From 3f14d5c2dff6ca466f8fe6ff21afc93c5540885c Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 17 Dec 2021 09:00:15 +0100 Subject: [PATCH] Update to 2021-12-17 09:00 --- roles/metabase/defaults/main.yml | 4 ++-- roles/miniflux/defaults/main.yml | 4 ++-- roles/miniflux/templates/miniflux.service.j2 | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/roles/metabase/defaults/main.yml b/roles/metabase/defaults/main.yml index c54b3d6..122a7fb 100644 --- a/roles/metabase/defaults/main.yml +++ b/roles/metabase/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -metabase_version: 0.41.4 +metabase_version: 0.41.5 # URL to fetch the jar metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar # Expected sha1 of the jar -metabase_jar_sha256: 8a14b5db169f2f66d8fcc0d9de597822e83a1f250c3cff57d4dddf384f2314f7 +metabase_jar_sha256: 0c7d71cb571354334d5f238869ac861f33a2e20d19ba434515b663b9f63e5cb9 # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled metabase_manage_upgrade: True diff --git a/roles/miniflux/defaults/main.yml b/roles/miniflux/defaults/main.yml index 05c1334..c9693a5 100644 --- a/roles/miniflux/defaults/main.yml +++ b/roles/miniflux/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to install -miniflux_version: 2.0.33 +miniflux_version: 2.0.34 # URL of the binary to install miniflux_bin_url: https://github.com/miniflux/v2/releases/download/{{ miniflux_version }}/miniflux-linux-amd64 # Expected sha1 of the binary -miniflux_bin_sha1: 4a0b48505cb21c12ea1e2e78dffa08ba76d8375c +miniflux_bin_sha1: dd4ef2a91d7e84d8945daf54df9cb7dd05e22b3f # Should ansible handle upgrades ? If false, only initial install will be done miniflux_manage_upgrade: True diff --git a/roles/miniflux/templates/miniflux.service.j2 b/roles/miniflux/templates/miniflux.service.j2 index 4635ac0..d28b65b 100644 --- a/roles/miniflux/templates/miniflux.service.j2 +++ b/roles/miniflux/templates/miniflux.service.j2 @@ -7,6 +7,9 @@ Type=notify EnvironmentFile={{ miniflux_root_dir }}/etc/miniflux.conf User={{ miniflux_user }} ExecStart={{ miniflux_root_dir }}/bin/miniflux +RuntimeDirectory=miniflux +Restart=always +RestartSec=5 Restart=always NoNewPrivileges=true PrivateDevices=true @@ -15,9 +18,20 @@ ProtectHome=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectClock=yes RestrictRealtime=true +RestrictNamespaces=yes ReadWritePaths=/run PrivateTmp=true +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged +SystemCallFilter=~@resources +SystemCallErrorNumber=EPERM +LockPersonality=yes +MemoryDenyWriteExecute=yes [Install] WantedBy=multi-user.target