• 23.04 a10cff94d0

    Release 23.04 Stable

    jlecour released this 1 month ago | 0 commits to stable since this release

    Added

    • graylog: new role
    • lxc-php: add support for PHP 8.2 container

    Changed

    • Use FQCN (Fully Qualified Collection Name)
    • apt: with Debian 12, backports are installed but disabled by default
    • openvpn: updated the README file
    • pgbouncer: add handler to restart the service

    Fixed

    • generate-ldif: Support for Debian 12
    Downloads
     
  • 23.03.1 7052b7bd1e

    jlecour released this 2 months ago | 47 commits to stable since this release

    Added

    • pgbouncer: new role

    Changed

    • apt: deb822 migration python script is looked relative to shell script
    • listupgrade: remove old typo version of the cron task
    • minifirewall: support protocols in numeric form
    Downloads
     
  • 23.03 8e4e77cb8b

    Release 23.03 Stable

    jlecour released this 2 months ago | 54 commits to stable since this release

    Added

    • apache: add task to enable mailgraph on default vhost and index.html
    • apt: add move-apt-keyrings script/tasks
    • apt: add tools to migrate sources to deb822 format
    • fail2ban: add "Internal login failure" to Dovecot filter
    • lxc: copy /etc/profile.d/evolinux.sh from host into container
    • nagios-nrpe: add tasks/files for a wrapper
    • nagios-nrpe: Print pool config path in check_phpfpm_multi output
    • php: add php_version variable when sury is activated for each Debian version
    • php: add a way to choose which version to install using sury repository
    • postfix: Add task to enable mailgraph on packmail
    • postgresql: configure max_connections
    • userlogrotate: create dedicated role, separated from packweb-apache
    • varnish: add varnish_update_config variable to disable configuration update

    Changed

    • Use systemd module instead of command
    • Removed all warn: False args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
    • apt: Use pub.evolix.org instead of pub.evolix.net
    • bind: refactor role
    • elasticsearch: Disable garabge collector logging (JDK >= 9)
    • evolinux-users: Update sudoers template to remove commands allowed without password
    • listupgrade: upstream release 23.03.3
    • kvmstats: use virsh domstats | awk to get guests informations
    • nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
    • openvpn: Change check_openvpn destination file to comply with recent EvoBSD change
    • postfix: come back to default value of notify_classes for pack mails.
    • userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
    • webapps/nextcloud : Change default data directory to be outside web root
    • webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
    • yarn: update apt key

    Fixed

    • Proper jinja spacing
    • clamav: set MaxConnectionQueueLength to its default value (200), custom (15) was way too small and caused recurring failures in Postfix.
    • docker-host: fix type in daemon.json and remove host configuration that is already in the systemd service by default
    • evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
    • haproxy: fix missing admin ACL in stats module access permissions
    • openvpn: fix the client cipher configuration to match the server cipher configuration
    • php: fix error introduced in #33503e4538 (False evaluated as a String instead of Boolean)
    • php: install using Sury repositories on Bullseye
    • postfix (packmail only): disable concurrency_failed_cohort_limit for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in minimal_backoff_time (2h) and maximal_backoff_time (6h) to reduce the risk of ban from external SMTPs.
    • postfix: avoid Amavis transport to be considered dead when restarted.
    • postfix: remove unused aliases_scope=sub from virtual_aliases.cf (it generated warnings)
    • userlogrotate: fix bug introduced in commit 2e54944a24 (rotated files were not zipped)
    • userlogrotate: skip zipping if .gz log already exists (prevents interactive question)

    Removed

    • evolinux-base: subversion is not installed anymore
    Downloads
     
  • 22.12 e1e4f39778

    Release 22.12 Stable

    jlecour released this 6 months ago | 159 commits to stable since this release

    Added

    • all: add signed-by option for additional APT sources
    • all: preliminary work to support Debian 12
    • all: use proper keyrings directory for APT version
    • evolinux-base: replace regular kernel by cloud kernel on virtual servers
    • lxc-php: set php-fpm umask to 007
    • nagios-nrpe: check_ceph_*
    • nagios-nrpe: check_haproxy_stats supports DRAIN status
    • packweb-apache: enable log_forensic module
    • rabbitmq: add link in default page
    • varnish: create special tmp directory for syntax validation

    Changed

    • certbot: auto-detect HAPEE version in renewal hook
    • evocheck: install script according to Debian version
    • evolinux-base: utils.yml can be excluded
    • evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
    • evolinux-user: add sudoers privilege for check php_fpm81
    • evomaintenance: allow missing API endpoint if APi is disabled
    • java: use default JRE package when version is not specified
    • keepalived: change exit code (warning if running but not on expected state ; critical if not running)
    • listupgrade: better detection for PostgreSQL
    • listupgrade: sort/uniq of packages/services lists in email template
    • lxc-solr: detect the real partition options
    • lxc-solr: download URL according to Solr Version
    • lxc-solr: set homedir and port at install
    • minifirewall: whitelist deb.freexian.com
    • openvpn: shellpki upstream release 22.12.2
    • openvpn: specifies that the mail for expirations is for OpenVPN
    • packweb-apache: manual dependencies resolution
    • redis: some values should be quoted
    • redis: variable to disable transparent hugepage (default: do nothing)
    • squid: whitelist deb.freexian.com
    • varnish: better package facts usage with check mode and tags
    • varnish: systemd override depends on Varnish version instead of Debian version

    Fixed

    • evolinux-user: Fix sudoers privilege for check php_fpm80
    • nagios-nrpe: Fix check opendkim for recent change in listening port
    • openvpn: Fix mode of shellpki script
    • proftpd: Fix format of public key files controlled by Ansible
    • proftpd: Fix mode of public key directory and files (they have to be accessible by proftpd:nobody)
    • varnish: fix missing state, that blocked the task

    Removed

    • openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
    Downloads
     
  • 22.09 c3670ce897

    Release 22.09 Stable

    jlecour released this 8 months ago | 236 commits to stable since this release

    Added

    • evolinux_users: create only users who have a certain value for the create key (default: always).
    • php: install php-xml with recent PHP versions
    • vrrp: add an ip.yml task file to help create VRRP addresses
    • webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
    • memcached: NRPE check for multi-instance setup
    • munin: Add ipmi_ plugins on dedicated hardware
    • proftpd: Add options to override configs (and add a warning if file was overriden)
    • proftpd: Allow user auth with ssh keys

    Changed

    • evocheck: upstream release 22.09
    • evolinux-base: update-evobackup-canary upstream release 22.06
    • generate-ldif: Support any MariaDB version
    • minifirewall: use handlers to restart minifirewall
    • openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
    • generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
    • openvpn: Run OpenVPN with the _openvpn user and group instead of nobody which is originally for NFS
    • nagios-nrpe: Upgrade check_mongo

    Fixed

    • fail2ban: fix dovecot-evolix regex syntax
    • haproxy: make it so that munin doesn't break if there is a non default haproxy_stats_path
    • mysql: Add missing Munin conf for Debian 11
    • redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
    • varnish: make -j <jail_config> the first argument on jessie/stretch as it has to be the first argument there.
    • webapps/nextcloud: Add missing dependencies for imagick

    Removed

    • evocheck: remove failure if deprecated variable is used
    • webapps/nextcloud: Drop support for Nginx
    Downloads
     
  • 22.07.1 296f081d2f

    jlecour released this 10 months ago | 313 commits to stable since this release

    Changed

    • evocheck: upstream release 22.07
    • evomaintenance: upstream release 22.07
    • mongodb: replace version_compare() with version()
    • nagios-nrpe: check_disk1 returns only alerts
    • nagios-nrpe: use regexp to exclude paths/devices in check_disk1
    Downloads
     
  • 22.07 f8cb5d9496

    Release 22.07 Stable

    jlecour released this 11 months ago | 335 commits to stable since this release

    Added

    • evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
    • haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
    • kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
    • openvpn: configure logrotate

    Changed

    • openvpn: minimal rights on /etc/shellpki/ and crl.pem

    Fixed

    • evolinux-base: Update PermitRootLogin task to work on Debian 11
    • evolinux-user: Update PermitRootLogin task to work on Debian 11
    • minifirewall: docker mode is configurable
    Downloads
     
  • 22.06.3 5581801cc9

    jlecour released this 12 months ago | 350 commits to stable since this release

    Changed

    • evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
    Downloads
     
  • 22.06.2 e3715ca2d6

    jlecour released this 12 months ago | 357 commits to stable since this release

    Added

    • postgresql: add variable to configure binding addresses (default: 127.0.0.1)

    Changed

    • evocheck: upstream release 22.06.2
    • fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
    • fail2ban: If jail.local was overriden, add a warning
    • fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
    • fail2ban: Allow to tune the default action with ansible
    • fail2ban: Change default action to ban only (instead of ban + mail with whois report)
    • fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
    • redis: binding is possible on multiple interfaces (breaking change)

    Fixed

    • Enforce String notation for mode
    • postgresql: fix nested loop for Munin plugins
    • postgresql: Fix task order when using pgdg repo
    • postgresql: Install the right pg version
    Downloads
     
  • 22.06.1 78ef69bb6e

    jlecour released this 12 months ago | 368 commits to stable since this release

    Changed

    • evocheck: upstream release 22.06.1
    • minifirewall: upstream release 22.06
    • mysql: evomariabackup release 22.06.1
    • mysql: reorganize evomariabackup to use mtree instead of our own dir-check
    Downloads