From 3e527570d237d76b20d18332d9a8d4f33e8361cf Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 29 Jun 2023 10:00:34 +0200 Subject: [PATCH] Update to 2023-06-29 10:00 --- roles/babashka/defaults/main.yml | 4 +- roles/common/vars/Debian-12.yml | 11 ++++++ roles/consul/defaults/main.yml | 4 +- roles/consul_template/vars/RedHat-9.yml | 4 ++ roles/docker_compose/defaults/main.yml | 4 +- roles/docker_compose/tasks/main.yml | 4 +- roles/drbd/vars/RedHat-9.yml | 7 ++++ roles/drbd_reactor/vars/RedHat-9.yml | 4 ++ roles/etherpad/defaults/main.yml | 4 +- roles/gitea/vars/RedHat-9.yml | 6 +++ roles/httpd_php/defaults/main.yml | 35 ------------------ roles/httpd_php/tasks/main.yml | 9 +++++ roles/httpd_php/vars/RedHat-7.yml | 37 +++++++++++++++++++ roles/httpd_php/vars/RedHat-8.yml | 37 +++++++++++++++++++ roles/httpd_php/vars/RedHat-9.yml | 32 ++++++++++++++++ roles/includes/vars/RedHat-9.yml | 6 +++ roles/includes/webapps_webconf.yml | 9 +++++ roles/kimai/vars/RedHat-9.yml | 9 +++++ roles/ldap2pg/vars/RedHat-9.yml | 4 ++ roles/letsencrypt/vars/Debian-12.yml | 6 +++ roles/letsencrypt/vars/RedHat-9.yml | 5 +++ roles/linstor_controller/vars/RedHat-9.yml | 6 +++ roles/linstor_satellite/vars/RedHat-9.yml | 8 ++++ roles/matrix_element/defaults/main.yml | 4 +- roles/matrix_synapse/defaults/main.yml | 2 +- roles/matrix_synapse/vars/RedHat-9.yml | 28 ++++++++++++++ roles/miniflux/defaults/main.yml | 4 +- roles/nomad/vars/RedHat-9.yml | 12 ++++++ roles/ntp_client/vars/Debian-12.yml | 6 +++ roles/offen/vars/RedHat-9.yml | 5 +++ roles/paperless_ng/defaults/main.yml | 4 +- roles/repo_base/tasks/epel_RedHat-8.yml | 8 ++-- roles/repo_remi/vars/RedHat-9.yml | 3 ++ roles/repo_zabbix/tasks/Debian.yml | 3 +- roles/repo_zabbix/tasks/RedHat.yml | 4 +- roles/repo_zabbix/vars/RedHat-7.yml | 1 + roles/repo_zabbix/vars/RedHat-8.yml | 1 + roles/repo_zabbix/vars/RedHat-9.yml | 1 + roles/seafile/defaults/main.yml | 2 +- ...ile-pro-server_10.0.5_x86-64_CentOS.tar.gz | 3 -- ...ile-pro-server_10.0.6_x86-64_CentOS.tar.gz | 3 ++ roles/seafile/tasks/install.yml | 22 ----------- roles/seafile/vars/RedHat-8.yml | 19 ++++++---- roles/sftpgo/defaults/main.yml | 4 +- roles/squash_tm/vars/RedHat-9.yml | 6 +++ roles/squid/tasks/main.yml | 12 +++--- roles/squid/templates/ufdb_update.sh.j2 | 4 +- roles/unifi/meta/main.yml | 2 +- roles/vault/defaults/main.yml | 4 +- roles/wapt_server/tasks/conf.yml | 2 +- roles/wkhtmltopdf/vars/RedHat-8.yml | 2 +- roles/wkhtmltopdf/vars/RedHat-9.yml | 3 ++ roles/zabbix_agent/vars/Debian-12.yml | 14 +++++++ 53 files changed, 336 insertions(+), 107 deletions(-) create mode 100644 roles/common/vars/Debian-12.yml create mode 100644 roles/consul_template/vars/RedHat-9.yml create mode 100644 roles/drbd/vars/RedHat-9.yml create mode 100644 roles/drbd_reactor/vars/RedHat-9.yml create mode 100644 roles/gitea/vars/RedHat-9.yml create mode 100644 roles/httpd_php/vars/RedHat-7.yml create mode 100644 roles/httpd_php/vars/RedHat-8.yml create mode 100644 roles/httpd_php/vars/RedHat-9.yml create mode 100644 roles/includes/vars/RedHat-9.yml create mode 100644 roles/kimai/vars/RedHat-9.yml create mode 100644 roles/ldap2pg/vars/RedHat-9.yml create mode 100644 roles/letsencrypt/vars/Debian-12.yml create mode 100644 roles/letsencrypt/vars/RedHat-9.yml create mode 100644 roles/linstor_controller/vars/RedHat-9.yml create mode 100644 roles/linstor_satellite/vars/RedHat-9.yml create mode 100644 roles/matrix_synapse/vars/RedHat-9.yml create mode 100644 roles/nomad/vars/RedHat-9.yml create mode 100644 roles/ntp_client/vars/Debian-12.yml create mode 100644 roles/offen/vars/RedHat-9.yml create mode 100644 roles/repo_remi/vars/RedHat-9.yml delete mode 100644 roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz create mode 100644 roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz create mode 100644 roles/squash_tm/vars/RedHat-9.yml create mode 100644 roles/wkhtmltopdf/vars/RedHat-9.yml create mode 100644 roles/zabbix_agent/vars/Debian-12.yml diff --git a/roles/babashka/defaults/main.yml b/roles/babashka/defaults/main.yml index 7e0bb52..280f2fc 100644 --- a/roles/babashka/defaults/main.yml +++ b/roles/babashka/defaults/main.yml @@ -1,8 +1,8 @@ --- # Babashka version to deploy -bb_version: 1.3.180 +bb_version: 1.3.181 # URL of the archive bb_archive_url: https://github.com/babashka/babashka/releases/download/v{{ bb_version }}/babashka-{{ bb_version }}-linux-amd64-static.tar.gz # Expected sha256sum of the archive -bb_archive_sha256: 828eb9a3efd315fc2a392d1ea582b316d673fba3bbdb92d0421a35c7159c4b31 +bb_archive_sha256: fb7fb2b6f525833f1cf5aae285ba95e97428fa079ddd7d65e1fdd1376e2373aa diff --git a/roles/common/vars/Debian-12.yml b/roles/common/vars/Debian-12.yml new file mode 100644 index 0000000..0504827 --- /dev/null +++ b/roles/common/vars/Debian-12.yml @@ -0,0 +1,11 @@ +--- + +system_distro_utils: + - apt-transport-https + - openssh-client + - netcat-openbsd + - xz-utils + - liblz4-tool + - sshfs + - zstd + - cron diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml index 2c120ed..c3dd781 100644 --- a/roles/consul/defaults/main.yml +++ b/roles/consul/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of consul to deploy -consul_version: 1.15.3 +consul_version: 1.16.0 # URL from where the consul archive will be downloaded consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip # Expected sha256 of the archive -consul_archive_sha256: 86c6fe308d2e4eea106d21e20c307726eb87be87eab1f6dfb0d53db81b31d334 +consul_archive_sha256: c112d1b2ffcfa7d98cde5508bec3bce383ed3650290cc8be3cfe682b79bb13f1 # user account under which consul will run (will be created if needed) consul_user: consul diff --git a/roles/consul_template/vars/RedHat-9.yml b/roles/consul_template/vars/RedHat-9.yml new file mode 100644 index 0000000..6fd1b41 --- /dev/null +++ b/roles/consul_template/vars/RedHat-9.yml @@ -0,0 +1,4 @@ +--- + +consul_tpl_packages: + - zip diff --git a/roles/docker_compose/defaults/main.yml b/roles/docker_compose/defaults/main.yml index ebc12b8..5787e4d 100644 --- a/roles/docker_compose/defaults/main.yml +++ b/roles/docker_compose/defaults/main.yml @@ -1,4 +1,4 @@ --- -docker_compose_version: 1.29.2 -docker_compose_bin_sha256: f3f10cf3dbb8107e9ba2ea5f23c1d2159ff7321d16f0a23051d68d8e2547b323 +docker_compose_version: 2.19.0 +docker_compose_bin_sha256: 34e3b754d13eab683222f67827e20f640dfe0630b3b786c49a9de3f7fc7400a6 diff --git a/roles/docker_compose/tasks/main.yml b/roles/docker_compose/tasks/main.yml index 712db5b..2a3af14 100644 --- a/roles/docker_compose/tasks/main.yml +++ b/roles/docker_compose/tasks/main.yml @@ -6,7 +6,7 @@ tags: docker - name: Detect docker-compose version - shell: docker-compose -v | perl -ne '/version (\d+(\.\d+)+),/ && print "$1\n"' + shell: docker-compose -v | perl -ne '/version v?(\d+(\.\d+)+),?/ && print "$1\n"' register: docker_compose_current_version changed_when: False when: docker_compose_bin.stat.exists @@ -19,7 +19,7 @@ - name: Install docker-compose get_url: - url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 + url: https://github.com/docker/compose/releases/download/v{{ docker_compose_version }}/docker-compose-linux-x86_64 dest: /usr/local/bin/docker-compose mode: 0755 checksum: sha256:{{ docker_compose_bin_sha256 }} diff --git a/roles/drbd/vars/RedHat-9.yml b/roles/drbd/vars/RedHat-9.yml new file mode 100644 index 0000000..ccd5a8c --- /dev/null +++ b/roles/drbd/vars/RedHat-9.yml @@ -0,0 +1,7 @@ +--- + +drbd_packages: + - kmod-drbd90 + - drbd-utils + - drbd-udev + - drbd-bash-completion diff --git a/roles/drbd_reactor/vars/RedHat-9.yml b/roles/drbd_reactor/vars/RedHat-9.yml new file mode 100644 index 0000000..d2c68e7 --- /dev/null +++ b/roles/drbd_reactor/vars/RedHat-9.yml @@ -0,0 +1,4 @@ +--- + +drbd_reactor_packages: + - drbd-reactor diff --git a/roles/etherpad/defaults/main.yml b/roles/etherpad/defaults/main.yml index 2e589d1..e44a403 100644 --- a/roles/etherpad/defaults/main.yml +++ b/roles/etherpad/defaults/main.yml @@ -8,11 +8,11 @@ etherpad_root_dir: /opt/etherpad_{{ etherpad_id }} # Unix account under which etherpad will run. The user will be created if it doesn't exist etherpad_user: etherpad_{{ etherpad_id }} # Version to deploy -etherpad_version: 1.8.18 +etherpad_version: 1.9.1 # URL from where the archive will be downloaded etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz # Expected sha256 of the archive, to check the download were OK -etherpad_archive_sha256: 67ccc0bac94e146b26fbddcf8330e0f543a4ff82213c420a376644614a7ff2c4 +etherpad_archive_sha256: 667741235a2bcd8d28a32f5e611b82fb2ea7d11525ff41b8b5478b05a987b047 # Port on which the service will listen etherpad_port: 9003 # List of IP/CIDR for which the port will be opened (if iptables_manage == True) diff --git a/roles/gitea/vars/RedHat-9.yml b/roles/gitea/vars/RedHat-9.yml new file mode 100644 index 0000000..02daaaa --- /dev/null +++ b/roles/gitea/vars/RedHat-9.yml @@ -0,0 +1,6 @@ +--- + +gitea_packages: + - git + - git-lfs +gitea_scl_cmd: '' diff --git a/roles/httpd_php/defaults/main.yml b/roles/httpd_php/defaults/main.yml index 0486f83..58a0902 100644 --- a/roles/httpd_php/defaults/main.yml +++ b/roles/httpd_php/defaults/main.yml @@ -1,40 +1,5 @@ --- -httpd_php_common_modules: - - cli - - ldap - - imap - - gd - - xml - - xmlrpc - - soap - - opcache - - fpm - - mbstring - - mysqlnd - - pgsql - - json - - bcmath - - intl - - pear - - process - - snmp - - pecl-memcached - - pecl-zip - - pecl-apcu - - pecl-imagick - -httpd_php_versions: - - 56 - - 70 - - 71 - - 72 - - 73 - - 74 - - 80 - - 81 - - 82 - httpd_php_default_version: 82 #httpd_php_ansible_pools: diff --git a/roles/httpd_php/tasks/main.yml b/roles/httpd_php/tasks/main.yml index 86ffc5f..356e21b 100644 --- a/roles/httpd_php/tasks/main.yml +++ b/roles/httpd_php/tasks/main.yml @@ -1,5 +1,14 @@ --- +# Load distribution specific variables +- include_vars: "{{ item }}" + with_first_found: + - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" + - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_os_family }}.yml" + tags: web + - name: Build the list of packages set_fact: httpd_php_packages: "{{ httpd_php_packages | default([]) + [ 'php' ~ item.0 ~ '-php-' ~ item.1 ] }}" diff --git a/roles/httpd_php/vars/RedHat-7.yml b/roles/httpd_php/vars/RedHat-7.yml new file mode 100644 index 0000000..99e071e --- /dev/null +++ b/roles/httpd_php/vars/RedHat-7.yml @@ -0,0 +1,37 @@ +--- + +httpd_php_common_modules: + - cli + - ldap + - imap + - gd + - xml + - xmlrpc + - soap + - opcache + - fpm + - mbstring + - mysqlnd + - pgsql + - json + - bcmath + - intl + - pear + - process + - snmp + - pecl-memcached + - pecl-zip + - pecl-apcu + - pecl-imagick + +httpd_php_versions: + - 56 + - 70 + - 71 + - 72 + - 73 + - 74 + - 80 + - 81 + - 82 + diff --git a/roles/httpd_php/vars/RedHat-8.yml b/roles/httpd_php/vars/RedHat-8.yml new file mode 100644 index 0000000..99e071e --- /dev/null +++ b/roles/httpd_php/vars/RedHat-8.yml @@ -0,0 +1,37 @@ +--- + +httpd_php_common_modules: + - cli + - ldap + - imap + - gd + - xml + - xmlrpc + - soap + - opcache + - fpm + - mbstring + - mysqlnd + - pgsql + - json + - bcmath + - intl + - pear + - process + - snmp + - pecl-memcached + - pecl-zip + - pecl-apcu + - pecl-imagick + +httpd_php_versions: + - 56 + - 70 + - 71 + - 72 + - 73 + - 74 + - 80 + - 81 + - 82 + diff --git a/roles/httpd_php/vars/RedHat-9.yml b/roles/httpd_php/vars/RedHat-9.yml new file mode 100644 index 0000000..5d48be0 --- /dev/null +++ b/roles/httpd_php/vars/RedHat-9.yml @@ -0,0 +1,32 @@ +--- + +httpd_php_common_modules: + - cli + - ldap + - imap + - gd + - xml + - xmlrpc + - soap + - opcache + - fpm + - mbstring + - mysqlnd + - pgsql + - json + - bcmath + - intl + - pear + - process + - snmp + - pecl-memcached + - pecl-zip + - pecl-apcu + - pecl-imagick + +httpd_php_versions: + - 74 + - 80 + - 81 + - 82 + diff --git a/roles/includes/vars/RedHat-9.yml b/roles/includes/vars/RedHat-9.yml new file mode 100644 index 0000000..23d0ed6 --- /dev/null +++ b/roles/includes/vars/RedHat-9.yml @@ -0,0 +1,6 @@ +--- + +webapps_mysql_packages: + - python3-mysqlclient + - "{{ (mysql_engine is defined and mysql_engine == 'mysql') | ternary('mysql','mariadb') }}" + diff --git a/roles/includes/webapps_webconf.yml b/roles/includes/webapps_webconf.yml index cdcc20c..dddb7d4 100644 --- a/roles/includes/webapps_webconf.yml +++ b/roles/includes/webapps_webconf.yml @@ -1,4 +1,13 @@ --- + +- include_vars: "{{ item }}" + with_first_found: + - ../httpd_php/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml + - ../httpd_php/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml + - ../httpd_php/vars/{{ ansible_distribution }}.yml + - ../httpd_php/vars/{{ ansible_os_family }}.yml + - ../httpd_php/vars/defaults.yml + - name: Deploy httpd configuration template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-{{ app_id }}.conf notify: reload httpd diff --git a/roles/kimai/vars/RedHat-9.yml b/roles/kimai/vars/RedHat-9.yml new file mode 100644 index 0000000..70e647e --- /dev/null +++ b/roles/kimai/vars/RedHat-9.yml @@ -0,0 +1,9 @@ +--- + +kimai_packages: + - mariadb + - tar + - rsync + - acl + - zstd + - git diff --git a/roles/ldap2pg/vars/RedHat-9.yml b/roles/ldap2pg/vars/RedHat-9.yml new file mode 100644 index 0000000..75381d4 --- /dev/null +++ b/roles/ldap2pg/vars/RedHat-9.yml @@ -0,0 +1,4 @@ +--- + +ldap2pg_packages: + - ldap2pg diff --git a/roles/letsencrypt/vars/Debian-12.yml b/roles/letsencrypt/vars/Debian-12.yml new file mode 100644 index 0000000..17d3cc8 --- /dev/null +++ b/roles/letsencrypt/vars/Debian-12.yml @@ -0,0 +1,6 @@ +--- + +letsencrypt_packages: + - python3-pip + - python3-setuptools + - curl diff --git a/roles/letsencrypt/vars/RedHat-9.yml b/roles/letsencrypt/vars/RedHat-9.yml new file mode 100644 index 0000000..287de66 --- /dev/null +++ b/roles/letsencrypt/vars/RedHat-9.yml @@ -0,0 +1,5 @@ +--- + +letsencrypt_packages: + - dehydrated + - python3-dns-lexicon diff --git a/roles/linstor_controller/vars/RedHat-9.yml b/roles/linstor_controller/vars/RedHat-9.yml new file mode 100644 index 0000000..659d901 --- /dev/null +++ b/roles/linstor_controller/vars/RedHat-9.yml @@ -0,0 +1,6 @@ +--- + +linctl_packages: + - linstor-controller + - linstor-client + - tmpwatch diff --git a/roles/linstor_satellite/vars/RedHat-9.yml b/roles/linstor_satellite/vars/RedHat-9.yml new file mode 100644 index 0000000..6d206e0 --- /dev/null +++ b/roles/linstor_satellite/vars/RedHat-9.yml @@ -0,0 +1,8 @@ +--- + +linsat_packages: + - linstor-satellite + - lvm2 + - cryptsetup + - vdo + - kmod-kvdo diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml index e69261d..b8b9fbd 100644 --- a/roles/matrix_element/defaults/main.yml +++ b/roles/matrix_element/defaults/main.yml @@ -5,8 +5,8 @@ element_id: element # Version to deploy, and expected sha256 -element_version: 1.11.33 -element_archive_sha256: 9dd9fee2e1e70144960d21f7ee565c103cdd13a3d8f7a97b0e6b34f85f6eeb15 +element_version: 1.11.34 +element_archive_sha256: 627e02f34469707100da7df60aaa15599a7e99513ad115ef161dff2ea11db35c # Where to install element element_root_dir: /opt/matrix/element diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml index be240ce..34dbfb0 100644 --- a/roles/matrix_synapse/defaults/main.yml +++ b/roles/matrix_synapse/defaults/main.yml @@ -1,7 +1,7 @@ --- # Synapse version to deploy -synapse_version: '1.85.2' +synapse_version: '1.86.0' # Should ansible handle Synapse upgrades ? If false, only initial install will be done synapse_manage_upgrade: True diff --git a/roles/matrix_synapse/vars/RedHat-9.yml b/roles/matrix_synapse/vars/RedHat-9.yml new file mode 100644 index 0000000..c6d948e --- /dev/null +++ b/roles/matrix_synapse/vars/RedHat-9.yml @@ -0,0 +1,28 @@ +--- + +synapse_packages: + - libtiff-devel + - libjpeg-devel + - libzip-devel + - freetype-devel + - lcms2-devel + - libwebp-devel + - tcl-devel + - tk-devel + - libffi-devel + - openssl-devel + - libxslt-devel + - gcc + - gcc-c++ + - libtool + - autoconf + - automake + - postgresql15 + - postgresql-devel + - jemalloc + - python3-pip + - python3-devel + +synapse_jemalloc: /usr/lib64/libjemalloc.so.2 +synapse_python: /usr/bin/python3.9 +synapse_venv_lib_dir: "{{ synapse_root_dir }}/venv/lib/python3.9/site-packages/" diff --git a/roles/miniflux/defaults/main.yml b/roles/miniflux/defaults/main.yml index 56bc2e7..503e168 100644 --- a/roles/miniflux/defaults/main.yml +++ b/roles/miniflux/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to install -miniflux_version: 2.0.44 +miniflux_version: 2.0.45 # URL of the binary to install miniflux_bin_url: https://github.com/miniflux/v2/releases/download/{{ miniflux_version }}/miniflux-linux-amd64 # Expected sha256 of the binary -miniflux_bin_sha256: 1a7fb7db4f1590cb9889c9eb3ba368360da8fc911bb78c90e7aa471d3505c23e +miniflux_bin_sha256: 88699075efaed7b79986a2bfd072a17553065a2c7c151287465c1f659aa45cc9 # Should ansible handle upgrades ? If false, only initial install will be done miniflux_manage_upgrade: True diff --git a/roles/nomad/vars/RedHat-9.yml b/roles/nomad/vars/RedHat-9.yml new file mode 100644 index 0000000..08396f4 --- /dev/null +++ b/roles/nomad/vars/RedHat-9.yml @@ -0,0 +1,12 @@ +--- + +nomad_task_driver_packages: + java: + - java-17-openjdk-headless + qemu: + - qemu-kvm + podman: + - podman + - podman-docker + containerd-driver: + - containerd.io diff --git a/roles/ntp_client/vars/Debian-12.yml b/roles/ntp_client/vars/Debian-12.yml new file mode 100644 index 0000000..1f3c307 --- /dev/null +++ b/roles/ntp_client/vars/Debian-12.yml @@ -0,0 +1,6 @@ +--- + +ntp_ntpd_service: ntp +ntp_chrony_service: chrony +ntp_chrony_conf: /etc/chrony/chrony.conf +ntp_chrony_keyfile: /etc/chrony/chrony.keys diff --git a/roles/offen/vars/RedHat-9.yml b/roles/offen/vars/RedHat-9.yml new file mode 100644 index 0000000..ae38a35 --- /dev/null +++ b/roles/offen/vars/RedHat-9.yml @@ -0,0 +1,5 @@ +--- + +offen_packages: + - tar + - zstd diff --git a/roles/paperless_ng/defaults/main.yml b/roles/paperless_ng/defaults/main.yml index 3c051a0..7737285 100644 --- a/roles/paperless_ng/defaults/main.yml +++ b/roles/paperless_ng/defaults/main.yml @@ -1,13 +1,13 @@ --- # The version to deploy -paperless_version: 1.15.0 +paperless_version: 1.16.5 # Instance ID, as you can deploy several instances on the same server paperless_id: 1 # URL of the paperless archive paperless_archive_url: https://github.com/paperless-ngx/paperless-ngx/releases/download/v{{ paperless_version }}/paperless-ngx-v{{ paperless_version }}.tar.xz # Expected checksum -paperless_archive_sha256: 0080f6b117d427a9f60ca42c5c3571e0f75de04a40b6eabd1975483955d58ec8 +paperless_archive_sha256: 32afe72291a2c0bb765f0b5cdd3aa0069ea2d8a2c5579d4f89168ab8b53dd8ef # Should ansible handle install and upgrades, or only initial install paperless_manage_upgrade: True # Root directory where paperless will be installed diff --git a/roles/repo_base/tasks/epel_RedHat-8.yml b/roles/repo_base/tasks/epel_RedHat-8.yml index 560963e..8b85edb 100644 --- a/roles/repo_base/tasks/epel_RedHat-8.yml +++ b/roles/repo_base/tasks/epel_RedHat-8.yml @@ -4,9 +4,9 @@ yum_repository: name: epel description: "Extra Package for Enterprise Linux" - baseurl: https://fr2.rpmfind.net/linux/epel/$releasever/Everything/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Everything/$basearch + baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Everything/$basearch http://mir01.syntis.net/epel/$releasever/Everything/$basearch https://fr2.rpmfind.net/linux/epel/$releasever/Everything/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Everything/$basearch gpgcheck: True - gpgkey: https://mirror.in2p3.fr/pub/epel/RPM-GPG-KEY-EPEL-8 + gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 exclude: dehydrated tags: repo @@ -14,7 +14,7 @@ yum_repository: name: epel-modular description: "Extra Packages for Enterprise Linux Modular $releasever - $basearch" - baseurl: https://fr2.rpmfind.net/linux/epel/$releasever/Modular/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Modular/$basearch + baseurl: http://mirrors.ircam.fr/pub/fedora/epel/$releasever/Modular/$basearch http://mir01.syntis.net/epel/$releasever/Modular/$basearch https://fr2.rpmfind.net/linux/epel/$releasever/Modular/$basearch https://mirror.in2p3.fr/pub/epel/$releasever/Modular/$basearch gpgcheck: True - gpgkey: https://mirror.in2p3.fr/pub/epel/RPM-GPG-KEY-EPEL-8 + gpgkey: https://mir01.syntis.net/epel/RPM-GPG-KEY-EPEL-8 tags: repo diff --git a/roles/repo_remi/vars/RedHat-9.yml b/roles/repo_remi/vars/RedHat-9.yml new file mode 100644 index 0000000..4c91634 --- /dev/null +++ b/roles/repo_remi/vars/RedHat-9.yml @@ -0,0 +1,3 @@ +--- + +repo_remi_gpg_url: https://rpms.remirepo.net/RPM-GPG-KEY-remi2021 diff --git a/roles/repo_zabbix/tasks/Debian.yml b/roles/repo_zabbix/tasks/Debian.yml index 6222448..9c99d8e 100644 --- a/roles/repo_zabbix/tasks/Debian.yml +++ b/roles/repo_zabbix/tasks/Debian.yml @@ -15,6 +15,7 @@ - name: Add Zabbix Agent2 plugins repo apt_repository: - repo: deb http://repo.zabbix.com/zabbix-agent2-plugins/1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main + # Zabbix plugin repo doesn't have bookworm yet, so use bullseye for now in this case + repo: deb http://repo.zabbix.com/zabbix-agent2-plugins/1/{{ ansible_distribution | lower }} {{ (ansible_distribution_major_version is version('12', '>=')) | ternary('bullseye', ansible_distribution_release) }} main filename: zabbix tags: repo,zabbix diff --git a/roles/repo_zabbix/tasks/RedHat.yml b/roles/repo_zabbix/tasks/RedHat.yml index fbf00d4..d196e11 100644 --- a/roles/repo_zabbix/tasks/RedHat.yml +++ b/roles/repo_zabbix/tasks/RedHat.yml @@ -18,7 +18,7 @@ description: Zabbix Agent2 plugins Repository baseurl: http://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/$releasever/$basearch/ gpgcheck: True - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zabbix + gpgkey: "{{ zabbix_plugin_key }}" priority: 50 includepkgs: - zabbix* @@ -31,7 +31,7 @@ file: zabbix baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend gpgcheck: True - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zabbix + gpgkey: "{{ zabbix_repo_key }}" priority: 50 includepkgs: - zabbix* diff --git a/roles/repo_zabbix/vars/RedHat-7.yml b/roles/repo_zabbix/vars/RedHat-7.yml index 13068c5..16b1c7b 100644 --- a/roles/repo_zabbix/vars/RedHat-7.yml +++ b/roles/repo_zabbix/vars/RedHat-7.yml @@ -1,3 +1,4 @@ --- zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4 +zabbix_plugin_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 diff --git a/roles/repo_zabbix/vars/RedHat-8.yml b/roles/repo_zabbix/vars/RedHat-8.yml index 13068c5..16b1c7b 100644 --- a/roles/repo_zabbix/vars/RedHat-8.yml +++ b/roles/repo_zabbix/vars/RedHat-8.yml @@ -1,3 +1,4 @@ --- zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4 +zabbix_plugin_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 diff --git a/roles/repo_zabbix/vars/RedHat-9.yml b/roles/repo_zabbix/vars/RedHat-9.yml index 9461b46..eebe0d8 100644 --- a/roles/repo_zabbix/vars/RedHat-9.yml +++ b/roles/repo_zabbix/vars/RedHat-9.yml @@ -1,3 +1,4 @@ --- zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD +zabbix_plugin_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml index e8a99d4..13af0d6 100644 --- a/roles/seafile/defaults/main.yml +++ b/roles/seafile/defaults/main.yml @@ -11,7 +11,7 @@ # MaxUsers = "9" # Mode = "subscription" # etc... -seafile_version: "{{ seafile_license is defined | ternary('10.0.5','10.0.1') }}" +seafile_version: "{{ seafile_license is defined | ternary('10.0.6','10.0.1') }}" # Archive URL and sha256 are only used for the community version seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz diff --git a/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz deleted file mode 100644 index 32cd691..0000000 --- a/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1769a7734571c0abaecc71dafcbc3683a150951f7196eb626bc21ab658958f97 -size 144175847 diff --git a/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz new file mode 100644 index 0000000..b4b2ca0 --- /dev/null +++ b/roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0af3b246ad27fbc49b39ceb6da313404fb6df380a7ab387a44b395dfd4814519 +size 143913267 diff --git a/roles/seafile/tasks/install.yml b/roles/seafile/tasks/install.yml index f7123a3..e985809 100644 --- a/roles/seafile/tasks/install.yml +++ b/roles/seafile/tasks/install.yml @@ -35,7 +35,6 @@ - name: Install or update python modules in the virtualenv pip: - state: "{{ (seafile_install_mode == 'upgrade') | ternary('latest', 'present') }}" virtualenv: "{{ seafile_root_dir }}" virtualenv_command: /bin/python3.9 -m venv name: "{{ seafile_python_libs }}" @@ -44,27 +43,6 @@ - restart seahub tags: seafile -- name: Installer version specific python modules - pip: - virtualenv: "{{ seafile_root_dir }}" - virtualenv_command: /bin/python3.9 -m venv - name: - - future==0.18.* - - mysqlclient==2.1.* - - pillow==9.3.* - - captcha==0.4 - - django_simple_captcha==0.5.* - - djangosaml2==1.5.* - - pysaml2==7.2.* - - pycryptodome==3.16.* - - cffi==1.15.1 - - SQLAlchemy==1.4.3 - - chardet - notify: - - restart seafile - - restart seahub - tags: seafile - - name: Install Seafile pro license copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt when: diff --git a/roles/seafile/vars/RedHat-8.yml b/roles/seafile/vars/RedHat-8.yml index f6dace3..d4543d0 100644 --- a/roles/seafile/vars/RedHat-8.yml +++ b/roles/seafile/vars/RedHat-8.yml @@ -13,6 +13,7 @@ seafile_packages: - mysql-devel - zlib-devel - openldap-devel + - openssl-devel - gcc - tar - mariadb @@ -23,20 +24,24 @@ seafile_packages: - python3-setuptools # needed for ansible to create the venv seafile_python_libs: - - Pillow + - pillow==9.3.* - pylibmc - - captcha + - captcha==0.4 - jinja2 - - sqlalchemy + - SQLAlchemy==1.4.3 - psd-tools - django-pylibmc - - django-simple-captcha + - django_simple_captcha==0.5.* + - djangosaml2==1.5.* + - pysaml2==7.2.* - python-ldap - requests_oauthlib - - future - - mysqlclient - - pycryptodome + - future==0.18.* + - mysqlclient==2.1.* + - pycryptodome==3.16.* + - cffi==1.15.1 - lxml + - chardet seafile_rm_libs: - liblber-2.4.so.2 diff --git a/roles/sftpgo/defaults/main.yml b/roles/sftpgo/defaults/main.yml index da20c2c..48a366a 100644 --- a/roles/sftpgo/defaults/main.yml +++ b/roles/sftpgo/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -sftpgo_version: 2.5.1 +sftpgo_version: 2.5.2 # URL of the archive sftpgo_archive_url: https://github.com/drakkan/sftpgo/releases/download/v{{ sftpgo_version }}/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz # Expected sha1 of the archive -sftpgo_archive_sha256: 48d3f8e589a883cfed231fc06b7445a67e524ad6c7e8606f249af3cb7d8a722d +sftpgo_archive_sha256: b55e25addc4a9db6f49b869274a6b15294e2a0c7335b242be736c51ddca22835 # Should ansible handle upgrades ? If False, only initial install will be done sftpgo_manage_upgrade: True diff --git a/roles/squash_tm/vars/RedHat-9.yml b/roles/squash_tm/vars/RedHat-9.yml new file mode 100644 index 0000000..522ea4b --- /dev/null +++ b/roles/squash_tm/vars/RedHat-9.yml @@ -0,0 +1,6 @@ +--- + +squashtm_packages: + - java-11-openjdk + - tar + - zstd diff --git a/roles/squid/tasks/main.yml b/roles/squid/tasks/main.yml index 3e6dc2a..eab98f6 100644 --- a/roles/squid/tasks/main.yml +++ b/roles/squid/tasks/main.yml @@ -10,6 +10,12 @@ notify: restart squid tags: proxy + # Before 1.34.6-3 provided by EPEL, the service was handled by a init script and the service was named ufdb +- name: Check if the systemd unit is installed + stat: path=/lib/systemd/system/ufdbGuard.service + register: squid_ufdb_unit + tags: proxy + - name: Identify intercept HTTP ports (if any) set_fact: squid_intercept_http_ports={{ squid_http_ports | selectattr('port','defined') | selectattr('mode','defined') | selectattr('mode','equalto','intercept') | map(attribute='port') | list }} tags: firewall,proxy @@ -246,12 +252,6 @@ service: name=squid-clamd state={{ squid_scan_av | ternary('started','stopped') }} enabled={{ squid_scan_av | ternary(True,False) }} tags: proxy - # Before 1.34.6-3 provided by EPEL, the service was handled by a init script and the service was named ufdb -- name: Check if the systemd unit is installed - stat: path=/lib/systemd/system/ufdbGuard.service - register: squid_ufdb_unit - tags: proxy - - name: Handle ufdb daemon service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('started','stopped') }} enabled={{ squid_filter_url | ternary(True,False) }} tags: proxy diff --git a/roles/squid/templates/ufdb_update.sh.j2 b/roles/squid/templates/ufdb_update.sh.j2 index ae4b9a2..c57a5a8 100644 --- a/roles/squid/templates/ufdb_update.sh.j2 +++ b/roles/squid/templates/ufdb_update.sh.j2 @@ -1,7 +1,7 @@ #!/bin/sh {% if squid_ufdb_update_from_univ %} -/usr/bin/rsync -rzPq ftp.univ-tlse1.fr::blacklist/dest/ /var/ufdbguard/blacklists/ +/usr/bin/rsync -rzPq ftp.ut-capitole.fr::blacklist/dest/ /var/ufdbguard/blacklists/ {% endif %} find /var/ufdbguard/blacklists/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \;| while read CATEGORY; do @@ -16,5 +16,5 @@ find /var/ufdbguard/blacklists/ -mindepth 1 -maxdepth 1 -type d -exec basename " eval $CMD 2>/dev/null fi done -systemctl restart ufdb +systemctl restart {{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} exit 0 diff --git a/roles/unifi/meta/main.yml b/roles/unifi/meta/main.yml index 491f433..8967c50 100644 --- a/roles/unifi/meta/main.yml +++ b/roles/unifi/meta/main.yml @@ -4,4 +4,4 @@ dependencies: - role: mkdir - role: repo_mongodb # MongoDB isn't in base repo anymore on EL8 vars: - - mongo_major_version: 3.4 # Unifi recommends Mong 3.4 + - mongo_major_version: 3.6 # Unifi recommends Mong 3.6 diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml index b60179b..0995b0a 100644 --- a/roles/vault/defaults/main.yml +++ b/roles/vault/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of Vault to install -vault_version: 1.13.1 +vault_version: 1.14.0 # URL of the archive vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip # Expected sha256 of the archive -vault_archive_sha256: cf1015d0b30806515120d4a86672ea77da1fb0559e3839ba88d8e02e94e796a6 +vault_archive_sha256: 3d5c27e35d8ed43d861e892fc7d8f888f2fda4319a36f344f8c09603fb184b50 # Root dir where Nomad will be installed vault_root_dir: /opt/vault diff --git a/roles/wapt_server/tasks/conf.yml b/roles/wapt_server/tasks/conf.yml index 4dcc460..2995ac0 100644 --- a/roles/wapt_server/tasks/conf.yml +++ b/roles/wapt_server/tasks/conf.yml @@ -103,7 +103,7 @@ tags: wapt - name: Deploy WAPT Repo rsync secret - copy: content=wapt:{{ wapt_rsync_pass }} dest=/opt/wapt/conf/rsync.secrets mode=400 + copy: content=wapt:{{ wapt_rsync_pass }} dest=/opt/wapt/conf/rsync.secrets mode=400 owner=root group=root when: wapt_rsync_pass is defined tags: wapt diff --git a/roles/wkhtmltopdf/vars/RedHat-8.yml b/roles/wkhtmltopdf/vars/RedHat-8.yml index 862a915..b06a47a 100644 --- a/roles/wkhtmltopdf/vars/RedHat-8.yml +++ b/roles/wkhtmltopdf/vars/RedHat-8.yml @@ -1,3 +1,3 @@ --- -wkhtmltopdf_package_url: https://github.com/wkhtmltopdf/packaging/releases/download/{{ wkhtmltopdf_version }}/wkhtmltox-{{ wkhtmltopdf_version }}.centos8.x86_64.rpm +wkhtmltopdf_package_url: https://github.com/wkhtmltopdf/packaging/releases/download/{{ wkhtmltopdf_version }}/wkhtmltox-{{ wkhtmltopdf_version }}.almalinux8.x86_64.rpm diff --git a/roles/wkhtmltopdf/vars/RedHat-9.yml b/roles/wkhtmltopdf/vars/RedHat-9.yml new file mode 100644 index 0000000..a11788f --- /dev/null +++ b/roles/wkhtmltopdf/vars/RedHat-9.yml @@ -0,0 +1,3 @@ +--- + +wkhtmltopdf_package_url: https://github.com/wkhtmltopdf/packaging/releases/download/{{ wkhtmltopdf_version }}/wkhtmltox-{{ wkhtmltopdf_version }}.almalinux9.x86_64.rpm diff --git a/roles/zabbix_agent/vars/Debian-12.yml b/roles/zabbix_agent/vars/Debian-12.yml new file mode 100644 index 0000000..8157f56 --- /dev/null +++ b/roles/zabbix_agent/vars/Debian-12.yml @@ -0,0 +1,14 @@ +--- + +zabbix_agent_packages: + - openssl + - git + - libconfig-simple-perl + - libjson-perl + - libfile-which-perl + - smartmontools + - lm-sensors + - patch + - fping + - libstatistics-descriptive-perl + - libtimedate-perl