Backward compatibility task file
- name: Install Evolix Public repositories (Debian <12)
ansible.builtin.import_tasks: evolix_public.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Add Evolix GPG key
apt_key:
#url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x44975278B8612B5D
data: "{{ lookup('file', 'reg.gpg') }}"
tags:
- apt
- name: Evolix public list is installed
template:
src: evolix_public.list.j2
dest: /etc/apt/sources.list.d/evolix_public.list
force: yes
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
apt:
update_cache: yes
when: apt_evolix_public is changed
tags:
- apt
- name: Install Evolix Public repositories (Debian >=12)
ansible.builtin.import_tasks: evolix_public.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -0,0 +1,37 @@
---
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Add Evolix GPG key
ansible.builtin.copy:
src: "freexian-archive-extended-lts.gpg"
dest: "{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: ELTS list is installed
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_extended-lts.list.j2"
dest: /etc/apt/sources.list.d/extended-lts.list
force: true
mode: "0640"
register: apt_extended_lts
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_extended_lts is changed

View File

@ -1,16 +1,24 @@
---
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: "hold packages (apt)"
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
changed_when: "item + ' set on hold.' in apt_mark.stdout"
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
failed_when:
- apt_mark.rc != 0
- apt_mark.stdout | length > 0
loop: "{{ apt_hold_packages }}"
tags:
- apt
- name: "/etc/evolinux is present"
file:
ansible.builtin.file:
dest: /etc/evolinux
mode: "0700"
state: directory
@ -18,7 +26,7 @@
- apt
- name: "hold packages (config)"
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
@ -28,7 +36,10 @@
- apt
- name: "unhold packages (apt)"
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
changed_when: "'Canceled hold on' + item in apt_mark.stdout"
failed_when: apt_mark.rc != 0 and not apt_mark.stdout = ''
@ -37,7 +48,7 @@
- apt
- name: "unhold packages (config)"
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
@ -47,7 +58,7 @@
- apt
- name: /usr/share/scripts exists
file:
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
@ -57,25 +68,26 @@
- apt
- name: Check scripts is installed
copy:
ansible.builtin.copy:
src: check_held_packages.sh
dest: /usr/share/scripts/check_held_packages.sh
force: yes
force: true
mode: "0755"
tags:
- apt
- name: Check if Cron is installed
shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
ansible.builtin.shell:
cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
register: is_cron
changed_when: false
failed_when: false
changed_when: False
failed_when: False
check_mode: no
tags:
- apt
- name: Check for held packages (script)
cron:
ansible.builtin.cron:
cron_file: apt-hold-packages
name: check_held_packages
job: "/usr/share/scripts/check_held_packages.sh"
@ -86,6 +98,6 @@
day: "{{ apt_check_hold_cron_day }}"
month: "{{ apt_check_hold_cron_month }}"
state: "present"
when: is_cron.rc == 0
tags:
- apt
when: is_cron.rc == 0

View File

@ -1,39 +1,137 @@
---
- name: "Compatibility check"
fail:
msg: only compatible with Debian >= 8
when:
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
ansible.builtin.assert:
that:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('8', '>=')
msg: Only compatible with Debian >= 8
tags:
- apt
- name: "apt-transport-https is installed for https repositories (before Buster)"
ansible.builtin.apt:
name:
- apt-transport-https
tags:
- apt
when: ansible_distribution_major_version is version('10', '<')
- name: "certificates are installed for https repositories"
ansible.builtin.apt:
name:
- ca-certificates
tags:
- apt
- name: Custom configuration
include: config.yml
when: apt_config
ansible.builtin.import_tasks: config.yml
when: apt_config | bool
tags:
- apt
- name: Install basics repositories
include: basics.yml
when: apt_install_basics
- name: Install basics repositories (Debian <12)
ansible.builtin.import_tasks: basics.oneline.yml
tags:
- apt
when:
- apt_install_basics | bool
- ansible_distribution_major_version is version('12', '<')
- name: Install APT Backports repository
include: backports.yml
when: apt_install_backports
- name: Install basics repositories (Debian >=12)
ansible.builtin.import_tasks: basics.deb822.yml
tags:
- apt
when:
- apt_install_basics | bool
- ansible_distribution_major_version is version('12', '>=')
- name: Install Evolix Public APT repository
include: evolix_public.yml
when: apt_install_evolix_public
- name: Install backports repositories (Debian <12)
ansible.builtin.import_tasks: backports.oneline.yml
tags:
- apt
when:
- apt_install_backports | bool
- ansible_distribution_major_version is version('12', '<')
# With Debian 12+ and the deb822 format of source files
# backports are always installed but enabled according to `apt_install_backports`
- name: Install backports repositories (Debian >=12)
ansible.builtin.import_tasks: backports.deb822.yml
tags:
- apt
when:
- ansible_distribution_major_version is version('12', '>=')
- name: Install Evolix Public repositories (Debian <12)
ansible.builtin.import_tasks: evolix_public.oneline.yml
tags:
- apt
when:
- apt_install_evolix_public | bool
- ansible_distribution_major_version is version('12', '<')
- name: Install Evolix Public repositories (Debian >=12)
ansible.builtin.import_tasks: evolix_public.deb822.yml
tags:
- apt
when:
- apt_install_evolix_public | bool
- ansible_distribution_major_version is version('12', '>=')
- name: Install Extended-LTS repositories (Debian < 10)
ansible.builtin.import_tasks: extended-lts.oneline.yml
tags:
- apt
when:
- apt_install_extended_lts | bool
- ansible_distribution_major_version is version('10', '<')
- name: Clean GANDI sources
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list
- /etc/apt/sources.list.d/debian-buster.list
- /etc/apt/sources.list.d/debian-bullseye.list
- /etc/apt/sources.list.d/debian-update.list
tags:
- apt
when: apt_clean_gandi_sourceslist | bool
- name: "Disable NonFreeFirmware warning for VM on Debian 12+"
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/no-bookworm-firmware.conf
create: yes
line: "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";"
tags:
- apt
when:
- ansible_distribution_major_version is version('12', '>=')
- ansible_virtualization_role == "guest"
- name: Install check for packages marked hold
include: hold_packages.yml
when: apt_install_hold_packages
ansible.builtin.import_tasks: hold_packages.yml
when: apt_install_hold_packages | bool
tags:
- apt
- name: Updating APT cache
ansible.builtin.apt:
update_cache: yes
changed_when: False
tags:
- apt
- name: Upgrading system
ansible.builtin.apt:
upgrade: dist
when: apt_upgrade | bool
tags:
- apt

View File

@ -0,0 +1,62 @@
---
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: /usr/share/scripts exists
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- apt
- name: Migration scripts are installed
ansible.builtin.copy:
src: "{{ item }}"
dest: "/usr/share/scripts/{{ item }}"
force: true
mode: "0755"
loop:
- deb822-migration.py
- deb822-migration.sh
tags:
- apt
- name: Exec migration script
ansible.builtin.command:
cmd: /usr/share/scripts/deb822-migration.sh
ignore_errors: yes
tags:
- apt
- name: Is system.sources present?
ansible.builtin.stat:
path: /etc/apt/sources.list.d/system.sources
register: _system_sources
- name: Add signed-by when relevant for bookworm
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list.d/system.sources
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
insertafter: "Suites: bookworm bookworm-updates"
state: present
tags:
- apt
when: _system_sources.stat.exists or not ansible_check_mode
- name: Is security.sources present?
ansible.builtin.stat:
path: /etc/apt/sources.list.d/security.sources
register: _security_sources
- name: Add signed-by when relevant for bookworm-security
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list.d/security.sources
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
insertafter: "Suites: bookworm-security"
state: present
tags:
- apt
when: _security_sources.stat.exists or not ansible_check_mode

View File

@ -0,0 +1,53 @@
---
- name: New APT keyrings directory is present
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
owner: root
group: root
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: /usr/share/scripts exists
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- apt
- name: migration script is present
ansible.builtin.copy:
src: move-apt-keyrings.sh
dest: /usr/share/scripts/move-apt-keyrings.sh
mode: "0755"
owner: root
group: root
- name: Move repository signing key
ansible.builtin.command:
cmd: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
loop:
- { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
- { repository_pattern: "http://pub.evolix.org/evolix", key: "pub_evolix.asc" }
- { repository_pattern: "https://pub.evolix.org/evolix", key: "pub_evolix.asc" }
- { repository_pattern: "https://artifacts.elastic.co/packages/[^/]+/apt", key: "elastics.asc" }
- { repository_pattern: "https://download.docker.com/linux/debian", key: "docker-debian.asc" }
- { repository_pattern: "https://downloads.linux.hpe.com/SDR/repo/mcp", key: "hpePublicKey2048_key1.asc" }
- { repository_pattern: "http://pkg.jenkins-ci.org/debian-stable", key: "jenkins.asc" }
- { repository_pattern: "https://packages.sury.org/php/", key: "sury.gpg" }
- { repository_pattern: "http://repo.mongodb.org/apt/debian", key: "mongodb-server-[0-9\\.]+.asc" }
- { repository_pattern: "http://apt.newrelic.com/debian/", key: "newrelic.asc" }
- { repository_pattern: "https://deb.nodesource.com/", key: "nodesource.asc" }
- { repository_pattern: "https://dl.yarnpkg.com/debian/", key: "yarn.asc" }
- { repository_pattern: "http://apt.postgresql.org/pub/repos/apt/", key: "postgresql.asc" }
register: _cmd
- name: Debug command
ansible.builtin.debug:
var: _cmd

View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
Types: deb
URIs: http://mirror.evolix.org/debian
Suites: bullseye-backports
Components: {{ apt_backports_components | mandatory }}
Enabled: {{ apt_install_backports | bool | ternary('yes', 'no') }}

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://mirror.evolix.org/debian
Suites: bookworm bookworm-updates
Components: {{ apt_basics_components | mandatory }}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: {{ apt_basics_components | mandatory }}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg

View File

@ -0,0 +1,3 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian bullseye-backports {{ apt_backports_components | mandatory }}

View File

@ -0,0 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian bullseye-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security bullseye-security {{ apt_basics_components | mandatory }}

View File

@ -1,5 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian buster {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ buster-updates {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian buster-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security buster/updates {{ apt_basics_components | mandatory }}

View File

@ -1,3 +1,3 @@
# {{ ansible_managed }}
deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
deb [signed-by={{ apt_keyring_dir }}/{{ apt_evolix_public_key }}] http://pub.evolix.org/evolix {{ ansible_distribution_release }} main

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://pub.evolix.org/evolix
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/pub_evolix.asc
Enabled: yes

View File

@ -1,4 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian/ jessie {{ apt_basics_components | mandatory }}
deb http://security.debian.org/ jessie/updates {{ apt_basics_components | mandatory }}
### Those repositories are unusable. Move to ELTS (manually).
# deb http://archive.debian.org/debian jessie {{ apt_basics_components | mandatory }}
# deb http://archive.debian.org/debian-security jessie/updates {{ apt_basics_components | mandatory }}

View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts jessie main
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts jessie-lts main

View File

@ -1,3 +1,3 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian stretch-backports {{ apt_backports_components | mandatory }}
deb http://archive.debian.org/debian stretch-backports {{ apt_backports_components | mandatory }}

View File

@ -1,5 +1,4 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian stretch {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ stretch-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security stretch/updates {{ apt_basics_components | mandatory }}
deb http://archive.debian.org/debian stretch {{ apt_basics_components | mandatory }}
deb http://archive.debian.org/debian-security stretch/updates {{ apt_basics_components | mandatory }}

View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts stretch main
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts stretch-lts main

View File

@ -0,0 +1,17 @@
---
general_scripts_dir: "/usr/share/scripts"
autosysadmin_agent_bin_dir: "/usr/local/bin/autosysadmin"
autosysadmin_agent_lib_dir: "/usr/local/lib/autosysadmin"
autosysadmin_agent_auto_dir: "{{ general_scripts_dir }}/autosysadmin/restart"
autosysadmin_agent_crontab_enabled: true
autosysadmin_agent_log_retention_days: 365
autosysadmin_config: []
### All repair are disabled if set to 'off'
### even if a specific repair value is 'on'
# repair_all: 'on'
### Default values for checks
# repair_foo: 'off'

View File

@ -0,0 +1,13 @@
/var/log/autosysadmin.log {
daily
missingok
rotate 365
compress
nodelaycompress
notifempty
dateext
dateformat .%Y-%m-%d
dateyesterday
copytruncate
create 0640 root adm
}

View File

@ -0,0 +1,3 @@
$template autosysadmin, "/var/log/autosysadmin.log"
if $programname contains 'autosysadmin' then ?autosysadmin
& stop

View File

@ -0,0 +1,25 @@
#!/bin/bash
days=${1:-365}
log_dir="/var/log/autosysadmin/"
if [ -d "${log_dir}" ]; then
find_run_dirs() {
find "${log_dir}" \
-mindepth 1 \
-maxdepth 1 \
-type d \
-ctime "+${days}" \
-print0
}
log() {
/usr/bin/logger -p local0.notice -t autosysadmin "${1}"
}
while IFS= read -r -d '' run_dir; do
rm --recursive --force "${run_dir}"
log "Delete ${run_dir} (older than ${days} days)"
done < <(find_run_dirs)
fi
exit 0

View File

@ -0,0 +1,907 @@
#!/bin/bash
VERSION="24.03"
# Common functions for "repair" and "restart" scripts
set -u
# Initializes the program, context, configuration…
initialize() {
PATH="${PATH}":/usr/sbin:/sbin
# Used in many places to refer to the program name.
# Examples: repair_mysql, restart_nrpe…
PROGNAME=$(basename "${0}")
# find out if running in interactive mode, or not
if [ -t 0 ]; then
INTERACTIVE=1
else
INTERACTIVE=0
fi
readonly INTERACTIVE
# Default empty value for Debug mode
DEBUG="${DEBUG:-""}"
# Repair scripts obey to the value of a variable named after the script
# You can set the value ("on" or "off") in /etc/evolinux/autosysadmin
# Here we set the default value to "on".
declare -g "${PROGNAME}"=on # dynamic variable assignment ($PROGNAME == repair_*)
PID=$$
readonly PID
# Each execution (run) gets a unique ID
RUN_ID="$(date +"%Y-%m-%d_%H-%M")_${PROGNAME}_${PID}"
readonly RUN_ID
# Main log directory
MAIN_LOG_DIR="/var/log/autosysadmin"
readonly MAIN_LOG_DIR
# shellcheck disable=SC2174
mkdir --mode=750 --parents "${MAIN_LOG_DIR}"
chgrp adm "${MAIN_LOG_DIR}"
# Each execution store some information
# in a unique directory based on the RUN_ID
RUN_LOG_DIR="${MAIN_LOG_DIR}/${RUN_ID}"
readonly RUN_LOG_DIR
# shellcheck disable=SC2174
mkdir --mode=750 --parents "${RUN_LOG_DIR}"
chgrp adm "${RUN_LOG_DIR}"
# This log file contains all events
RUN_LOG_FILE="${RUN_LOG_DIR}/autosysadmin.log"
readonly RUN_LOG_FILE
# This log file contains notable actions
ACTIONS_FILE="${RUN_LOG_DIR}/actions.log"
readonly ACTIONS_FILE
touch "${ACTIONS_FILE}"
# This log file contains abort reasons (if any)
ABORT_FILE="${RUN_LOG_DIR}/abort.log"
readonly ABORT_FILE
# touch "${ABORT_FILE}"
# Date format for log messages
DATE_FORMAT="%Y-%m-%d %H:%M:%S"
# This will contain lock, last-run markers…
# It's ok to lose the content after a reboot
RUN_DIR="/run/autosysadmin"
readonly RUN_DIR
mkdir -p "${RUN_DIR}"
# Only a singe instace of each script can run simultaneously
# We use a customizable lock name for this.
# By default it's the script's name
LOCK_NAME=${LOCK_NAME:-${PROGNAME}}
# If a lock is found, we can wait for it to disappear.
# The value must be understood by sleep(1)
LOCK_WAIT="0"
# Default values for email headers
EMAIL_FROM="equipe+autosysadmin@evolix.fr"
EMAIL_INTERNAL="autosysadmin@evolix.fr"
LOCK_FILE="${RUN_DIR}/${LOCK_NAME}.lock"
readonly LOCK_FILE
# Remove lock file at exit
cleanup() {
# shellcheck disable=SC2317
rm -f "${LOCK_FILE}"
}
trap 'cleanup' 0
# Load configuration
# shellcheck disable=SC1091
test -f /etc/evolinux/autosysadmin && source /etc/evolinux/autosysadmin
log_all "Begin ${PROGNAME} RUN_ID: ${RUN_ID}"
log_all "Log directory is ${RUN_LOG_DIR}"
}
# Executes a list of tasks before exiting:
# * prepare a summary of actions and possible abort reasons
# * send emails
# * do some cleanup
quit() {
log_all "End ${PROGNAME} RUN_ID: ${RUN_ID}"
summary="RUN_ID: ${RUN_ID}"
if [ -s "${ABORT_FILE}" ]; then
# Add abort reasons to summary
summary="${summary}\n$(print_abort_reasons)"
hook_mail "abort"
return_code=1
else
if [ -s "${ACTIONS_FILE}" ]; then
# Add notable actions to summary
summary="${summary}\n$(print_actions "Aucune action")"
hook_mail "success"
fi
return_code=0
fi
hook_mail "internal"
if is_interactive; then
# shellcheck disable=SC2001
echo "${summary}" | sed -e 's/\\n/\n/g'
else
/usr/share/scripts/evomaintenance.sh --auto --user autosysadmin --message "${summary}" --no-commit --no-mail
fi
teardown
# shellcheck disable=SC2086
exit ${return_code}
}
teardown() {
:
}
# Return true/false
is_interactive() {
test "${INTERACTIVE}" -eq "1"
}
save_server_state() {
DUMP_SERVER_STATE_BIN="$(command -v dump-server-state || command -v backup-server-state)"
if [ -z "${DUMP_SERVER_STATE_BIN}" ]; then
log_all "Warning: dump-server-state is not present. No server state recorded."
fi
if [ -x "${DUMP_SERVER_STATE_BIN}" ]; then
DUMP_DIR=$(file_path_in_log_dir "server-state")
# We don't want the logging to take too much time,
# so we kill it if it takes more than 20 seconds.
timeout --signal 9 20 \
"${DUMP_SERVER_STATE_BIN}" \
--dump-dir="${DUMP_DIR}" \
--df \
--dmesg \
--iptables \
--lxc \
--netcfg \
--netstat \
--uname \
--processes \
--systemctl \
--uptime \
--virsh \
--disks \
--mysql-processes \
--no-apt-states \
--no-apt-config \
--no-dpkg-full \
--no-dpkg-status \
--no-mount \
--no-packages \
--no-sysctl \
--no-etc
log_run "Server state saved in \`server-state' directory."
fi
}
is_debug() {
# first time: do the check…
# other times: pass
if [ -z "${DEBUG:-""}" ]; then
debug_file="/etc/evolinux/autosysadmin.debug"
if [ -e "${debug_file}" ]; then
last_change=$(stat -c %Z "${debug_file}")
limit_date=$(date --date "14400 seconds ago" +"%s")
if [ $(( last_change - limit_date )) -le "0" ]; then
log_run "Debug mode disabled; file is too old (%{last_change} seconds)."
rm "${debug_file}"
# Debug mode disabled
DEBUG="0"
else
log_run "Debug mode enabled."
# Debug mode enabled
DEBUG="1"
fi
else
# log_run "Debug mode disabled; file is absent."
# Debug mode disabled
DEBUG="0"
fi
fi
# return the value
test "${DEBUG}" -eq "1"
}
# Uses the who(1) definition of "active"
currently_active_users() {
LC_ALL=C who --users | grep --extended-regexp "\s+\.\s+" | awk '{print $1}' | sort --human-numeric-sort | uniq
}
# Users active in the last 29 minutes
recently_active_users() {
LC_ALL=C who --users | grep --extended-regexp "\s+00:(0|1|2)[0-9]\s+" | awk --field-separator ' ' '{print $1,$6}'
}
# Save the list of users to a file in the log directory
save_active_users() {
LC_ALL=C who --users | save_in_log_dir "who-users"
}
# An autosysadmin must not perform actions if a user is active or was active recently.
#
# This can by bypassed in interactive mode.
# It's OK to lose this data after a reboot.
ensure_no_active_users_or_exit() {
# Save all active users
save_active_users
if is_debug; then
log_run "Debug mode enabled: continue without checking active users."
return 0;
fi
# Is there any currently active user?
currently_active_users=$(currently_active_users)
if [ -n "${currently_active_users}" ]; then
# shellcheck disable=SC2001
users_oneliner=$(echo "${currently_active_users}" | sed -e 's/\n/ /')
log_run "Currently active users: ${users_oneliner}"
if is_interactive; then
echo "Some users are currently active:"
# shellcheck disable=SC2001
echo "${currently_active_users}" | sed -e 's/\(.\+\)/* \1/'
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Active users check bypassed manually in interactive mode."
return
;;
[Nn] )
log_run "Active users check confirmed manually in interactive mode."
log_abort_and_quit "Active users detected: ${users_oneliner}"
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Currently active users detected: ${users_oneliner}."
fi
else
# or recently (the last 30 minutes) active user?
recently_active_users=$(recently_active_users)
if [ -n "${recently_active_users}" ]; then
# shellcheck disable=SC2001
users_oneliner=$(echo "${recently_active_users}" | sed -e 's/\n/ /')
log_run "Recently active users: ${users_oneliner}"
if is_interactive; then
echo "Some users were recently active:"
# shellcheck disable=SC2001
echo "${recently_active_users}" | sed -e 's/\(.\+\)/* \1/'
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Active users check bypassed manually in interactive mode."
return
;;
[Nn] )
log_run "Active users check confirmed manually in interactive mode."
log_abort_and_quit "Recently active users detected: ${users_oneliner}."
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Recently active users detected: ${users_oneliner}."
fi
fi
fi
}
# Takes an NRPE command name as 1st parameter,
# and executes the full command if found in the configuration.
# Return the result and the return code of the command.
check_nrpe() {
check="$1"
nrpe_files=""
# Check if NRPE config is found
if [ -f "/etc/nagios/nrpe.cfg" ]; then
nrpe_files="${nrpe_files} /etc/nagios/nrpe.cfg"
else
msg="NRPE configuration not found: /etc/nagios/nrpe.cfg"
log_run "${msg}"
echo "${msg}"
return 3
fi
# Search for included files
# shellcheck disable=SC2086
while IFS= read -r include_file; do
nrpe_files="${nrpe_files} ${include_file}"
done < <(grep --extended-regexp '^\s*include=.+' ${nrpe_files} | cut -d = -f 2)
# Search for files in included directories
# shellcheck disable=SC2086
while IFS= read -r include_dir; do
nrpe_files="${nrpe_files} ${include_dir}/*.cfg"
done < <(grep --extended-regexp '^\s*include_dir=.+' ${nrpe_files} | cut -d = -f 2)
# Fetch uncommented commands in (sorted) config files
# shellcheck disable=SC2086
nrpe_commands=$(grep --no-filename --exclude=*~ --fixed-strings "[${check}]" ${nrpe_files} | grep --invert-match --extended-regexp '^\s*#\s*command' | cut -d = -f 2)
nrpe_commands_count=$(echo "${nrpe_commands}" | wc -l)
if is_debian_version "9" "<=" && [ "${nrpe_commands_count}" -gt "1" ]; then
# On Debian <= 9, NRPE loading was not sorted
# we need to raise an error if we have multiple defined commands
msg="Unable to determine which NRPE command to run"
log_run "${msg}"
echo "${msg}"
return 3
else
# On Debian > 9, use the last command
nrpe_command=$(echo "${nrpe_commands}" | tail -n 1)
nrpe_result=$(${nrpe_command})
nrpe_rc=$?
log_run "NRPE command (exited with ${nrpe_rc}): ${nrpe_command}"
log_run "${nrpe_result}"
echo "${nrpe_result}"
return "${nrpe_rc}"
fi
}
# An autosysadmin script must not run twice (or more) simultaneously.
# We use a customizable (with LOCK_NAME) lock file to keep track of this.
# A wait time can be configured.
#
# This can by bypassed in interactive mode.
# It's OK to lose this data after a reboot.
acquire_lock_or_exit() {
lock_file="${1:-${LOCK_FILE}}"
lock_wait="${2:-${LOCK_WAIT}}"
# lock_wait must be compatible with sleep(1), otherwise fallback to 0
if ! echo "${lock_wait}" | grep -Eq '^[0-9]+[smhd]?$'; then
log_run "Lock wait: incorrect value '${lock_wait}', fallback to 0."
lock_wait=0
fi
if [ "${lock_wait}" != "0" ] && [ -f "${lock_file}" ]; then
log_run "Lock file present. Let's wait ${lock_wait} and check again."
sleep "${lock_wait}"
fi
if [ -f "${lock_file}" ]; then
log_abort_and_quit "Lock file still present."
else
log_run "Lock file absent. Let's put one."
touch "${lock_file}"
fi
}
# If a script has been run in the ast 30 minutes, running it again won't fix the issue.
# We use a /run/ausosysadmin/${PROGNAME}_lastrun file to keep track of this.
#
# This can by bypassed in interactive mode.
# This is bypassed in debug mode.
# It's OK to lose this data after a reboot.
ensure_not_too_soon_or_exit() {
if is_debug; then
log_run "Debug mode enabled: continue without checking when was the last run."
return 0;
fi
lastrun_file="${RUN_DIR}/${PROGNAME}_lastrun"
if [ -f "${lastrun_file}" ]; then
lastrun_age="$(($(date +%s)-$(stat -c "%Y" "${lastrun_file}")))"
log_run "Last run was ${lastrun_age} seconds ago."
if [ "${lastrun_age}" -lt 1800 ]; then
if is_interactive; then
echo "${PROGNAME} was run ${lastrun_age} seconds ago."
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Last run check bypassed manually in interactive mode."
break
;;
[Nn] )
log_run "Last run check confirmed manually in interactive mode."
log_abort_and_quit 'Last run too recent.'
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Last run too recent."
fi
fi
fi
touch "${lastrun_file}"
}
# Populate DEBIAN_VERSION and DEBIAN_RELEASE variables
# based on gathered information about the operating system
detect_os() {
DEBIAN_RELEASE="unknown"
DEBIAN_VERSION="unknown"
LSB_RELEASE_BIN="$(command -v lsb_release)"
if [ -e /etc/debian_version ]; then
DEBIAN_VERSION="$(cut -d "." -f 1 < /etc/debian_version)"
if [ -x "${LSB_RELEASE_BIN}" ]; then
DEBIAN_RELEASE="$("${LSB_RELEASE_BIN}" --codename --short)"
else
case "${DEBIAN_VERSION}" in
7) DEBIAN_RELEASE="wheezy" ;;
8) DEBIAN_RELEASE="jessie" ;;
9) DEBIAN_RELEASE="stretch" ;;
10) DEBIAN_RELEASE="buster" ;;
11) DEBIAN_RELEASE="bullseye" ;;
12) DEBIAN_RELEASE="bookworm" ;;
13) DEBIAN_RELEASE="trixie" ;;
esac
fi
# log_run "Detected OS: Debian version=${DEBIAN_VERSION} release=${DEBIAN_RELEASE}"
# else
# log_run "Detected OS: unknown (missing /etc/debian_version)"
fi
}
is_debian_wheezy() {
test "${DEBIAN_RELEASE}" = "wheezy"
}
is_debian_jessie() {
test "${DEBIAN_RELEASE}" = "jessie"
}
is_debian_stretch() {
test "${DEBIAN_RELEASE}" = "stretch"
}
is_debian_buster() {
test "${DEBIAN_RELEASE}" = "buster"
}
is_debian_bullseye() {
test "${DEBIAN_RELEASE}" = "bullseye"
}
is_debian_bookworm() {
test "${DEBIAN_RELEASE}" = "bookworm"
}
is_debian_trixie() {
test "${DEBIAN_RELEASE}" = "trixie"
}
is_debian_version() {
local version=$1
local relation=${2:-"eq"}
if [ -z "${DEBIAN_VERSION:-""}" ]; then
detect_os
fi
dpkg --compare-versions "${DEBIAN_VERSION}" "${relation}" "${version}"
}
# List systemd services (only names), even if stopped
systemd_list_services() {
pattern=$1
systemctl list-units --all --no-legend --type=service "${pattern}" | grep --only-matching --extended-regexp '\S+\.service'
}
is_systemd_enabled() {
systemctl --quiet is-enabled "$1" 2> /dev/null
}
is_systemd_active() {
systemctl --quiet is-active "$1" 2> /dev/null
}
is_sysvinit_enabled() {
find /etc/rc2.d/ -name "$1" > /dev/null
}
get_fqdn() {
# shellcheck disable=SC2155
local system=$(uname -s)
if [ "${system}" = "Linux" ]; then
hostname --fqdn
elif [ "${system}" = "OpenBSD" ]; then
hostname
else
log_abort_and_quit "System '${system}' not recognized."
fi
}
get_complete_hostname() {
REAL_HOSTNAME="$(get_fqdn)"
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
echo "${HOSTNAME}"
else
echo "${HOSTNAME} (${REAL_HOSTNAME})"
fi
}
# Fetch values from evomaintenance configuration
get_evomaintenance_mail() {
grep "EVOMAINTMAIL=" /etc/evomaintenance.cf | cut -d '=' -f2
}
get_evomaintenance_emergency_mail() {
grep "URGENCYFROM=" /etc/evomaintenance.cf | cut -d '=' -f2
}
get_evomaintenance_emergency_tel() {
grep "URGENCYTEL=" /etc/evomaintenance.cf | cut -d '=' -f2
}
# Log a message to the log file in the log directory
log_run() {
local msg="${1:-$(cat /dev/stdin)}"
# shellcheck disable=SC2155
local date=$(/bin/date +"${DATE_FORMAT}")
printf "[%s] %s[%s]: %s\\n" \
"${date}" "${PROGNAME}" "${PID}" "${msg}" \
>> "${RUN_LOG_FILE}"
}
# Log a message in the system log file (syslog or journald)
log_global() {
local msg="${1:-$(cat /dev/stdin)}"
echo "${msg}" \
| /usr/bin/logger -p local0.notice -t autosysadmin
}
# Log a message in both places
log_all() {
local msg="${1:-$(cat /dev/stdin)}"
log_global "${msg}"
log_run "${msg}"
}
# Log a notable action in regular places
# and append it to the dedicated list
log_action() {
log_all "$*"
append_action "$*"
}
# Append a line in the actions.log file in the log directory
append_action() {
echo "$*" >> "${ACTIONS_FILE}"
}
# Print the content of the actions.log file
# or a fallback content (1st parameter) if empty
# shellcheck disable=SC2120
print_actions() {
local fallback=${1:-""}
if [ -s "${ACTIONS_FILE}" ]; then
cat "${ACTIONS_FILE}"
elif [ -n "${fallback}" ]; then
echo "${fallback}"
fi
}
# Log a an abort reason in regular places
# and append it to the dedicated list
log_abort() {
log_all "$*"
append_abort_reason "$*"
}
# Append a line in the abort.log file in the log directory
append_abort_reason() {
echo "$*" >> "${ABORT_FILE}"
}
# Print the content of the abort.log file
# or a fallback content (1st parameter) if empty
# shellcheck disable=SC2120
print_abort_reasons() {
local fallback=${1:-""}
if [ -s "${ABORT_FILE}" ]; then
cat "${ABORT_FILE}"
elif [ -n "${fallback}" ]; then
echo "${fallback}"
fi
}
# Print the content of the main log from the log directory
print_main_log() {
cat "${RUN_LOG_FILE}"
}
# Log an abort reason and quit the script
log_abort_and_quit() {
log_abort "$*"
quit
}
# Store the content from standard inpu
# into a file in the log directory named after the 1st parameter
save_in_log_dir() {
local file_name=$1
local file_path="${RUN_LOG_DIR}/${file_name}"
cat /dev/stdin > "${file_path}"
log_run "Saved \`${file_name}' file."
}
# Return the full path of the file in log directory
# based on the name in the 1st parameter
file_path_in_log_dir() {
echo "${RUN_LOG_DIR}/${1}"
}
format_mail_success() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Intervention automatisée sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatisée vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Réagir à cette intervention
Vous pouvez répondre à ce message (${EMAIL_FROM}).
En cas d'urgence, utilisez l'adresse ${EMERGENCY_MAIL}
ou notre ligne d'astreinte (${EMERGENCY_TEL})
--
Votre AutoSysadmin
EOTEMPLATE
}
format_mail_abort() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Intervention automatisée interrompue sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatisée a été déclenchée mais s'est interrompue.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Raison(s) de l'interruption
$(print_abort_reasons "Inconnue")
### Réagir à cette intervention
Vous pouvez répondre à ce message (${EMAIL_FROM}).
En cas d'urgence, utilisez l'adresse ${EMERGENCY_MAIL}
ou notre ligne d'astreinte (${EMERGENCY_TEL})
--
Votre AutoSysadmin
EOTEMPLATE
}
# shellcheck disable=SC2028
print_report_information() {
echo "**Uptime**"
echo ""
uptime
echo ""
echo "**Utilisateurs récents**"
echo ""
who_file=$(file_path_in_log_dir "who-users")
if [ -s "${who_file}" ]; then
cat "${who_file}"
else
who --users
fi
echo ""
echo "**Espace disque**"
echo ""
df_file=$(file_path_in_log_dir "server-state/df.txt")
if [ -s "${df_file}" ]; then
cat "${df_file}"
else
df -h
fi
echo ""
echo "**Dmesg**"
echo ""
dmesg_file=$(file_path_in_log_dir "server-state/dmesg.txt")
if [ -s "${dmesg_file}" ]; then
tail -n 5 "${dmesg_file}"
else
dmesg | tail -n 5
fi
echo ""
echo "**systemd failed services**"
echo ""
failed_services_file=$(file_path_in_log_dir "server-state/systemctl-failed-services.txt")
if [ -s "${failed_services_file}" ]; then
cat "${failed_services_file}"
else
systemctl --no-legend --state=failed --type=service
fi
if command -v lxc-ls > /dev/null 2>&1; then
echo ""
echo "**LXC containers**"
echo ""
lxc_ls_file=$(file_path_in_log_dir "server-state/lxc-list.txt")
if [ -s "${lxc_ls_file}" ]; then
cat "${lxc_ls_file}"
else
lxc-ls --fancy
fi
fi
apache_errors_file=$(file_path_in_log_dir "apache-errors.log")
if [ -f "${apache_errors_file}" ]; then
echo ""
echo "**Apache errors**"
echo ""
cat "${apache_errors_file}"
fi
nginx_errors_file=$(file_path_in_log_dir "nginx-errors.log")
if [ -f "${nginx_errors_file}" ]; then
echo ""
echo "**Nginx errors**"
echo ""
cat "${nginx_errors_file}"
fi
}
format_mail_internal() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Rapport interne d'intervention sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatique vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Raison(s) de l'interruption
$(print_abort_reasons "Aucune")
### Log autosysadmin
$(print_main_log)
### Informations additionnelles
$(print_report_information)
--
Votre AutoSysadmin
EOTEMPLATE
}
# Generic function to send emails at the end of the script.
# Takes a template as 1st parameter
hook_mail() {
if is_debug; then
log_run "Debug mode enabled: continue without sending mail."
return 0;
fi
HOSTNAME="${HOSTNAME:-"$(get_fqdn)"}"
HOSTNAME_TEXT="$(get_complete_hostname)"
EMAIL_CLIENT="$(get_evomaintenance_mail)"
EMERGENCY_MAIL="$(get_evomaintenance_emergency_mail)"
EMERGENCY_TEL="$(get_evomaintenance_emergency_tel)"
MAIL_CONTENT="$(format_mail_"$1")"
SENDMAIL_BIN="$(command -v sendmail)"
if [ -z "${SENDMAIL_BIN}" ]; then
log_global "ERROR: No \`sendmail' command has been found, can't send mail."
fi
if [ -x "${SENDMAIL_BIN}" ]; then
echo "${MAIL_CONTENT}" | "${SENDMAIL_BIN}" -oi -t -f "equipe@evolix.fr"
log_global "Sent '$1' mail for RUN_ID: ${RUN_ID}"
fi
}
is_holiday() {
# gcal mark today as a holiday by surrounding with < and > the day
# of the month of that holiday line. For example if today is 2022-05-01 we'll
# get among other lines:
# Fête du Travail (FR) + Di, < 1>Mai 2022
# Jour de la Victoire (FR) + Di, : 8:Mai 2022 = +7 jours
LANGUAGE=fr_FR.UTF-8 TZ=Europe/Paris gcal --cc-holidays=fr --holiday-list=short | grep -E '<[0-9 ]{2}>' --quiet
}
is_weekend() {
day_of_week=$(date +%u)
if [ "${day_of_week}" != 6 ] && [ "${day_of_week}" != 7 ]; then
return 1
fi
}
is_workday() {
if is_holiday || is_weekend; then
return 1
fi
}
is_worktime() {
if ! is_workday; then
return 1
fi
hour=$(date +%H)
if [ "${hour}" -lt 9 ] || { [ "${hour}" -ge 12 ] && [ "${hour}" -lt 14 ] ; } || [ "${hour}" -ge 18 ]; then
return 1
fi
}

View File

@ -0,0 +1,112 @@
#!/bin/bash
# Specific functions for "repair" scripts
is_all_repair_disabled() {
# Fetch values from the config
# and if it is not defined or has no value, then assign "on"
local status=${repair_all:=on}
test "${status}" = "off" || test "${status}" = "0"
}
is_current_repair_disabled() {
# Fetch values from the config
# and if it is not defined or has no value, then assign "on"
local status=${!PROGNAME:=on}
test "${status}" = "off" || test "${status}" = "0"
}
ensure_not_disabled_or_exit() {
if is_all_repair_disabled; then
log_global 'All repair scripts are disabled.'
exit 0
fi
if is_current_repair_disabled; then
log_global "Current repair script (${PROGNAME}) is disabled."
exit 0
fi
}
# Set of actions to do at the begining of a "repair" script
pre_repair() {
initialize
# Are we supposed to run?
ensure_not_disabled_or_exit
# Has it recently been run?
ensure_not_too_soon_or_exit
# Can we acquire a lock?
acquire_lock_or_exit
# Is there any active user?
ensure_no_active_users_or_exit
# Save important information
save_server_state
}
# Set of actions to do at the end of a "repair" script
post_repair() {
quit
}
repair_lxc_php() {
container_name=$1
if is_systemd_enabled 'lxc.service'; then
lxc_path=$(lxc-config lxc.lxcpath)
if lxc-info --name "${container_name}" > /dev/null; then
rootfs="${lxc_path}/${container_name}/rootfs"
case "${container_name}" in
php56) fpm_log_file="${rootfs}/var/log/php5-fpm.log" ;;
php70) fpm_log_file="${rootfs}/var/log/php7.0-fpm.log" ;;
php73) fpm_log_file="${rootfs}/var/log/php7.3-fpm.log" ;;
php74) fpm_log_file="${rootfs}/var/log/php7.4-fpm.log" ;;
php80) fpm_log_file="${rootfs}/var/log/php8.0-fpm.log" ;;
php81) fpm_log_file="${rootfs}/var/log/php8.1-fpm.log" ;;
php82) fpm_log_file="${rootfs}/var/log/php8.2-fpm.log" ;;
php83) fpm_log_file="${rootfs}/var/log/php8.3-fpm.log" ;;
*)
log_abort_and_quit "Unknown container '${container_name}'"
;;
esac
# Determine FPM Pool path
php_path_pool=$(find "${lxc_path}/${container_name}/" -type d -name "pool.d")
# Save LXC info (before restart)
lxc-info --name "${container_name}" | save_in_log_dir "lxc-${container_name}.before.status"
# Save last lines of FPM log (before restart)
tail "${fpm_log_file}" | save_in_log_dir "$(basename "${fpm_log_file}" | sed -e 's/.log/.before.log/')"
# Save NRPE check (before restart)
/usr/local/lib/nagios/plugins/check_phpfpm_multi "${php_path_pool}" | save_in_log_dir "check_fpm_${container_name}.before.out"
lxc-stop --timeout 20 --name "${container_name}"
lxc-start --daemon --name "${container_name}"
rc=$?
if [ "${rc}" -eq "0" ]; then
log_all "Restart LXC container '${container_name}: OK"
else
log_all "Restart LXC container '${container_name}: failed"
fi
# Save LXC info (after restart)
lxc-info --name "${container_name}" | save_in_log_dir "lxc-${container_name}.after.status"
# Save last lines of FPM log (after restart)
tail "${fpm_log_file}" | save_in_log_dir "$(basename "${fpm_log_file}" | sed -e 's/.log/.after.log/')"
# Save NRPE check (after restart)
/usr/local/lib/nagios/plugins/check_phpfpm_multi "${php_path_pool}" | save_in_log_dir "check_fpm_${container_name}.after.out"
else
log_abort_and_quit "LXC container '${container_name}' doesn't exist."
fi
else
log_abort_and_quit 'LXC not found.'
fi
}

View File

@ -0,0 +1,76 @@
#!/bin/bash
# Specific functions for "restart" scripts
running_custom() {
# Placeholder that returns 1, to prevent running if not redefined
log_global "running_custom() function has not been redefined! Let's quit."
return 1
}
# Examine RUNNING variable and decide if the script should run or not
is_supposed_to_run() {
if is_debug; then return 0; fi
case ${RUNNING} in
never)
# log_global "is_supposed_to_run: no (never)"
return 1
;;
always)
# log_global "is_supposed_to_run: yes (always)"
return 0
;;
nwh-fr)
! is_worktime
rc=$?
# if [ ${rc} -eq 0 ]; then
# log_global "is_supposed_to_run: yes (nwh-fr returned ${rc})"
# else
# log_global "is_supposed_to_run: no (nwh-fr returned ${rc})"
# fi
return ${rc}
;;
nwh-ca)
# Not implemented yet
return 0
;;
custom)
running_custom
rc=$?
# if [ ${rc} -eq 0 ]; then
# log_global "is_supposed_to_run: yes (custom returned ${rc})"
# else
# log_global "is_supposed_to_run: no (custom returned ${rc})"
# fi
return ${rc}
;;
esac
}
ensure_supposed_to_run_or_exit() {
if ! is_supposed_to_run; then
# simply quit (no logging, no notifications…)
# log_global "${PROGNAME} is not supposed to run (RUNNING=${RUNNING})."
exit 0
fi
}
# Set of actions to do at the begining of a "restart" script
pre_restart() {
initialize
# Has it recently been run?
ensure_not_too_soon_or_exit
# Can we acquire a lock?
acquire_lock_or_exit
# Save important information
save_server_state
}
# Set of actions to do at the end of a "restart" script
post_restart() {
quit
}

View File

@ -0,0 +1,157 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
# We always keep some reserved blocks to avoid missing some logs
# https://gitea.evolix.org/evolix/autosysadmin/issues/22
RESERVED_BLOCKS_MIN=1
get_mountpoints() {
# the $(...) get the check_disk1 command
# the cut command selects the critical part of the check_disk1 output
# the grep command extracts the mountpoints and available disk space
# the last cut command selects the mountpoints
check_disk1_command=$(grep check_disk1 /etc/nagios/nrpe.d/evolix.cfg | cut -d'=' -f2-)
${check_disk1_command} -e | cut -d'|' -f1 | grep --extended-regexp --only-matching '/[[:graph:]]* [0-9]+ [A-Z][A-Z]' | cut -d' ' -f1
}
is_reserved_blocks_nominal() {
partition=${1}
fs_type="$(findmnt -n --output=fstype "${partition}")"
if [ "${fs_type}" = "ext4" ]; then
device="$(findmnt -n --output=source "${partition}")"
reserved_block_count="$(tune2fs -l "${device}" | grep 'Reserved block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
block_count="$(tune2fs -l "${device}" | grep 'Block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
percentage=$(awk "BEGIN { pc=100*${reserved_block_count}/${block_count}; i=int(pc); print (pc-i<0.5)?i:i+1 }")
log_run "Reserved blocks for ${partition} is currently at ${percentage}%"
if [ "${percentage}" -gt "${RESERVED_BLOCKS_MIN}" ]; then
log_run "Allowing tune2fs action to reduce the number of reserved blocks"
return 0
else
log_run "Reserved blocks already at or bellow ${RESERVED_BLOCKS_MIN}%, no automatic action possible"
return 1
fi
else
log_run "Filesystem for ${partition} (${fs_type}) is incompatible with reserved block reduction."
return 1
fi
}
reduce_reserved_blocks() {
partition=${1}
device=$(findmnt -n --output=source "${partition}")
tune2fs -m "${RESERVED_BLOCKS_MIN}" "${device}"
log_action "Reserved blocks for ${partition} changed to ${RESERVED_BLOCKS_MIN} percent"
}
is_tmp_to_delete() {
size="$(find /var/log/ -type f -ctime +1 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]; then
return 0
else
return 1
fi
}
is_log_to_delete() {
size="$(find /var/log/ -type f -mtime +365 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]; then
return 0
else
return 1
fi
}
clean_apt_cache() {
for container in $(lxc-ls -1); do
if [ -e "$(lxc-config lxc.lxcpath)/${container}/rootfs/var/cache" ]; then
lxc-attach --name "${container}" -- apt-get clean
log_action "Clean apt cache in LXC container ${container}";
fi
done
# NOTE: "head -n 1" might be superfluous, but let's be sure to have only the first returned value
biggest_subdir=$(du --summarize --one-file-system "/var/*" | sort --numeric-sort --reverse | sed 's/^[0-9]\+[[:space:]]\+//;q' | head -n 1)
case "${biggest_subdir}" in
'/var/cache')
apt-get clean
log_action 'Clean apt cache'
;;
esac
}
clean_amavis_virusmails() {
if du --inodes /var/lib/* | sort --numeric-sort | tail -n 3 | grep --quiet 'virusmails$'; then
find /var/lib/amavis/virusmails/ -type f -atime +30 -delete
log_action 'Clean amavis infected mails'
fi
}
critical_mountpoints=$(get_mountpoints)
if [ -z "${critical_mountpoints}" ]; then
log_abort_and_quit "No partition is in critical state, nothing left to do."
else
for mountpoint in ${critical_mountpoints}; do
case "${mountpoint}" in
/var)
#if is_log_to_delete
#then
# find /var/log/ -type f -mtime +365 -delete
# log_action "$size Mo of disk space freed in /var"
#fi
if is_reserved_blocks_nominal /var; then
reduce_reserved_blocks /var
clean_apt_cache
clean_amavis_virusmails
fi
;;
/tmp)
#if is_tmp_to_delete
#then
# find /tmp/ -type f -ctime +1 -delete
# log_action "$size Mo of disk space freed in /tmp"
#fi
if is_reserved_blocks_nominal /tmp; then
reduce_reserved_blocks /tmp
fi
;;
/home)
if is_reserved_blocks_nominal /home; then
reduce_reserved_blocks /home
fi
;;
/srv)
if is_reserved_blocks_nominal /srv; then
reduce_reserved_blocks /srv
fi
;;
/filer)
if is_reserved_blocks_nominal /filer; then
reduce_reserved_blocks /filer
fi
;;
/)
if is_reserved_blocks_nominal /; then
reduce_reserved_blocks /
# Suggest remove old kernel ?
fi
;;
*)
# unknown
log_run 'Unknown partition (or weird case) or nothing to do'
;;
esac
done
fi
post_repair

View File

@ -0,0 +1,35 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
service="elasticsearch.service"
service_name="elasticsearch"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing), nothing left to do."
fi
post_repair

View File

@ -0,0 +1,131 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
## Apache
service="apache2.service"
service_name="apache2"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# check syntax
if apache2ctl -t > /dev/null 2>&1; then
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
# Save error logs
date=$(LANG=en_US.UTF-8 date '+%b %d')
grep "${date}" /home/*/log/error.log /var/log/apache2/*error.log \
| grep -v \
-e "Got error 'PHP message:" \
-e "No matching DirectoryIndex" \
-e "client denied by server configuration" \
-e "server certificate does NOT include an ID which matches the server name" \
| save_in_log_dir "apache-errors.log"
else
log_action "Restart ${service_name}: skip (invalid configuration)"
fi
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
## Nginx
service="nginx.service"
service_name="nginx"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# check syntax
if nginx -t > /dev/null 2>&1; then
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
# Save error logs
### Consider doing for Nginx the same as Apache
else
log_action "Restart ${service_name}: skip (invalid configuration)"
fi
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
## LXC
if is_systemd_enabled 'lxc.service'; then
for container in $(lxc-ls -1 | grep --fixed-strings 'php' | grep --extended-regexp --invert-match --regexp '\bold\b' --regexp '\bdisabled\b'); do
repair_lxc_php "${container}"
done
else
log_all "LXC is disabled (or missing). Skip."
fi
## FPM
fpm_services=$(systemd_list_services 'php*-fpm*')
if [ -n "${fpm_services}" ]; then
for service in ${fpm_services}; do
service_name="${service//.service/}"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
done
else
log_all "PHP FPM not found. Skip."
fi
post_repair

View File

@ -0,0 +1,69 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
if is_debian_version "8" "<="; then
if is_sysvinit_enabled '*mysql*'; then
if ! pgrep -u mysql mysqld > /dev/null; then
# Save service status before restart
timeout 2 mysqladmin status 2>&1 | save_in_log_dir "mysql.before.status"
timeout 20 /etc/init.d/mysql restart > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart mysql: OK"
else
log_action "Restart mysql: failed"
fi
# Save service status after restart
timeout 2 mysqladmin status 2>&1 | save_in_log_dir "mysql.after.status"
else
log_abort_and_quit "mysqld process alive. Aborting"
fi
else
log_abort_and_quit "MySQL not enabled. Aborting"
fi
else
if is_debian_version "12" ">="; then
service="mariadb.service"
service_name="mariadb"
else
service="mysql.service"
service_name="mysql"
fi
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing), nothing left to do."
fi
fi
post_repair

View File

@ -0,0 +1,35 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
service="opendkim.service"
service_name="opendkim"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing). Abort."
fi
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php56
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php70
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php73
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php74
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php80
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php81
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php82
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php83
post_repair

View File

@ -0,0 +1,32 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
for service in $(systemd_list_services 'redis-server*'); do
service_name="${service//.service/}"
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK."
else
log_action "Restart ${service_name}: failed."
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
done
post_repair

View File

@ -0,0 +1,34 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
repair_tomcat_instance_handle_tomcat() {
if /bin/su - "${1}" -c "/bin/systemctl --quiet --user is-active tomcat.service" ; then
if ! /bin/su - "${1}" -c "/usr/bin/timeout 20 /bin/systemctl --quiet --user restart tomcat.service"
then
log_abort_and_quit "Echec de redémarrage instance tomcat utilisateur ${1}"
else
log_action "Redémarrage instance tomcat utilisateur ${1}"
fi
elif /bin/systemctl --quiet is-active "${1}".service ; then
if ! /usr/bin/timeout 20 systemctl --quiet restart "${1}".service
then
log_abort_and_quit "Echec de redémarrage instance tomcat ${1}"
else
log_action "Redémarrage instance tomcat ${1}"
fi
fi
}
for instance in $( /usr/local/lib/nagios/plugins/check_tomcat_instance.sh |grep CRITICAL |awk '{print $3}' |sed '1d') ;
do
repair_tomcat_instance_handle_tomcat "${instance}"
done
post_repair

View File

@ -0,0 +1,41 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
## Custom lock wait and/or lock name
# LOCK_WAIT="15s"
# LOCK_NAME="repair_http"
pre_repair
## The name of the service, mainly for logging
service_name="example"
## The systemd service name
systemd_service="${service_name}.service"
if is_systemd_enabled "${systemd_service}"; then
if is_systemd_active "${systemd_service}"; then
log_abort_and_quit "${systemd_service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${systemd_service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service_name} is disabled (or missing), nothing left to do."
fi
post_repair

View File

@ -0,0 +1,19 @@
Autosysadmin "restart auto" scripts
===================================
In this directory you can place scripts that will be executed automatically by a cron job (stored in `/etc/cron.d/autosysadmin`).
They must satisfy the default `run-parts(8)` constraints :
* be "executable"
* belong to the Debian cron script namespace (`^[a-zA-Z0-9_-]+$`), example: `restart_amavis`
Warning: scripts that do not satisfy those criteria will NOT be run (silently)!
You can print the names of the scripts which would be run, without actually running them, with this command :
```
$ run-parts --test /usr/share/scripts/autosysadmin/restart
```
You can use `zzz-restart_example.template` as boilerplate code to make your own "restart" script.

View File

@ -0,0 +1,120 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/restart.sh" || exit 1
# shellcheck disable=SC2034
RUNNING="nwh-fr"
## Possible values for RUNNING :
## never => disabled
## always => enabled
## nwh-fr => enabled during non-working-hours in France
## nwh-ca => enabled during non-working-hours in Canada (not supported yet)
## custom => enabled if `running_custom()` function returns 0, otherwise disabled.
## Uncomment and customize this method if you want to have a special logic :
##
## return 1 if we should not run
## return 0 if we should run
##
## Some available functions :
## is_weekend() : Saturday or Sunday
## is_holiday() : holiday in France (based on `gcal(1)`)
## is_workday() : not weekend and not holiday
## is_worktime() : work day between 9-12h and 14-18h
#
# running_custom() {
# # implement your own custom method to decide if we should run or not
# }
## The name of the service, mainly for logging
service_name="example"
## The SysVinit script name
sysvinit_script="${service_name}"
## The systemd service name
systemd_service="${service_name}.service"
is_service_alive() {
## this must return 0 if the service is alive, otherwise return 1
## Example:
pgrep -u USER PROCESS_NAME > /dev/null
}
## Action for SysVinit system
sysvinit_action() {
# Save service status before restart
timeout 2 "/etc/init.d/${sysvinit_script}" status | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 "/etc/init.d/${sysvinit_script}" restart > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
timeout 2 "/etc/init.d/${sysvinit_script}" status | save_in_log_dir "${service_name}.after.status"
}
## Action for systemd system
systemd_action() {
# Save service status before restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
# systemctl (only for NRPE ?) sometimes returns 0 even if the service has failed to start
# so we check the status explicitly
timeout 20 systemctl restart "${systemd_service}" > /dev/null \
&& sleep 1 \
&& systemctl status "${systemd_service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.after.status"
}
# Should we run?
if ! is_supposed_to_run; then
# log_global "${PROGNAME} is not supposed to run (RUNNING=${RUNNING})."
exit 0
fi
if is_service_alive; then
# log_global "${service_name} process alive. Aborting"
exit 0
fi
# Yes we do, so check for sysvinit or systemd
if is_debian_version "8" "<="; then
if ! is_sysvinit_enabled "*${sysvinit_script}*"; then
# log_global "${service_name} not enabled. Aborting"
exit 0
fi
# Let's finally do the action
pre_restart
sysvinit_action
post_restart
else
if ! is_systemd_enabled "${systemd_service}"; then
# log_global "${service_name} is disabled (or missing), nothing left to do."
exit 0
fi
if is_systemd_active "${systemd_service}"; then
# log_global "${service_name} is active, nothing left to do."
exit 0
fi
# Let's finally do the action
pre_restart
systemd_action
post_restart
fi

View File

@ -0,0 +1,16 @@
---
- name: restart nagios-nrpe-server
service:
name: nagios-nrpe-server
state: restarted
- name: restart nrpe
service:
name: nrpe
state: restarted
- name: restart rsyslog
service:
name: rsyslog
state: restarted

View File

@ -0,0 +1,25 @@
---
- name: "Add begin marker if missing"
ansible.builtin.lineinfile:
path: "/etc/cron.d/autosysadmin"
line: "# BEGIN ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
insertbefore: BOF
create: yes
- name: "Add end marker if missing"
ansible.builtin.lineinfile:
path: "/etc/cron.d/autosysadmin"
line: "# END ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
insertbefore: "EOF"
create: yes
- name: "Create config if missing"
ansible.builtin.blockinfile:
path: "/etc/cron.d/autosysadmin"
marker: "# {mark} ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
block: "{{ lookup('ansible.builtin.template', '../templates/autosysadmin.cron.j2') }}"
owner: root
group: root
mode: "0750"
create: yes

View File

@ -0,0 +1,4 @@
---
- name: Install gcal
ansible.builtin.apt:
name: gcal

View File

@ -0,0 +1,114 @@
---
- name: "Remount /usr if needed"
ansible.builtin.include_role:
name: remount-usr
- name: Previous autosysadmin restart directory is renamed
command:
cmd: mv "/usr/share/scripts/autosysadmin/auto" "{{ autosysadmin_agent_auto_dir }}"
removes: "/usr/share/scripts/autosysadmin/auto"
creates: "{{ autosysadmin_agent_auto_dir }}"
- name: Create autosysadmin directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "root"
group: "root"
mode: "0750"
loop:
- "{{ autosysadmin_agent_bin_dir }}"
- "{{ autosysadmin_agent_lib_dir }}"
- "{{ autosysadmin_agent_auto_dir }}"
- name: Copy libraries
ansible.builtin.copy:
src: "upstream/lib/"
dest: "{{ autosysadmin_agent_lib_dir }}/"
owner: root
group: root
mode: "0750"
- name: Copy repair scripts
ansible.builtin.copy:
src: "upstream/repair/"
dest: "{{ autosysadmin_agent_bin_dir }}/"
owner: root
group: root
mode: "0750"
- name: Copy other utilities
ansible.builtin.copy:
src: "upstream/bin/"
dest: "{{ autosysadmin_agent_bin_dir }}/"
owner: root
group: root
mode: "0750"
### WARNING: thos files are explicitly marked as non-executable
### to prevent them from being run automatically by run-parts
- name: Copy restart scripts
ansible.builtin.copy:
src: "upstream/restart/"
dest: "{{ autosysadmin_agent_auto_dir }}/"
owner: root
group: root
mode: "0640"
- name: Ensure /etc/evolinux folder exists
ansible.builtin.file:
path: "/etc/evolinux"
state: directory
owner: "root"
group: "root"
mode: "0700"
- name: Copy the configuration file if missing
ansible.builtin.template:
src: "autosysadmin.cf.j2"
dest: "/etc/evolinux/autosysadmin"
owner: root
group: root
mode: "0640"
force: no
# Repair scripts are supposed to be 'on' by default
# A line "repair_XXX=off" is added to the file only if the script is to be disabled.
# That's why all the ternary logic for the state is reversed.
- name: Update value per variable
ansible.builtin.lineinfile:
dest: "/etc/evolinux/autosysadmin"
line: "{{ item }}={{ autosysadmin_config[item] | default(true) | bool | ternary('on', 'off') }}"
regexp: '^(#\s*)?{{ item }}=.*'
state: "{{ autosysadmin_config[item] | default(true) | bool | ternary('absent', 'present') }}"
register: _line
loop: "{{ autosysadmin_repair_scripts | union(['repair_all']) }}"
- name: Ensure restart folder exists
ansible.builtin.file:
path: "auto"
state: directory
owner: "root"
group: "root"
mode: "0700"
- name: Legacy scripts are removed
ansible.builtin.file:
path: "{{ general_scripts_dir }}/autosysadmin/{{ item }}"
state: absent
loop:
- repair_amavis.sh
- repair_disk.sh
- repair_elasticsearch.sh
- repair_http.sh
- repair_mysql.sh
- repair_opendkim.sh
- repair_php_fpm56.sh
- repair_php_fpm70.sh
- repair_php_fpm73.sh
- repair_php_fpm74.sh
- repair_php_fpm80.sh
- repair_php_fpm81.sh
- repair_redis.sh
- repair_tomcat_instance.sh

View File

@ -0,0 +1,8 @@
---
- name: Copy logrotate configuration for autosysadmin
ansible.builtin.copy:
src: "files/autosysadmin.logrotate.conf"
dest: "/etc/logrotate.d/autosysadmin"
owner: root
group: root
mode: "0644"

Some files were not shown because too many files have changed in this diff Show More