xsrv v1.8.1 Release Notes

Release Date: 2022-07-10 // 3 months ago
  • โฌ†๏ธ Upgrade procedure:

    • ๐Ÿš€ xsrv upgrade to upgrade roles/ansible environments to the latest release
    • ๐Ÿš€ xsrv deploy to apply changes

    ๐Ÿ›  Fixed:

    • backup/rsnapshot: fix rsnapshot installation, always install from Debian repositories

Previous changes from v1.8.0

  • โฌ†๏ธ Upgrade procedure:

    • โฌ†๏ธ xsrv self-upgrade to upgrade the xsrv script
    • ๐Ÿš€ xsrv upgrade to upgrade roles/ansible environments to the latest release
    • gitea/gotty/graylog/homepage/jellyfin/nextcloud/openldap/rocketchat/rss_bridge/shaarli/transmission/tt_rss: ensure the apache role or equivalent is explicitly deployed to the host before deploying any of these roles.
    • jellyfin/samba: if both jellyfin and samba roles are deployed on the same host, ensure samba is deployed before jellyfin (xsrv edit-playbook)
    • valheim_server: if you are using the valheim_server role, update requirements.yml (xsrv edit-requirements) and playbook.yml (xsrv edit-playbook) to use the archived nodiscc.toolbox.valheim_server role instead.
    • ๐Ÿš€ xsrv deploy to apply changes

    โž• Added:

    • add mail_dovecot role - IMAP mailbox server
    • monitoring: netdata: allow streaming charts data/alarms to/from other netdata nodes (netdata_streaming_*)
    • monitoring: netdata: enable monitoring of hard drives SMART status
    • โœ… xsrv: add xsrv ssh subcommand (alias for shell)
    • openldap: allow secure LDAP communication over SSL/TLS on port 636/tcp (use a self-signed certificate)
    • ๐Ÿ”ง common: allow disabling PAM/user accounts configuration tasks (setup_users: yes/no)
    • common: allow blacklisting unused/potentially insecure kernel modules (kernel_modules_blacklist), disable unused network/firewire modules by default
    • common: automatically remove (purge) configuration files of removed packages, nightly, enabled by default (apt_purge_nightly: yes/no)
    • common: attempt to automatically repair (fsck) failed filesystems on boot
    • ๐Ÿณ docker: allow enabling automatic firewall/iptables rules setup by Docker (docker_iptables: no/yes)
    • ๐Ÿณ docker: install requirements for logging in to private docker registries
    • openldap: self-service-password/ldap-account-manager: make LDAP server URI configurable (*_ldap_url)
    • openldap: ldap-account-manager: allow specifying a trusted LDAPS server certificate (ldap_account_manager_ldaps_cert)
    • ๐Ÿ”ง samba: make events logged by full_audit configurable (samba_log_full_audit_success_events)
    • shaarli: add an option to configure thumbnail generation mode (shaarli_thumbnails_mode) and default number of links per page (shaarli_links_per_page, default 30)
    • postgresql: download pgmetrics report to the controller when running TAGS=utils-pgmetrics
    • ๐Ÿ“š all roles: checks: add an info message pointing to roles documentation when one or more variables are not correctly defined
    • โœ… xsrv: xsrv help-tags will now parse tag descriptions from custom roles in roles/ in addition to collections
    • ๐Ÿ“ฆ monitoring: utils: add iputils-ping package (ping utility)

    โœ‚ Removed:

    • common: firewalld/mail/msmtp: drop compatibilty with Debian 10
    • ๐Ÿšš valheim_server: remove role, archive it to separate repository (installs non-free components)

    ๐Ÿ”„ Changed:

    • netdata: needrestart: don't send e-mail notifications for needrestart alarms
    • netdata: debsecan: refresh debsecan reports every 6 hours instead of every hour
    • netdata: disable metrics gathering for /dev and /dev/shm virtual filesystems
    • all roles: checks all variables values before failing, when one or more variables are not correctly defined
    • โšก๏ธ tt_rss: don't send feed update errors by mail, log them to syslog
    • xsrv: always use the first host/group in alphabetical order when no host/group is specified
    • โฌ†๏ธ xsrv: upgrade ansible to v5.10.0
    • apache/proxmox: only setup fail2ban when it is marked as managed by ansible through ansible local facts
    • common: ssh: increase the frequency of "client alive" messages to 1 every 5 minutes
    • common: ssh/users: don't allow login for users without an existing home directory
    • apache: rsyslog: prefix apache access logs with apache-access: in syslog when apache_access_log_to_syslog: yes
    • homepage: improve homepage styling/layout, link directly to ssh:// and sftp:// URIs
    • 0๏ธโƒฃ homepage: reword default homepage_message
    • 0๏ธโƒฃ shaarli: default to generating thumbnails only for common media hosts
    • transmission: firewall: always allow bittorrent peer traffic from the public zone
    • monitoring_utils: lynis: review and whitelist unapplicable "suggestion" level report items (lynis_skip_tests)
    • ๐Ÿš€ nextcloud: upgrade to v24.0.1 [1] [2] [3]
    • ๐Ÿš€ gitea: upgrade to v1.16.8 [1] [2] [3]
    • โฌ†๏ธ openldap: ldap-account-manager: upgrade to v7.9.1
    • ๐Ÿš€ rss_bridge: upgrade to v2022-06-14
    • ๐Ÿš€ postgresql: update pgmetrics to v1.13.0
    • gitea/gotty/graylog/homepage/jellyfin/nextcloud/openldap/rocketchat/rss_bridge/shaarli/transmission/tt_rss: remove hard dependency on apache role
    • ๐Ÿ”ง cleanup: proxmox: use a single file to configure proxmox APT repositories
    • cleanup: apache: ensure no leftover mod-php installations are present
    • ๐Ÿ”ง cleanup: common: users: move PAM configuration to the main limits.conf configuration file
    • ๐Ÿ“š cleanup/tools: improve check mode support, standardize task names, remove unused template files, make usage of ansible_facts consistent in all roles, clarify xsrv script, reorder functions by purpose/component, automate documentation generation, improve tests/release procedure, automate initial check mode/deployment/idempotence tests
    • ๐Ÿ“š update documentation

    ๐Ÿ›  Fixed:

    • xsrv: init-project: fix inventory not correctly initialized
    • xsrv: fix xsrv shell/fetch-backups when a non-default XSRV_PROJECTS_DIR is specified by the user
    • common: ssh: fix confusion between AcceptEnv and PermitUserEnvironment settings
    • all roles: monitoring/netdata: fix systemd services health checks not loaded by netdata
    • apache: monitoring/rsyslog: fix rsyslog config installation when running with only --tags=monitoring
    • ๐Ÿ”ง graylog: fix elasticsearch/graylog unable to start caused by too strict permissions on configuration files
    • openldap: ldap-account-manager: fix access to tree view
    • ๐Ÿš€ homepage: fix homepage generation when the mumble role was deployed from a different play
    • 0๏ธโƒฃ jellyfin/samba: fix jellyfin samba share creation when samba role is not part of the same play
    • samba: fix samba_passdb_backend: ldapsam mode when openldap role is not part of the same play
    • โœ… xsrv: fetch-backups: use the first host in alphabetical order, when no host is specified
    • monitoring: rsyslog: add correctness checks for syslog_retention_days variable
    • monitoring: netdata/needrestart: fix needrestart_autorestart_services value not taken into account when true
    • shaarli/transmission: fix *_https_mode variable checks
    • doc: fix broken links

    ๐Ÿ”’ Security:

    • proxmox: fail2ban: fix detection of failed login attempts