-
Release 24.09 Stable
released this
2024-09-11 11:42:07 +02:00 | 0 commits to stable since this releaseAdded
- apt: force PATH for apt-hold-packages crontab
- apt: temporary trixie source lists
- bind: New variables to change IPs bind will listen on & send notify/transfer commands
- certbot: support evoacme in haproxy renewal hook
- etc-git: add cron job for daily autocommits (broom commits)
- evobackup-client : Upstream release 24.07
- evocheck: add tag "evocheck-script-only"
- evolinux-base: Create custom SSH configuration file
- evolinux-base: install colordiff, jq and tree by default
- evolinux-base: install evobackup-client (default: true)
- generate-ldif: add bloc for php-fpm84
- lxc-php: Allow one to install php84 on Bookworm container
- lxc: new lxc_template_mirror option (useful to get old Debian from archive.debian.org)
- minifirewall: remove duplicates in lists of ports, IP addresses…
- munin: add 2 graph colons in index with month and year
- munin: add linux_psi contrib plugin
- mysql : Add configuration for external undo log and purge.
- nagios-nrpe: add new check_ftp_users
- nagios-nrpe: new monitoringctl command
- nagios-nrpe: quick patch for monitoringctl to enable --no-confirm
- proftpd: add new munin graph (users count)
- project-users: new role to manage sets of users for a project
- trixie-detect: add role to force Debian 13 detection (temporary, until release)
Changed
- apache: improve BadBots configuration
- autosysadmin-agent: release 24.06
- bind: Update AppArmor rules
- certbot: let's encrypt commit hook deal only with /etc/letsencrypt
- docker-host: fix update cache for install task
- docker-host: install docker compose and buildx by default
- docker-host: split tasks in different task files
- Elastic Stack : default to version 8.x
- evocheck: upstream release 24.09
- evolinux-base: Add commented Match all
- evolinux-base: Customize logcheck recipient when serveur-base is installed
- evolinux-base/evolinux-users: search only files that matter
- evolinux-base/evolinux-users: simplify ssh split configuration
- evomaintenance: upstream release 24.08
- haproxy: send logs to local5 by default, to be compatible with default evolinux rsyslog config
- log2mail: task log2mail.yml of evolinux-base converted to a role
- lxc-solr: update solr9 version + fix URL in README
- minifirewall: upsteam release 24.07
- proftpd: store Munin plugin in local directory
- redis: add variable to force redis check interface
Fixed
- evoacme: Certificates directory path (remove apostrophes)
- fail2ban: remount /usr if needed
- munin: add missing executable bit to added munin plugins
- openvpn: Make it work on OpenBSD in check mode
- openvpn: Set a default date of last OpenVPN startup for OpenBSD when it's not running so that date(1) doesn't fail
- proftpd: permissions must be set as string with 4 digits
- monitoringctl: remount /usr RW after apt module call
- haproxy: send logs to local5 in default template
- spamassassin: fix missing directory for bayes rules
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
0 downloads
-
Release 24.05 Stable
released this
2024-05-15 14:17:20 +02:00 | 235 commits to stable since this releaseAdded
- apt: add list-upgradable-held-packages.sh
Changed
- evobackup-client: upstream release 24.05.1
- evolinux-base: improve adding the current user to SSH AllowGroups of AllowUsers
- evolinux-users: improve SSH configuration
- evomaintenance: upstream release 24.05
- evomaintenance: move upstream files into upstream folder
Fixed
- apt: use archive.debian.org with Buster
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
-
Release 24.04 Stable
released this
2024-04-30 17:42:57 +02:00 | 254 commits to stable since this releaseAdded
- proftpd: optional configuration of IP whitelists per groups of users
Changed
- autosysadmin-agent: upstream release 24.03.2
- evobackup-client: replace non-functional role with install tasks
- evobackup-client: upstream release 24.04.1
- evolinux-base: Add new variable to disable global customisation of bash config
- evolinux-base: Disable logcheck monitoring of journald only if journald.logfiles exists
- evolinux-users: Add sudo mvcli for nagios user
- haproxy: support bookworm for backport packages
- nrpe: !disk1 exclude filesystem type overlay
- postfix/amavis: max servers is now 3 (previously 2)
- roundcube: Use /var/log/roundcube directly
- vrrpd: configure and restart minifirewall before starting VRRP
- vrrpd: configure minifirewall with blocks instead of lines
Fixed
- certbot: Fix HAPEE renewal hook
- certbot: Fix HAProxy renewal hook
- evolinux-base/logcheck: fix conf patch, journal check was not disabled when asked
- fail2ban: SQLite purge script didn't vacuum as expected + error when vacuum cannot be done
- keepalived: Fix tasks that use file instead of copy
- memcached: Fix conditions not properly writen (installation was always in multi-instance mode)
- nagios-nrpe: create /etc/bash_completion.d if missing
- openvpn: install packages manually, because openbsd_pkg module is broken since OpenBSD 7.4 with the version of Ansible we currently use
- packweb: fix old bug (2017!) .orig file created by module patch and taken in account by ProFTPd
- redis: replace inline argument with environment variable for the password
Removed
- docker-host: Removed
docker_conf_use_iptables
variable (iptable usage forced to true)
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
-
Release 24.03 Stable
released this
2024-03-01 09:07:42 +01:00 | 296 commits to stable since this releaseAdded
- autosysadmin-agent: upstream release 24.03
- autosysadmin-restart_nrpe: add role
- certbot: Renewal hook for NRPE
- kvm-host: add minifirewall rules if DRBD interface is configured
Changed
- apt: add ftp.evolix.org as recognized system source
- autosysadmin-agent: logs clearing is done weekly
- autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart}
- certbot: use pkey to test the key
- evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
- lxc-php, php: Update sury PGP key
- openvpn: earlier alert for CA expiration
- redis: create sysfs config file if missing
Removed
- autosysadmin: replaced by autosysadmin-agent
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
4 downloads
-
Release 24.02.1 Stable
released this
2024-02-08 11:10:12 +01:00 | 317 commits to stable since this releaseFixed
- fail2ban: fix Ansible syntax
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
-
Release 24.02 Stable
released this
2024-02-08 09:50:58 +01:00 | 320 commits to stable since this releaseAdded
- Support for PHP 8.3 with bookworm LXC containers
- apt: add task file to install ELTS repository (default: False)
- autosysadmin: Add a role to automatically deploy autosysadmin on evolixisation
- check_free_space: added role
- etc-git: add /var/chroot-bind/etc/bind repo
- fail2ban: add script unban_ip
- generateldif: new Services for check_pressure_{cpu,io,mem}
- kvm-host: Automatically add an LVM filter when LVM is present
- lxc-php: Allow one to install php83 on Bookworm container
- minifirewall: Fix nagios check for old versions of minifirewall
- mongodb: add gpg key for 7.0
- nagios-nrpe: add check_sentinel for monitoring Redis Sentinel
- nagios-nrpe: new check_pressure_{cpu,io,mem}
- remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
- vrrpd: configure minifirewall
- vrrpd: test if interface exists before deleting it
- webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
- webapps/nextcloud: Add condition for archive tasks
- webapps/nextcloud: Add condition for config tasks
- webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user
- webapps/nextcloud: Set ownership and permissions of data directory
Changed
- add-vm.sh: allow VM name max length > 20
- amavis: make ldap_suffix mandatory
- apache : fix goaway pattern for bad bots
- apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
- apache: use backward compatible Redirect directive
- apt: Disable archive repository for Debian 8
- apt: Use the GPG version of the key for Debian 8-9
- bind: Update role for Buster, Bullseye and Bookworm support
- dovecot: add variables for LDAP
- dovecot: Munin plugin conf path is now
/etc/munin/plugin-conf.d/zzz-dovecot
(instead ofz-evolinux-dovecot
) - evocheck: upstream release 24.01
- evolinux-base: dump-server-state upstream release 23.11
- evolinux-base: use separate default config file for rsyslog
- kvmstats: use .capacity instead of .physical for disk size
- ldap: make ldap_suffix mandatory
- listupgrade : old-kernel-removal.sh upstream release 24.01
- log2mail: move custom config in separate file
- lxc: init /etc git repository in lxc container
- mysql: disable performance schema for Debian 8
- nagios: add dockerd check in nrpe check template
- nagios: cleaning nrpe check template
- nagios: rename var
nagios_nrpe_process_processes
intonagios_nrpe_processes
and check systemd-timesyncd instead of ntpd in Debian 12 - proftpd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
- redis: manage config template inside a block, to allow custom modifications outside
- spamassassin: Use spamd starting with Bookworm
- squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8
- unbound: Add config file to allow configuration reload on Debian 11 and lower
- unbound: Add munin configuration & setup plugin
- unbound: Big cleanup
- unbound: Move generated config file to
/etc/unbound/unbound.conf.d/evolinux.conf
- unbound: Use root hints provided by debian package dns-root-data instead of downloading them
- vrrpd: replace switch script with custom one (fix MAC issue, use
ip(8)
, shell cleanup…) - vrrpd: variable to force update the switch script (default: false)
- webapps/nextcloud: Add Ceph volume to fstab
- webapps/nextcloud: Set home directory's mode
Fixed
- Add php-fpm82 to LDAP when relevant
- Check stat.exists before stat.isdir
- apache: fix MaxRequestsPerChild value to be sync with wiki.e.o
- apt: use archive.debian.org with Stretch
- certbot: fix hook for dovecot when more than one certificate is used (eg. different certificates for POP3 and IMAP)
- dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '' » or « doveadm expunge -u "" mailbox INBOX savedbefore 7d »).
- dovecot: fix missing default mails
- dovecot: fix plugin dovecot1
- evoadmin-web: Fix PHP version for Bookworm
- evolinux-base: fix hardware.yml (wrong repo, missing update cache)
- evolinux-base: start to install linux-image-cloud-amd64 with Buster
- fail2ban: fix template marker
- minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.
- nagios: fix default file to monitor for check_clamav_db
- nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode
- nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
- nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
- nginx: keep indentation
- nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
- php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
- php: drop apt_preferences(5) file for sury
- postfix: remove dependency on evolinux_fqdn var
- proftpd: set missing default listen IP for SFTP
- roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL)
- ssl: no not execute haproxy tasks and reload if haproxy is disabled
- unbound: Add a apt cache validity to enforce an apt update if needed
- webapps/nextcloud: added check that nextcloud uid is over 3000
- webapps/nextcloud: fix Add Ceph volume to fstab : missing UUID= in src
- webapps/nextcloud: fix misplaced gid attribute
- webapps/nextcloud: fix missing gid
- webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice)
- amavis: Add variables for generate "ldap_suffix"
- proftpd: fix error when no SSH key is provided
Removed
- evolinux-base: no need to remove update-evobackup-canary from sbin anymore
- evolinux-base: no need to symlink backup-server-state to dump-server-state anymore
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
3 downloads
-
Release 23.10 Stable
released this
2023-10-14 07:55:17 +02:00 | 473 commits to stable since this releaseAdded
- apt: disable
NonFreeFirmware
warning for VM on Debian 12+ - apt: explicit
signed-by
directives for official sources - bind: add reload-zone helper
- certbot: deploy-hook for proftpd
- docker-host: added var for user namespace setting
- dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
- dovecot: fix old_stats plugin for Dovecot 2.3
- evocheck: add support for Debian >= 12 split SSH configuration
- evolinux-base: add split SSH configuration for Debian >= 12
- evolinux-base: configure
.bashrc
for all users - evolinux-base: New variable
evolinux_system_include_ntpd
to chose wether or not to includentpd
role - evolinux-base: reboot the server if the Cloud kernel has been installed
- evolinux-users: add split SSH configuration for Debian >= 12
- evolinux: install HPE Agentless Management Service (amsd)
- fail2ban: add default variable fail2ban_dbpurgeage_default
- fail2ban: add
fail2ban_sshd_port
variable to configure sshd port - kvm-host: release 23.10 for migrate-vm.sh
- metricbeat/logstash: fix Ansible syntax
- mysql: new munin graph to follow binlog_days over time
- nagios-nrpe: add a NRPE check-local command with completion.
- nagios-nrpe: add a proper monitoring plugin for GlusterFS (on servers, not for clients)
- php: add new variable to disable overriding settings of php-fpm default pool (www)
- policy_pam: New role to manage password policy with
pam_pwquality
&pam_pwhistory
- userlogrotate: add a
userlogpurge
script disabled by default - userlogrotate: new version, with separate conf file
- userlogrotate: rotate also php.log
- java: allow version 17
- timesyncd: new role, used instead of ntpd by default starting with Debian 12
Changed
- all: change syntax "become: [yes,no]" → "become: [true,false]"
- all: change syntax "force: [yes,no]" → "force: [true,false]"
- elasticsearch: improve networking configuration
- evolinux-base: include files under
sshd_config.d
- evolinux-users: remove Stretch references in tasks that also apply to next Debian versions
- evomaintenance: upstream release 23.10.1
- lxc-php: change LXC container in bookworm for php82
- minifirewall: update nrpe script to check active configuration
- minifirewall: upstream release 23.07
- mysql: improve shell syntax for mysql_skip script
- nagios-nrpe: set default check_load --per-cpu for BSD
- pgbouncer: minor fixes
- postfix (packmail or when postfix_slow_transport_include is True): change
miniprofmal_backoff_time
from 2h to 15m (see HowtoPostfix) - postfix (packmail) : optimize Amavis integration
- postfix: disable sending mails via IPv6
- postfix: new spam.sh update script that avoids reloading if files did not change.
- postgresql: fix file
postgresql.pref.j2
for exclude package - postgresql: fix task
update apt cache
for PGDG repo - redis: standardize plugins path from
/usr/local/share/munin/
to/usr/local/lib/munin/plugins/
- varnish: allow the systemd template to be overridden with a template outside of the role
- lxc: purge openssh-server from container on install
Fixed
- elasticsearch: comment the
Xlog:gc
line instead of changing it completely - evocheck: fix IS_SSHALLOWUSERS condition
- evolinux-base, evolinux-users: Fix files mode under
/etc/ssh/sshd_config.d
- evolinux-base: fix file extension
- fail2ban: fix cron
fail2ban_dbpurge
(should be bash instead of sh) - lxc-php: fix APT keyring path inside containers
- nagios-nrpe:
check_ssl_local
now has an output that nrpe can understand when it isn't OK - nagios-nrpe: remount
/usr
after installing the packages - nagios-nrpe: sync Redis check from redis roles
- nginx: set default server directive in default vhost
- opendkim: update apt cache before install
- packweb-apache,nagios-nrpe: add missing task and config for PHP 8.2 container
- postfix: add missing
localhost.$mydomain
tomydestination
- redis: replace erroneous
ini_file
module for Munin config, fix dedicated Munin config filename (z-XXX). - evolinux-base: use lineinfile instead of replace under root task
- evolinux-base: Corriger autorisation pour evolinux_user
- docker-host: Retirer directive state en trop
- rbenv: Installer libyaml-dev
Removed
- dovecot: remove Munin plugin dovecot (not working)
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
- apt: disable
-
Release 23.04 Stable
released this
2023-04-23 10:51:41 +02:00 | 658 commits to stable since this releaseAdded
- graylog: new role
- lxc-php: add support for PHP 8.2 container
Changed
- Use FQCN (Fully Qualified Collection Name)
- apt: with Debian 12, backports are installed but disabled by default
- openvpn: updated the README file
- pgbouncer: add handler to restart the service
Fixed
- generate-ldif: Support for Debian 12
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
-
Release 23.03.1 Stable
released this
2023-03-16 22:18:53 +01:00 | 705 commits to stable since this releaseAdded
- pgbouncer: new role
Changed
- apt: deb822 migration python script is looked relative to shell script
- listupgrade: remove old typo version of the cron task
- minifirewall: support protocols in numeric form
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
2 downloads
-
Release 23.03 Stable
released this
2023-03-16 15:00:03 +01:00 | 712 commits to stable since this releaseAdded
- apache: add task to enable mailgraph on default vhost and index.html
- apt: add move-apt-keyrings script/tasks
- apt: add tools to migrate sources to deb822 format
- fail2ban: add "Internal login failure" to Dovecot filter
- lxc: copy
/etc/profile.d/evolinux.sh
from host into container - nagios-nrpe: add tasks/files for a wrapper
- nagios-nrpe: Print pool config path in check_phpfpm_multi output
- php: add
php_version
variable when sury is activated for each Debian version - php: add a way to choose which version to install using sury repository
- postfix: Add task to enable mailgraph on packmail
- postgresql: configure max_connections
- userlogrotate: create dedicated role, separated from packweb-apache
- varnish: add
varnish_update_config
variable to disable configuration update
Changed
- Use systemd module instead of command
- Removed all
warn: False
args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0. - apt: Use pub.evolix.org instead of pub.evolix.net
- bind: refactor role
- elasticsearch: Disable garabge collector logging (JDK >= 9)
- evolinux-users: Update sudoers template to remove commands allowed without password
- listupgrade: upstream release 23.03.3
- kvmstats: use virsh domstats | awk to get guests informations
- nagios-nrpe : Rewrite
check_vrrpd
for a better check (checkrp_filter
,vrrpd
anduvrrpd
compatible, use arguments, …) - openvpn: Change
check_openvpn
destination file to comply with recent EvoBSD change - postfix: come back to default value of
notify_classes
for pack mails. - userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
- webapps/nextcloud : Change default data directory to be outside web root
- webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
- yarn: update apt key
Fixed
- Proper jinja spacing
- clamav: set
MaxConnectionQueueLength
to its default value (200), custom (15) was way too small and caused recurring failures in Postfix. - docker-host: fix type in
daemon.json
and remove host configuration that is already in the systemd service by default - evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
- haproxy: fix missing admin ACL in stats module access permissions
- openvpn: fix the client cipher configuration to match the server cipher configuration
- php: fix error introduced in #33503e4538 (
False
evaluated as a String instead of Boolean) - php: install using Sury repositories on Bullseye
- postfix (packmail only): disable
concurrency_failed_cohort_limit
for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long inminimal_backoff_time
(2h) andmaximal_backoff_time
(6h) to reduce the risk of ban from external SMTPs. - postfix: avoid Amavis transport to be considered dead when restarted.
- postfix: remove unused
aliases_scope=sub
from virtual_aliases.cf (it generated warnings) - userlogrotate: fix bug introduced in commit
2e54944a24
(rotated files were not zipped) - userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
Removed
- evolinux-base: subversion is not installed anymore
Downloads
-
Source code (ZIP)
2 downloads
-
Source code (TAR.GZ)
3 downloads