« Changelog History


xsrv v1.5.0 Release Notes

Release Date: 2022-02-25 // about 2 years ago

  • ⬆️ Upgrade procedure:

    • ⬆️ xsrv self-upgrade to upgrade the xsrv script
    • 🚀 xsrv upgrade to upgrade roles in your playbook to the latest release
    • 🚀 TAGS=utils-debian10to11 xsrv deploy to upgrade your host's distribution from Debian 10 "Buster" to Debian 11 "Bullseye". Debian 10 compatibility will not be maintained after this release.
    • common/firewall: remove firehol_* variables from your configuration. Roles from the xsrv collection will automatically insert their own rules, if firewalld is deployed. If you had custom firewall rules in place/not related to xsrv roles, please port them to the new firewalld configuration)
    • common/hosts: if the hosts: variable (hosts file entries) is used in your host/group_vars, rename it to host_file_entries. If setup_hosts is used in your host/group_vars, rename it to setup_hosts_file.
    • mariadb: if you had the nodiscc.xsrv.mariadb role enabled, migrate to PostgreSQL, or use the archived nodiscc.toolbox.mariadb role.
    • gitea/nextcloud/tt_rss: if any of these roles is listed in your playbook, ensure nodiscc.xsrv.postgresql is explicitly deployed before it.
    • 🐳 jellyfin/proxmox/docker: remove jellyfin_auto_upgrade, proxmox_auto_upgrade or docker_auto_upgrade variables from your configuration, if you changed the defaults. These settings are now controlled by the apt_unattended_upgrades_origins_patterns list, automatic upgrades are enabled by default for these components.
    • jellyfin/samba: if you have both the samba and jellyfin roles enabled on a host, and want to keep using the jellyfin samba share for media storage, explicitly set jellyfin_samba_share: yes in the host's configuration variables.
    • monitoring: remove setup_monitoring_cli_utils: yes/no and setup_rsyslog: yes/no variables from your configuration, if you changed the defaults. If you don't want monitoring utilities or rsyslog set up, enable individual monitoring_netdata/rsyslog/utils roles, instead of the global monitoring role.
    • (optional) xsrv check to simulate changes.
    • 🚀 xsrv deploy to apply changes.

    Added:

    • ➕ add dnsmasq lightweight DNS server role
    • common: add firewalld firewall management tool
    • ⬆️ common: apt: allow configuration of allowed origins for unattended-upgrades
    • ⏱ common: packages: add at task scheduler
    • monitoring: netdata: allow disabling specific plugins (netdata_disabled_plugins), disable ebpf plugin by default
    • 0️⃣ monitoring: lynis: enable lynis installation and daily reports by default
    • ⚠ common: ssh: fix lynis warning FILE-7524 (ensure /root/.ssh is mode 0700)
    • common: mail/msmtp: allow disabling SMTP authentication/LOGIN (msmtp_auth_enabled), allow disabling SMTP server TLS certificate verification completely (msmtp_tls_certcheck: yes/no)
    • common: mail/msmtp: allow disabling TLS (msmtp_tls_enabled)
    • 🚀 monitoring: netdata: automate testing netdata mail notifications (TAGS=utils-netdata-test-notifications xsrv deploy)
    • monitoring: netdata: monitor systemd units state (timers/services/sockets)
    • docker: add a nightly cleanup of unused docker images/containers/networks/build cache, allow disabling it through docker_prune_nighlty: no
    • ✅ xsrv: add xsrv help-tags subcommand (show the list of ansible tags in the play and their descriptions)
    • 🚀 install ansible local fact files for each deployed role/component

    Removed:

    • 🔧 common: remove firehol firewall management tool, remove firehol_* configuration variables
    • 🚚 common: firewall: remove ability to filter outgoing traffic, will be re-added later
    • ⬇️ drop compatibility with Debian 9
    • monitoring: remove setup_monitoring_cli_utils: yes/no and setup_rsyslog: yes/no variables
    • 🚚 common: fail2ban: remove fail2ban_destemail variable, always send mail to root
    • 🚚 mariadb: remove role, archive it to separate repository
    • ✂ remove ansible tags certificates lamp valheim valheim-server

    🔄 Changed:

    • 👉 make all roles compatible with Debian 11
    • 🚀 common/firewall/all roles: let roles manage their own firewall rules if the nodiscc.xsrv.firewalld role is deployed
    • 🐎 all roles: refactor/performance: only flush handlers once, unless required otherwise, refactor service start/stop/enable/disable tasks
    • common: fail2ban: ban offenders on all ports
    • jellyfin: the jellyfin samba share automatic setup is now disabled by default (jellyfin_samba_share_enabled: no)
    • apache/tt_rss/shaarli/nextcloud: make roles compatible with Debian 11 (PHP 7.4))
    • jellyfin/proxmox/docker: remove jellyfin_auto_upgrade, proxmox_auto_upgrade, docker_auto_upgrade variables, add these origins to the default list of apt_unattended_upgrades_origins_patterns
    • monitoring: split role to smaller monitoring_rsyslog/monitoring_netdata/monitoring_utils roles, make the monitoring role an alias for these 3 roles
    • common: apt: explicitly install aptitude
    • ⬆️ common: apt: remove unused packages after automatic upgrades
    • ⬆️ common: apt: automatically remove unused dependency packages on every install/upgrade/remove operation
    • common: fail2ban: increase maximum IP/attempts count retention to 1 year
    • 🔊 common: ssh: decrease SFTP logs verbosity to INFO by default
    • common/graylog: apt: enable automatic upgrades for graylog/mongodb/elasticsearch packages by default (apt_unattended_upgrades_origins_patterns)
    • 🚀 gitea: upgrade to v1.16.0 [1], [2], [3], [4], [5]
    • ⬆️ xsrv: upgrade ansible to 5.2.0
    • ⚡️ gitea: cleanup/maintenance: update config file comments/ordering to reduce diff with upstream example file
    • apache: relax permissions on apache virtualhost config files (make them world-readable)
    • ⬆️ nextcloud: upgrade to 23.0.1 [1]
    • 0️⃣ nextcloud: add Nextcloud Bookmarks to the default list of apps (default disabled)
    • 📦 xsrv/tools/doc: don't install python3-cryptography from pip, install from OS packages
    • 🚚 gitea/nextcloud/tt_rss: remove hard dependency on postgresql role
    • 🚚 openldap: remove hard dependency on common role
    • 🔧 transmission: log/show diff on configuration file changes
    • netdata/docker: move netdata_min/max_running_docker_containers configuration variables to the docker role
    • 📦 netdata: no longer install python3-mysqldb/mysql support packages
    • mumble: force superuser password change task to never return "changed" (instead of always)
    • 📚 doc: update documentation, document all ansible tags, refactor command-line usage doc
    • 🔨 refactoring: move fail2ban/samba/rsyslog/netdata/... tasks to separate task files inside each role
    • 🏷 tags: add ssl tag to all ssl-related tasks, add rsnapshot-ssh-key tag to all ssh-key-related tasks
    • 🚀 cleanup: remove unused tasks/improve deployment times

    🛠 Fixed:

    • 🛠 fix integration between roles when roles are part of different plays: use ansible local facts installed by other roles to detect installed components, instead of checking the list of roles in the current play
    • proxmox: fix missing ansible fact file template
    • 🔧 proxmox: fix APT configuration on Debian 10/11
    • 🛠 fix check mode compatibility issues, fix ansible-lint warnings
    • common: ssh: fix creation of SFTP-only accounts (bad ownership or modes for chroot directory)
    • common: ssh: ssh: fix root ssh logins when ssh_permit_root_login: without-password/prohibit-password/forced-commands-only
    • monitoring: netdata: fix chart values incorrectly increased by 1 in debsecan module
    • backup: fix mode/idempotence for /root/.ssh directory creation
    • 🔧 graylog: fix configuration file templating always returning changed in check mode
    • 0️⃣ default playbook/xsrv: fix invalid "%%ANSIBLE_HOST%%" value set by xsrv init-host
    • ⚠ common: hosts: fix warning: Found variable using reserved name: hosts

    Full changes since v1.4.0