xsrv v1.8.0 Release Notes
Release Date: 2022-07-04 // almost 2 years ago-
⬆️ Upgrade procedure:
- ⬆️
xsrv self-upgrade
to upgrade the xsrv script - 🚀
xsrv upgrade
to upgrade roles/ansible environments to the latest release - gitea/gotty/graylog/homepage/jellyfin/nextcloud/openldap/rocketchat/rss_bridge/shaarli/transmission/tt_rss: ensure the
apache
role or equivalent is explicitly deployed to the host before deploying any of these roles. - jellyfin/samba: if both jellyfin and samba roles are deployed on the same host, ensure
samba
is deployed beforejellyfin
(xsrv edit-playbook
) - valheim_server: if you are using the
valheim_server
role, updaterequirements.yml
(xsrv edit-requirements
) andplaybook.yml
(xsrv edit-playbook
) to use the archivednodiscc.toolbox.valheim_server
role instead. - 🚀
xsrv deploy
to apply changes
➕ Added:
- add
mail_dovecot
role - IMAP mailbox server - monitoring: netdata: allow streaming charts data/alarms to/from other netdata nodes (
netdata_streaming_*
) - monitoring: netdata: enable monitoring of hard drives SMART status
- ✅ xsrv: add
xsrv ssh
subcommand (alias forshell
) - openldap: allow secure LDAP communication over SSL/TLS on port 636/tcp (use a self-signed certificate)
- 🔧 common: allow disabling PAM/user accounts configuration tasks (
setup_users: yes/no
) - common: allow blacklisting unused/potentially insecure kernel modules (
kernel_modules_blacklist
), disable unused network/firewire modules by default - common: automatically remove (purge) configuration files of removed packages, nightly, enabled by default (
apt_purge_nightly: yes/no
) - common: attempt to automatically repair (fsck) failed filesystems on boot
- 🐳 docker: allow enabling automatic firewall/iptables rules setup by Docker (
docker_iptables: no/yes
) - 🐳 docker: install requirements for logging in to private docker registries
- openldap: self-service-password/ldap-account-manager: make LDAP server URI configurable (
*_ldap_url
) - openldap: ldap-account-manager: allow specifying a trusted LDAPS server certificate (
ldap_account_manager_ldaps_cert
) - 🔧 samba: make events logged by full_audit configurable (
samba_log_full_audit_success_events
) - shaarli: add an option to configure thumbnail generation mode (
shaarli_thumbnails_mode
) and default number of links per page (shaarli_links_per_page
, default 30) - postgresql: download pgmetrics report to the controller when running
TAGS=utils-pgmetrics
- 📚 all roles: checks: add an info message pointing to roles documentation when one or more variables are not correctly defined
- ✅ xsrv:
xsrv help-tags
will now parse tag descriptions from custom roles inroles/
in addition to collections - 📦 monitoring: utils: add
iputils-ping
package (ping utility)
✂ Removed:
- common: firewalld/mail/msmtp: drop compatibilty with Debian 10
- 🚚 valheim_server: remove role, archive it to separate repository (installs non-free components)
🔄 Changed:
- netdata: needrestart: don't send e-mail notifications for needrestart alarms
- netdata: debsecan: refresh debsecan reports every 6 hours instead of every hour
- netdata: disable metrics gathering for
/dev
and/dev/shm
virtual filesystems - all roles: checks all variables values before failing, when one or more variables are not correctly defined
- ⚡️ tt_rss: don't send feed update errors by mail, log them to syslog
- xsrv: always use the first host/group in alphabetical order when no host/group is specified
- ⬆️ xsrv: upgrade ansible to v5.10.0
- apache/proxmox: only setup fail2ban when it is marked as managed by ansible through ansible local facts
- common: ssh: increase the frequency of "client alive" messages to 1 every 5 minutes
- common: ssh/users: don't allow login for users without an existing home directory
- apache: rsyslog: prefix apache access logs with
apache-access:
in syslog whenapache_access_log_to_syslog: yes
- homepage: improve homepage styling/layout, link directly to
ssh://
andsftp://
URIs - 0️⃣ homepage: reword default
homepage_message
- 0️⃣ shaarli: default to generating thumbnails only for common media hosts
- transmission: firewall: always allow bittorrent peer traffic from the public zone
- monitoring_utils: lynis: review and whitelist unapplicable "suggestion" level report items (
lynis_skip_tests
) - 🚀 nextcloud: upgrade to v24.0.1 [1] [2] [3]
- 🚀 gitea: upgrade to v1.16.8 [1] [2] [3]
- ⬆️ openldap: ldap-account-manager: upgrade to v7.9.1
- 🚀 rss_bridge: upgrade to v2022-06-14
- 🚀 postgresql: update pgmetrics to v1.13.0
- gitea/gotty/graylog/homepage/jellyfin/nextcloud/openldap/rocketchat/rss_bridge/shaarli/transmission/tt_rss: remove hard dependency on apache role
- 🔧 cleanup: proxmox: use a single file to configure proxmox APT repositories
- cleanup: apache: ensure no leftover mod-php installations are present
- 🔧 cleanup: common: users: move PAM configuration to the main
limits.conf
configuration file - 📚 cleanup/tools: improve
check
mode support, standardize task names, remove unused template files, make usage of ansible_facts consistent in all roles, clarify xsrv script, reorder functions by purpose/component, automate documentation generation, improve tests/release procedure, automate initial check mode/deployment/idempotence tests - 📚 update documentation
🛠 Fixed:
- xsrv:
init-project
: fix inventory not correctly initialized - xsrv: fix
xsrv shell/fetch-backups
when a non-defaultXSRV_PROJECTS_DIR
is specified by the user - common: ssh: fix confusion between
AcceptEnv
andPermitUserEnvironment
settings - all roles: monitoring/netdata: fix systemd services health checks not loaded by netdata
- apache: monitoring/rsyslog: fix rsyslog config installation when running with only
--tags=monitoring
- 🔧 graylog: fix elasticsearch/graylog unable to start caused by too strict permissions on configuration files
- openldap: ldap-account-manager: fix access to tree view
- 🚀 homepage: fix homepage generation when the mumble role was deployed from a different play
- 0️⃣ jellyfin/samba: fix jellyfin samba share creation when samba role is not part of the same play
- samba: fix
samba_passdb_backend: ldapsam
mode when openldap role is not part of the same play - ✅ xsrv:
fetch-backups
: use the first host in alphabetical order, when no host is specified - monitoring: rsyslog: add correctness checks for
syslog_retention_days
variable - monitoring: netdata/needrestart: fix
needrestart_autorestart_services
value not taken into account when true - shaarli/transmission: fix
*_https_mode
variable checks - doc: fix broken links
🔒 Security:
- proxmox: fail2ban: fix detection of failed login attempts
- ⬆️