• Stable 22.09 c3670ce897

    Release 22.09

    jlecour released this 2 weeks ago | 0 commits to stable since this release

    Added

    • evolinux_users: create only users who have a certain value for the create key (default: always).
    • php: install php-xml with recent PHP versions
    • vrrp: add an ip.yml task file to help create VRRP addresses
    • webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
    • memcached: NRPE check for multi-instance setup
    • munin: Add ipmi_ plugins on dedicated hardware
    • proftpd: Add options to override configs (and add a warning if file was overriden)
    • proftpd: Allow user auth with ssh keys

    Changed

    • evocheck: upstream release 22.09
    • evolinux-base: update-evobackup-canary upstream release 22.06
    • generate-ldif: Support any MariaDB version
    • minifirewall: use handlers to restart minifirewall
    • openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
    • generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
    • openvpn: Run OpenVPN with the _openvpn user and group instead of nobody which is originally for NFS
    • nagios-nrpe: Upgrade check_mongo

    Fixed

    • fail2ban: fix dovecot-evolix regex syntax
    • haproxy: make it so that munin doesn't break if there is a non default haproxy_stats_path
    • mysql: Add missing Munin conf for Debian 11
    • redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
    • varnish: make -j <jail_config> the first argument on jessie/stretch as it has to be the first argument there.
    • webapps/nextcloud: Add missing dependencies for imagick

    Removed

    • evocheck: remove failure if deprecated variable is used
    • webapps/nextcloud: Drop support for Nginx
    Downloads
     
  • Stable 22.07.1 296f081d2f

    Release 22.07.1

    jlecour released this 2 months ago | 77 commits to stable since this release

    Changed

    • evocheck: upstream release 22.07
    • evomaintenance: upstream release 22.07
    • mongodb: replace version_compare() with version()
    • nagios-nrpe: check_disk1 returns only alerts
    • nagios-nrpe: use regexp to exclude paths/devices in check_disk1
    Downloads
     
  • Stable 22.07 f8cb5d9496

    Release 22.07

    jlecour released this 3 months ago | 99 commits to stable since this release

    Added

    • evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
    • haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
    • kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
    • openvpn: configure logrotate

    Changed

    • openvpn: minimal rights on /etc/shellpki/ and crl.pem

    Fixed

    • evolinux-base: Update PermitRootLogin task to work on Debian 11
    • evolinux-user: Update PermitRootLogin task to work on Debian 11
    • minifirewall: docker mode is configurable
    Downloads
     
  • Stable 22.06.3 5581801cc9

    Release 22.06.3

    jlecour released this 4 months ago | 114 commits to stable since this release

    Changed

    • evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
    Downloads
     
  • Stable 22.06.2 e3715ca2d6

    Release 22.06.2

    jlecour released this 4 months ago | 121 commits to stable since this release

    Added

    • postgresql: add variable to configure binding addresses (default: 127.0.0.1)

    Changed

    • evocheck: upstream release 22.06.2
    • fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
    • fail2ban: If jail.local was overriden, add a warning
    • fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
    • fail2ban: Allow to tune the default action with ansible
    • fail2ban: Change default action to ban only (instead of ban + mail with whois report)
    • fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
    • redis: binding is possible on multiple interfaces (breaking change)

    Fixed

    • Enforce String notation for mode
    • postgresql: fix nested loop for Munin plugins
    • postgresql: Fix task order when using pgdg repo
    • postgresql: Install the right pg version
    Downloads
     
  • Stable 22.06.1 78ef69bb6e

    Release 22.06.1

    jlecour released this 4 months ago | 132 commits to stable since this release

    Changed

    • evocheck: upstream release 22.06.1
    • minifirewall: upstream release 22.06
    • mysql: evomariabackup release 22.06.1
    • mysql: reorganize evomariabackup to use mtree instead of our own dir-check
    Downloads
     
  • Stable 22.06 24f34b200c

    Release 22.06

    jlecour released this 4 months ago | 147 commits to stable since this release

    Added

    • certbot: add hapee (HAProxy Enterprise Edition) deploy hook
    • evolinux-base: add dir-check script
    • evolinux-base: add update-evobackup-canary script
    • mysql: add post-backup-hook to evomariabackup
    • mysql: use dir-check inside evomariabackup

    Changed

    • docker: Allow "live-restore" to be toggled with docker_conf_live_restore
    • evocheck: upstream release 22.06
    • mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner
    Downloads
     
  • Stable 22.05.1 40546d077a

    Release 22.05.1

    jlecour released this 5 months ago | 172 commits to stable since this release

    Added

    • docker : Introduce new default settings + allow to change the docker data directory
    • docker : Introduce new variables to tweak daemon settings

    Changed

    • evocheck: upstream release 22.05

    Removed

    • docker : Removed Debian Jessie support
    Downloads
     
  • Stable 22.05 c273117c5f

    Release 22.05

    jlecour released this 5 months ago | 180 commits to stable since this release

    Added

    • etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible
    • minifirewall: compatibility with "legacy" version of minifirewall
    • minifirewall: configure proxy/backup/sysctl values
    • munin: Add possibility to install local plugins, and install dhcp_pool plugin
    • nagios-nrpe: Add a check dhcp_pool
    • redis: Activate overcommit sysctl
    • redis: Add log2mail user to redis group

    Changed

    • dump-server-state: upstream release 22.04.3
    • evocheck: upstream release 22.04.1
    • evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
    • evolinux-base: rename backup-server-state to dump-server-state
    • generate-ldif: Add services check for bkctld
    • minifirewall: restore "force-restart" and fix "restart-if-needed"
    • minifirewall: tail template follows symlinks
    • minifirewall: upstream release 22.05
    • opendkim : add generate opendkim-genkey in sha256 and key 4096
    • openvpn: use a local copy of files instead of cloning an external git repository
    • openvpn: use a subnet topology instead of the net30 default topology
    • tomcat: Tomcat 9 by default with Debian 11
    • vrrpd: Store sysctl values in specific file

    Fixed

    • etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
    • etc-git: Make evocommit fully compatible with OpenBSD
    • generate-ldif: Correct generated entries for php-fpm in containers
    • keepalived: repair broken role
    • minifirewall: fix failed_when condition on restart
    • postfix: Do not send mails through milters a second time after amavis (in packmail)
    • redis: Remount /usr with RW before adding nagios plugin
    Downloads
     
  • Stable 22.03 d7d58bf158

    Release 22.03

    jlecour released this 7 months ago | 264 commits to stable since this release

    Added

    • apt: apt_hold_packages: broadcast message with wall, if present
    • evolinux-base: option to bypass raid-related tasks
    • Explicit permissions for systemd overrides
    • generate-ldif: Add support for php-fpm in containers
    • kvm-host: add missing default value
    • lxc-php: preliminary support for PHP 8.1 container
    • openvpn: now check that openvpn has been restarted since last certificates renewal
    • redis: always install check_redis_instances
    • redis: check_redis_instances tolerates absence of instances

    Changed

    • elasticsearch: Use /etc/elasticsearch/jvm.options.d/evolinux instead of default /etc/elasticsearch/jvm.options
    • evolinux-users: check permissions for /etc/sudoers.d
    • evolinux-users: optimize sudo configuration
    • lxc: Fail if /var is nosuid
    • openvpn: make it compatible with OpenBSD and add some improvements
    Downloads