Update to 2021-12-17 09:00

roles/metabase/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-metabase_version: 0.41.4
+metabase_version: 0.41.5
 # URL to fetch the jar
 metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar
 # Expected sha1 of the jar
-metabase_jar_sha256: 8a14b5db169f2f66d8fcc0d9de597822e83a1f250c3cff57d4dddf384f2314f7
+metabase_jar_sha256: 0c7d71cb571354334d5f238869ac861f33a2e20d19ba434515b663b9f63e5cb9
 # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled
 metabase_manage_upgrade: True
 

roles/miniflux/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-miniflux_version: 2.0.33
+miniflux_version: 2.0.34
 # URL of the binary to install
 miniflux_bin_url: https://github.com/miniflux/v2/releases/download/{{ miniflux_version }}/miniflux-linux-amd64
 # Expected sha1 of the binary
-miniflux_bin_sha1: 4a0b48505cb21c12ea1e2e78dffa08ba76d8375c
+miniflux_bin_sha1: dd4ef2a91d7e84d8945daf54df9cb7dd05e22b3f
 # Should ansible handle upgrades ? If false, only initial install will be done
 miniflux_manage_upgrade: True
 

roles/miniflux/templates/miniflux.service.j2

@@ -7,6 +7,9 @@ Type=notify
 EnvironmentFile={{ miniflux_root_dir }}/etc/miniflux.conf
 User={{ miniflux_user }}
 ExecStart={{ miniflux_root_dir }}/bin/miniflux
+RuntimeDirectory=miniflux
+Restart=always
+RestartSec=5
 Restart=always
 NoNewPrivileges=true
 PrivateDevices=true
@@ -15,9 +18,20 @@ ProtectHome=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectSystem=strict
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectClock=yes
 RestrictRealtime=true
+RestrictNamespaces=yes
 ReadWritePaths=/run
 PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
+SystemCallErrorNumber=EPERM
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
 
 [Install]
 WantedBy=multi-user.target