From 4c4556c6604ecca7dd52522a2fe29c3f982d4a08 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 1 Dec 2021 19:13:34 +0100 Subject: [PATCH] Update to 2021-12-01 19:13 --- README.md | 178 +++ ansible.cfg | 15 + library/iptables_raw.py | 1089 ++++++++++++++ playbooks/update_all.yml | 9 + playbooks/update_cacertificates.yml | 7 + playbooks/update_zabbix.yml | 42 + roles/akeneo_pim/README.md | 34 + roles/akeneo_pim/defaults/main.yml | 36 + roles/akeneo_pim/handlers/main.yml | 7 + roles/akeneo_pim/meta/main.yml | 12 + roles/akeneo_pim/tasks/archive_post.yml | 10 + roles/akeneo_pim/tasks/archive_pre.yml | 40 + roles/akeneo_pim/tasks/cleanup.yml | 8 + roles/akeneo_pim/tasks/conf.yml | 117 ++ roles/akeneo_pim/tasks/directories.yml | 30 + roles/akeneo_pim/tasks/facts.yml | 38 + roles/akeneo_pim/tasks/install.yml | 95 ++ roles/akeneo_pim/tasks/main.yml | 13 + roles/akeneo_pim/tasks/services.yml | 8 + roles/akeneo_pim/tasks/user.yml | 9 + roles/akeneo_pim/tasks/write_version.yml | 5 + .../akeneo-pim-events-api.service.j2 | 22 + .../templates/akeneo-pim-jobs.service.j2 | 22 + roles/akeneo_pim/templates/composer.json.j2 | 44 + roles/akeneo_pim/templates/env.j2 | 17 + roles/akeneo_pim/templates/httpd.conf.j2 | 31 + roles/akeneo_pim/templates/logrotate.conf.j2 | 6 + roles/akeneo_pim/templates/perms.sh.j2 | 11 + roles/akeneo_pim/templates/php.conf.j2 | 35 + roles/akeneo_pim/templates/post-backup.j2 | 3 + roles/akeneo_pim/templates/pre-backup.j2 | 14 + roles/ampache/defaults/main.yml | 95 ++ roles/ampache/handlers/main.yml | 4 + roles/ampache/meta/main.yml | 6 + roles/ampache/tasks/main.yml | 213 +++ roles/ampache/templates/ampache.cfg.php.j2 | 137 ++ roles/ampache/templates/cron.sh.j2 | 31 + roles/ampache/templates/httpd.conf.j2 | 27 + roles/ampache/templates/motd.php.j2 | 3 + roles/ampache/templates/perms.sh.j2 | 15 + roles/ampache/templates/php.conf.j2 | 37 + roles/ampache/templates/post-backup.j2 | 3 + roles/ampache/templates/pre-backup.j2 | 9 + roles/ampache/templates/sso.php.j2 | 6 + roles/appsmith/defaults/main.yml | 53 + roles/appsmith/handlers/main.yml | 4 + roles/appsmith/meta/main.yml | 11 + roles/appsmith/tasks/archive_post.yml | 10 + roles/appsmith/tasks/archive_pre.yml | 33 + roles/appsmith/tasks/cleanup.yml | 9 + roles/appsmith/tasks/conf.yml | 30 + roles/appsmith/tasks/directories.yml | 28 + roles/appsmith/tasks/facts.yml | 61 + roles/appsmith/tasks/install.yml | 141 ++ roles/appsmith/tasks/iptables.yml | 12 + roles/appsmith/tasks/main.yml | 17 + roles/appsmith/tasks/services.yml | 7 + roles/appsmith/tasks/user.yml | 8 + roles/appsmith/tasks/write_version.yml | 5 + .../templates/appsmith-server.service.j2 | 35 + roles/appsmith/templates/env.j2 | 25 + roles/appsmith/templates/nginx.conf.j2 | 34 + roles/appsmith/templates/post-backup.sh.j2 | 3 + roles/appsmith/templates/pre-backup.sh.j2 | 12 + roles/appsmith/templates/pre-start.sh.j2 | 19 + roles/backup/defaults/main.yml | 36 + roles/backup/files/dump-megaraid-cfg | 57 + roles/backup/files/dump-rpms-list | 3 + roles/backup/files/post-backup | 15 + roles/backup/files/pre-backup | 35 + roles/backup/files/rm-megaraid-cfg | 3 + roles/backup/tasks/main.yml | 94 ++ roles/backup/templates/sudo.j2 | 2 + roles/backuppc/defaults/main.yml | 19 + roles/backuppc/handlers/main.yml | 5 + roles/backuppc/meta/main.yml | 3 + roles/backuppc/tasks/main.yml | 53 + roles/backuppc/templates/httpd.conf.j2 | 25 + roles/backuppc/templates/sudoers.j2 | 3 + roles/bookstack/defaults/main.yml | 78 + roles/bookstack/meta/main.yml | 8 + roles/bookstack/tasks/archive_post.yml | 10 + roles/bookstack/tasks/archive_pre.yml | 31 + roles/bookstack/tasks/cleanup.yml | 9 + roles/bookstack/tasks/conf.yml | 54 + roles/bookstack/tasks/directories.yml | 23 + roles/bookstack/tasks/facts.yml | 20 + roles/bookstack/tasks/install.yml | 86 ++ roles/bookstack/tasks/main.yml | 13 + roles/bookstack/tasks/user.yml | 5 + roles/bookstack/tasks/write_version.yml | 5 + roles/bookstack/templates/env.j2 | 28 + roles/bookstack/templates/httpd.conf.j2 | 39 + roles/bookstack/templates/perms.sh.j2 | 19 + roles/bookstack/templates/php.conf.j2 | 35 + roles/bookstack/templates/post-backup.j2 | 3 + roles/bookstack/templates/pre-backup.j2 | 13 + roles/clamav/defaults/main.yml | 16 + roles/clamav/handlers/main.yml | 9 + roles/clamav/tasks/main.yml | 57 + roles/clamav/templates/clamd.conf.j2 | 12 + roles/clamav/templates/clamd.service.j2 | 13 + roles/clamav/templates/freshclam.conf.j2 | 12 + roles/clamav/templates/freshclam.service.j2 | 15 + roles/common/defaults/main.yml | 112 ++ .../common/files/MegaCli-8.07.14-1.noarch.rpm | Bin 0 -> 1549650 bytes roles/common/files/bash_aliases.sh | 10 + roles/common/files/crond | 1 + roles/common/files/fstrim_all | 10 + roles/common/files/megacli_8.07.14-1_all.deb | Bin 0 -> 1039248 bytes roles/common/files/vimrc.local_Debian | 4 + roles/common/handlers/main.yml | 33 + roles/common/meta/main.yml | 28 + roles/common/tasks/facts.yml | 5 + roles/common/tasks/guest.yml | 16 + roles/common/tasks/guest_Debian.yml | 4 + roles/common/tasks/guest_RedHat.yml | 5 + roles/common/tasks/hardware.yml | 18 + roles/common/tasks/hardware_Debian.yml | 30 + roles/common/tasks/hardware_RedHat.yml | 24 + roles/common/tasks/hostname.yml | 11 + roles/common/tasks/mail.yml | 15 + roles/common/tasks/main.yml | 26 + roles/common/tasks/system.yml | 153 ++ roles/common/tasks/tuned.yml | 35 + roles/common/tasks/tz.yml | 5 + roles/common/tasks/utils.yml | 19 + roles/common/templates/bash_aliases.sh.j2 | 13 + roles/common/templates/journal-upload.conf.j2 | 7 + roles/common/templates/journald.conf.j2 | 4 + .../templates/rc-local-shutdown.service.j2 | 15 + roles/common/templates/rc.local.j2 | 9 + roles/common/templates/rc.local.shutdown.j2 | 9 + .../systemd-journal-upload.service.j2 | 22 + roles/common/vars/Debian-10.yml | 10 + roles/common/vars/Debian-11.yml | 10 + roles/common/vars/Debian-8.yml | 9 + roles/common/vars/Debian-9.yml | 10 + roles/common/vars/RedHat-7.yml | 13 + roles/common/vars/RedHat-8.yml | 13 + roles/common/vars/Ubuntu-20.yml | 10 + roles/composer/meta/main.yml | 4 + roles/composer/tasks/cleanup.yml | 11 + roles/composer/tasks/install.yml | 7 + roles/composer/tasks/main.yml | 4 + roles/coturn/defaults/main.yml | 38 + roles/coturn/handlers/main.yml | 4 + roles/coturn/meta/main.yml | 4 + roles/coturn/tasks/main.yml | 122 ++ .../templates/dehydrated_deploy_hook.j2 | 13 + roles/coturn/templates/turnserver.conf.j2 | 43 + roles/crowdsec/defaults/main.yml | 97 ++ roles/crowdsec/handlers/main.yml | 7 + roles/crowdsec/meta/main.yml | 6 + roles/crowdsec/tasks/cleanup.yml | 8 + roles/crowdsec/tasks/conf.yml | 126 ++ roles/crowdsec/tasks/directories.yml | 21 + roles/crowdsec/tasks/facts.yml | 84 ++ roles/crowdsec/tasks/install.yml | 74 + roles/crowdsec/tasks/iptables.yml | 15 + roles/crowdsec/tasks/main.yml | 11 + roles/crowdsec/tasks/services.yml | 5 + roles/crowdsec/tasks/user.yml | 6 + roles/crowdsec/templates/acquis.yaml.j2 | 6 + .../crowdsec/templates/acquis/system.yaml.j2 | 5 + roles/crowdsec/templates/config.yaml.j2 | 65 + roles/crowdsec/templates/dev.yaml.j2 | 39 + .../templates/local_api_credentials.yaml.j2 | 3 + .../templates/online_api_credentials.yaml.j2 | 7 + .../parsers/s02-enrich/trusted_ip.yaml.j2 | 16 + roles/crowdsec/templates/post-backup.j2 | 3 + roles/crowdsec/templates/pre-backup.j2 | 19 + roles/crowdsec/templates/profiles.yaml.j2 | 33 + roles/crowdsec/templates/simulation.yaml.j2 | 1 + .../defaults/main.yml | 15 + .../handlers/main.yml | 4 + .../tasks/cleanup.yml | 8 + .../crowdsec_firewall_bouncer/tasks/conf.yml | 6 + .../tasks/directories.yml | 9 + .../crowdsec_firewall_bouncer/tasks/facts.yml | 73 + .../tasks/install.yml | 70 + .../tasks/iptables.yml | 17 + .../crowdsec_firewall_bouncer/tasks/main.yml | 10 + .../tasks/services.yml | 5 + .../templates/cs-firewall-bouncer.yaml.j2 | 12 + .../crowdsec_firewall_bouncer/vars/Debian.yml | 3 + .../crowdsec_firewall_bouncer/vars/RedHat.yml | 3 + roles/diagrams/defaults/main.yml | 17 + roles/diagrams/handlers/main.yml | 4 + roles/diagrams/meta/main.yml | 7 + roles/diagrams/tasks/archive_post.yml | 14 + roles/diagrams/tasks/archive_pre.yml | 9 + roles/diagrams/tasks/cleanup.yml | 7 + roles/diagrams/tasks/conf.yml | 21 + roles/diagrams/tasks/directories.yml | 38 + roles/diagrams/tasks/facts.yml | 12 + roles/diagrams/tasks/install.yml | 15 + roles/diagrams/tasks/iptables.yml | 9 + roles/diagrams/tasks/main.yml | 23 + roles/diagrams/tasks/selinux.yml | 25 + roles/diagrams/tasks/services.yml | 5 + roles/diagrams/tasks/write_version.yml | 5 + roles/diagrams/templates/server.xml.j2 | 22 + roles/diagrams/templates/sysconfig.j2 | 3 + roles/dnscache/defaults/main.yml | 71 + roles/dnscache/handlers/main.yml | 4 + roles/dnscache/tasks/main.yml | 53 + roles/dnscache/templates/dnscache.conf.j2 | 10 + roles/dnscache/templates/roots.j2 | 3 + roles/docker/defaults/main.yml | 19 + roles/docker/handlers/main.yml | 5 + roles/docker/meta/main.yml | 5 + roles/docker/tasks/conf.yml | 67 + roles/docker/tasks/directories.yml | 8 + roles/docker/tasks/facts.yml | 8 + roles/docker/tasks/install.yml | 4 + roles/docker/tasks/install_RedHat.yml | 19 + roles/docker/tasks/main.yml | 7 + roles/docker/tasks/service.yml | 6 + roles/docker/templates/daemon.json.j2 | 1 + .../templates/docker-service-ansible.conf.j2 | 5 + roles/docker_compose/defaults/main.yml | 4 + roles/docker_compose/tasks/main.yml | 28 + .../defaults/main.yml | 6 + .../handlers/main.yml | 5 + .../docker_volume_local_persist/meta/main.yml | 4 + .../tasks/main.yml | 40 + .../docker-volume-local-persist.service.j2 | 11 + roles/documize/defaults/main.yml | 35 + roles/documize/handlers/main.yml | 5 + roles/documize/meta/main.yml | 8 + roles/documize/tasks/archive_post.yml | 10 + roles/documize/tasks/archive_pre.yml | 41 + roles/documize/tasks/cleanup.yml | 7 + roles/documize/tasks/conf.yml | 6 + roles/documize/tasks/directories.yml | 20 + roles/documize/tasks/facts.yml | 33 + roles/documize/tasks/install.yml | 72 + roles/documize/tasks/iptables.yml | 8 + roles/documize/tasks/main.yml | 16 + roles/documize/tasks/services.yml | 7 + roles/documize/tasks/user.yml | 5 + roles/documize/tasks/write_version.yml | 5 + roles/documize/templates/documize.conf.j2 | 15 + roles/documize/templates/documize.service.j2 | 24 + roles/documize/templates/post-backup.j2 | 3 + roles/documize/templates/pre-backup.j2 | 26 + roles/dokuwiki/defaults/main.yml | 204 +++ roles/dokuwiki/files/authhttpldap/auth.php | 63 + .../files/authhttpldap/plugin.info.txt | 7 + roles/dokuwiki/handlers/main.yml | 3 + roles/dokuwiki/meta/main.yml | 6 + roles/dokuwiki/tasks/filebeat.yml | 5 + roles/dokuwiki/tasks/main.yml | 393 +++++ roles/dokuwiki/templates/filebeat.yml.j2 | 7 + roles/dokuwiki/templates/htaccess.j2 | 17 + roles/dokuwiki/templates/httpd.conf.j2 | 41 + roles/dokuwiki/templates/local.php.j2 | 14 + .../dokuwiki/templates/local.protected.php.j2 | 37 + roles/dokuwiki/templates/perms.sh.j2 | 16 + roles/dokuwiki/templates/php.conf.j2 | 37 + .../templates/plugins.protected.php.j2 | 3 + roles/dolibarr/defaults/main.yml | 36 + roles/dolibarr/files/dolibarr_token.patch | 10 + roles/dolibarr/handlers/main.yml | 4 + roles/dolibarr/meta/main.yml | 6 + roles/dolibarr/tasks/archive_post.yml | 13 + roles/dolibarr/tasks/archive_pre.yml | 15 + roles/dolibarr/tasks/cleanup.yml | 11 + roles/dolibarr/tasks/conf.yml | 41 + roles/dolibarr/tasks/directories.yml | 13 + roles/dolibarr/tasks/facts.yml | 28 + roles/dolibarr/tasks/install.yml | 142 ++ roles/dolibarr/tasks/main.yml | 13 + roles/dolibarr/tasks/user.yml | 8 + roles/dolibarr/tasks/write_version.yml | 7 + roles/dolibarr/templates/dolibarr.conf.j2 | 30 + roles/dolibarr/templates/httpd.conf.j2 | 19 + roles/dolibarr/templates/logrotate.conf.j2 | 7 + roles/dolibarr/templates/perms.sh.j2 | 21 + roles/dolibarr/templates/php.conf.j2 | 37 + roles/dolibarr/templates/post-backup.j2 | 3 + roles/dolibarr/templates/pre-backup.j2 | 9 + roles/elasticsearch/defaults/main.yml | 14 + roles/elasticsearch/handlers/main.yml | 4 + roles/elasticsearch/meta/main.yml | 5 + roles/elasticsearch/tasks/backup.yml | 18 + roles/elasticsearch/tasks/conf.yml | 9 + roles/elasticsearch/tasks/directories.yml | 14 + roles/elasticsearch/tasks/install.yml | 42 + roles/elasticsearch/tasks/iptables.yml | 13 + roles/elasticsearch/tasks/main.yml | 10 + roles/elasticsearch/tasks/services.yml | 6 + .../templates/elasticsearch.yml.j2 | 11 + .../templates/log4j2.properties.j2 | 28 + roles/elasticsearch/templates/post-backup.j2 | 5 + roles/elasticsearch/templates/pre-backup.j2 | 7 + roles/ethercalc/defaults/main.yml | 32 + roles/ethercalc/handlers/main.yml | 4 + roles/ethercalc/meta/main.yml | 4 + roles/ethercalc/tasks/main.yml | 69 + roles/ethercalc/templates/env.j2 | 2 + .../ethercalc/templates/ethercalc.service.j2 | 21 + roles/etherpad/defaults/main.yml | 47 + roles/etherpad/handlers/main.yml | 6 + roles/etherpad/meta/main.yml | 6 + roles/etherpad/tasks/archive_post.yml | 9 + roles/etherpad/tasks/archive_pre.yml | 28 + roles/etherpad/tasks/cleanup.yml | 10 + roles/etherpad/tasks/conf.yml | 15 + roles/etherpad/tasks/directories.yml | 18 + roles/etherpad/tasks/facts.yml | 46 + roles/etherpad/tasks/install.yml | 78 + roles/etherpad/tasks/iptables.yml | 10 + roles/etherpad/tasks/main.yml | 17 + roles/etherpad/tasks/service.yml | 7 + roles/etherpad/tasks/user.yml | 7 + roles/etherpad/tasks/write_version.yml | 8 + roles/etherpad/templates/etherpad.service.j2 | 24 + roles/etherpad/templates/perms.sh.j2 | 7 + roles/etherpad/templates/post_backup.sh.j2 | 3 + roles/etherpad/templates/pre_backup.sh.j2 | 12 + roles/etherpad/templates/settings.json.j2 | 32 + roles/filebeat/defaults/main.yml | 12 + roles/filebeat/handlers/main.yml | 10 + roles/filebeat/meta/main.yml | 3 + roles/filebeat/tasks/main.yml | 75 + .../ansible_inputs.d/system_specific.yml.j2 | 13 + .../templates/ansible_modules.d/auditd.yml.j2 | 7 + .../templates/ansible_modules.d/system.yml.j2 | 9 + roles/filebeat/templates/filebeat.service.j2 | 14 + roles/filebeat/templates/filebeat.yml.j2 | 41 + .../filebeat/templates/journalbeat.service.j2 | 14 + roles/filebeat/templates/journalbeat.yml.j2 | 34 + roles/framadate/defaults/main.yml | 48 + roles/framadate/files/framadate.sql | 67 + roles/framadate/handlers/main.yml | 3 + roles/framadate/meta/main.yml | 5 + roles/framadate/tasks/main.yml | 256 ++++ roles/framadate/templates/config.php.j2 | 39 + roles/framadate/templates/httpd.conf.j2 | 45 + roles/framadate/templates/perms.sh.j2 | 17 + roles/framadate/templates/php.conf.j2 | 36 + roles/freepbx/defaults/main.yml | 52 + roles/freepbx/files/agi/jitsi_conf_pin | 23 + .../files/patches/install_dbhost.patch | 32 + .../freepbx/files/patches/webrtc_proxy.patch | 21 + roles/freepbx/files/safe_asterisk | 228 +++ roles/freepbx/handlers/main.yml | 16 + roles/freepbx/meta/main.yml | 9 + roles/freepbx/tasks/filebeat.yml | 5 + roles/freepbx/tasks/main.yml | 442 ++++++ roles/freepbx/templates/amportal.j2 | 3 + .../templates/asterisk/manager.conf.j2 | 28 + roles/freepbx/templates/filebeat.yml.j2 | 9 + roles/freepbx/templates/freepbx.conf.j2 | 13 + roles/freepbx/templates/freepbx.service.j2 | 19 + roles/freepbx/templates/fwconsole.j2 | 3 + roles/freepbx/templates/httpd.conf.j2 | 20 + roles/freepbx/templates/logrotate.conf.j2 | 27 + roles/freepbx/templates/perms.sh.j2 | 18 + roles/freepbx/templates/php.conf.j2 | 45 + roles/freepbx/templates/post_backup.sh.j2 | 3 + roles/freepbx/templates/pre_backup.sh.j2 | 20 + roles/freepbx/templates/vsftpd/chroot_list.j2 | 1 + roles/freepbx/templates/vsftpd/pam.j2 | 7 + roles/freepbx/templates/vsftpd/user_list.j2 | 1 + roles/freepbx/templates/vsftpd/vsftpd.conf.j2 | 15 + roles/freepbx/vars/RedHat-7.yml | 32 + roles/freepbx/vars/RedHat-8.yml | 31 + roles/funkwhale/defaults/main.yml | 55 + roles/funkwhale/handlers/main.yml | 7 + roles/funkwhale/meta/main.yml | 13 + roles/funkwhale/tasks/archive_post.yml | 11 + roles/funkwhale/tasks/archive_pre.yml | 32 + roles/funkwhale/tasks/cleanup.yml | 12 + roles/funkwhale/tasks/conf.yml | 17 + roles/funkwhale/tasks/directories.yml | 30 + roles/funkwhale/tasks/facts.yml | 42 + roles/funkwhale/tasks/install.yml | 183 +++ roles/funkwhale/tasks/main.yml | 14 + roles/funkwhale/tasks/service.yml | 9 + roles/funkwhale/tasks/user.yml | 10 + roles/funkwhale/tasks/write_version.yml | 6 + roles/funkwhale/templates/env.j2 | 34 + .../templates/funkwhale-beat.service.j2 | 22 + .../templates/funkwhale-server.service.j2 | 23 + .../funkwhale-update-media.service.j2 | 23 + .../templates/funkwhale-update-media.timer.j2 | 8 + .../templates/funkwhale-worker.service.j2 | 22 + roles/funkwhale/templates/httpd.conf.j2 | 81 + roles/funkwhale/templates/perms.sh.j2 | 15 + roles/funkwhale/templates/post-backup.sh.j2 | 3 + roles/funkwhale/templates/pre-backup.sh.j2 | 11 + roles/funkwhale/vars/RedHat-7.yml | 17 + roles/funkwhale/vars/RedHat-8.yml | 16 + roles/fusioninventory_agent/defaults/main.yml | 17 + roles/fusioninventory_agent/handlers/main.yml | 3 + .../tasks/install_Debian.yml | 45 + .../tasks/install_RedHat.yml | 6 + roles/fusioninventory_agent/tasks/main.yml | 24 + .../templates/agent.cfg.j2 | 7 + roles/g2cs/README.md | 17 + roles/g2cs/defaults/main.yml | 11 + roles/g2cs/files/g2cs.pl | 183 +++ roles/g2cs/handlers/main.yml | 4 + roles/g2cs/tasks/install.yml | 38 + roles/g2cs/tasks/iptables.yml | 8 + roles/g2cs/tasks/main.yml | 7 + roles/g2cs/tasks/service.yml | 5 + roles/g2cs/tasks/user.yml | 5 + roles/g2cs/templates/g2cs.service.j2 | 26 + roles/geoipupdate/defaults/main.yml | 7 + roles/geoipupdate/handlers/main.yml | 4 + roles/geoipupdate/tasks/main.yml | 32 + roles/geoipupdate/templates/GeoIP.conf.j2 | 4 + .../templates/geoipupdate.service.j2 | 7 + .../templates/geoipupdate.timer.j2 | 9 + roles/gitea/defaults/main.yml | 39 + roles/gitea/handlers/main.yml | 4 + roles/gitea/meta/main.yml | 6 + roles/gitea/tasks/admin_user.yml | 30 + roles/gitea/tasks/archive_post.yml | 6 + roles/gitea/tasks/archive_pre.yml | 23 + roles/gitea/tasks/cleanup.yml | 8 + roles/gitea/tasks/conf.yml | 34 + roles/gitea/tasks/directories.yml | 28 + roles/gitea/tasks/facts.yml | 36 + roles/gitea/tasks/install.yml | 61 + roles/gitea/tasks/iptables.yml | 14 + roles/gitea/tasks/main.yml | 16 + roles/gitea/tasks/service.yml | 4 + roles/gitea/tasks/user.yml | 8 + roles/gitea/tasks/write_version.yml | 6 + roles/gitea/templates/app.ini.j2 | 106 ++ roles/gitea/templates/git.sh.j2 | 3 + roles/gitea/templates/gitea.service.j2 | 26 + roles/gitea/templates/perms.sh.j2 | 5 + roles/gitea/templates/post_backup.sh.j2 | 3 + roles/gitea/templates/pre_backup.sh.j2 | 10 + roles/gitea/vars/RedHat-7.yml | 6 + roles/gitea/vars/RedHat-8.yml | 6 + roles/glpi/defaults/main.yml | 96 ++ roles/glpi/handlers/main.yml | 4 + roles/glpi/meta/main.yml | 8 + roles/glpi/tasks/archive_post.yml | 8 + roles/glpi/tasks/archive_pre.yml | 9 + roles/glpi/tasks/cleanup.yml | 20 + roles/glpi/tasks/conf.yml | 39 + roles/glpi/tasks/directories.yml | 24 + roles/glpi/tasks/facts.yml | 21 + roles/glpi/tasks/filebeat.yml | 5 + roles/glpi/tasks/install.yml | 142 ++ roles/glpi/tasks/main.yml | 14 + roles/glpi/tasks/user.yml | 8 + roles/glpi/tasks/write_version.yml | 17 + roles/glpi/templates/config_db.php.j2 | 8 + roles/glpi/templates/filebeat.yml.j2 | 7 + roles/glpi/templates/httpd.conf.j2 | 29 + roles/glpi/templates/local_define.php.j2 | 9 + roles/glpi/templates/logrotate.conf.j2 | 7 + roles/glpi/templates/perms.sh.j2 | 20 + roles/glpi/templates/php.conf.j2 | 35 + roles/glpi/templates/post_backup.j2 | 3 + roles/glpi/templates/pre_backup.j2 | 11 + roles/glpi/templates/sso.php.j2 | 6 + roles/grafana/defaults/main.yml | 89 ++ roles/grafana/handlers/main.yml | 5 + roles/grafana/meta/main.yml | 3 + roles/grafana/tasks/main.yml | 141 ++ roles/grafana/templates/grafana.ini.j2 | 75 + roles/grafana/templates/ldap.toml.j2 | 37 + roles/graylog/defaults/main.yml | 73 + roles/graylog/handlers/main.yml | 5 + roles/graylog/meta/main.yml | 6 + roles/graylog/tasks/archive_post.yml | 7 + roles/graylog/tasks/archive_pre.yml | 27 + roles/graylog/tasks/cleanup.yml | 8 + roles/graylog/tasks/conf.yml | 33 + roles/graylog/tasks/directories.yml | 39 + roles/graylog/tasks/facts.yml | 82 + roles/graylog/tasks/filebeat.yml | 5 + roles/graylog/tasks/install.yml | 100 ++ roles/graylog/tasks/iptables.yml | 20 + roles/graylog/tasks/main.yml | 16 + roles/graylog/tasks/service.yml | 6 + roles/graylog/tasks/user.yml | 9 + roles/graylog/tasks/write_version.yml | 5 + .../templates/dehydrated_deploy_hook.j2 | 12 + roles/graylog/templates/filebeat.yml.j2 | 4 + roles/graylog/templates/graylog-server.j2 | 29 + .../templates/graylog-server.service.j2 | 37 + roles/graylog/templates/log4j2.xml.j2 | 36 + roles/graylog/templates/logrotate.conf.j2 | 8 + roles/graylog/templates/post-backup.j2 | 3 + roles/graylog/templates/pre-backup.j2 | 12 + roles/graylog/templates/server.conf.j2 | 60 + roles/httpd_common/defaults/main.yml | 67 + roles/httpd_common/files/index_default.html | 0 .../httpd_common/files/index_maintenance.html | 1 + roles/httpd_common/handlers/main.yml | 10 + roles/httpd_common/meta/main.yml | 3 + roles/httpd_common/tasks/filebeat.yml | 5 + roles/httpd_common/tasks/main.yml | 164 ++ .../templates/00-base_mod.conf.j2 | 6 + roles/httpd_common/templates/10-mpm.conf.j2 | 1 + roles/httpd_common/templates/20-cgi.conf.j2 | 5 + .../httpd_common/templates/autoindex.conf.j2 | 45 + .../httpd_common/templates/common_env.inc.j2 | 7 + .../templates/dir_ansible.conf.j2 | 34 + roles/httpd_common/templates/errors.conf.j2 | 30 + roles/httpd_common/templates/filebeat.yml.j2 | 15 + roles/httpd_common/templates/httpd.conf.j2 | 55 + .../httpd_common/templates/logrotate.conf.j2 | 11 + roles/httpd_common/templates/status.conf.j2 | 7 + .../templates/vhost_ansible.conf.j2 | 204 +++ .../templates/vhost_default.conf.j2 | 24 + roles/httpd_common/vars/RedHat-7.yml | 8 + roles/httpd_common/vars/RedHat-8.yml | 8 + roles/httpd_common/vars/defaults.yml | 4 + roles/httpd_front/defaults/main.yml | 39 + .../httpd_front/files/dehydrated_deploy_hook | 3 + roles/httpd_front/handlers/main.yml | 8 + roles/httpd_front/meta/main.yml | 4 + roles/httpd_front/tasks/main.yml | 134 ++ roles/httpd_front/templates/01-front.conf.j2 | 3 + .../httpd_front/templates/02-evasive.conf.j2 | 1 + .../httpd_front/templates/common_cache.inc.j2 | 15 + .../templates/common_filter.inc.j2 | 153 ++ .../templates/common_force_ssl.inc.j2 | 5 + .../templates/common_maintenance.inc.j2 | 7 + .../templates/common_mod_security2.inc.j2 | 15 + .../httpd_front/templates/common_perf.inc.j2 | 70 + roles/httpd_front/templates/evasive.conf.j2 | 17 + roles/httpd_front/templates/htcacheclean.j2 | 4 + roles/httpd_front/templates/security.conf.j2 | 51 + roles/httpd_front/templates/ssl.conf.j2 | 25 + .../templates/vhost_downtime.conf.j2 | 25 + roles/httpd_mod_perl/files/03-perl.conf | 1 + roles/httpd_mod_perl/tasks/main.yml | 11 + .../files/04-proxy_uwsgi.conf | 1 + roles/httpd_mod_proxy_uwsgi/meta/main.yml | 3 + roles/httpd_mod_proxy_uwsgi/tasks/main.yml | 7 + roles/httpd_php/defaults/main.yml | 44 + roles/httpd_php/files/tmpfiles.conf | 1 + roles/httpd_php/handlers/main.yml | 18 + roles/httpd_php/meta/main.yml | 5 + roles/httpd_php/tasks/main.yml | 96 ++ .../templates/default_fpm_pool.conf.j2 | 1 + roles/httpd_php/templates/httpd_php.conf.j2 | 5 + roles/httpd_php/templates/php-fpm.conf.j2 | 9 + roles/httpd_php/templates/php.ini.j2 | 166 ++ .../templates/php_fpm_ansible_pools.conf.j2 | 61 + .../httpd_php/templates/php_fpm_pool.conf.j2 | 30 + roles/httpd_webdav/meta/main.yml | 4 + roles/includes/create_selfsigned_cert.yml | 20 + roles/includes/create_system_user.yml | 8 + roles/includes/disable_selinux.yml | 10 + roles/includes/get_rand_pass.yml | 24 + roles/includes/vars/Debian.yml | 5 + roles/includes/vars/RedHat-7.yml | 5 + roles/includes/vars/RedHat-8.yml | 6 + roles/includes/webapps_archive.yml | 27 + roles/includes/webapps_compress_archive.yml | 13 + roles/includes/webapps_create_mysql_db.yml | 39 + roles/includes/webapps_post.yml | 18 + roles/includes/webapps_set_install_mode.yml | 27 + roles/includes/webapps_webconf.yml | 21 + roles/iptables/defaults/main.yml | 42 + roles/iptables/tasks/install_Debian.yml | 16 + roles/iptables/tasks/install_RedHat.yml | 10 + roles/iptables/tasks/main.yml | 36 + roles/iscsi_target/defaults/main.yml | 10 + roles/iscsi_target/tasks/main.yml | 20 + roles/itop/README.md | 38 + roles/itop/defaults/main.yml | 37 + roles/itop/meta/main.yml | 9 + roles/itop/tasks/archive_post.yml | 9 + roles/itop/tasks/archive_pre.yml | 10 + roles/itop/tasks/cleanup.yml | 13 + roles/itop/tasks/conf.yml | 12 + roles/itop/tasks/directories.yml | 29 + roles/itop/tasks/facts.yml | 19 + roles/itop/tasks/filebeat.yml | 5 + roles/itop/tasks/install.yml | 122 ++ roles/itop/tasks/main.yml | 14 + roles/itop/tasks/user.yml | 8 + roles/itop/tasks/write_version.yml | 8 + roles/itop/templates/cron.param.j2 | 7 + roles/itop/templates/filebeat.yml.j2 | 6 + roles/itop/templates/httpd.conf.j2 | 26 + roles/itop/templates/itop.service.j2 | 15 + roles/itop/templates/itop.timer.j2 | 8 + roles/itop/templates/perms.sh.j2 | 20 + roles/itop/templates/php.conf.j2 | 39 + roles/itop/templates/post-backup.sh.j2 | 3 + roles/itop/templates/pre-backup.sh.j2 | 15 + roles/jitsi/defaults/main.yml | 272 ++++ roles/jitsi/handlers/main.yml | 15 + roles/jitsi/meta/main.yml | 8 + roles/jitsi/tasks/cleanup.yml | 10 + roles/jitsi/tasks/conf.yml | 72 + roles/jitsi/tasks/directories.yml | 54 + roles/jitsi/tasks/facts.yml | 104 ++ roles/jitsi/tasks/install.yml | 194 +++ roles/jitsi/tasks/iptables.yml | 8 + roles/jitsi/tasks/main.yml | 11 + roles/jitsi/tasks/services.yml | 13 + roles/jitsi/tasks/update_lang.yml | 17 + roles/jitsi/tasks/user.yml | 5 + roles/jitsi/templates/confmapper.json.j2 | 1 + roles/jitsi/templates/dehydrated_hook.sh.j2 | 20 + roles/jitsi/templates/jicofo/jicofo.conf.j2 | 8 + .../jicofo/sip-communicator.properties.j2 | 11 + roles/jitsi/templates/jigasi/jigasi.conf.j2 | 3 + .../jigasi/sip-communicator.properties.j2 | 54 + .../templates/jitsi-confmapper.service.j2 | 20 + roles/jitsi/templates/jitsi-jicofo.service.j2 | 30 + roles/jitsi/templates/jitsi-jigasi.service.j2 | 26 + roles/jitsi/templates/meet.js.j2 | 1 + roles/jitsi/templates/meet_interface.js.j2 | 1 + .../templates/mod_jibri_bypass_pwd.lua.j2 | 14 + roles/jitsi/templates/nginx.conf.j2 | 73 + roles/jitsi/templates/prosody.cfg.lua.j2 | 151 ++ roles/jitsi_jibri/README.md | 1 + roles/jitsi_jibri/defaults/main.yml | 28 + roles/jitsi_jibri/handlers/main.yml | 5 + roles/jitsi_jibri/meta/main.yml | 6 + roles/jitsi_jibri/tasks/cleanup.yml | 8 + roles/jitsi_jibri/tasks/conf.yml | 60 + roles/jitsi_jibri/tasks/directories.yml | 18 + roles/jitsi_jibri/tasks/facts.yml | 43 + roles/jitsi_jibri/tasks/install.yml | 94 ++ roles/jitsi_jibri/tasks/main.yml | 9 + roles/jitsi_jibri/tasks/services.yml | 9 + roles/jitsi_jibri/tasks/user.yml | 11 + roles/jitsi_jibri/templates/asound.conf.j2 | 46 + .../jitsi_jibri/templates/clean_records.sh.j2 | 3 + roles/jitsi_jibri/templates/finalize.pl.j2 | 83 + roles/jitsi_jibri/templates/finalize.yml.j2 | 10 + roles/jitsi_jibri/templates/jibri.conf.j2 | 88 ++ .../templates/jitsi-jibri-cleaner.service.j2 | 10 + .../templates/jitsi-jibri-cleaner.timer.j2 | 10 + .../templates/jitsi-jibri-xorg.service.j2 | 19 + .../templates/jitsi-jibri.service.j2 | 20 + roles/jitsi_jibri/templates/nginx.conf.j2 | 5 + .../templates/xorg-video-dummy.conf.j2 | 26 + roles/jitsi_videobridge/defaults/main.yml | 23 + roles/jitsi_videobridge/handlers/main.yml | 5 + roles/jitsi_videobridge/meta/main.yml | 4 + roles/jitsi_videobridge/tasks/cleanup.yml | 8 + roles/jitsi_videobridge/tasks/conf.yml | 9 + roles/jitsi_videobridge/tasks/directories.yml | 3 + roles/jitsi_videobridge/tasks/facts.yml | 15 + roles/jitsi_videobridge/tasks/install.yml | 52 + roles/jitsi_videobridge/tasks/iptables.yml | 8 + roles/jitsi_videobridge/tasks/main.yml | 11 + roles/jitsi_videobridge/tasks/services.yml | 5 + roles/jitsi_videobridge/tasks/user.yml | 3 + .../templates/jitsi-videobridge.service.j2 | 27 + .../templates/sip-communicator.properties.j2 | 19 + .../templates/videobridge.conf.j2 | 3 + roles/journal_remote/defaults/main.yml | 8 + roles/journal_remote/handlers/main.yml | 4 + roles/journal_remote/tasks/main.yml | 49 + .../templates/dehydrated_hook.sh.j2 | 14 + .../templates/journal-remote.conf.j2 | 14 + .../systemd-journal-remote.service.j2 | 15 + roles/kanboard/defaults/main.yml | 65 + roles/kanboard/handlers/main.yml | 4 + roles/kanboard/meta/main.yml | 5 + roles/kanboard/tasks/archive_post.yml | 7 + roles/kanboard/tasks/archive_pre.yml | 9 + roles/kanboard/tasks/cleanup.yml | 14 + roles/kanboard/tasks/conf.yml | 12 + roles/kanboard/tasks/directories.yml | 13 + roles/kanboard/tasks/facts.yml | 21 + roles/kanboard/tasks/install.yml | 81 + roles/kanboard/tasks/main.yml | 15 + roles/kanboard/tasks/user.yml | 8 + roles/kanboard/tasks/write_version.yml | 7 + roles/kanboard/templates/config.php.j2 | 84 ++ roles/kanboard/templates/cron.j2 | 1 + roles/kanboard/templates/httpd.conf.j2 | 32 + roles/kanboard/templates/perms.sh.j2 | 18 + roles/kanboard/templates/php.conf.j2 | 36 + roles/lemonldap_ng/defaults/main.yml | 66 + roles/lemonldap_ng/files/logos/akeneo.png | Bin 0 -> 3721 bytes roles/lemonldap_ng/files/logos/ampache.png | Bin 0 -> 5242 bytes roles/lemonldap_ng/files/logos/appsmith.png | Bin 0 -> 6691 bytes .../lemonldap_ng/files/logos/artifactory.png | Bin 0 -> 3301 bytes roles/lemonldap_ng/files/logos/backuppc.png | Bin 0 -> 1180 bytes roles/lemonldap_ng/files/logos/basecamp.png | Bin 0 -> 9823 bytes roles/lemonldap_ng/files/logos/bitwarden.png | Bin 0 -> 3289 bytes roles/lemonldap_ng/files/logos/bodet.png | Bin 0 -> 3322 bytes roles/lemonldap_ng/files/logos/bookstack.png | Bin 0 -> 10103 bytes roles/lemonldap_ng/files/logos/calendar.png | Bin 0 -> 2642 bytes roles/lemonldap_ng/files/logos/camera.png | Bin 0 -> 2058 bytes roles/lemonldap_ng/files/logos/cas.png | Bin 0 -> 5140 bytes roles/lemonldap_ng/files/logos/composer.png | Bin 0 -> 6007 bytes roles/lemonldap_ng/files/logos/compta.png | Bin 0 -> 5421 bytes roles/lemonldap_ng/files/logos/diagrams.png | Bin 0 -> 7815 bytes roles/lemonldap_ng/files/logos/dl.png | Bin 0 -> 860 bytes roles/lemonldap_ng/files/logos/dokuwiki.png | Bin 0 -> 3005 bytes roles/lemonldap_ng/files/logos/dolibarr.png | Bin 0 -> 867 bytes roles/lemonldap_ng/files/logos/etherpad.png | Bin 0 -> 1095 bytes roles/lemonldap_ng/files/logos/firewall.png | Bin 0 -> 3986 bytes roles/lemonldap_ng/files/logos/freepbx.png | Bin 0 -> 1645 bytes roles/lemonldap_ng/files/logos/funkwhale.png | Bin 0 -> 3390 bytes .../files/logos/fusiondirectory.png | Bin 0 -> 2471 bytes roles/lemonldap_ng/files/logos/gitea.png | Bin 0 -> 3522 bytes roles/lemonldap_ng/files/logos/gitlab.png | Bin 0 -> 3842 bytes roles/lemonldap_ng/files/logos/glpi.png | Bin 0 -> 855 bytes roles/lemonldap_ng/files/logos/google.png | Bin 0 -> 3742 bytes roles/lemonldap_ng/files/logos/grafana.png | Bin 0 -> 1399 bytes roles/lemonldap_ng/files/logos/graylog.png | Bin 0 -> 3490 bytes roles/lemonldap_ng/files/logos/hdd.png | Bin 0 -> 3926 bytes roles/lemonldap_ng/files/logos/itop.png | Bin 0 -> 8703 bytes roles/lemonldap_ng/files/logos/jappix.png | Bin 0 -> 1572 bytes .../files/logos/jasperreports.png | Bin 0 -> 2796 bytes roles/lemonldap_ng/files/logos/jenkins.png | Bin 0 -> 10620 bytes roles/lemonldap_ng/files/logos/jitsi.png | Bin 0 -> 5109 bytes .../lemonldap_ng/files/logos/jobscheduler.png | Bin 0 -> 5436 bytes roles/lemonldap_ng/files/logos/kanboard.png | Bin 0 -> 749 bytes roles/lemonldap_ng/files/logos/kibana.png | Bin 0 -> 3044 bytes roles/lemonldap_ng/files/logos/knowage.png | Bin 0 -> 2886 bytes roles/lemonldap_ng/files/logos/lemonldap.png | Bin 0 -> 1576 bytes roles/lemonldap_ng/files/logos/liferay.png | Bin 0 -> 5042 bytes roles/lemonldap_ng/files/logos/mailman.png | Bin 0 -> 1925 bytes roles/lemonldap_ng/files/logos/matomo.png | Bin 0 -> 662 bytes roles/lemonldap_ng/files/logos/mediawiki.png | Bin 0 -> 2814 bytes roles/lemonldap_ng/files/logos/metabase.png | Bin 0 -> 7672 bytes roles/lemonldap_ng/files/logos/miniflux.png | Bin 0 -> 5946 bytes roles/lemonldap_ng/files/logos/mulesoft.png | Bin 0 -> 6350 bytes roles/lemonldap_ng/files/logos/n8n.png | Bin 0 -> 6770 bytes roles/lemonldap_ng/files/logos/navidrome.png | Bin 0 -> 9856 bytes .../files/logos/openmediavault.png | Bin 0 -> 692 bytes .../lemonldap_ng/files/logos/openproject.png | Bin 0 -> 3134 bytes roles/lemonldap_ng/files/logos/openxpki.png | Bin 0 -> 1169 bytes .../lemonldap_ng/files/logos/orangescrum.png | Bin 0 -> 4228 bytes roles/lemonldap_ng/files/logos/paperless.png | Bin 0 -> 6161 bytes roles/lemonldap_ng/files/logos/pda.png | Bin 0 -> 2239 bytes roles/lemonldap_ng/files/logos/penpot.png | Bin 0 -> 5273 bytes roles/lemonldap_ng/files/logos/pfsense.png | Bin 0 -> 2863 bytes roles/lemonldap_ng/files/logos/pgadmin.png | Bin 0 -> 1874 bytes .../lemonldap_ng/files/logos/phabricator.png | Bin 0 -> 5573 bytes roles/lemonldap_ng/files/logos/phaseanet.png | Bin 0 -> 8266 bytes .../lemonldap_ng/files/logos/phpldapadmin.png | Bin 0 -> 3848 bytes roles/lemonldap_ng/files/logos/phplist.png | Bin 0 -> 1517 bytes roles/lemonldap_ng/files/logos/phpmyadmin.png | Bin 0 -> 1688 bytes roles/lemonldap_ng/files/logos/power.png | Bin 0 -> 2002 bytes .../lemonldap_ng/files/logos/processmaker.png | Bin 0 -> 4943 bytes roles/lemonldap_ng/files/logos/proxmox.png | Bin 0 -> 773 bytes roles/lemonldap_ng/files/logos/pydio.png | Bin 0 -> 709 bytes roles/lemonldap_ng/files/logos/rabbitmq.png | Bin 0 -> 5981 bytes roles/lemonldap_ng/files/logos/razuna.png | Bin 0 -> 8330 bytes roles/lemonldap_ng/files/logos/redmine.png | Bin 0 -> 3154 bytes roles/lemonldap_ng/files/logos/registry.png | Bin 0 -> 5643 bytes roles/lemonldap_ng/files/logos/riot.png | Bin 0 -> 1339 bytes roles/lemonldap_ng/files/logos/rocketchat.png | Bin 0 -> 4617 bytes roles/lemonldap_ng/files/logos/scandm.png | Bin 0 -> 592 bytes roles/lemonldap_ng/files/logos/scandm_dev.png | Bin 0 -> 6131 bytes roles/lemonldap_ng/files/logos/scandm_prd.png | Bin 0 -> 6942 bytes roles/lemonldap_ng/files/logos/scandm_qal.png | Bin 0 -> 7259 bytes roles/lemonldap_ng/files/logos/scandm_stg.png | Bin 0 -> 7003 bytes roles/lemonldap_ng/files/logos/seafile.png | Bin 0 -> 1770 bytes roles/lemonldap_ng/files/logos/sentry.png | Bin 0 -> 7782 bytes roles/lemonldap_ng/files/logos/sftpgo.png | Bin 0 -> 5839 bytes roles/lemonldap_ng/files/logos/smeserver.png | Bin 0 -> 3074 bytes roles/lemonldap_ng/files/logos/sogo.png | Bin 0 -> 27787 bytes roles/lemonldap_ng/files/logos/sonar.png | Bin 0 -> 2860 bytes roles/lemonldap_ng/files/logos/sophos.png | Bin 0 -> 5388 bytes roles/lemonldap_ng/files/logos/soti.png | Bin 0 -> 5126 bytes roles/lemonldap_ng/files/logos/survey.png | Bin 0 -> 1578 bytes roles/lemonldap_ng/files/logos/switch.png | Bin 0 -> 4171 bytes roles/lemonldap_ng/files/logos/taiga.png | Bin 0 -> 7380 bytes roles/lemonldap_ng/files/logos/telephone.png | Bin 0 -> 1688 bytes roles/lemonldap_ng/files/logos/timezone.png | Bin 0 -> 2840 bytes .../lemonldap_ng/files/logos/transmission.png | Bin 0 -> 1799 bytes roles/lemonldap_ng/files/logos/ttrss.png | Bin 0 -> 2014 bytes roles/lemonldap_ng/files/logos/unifi.png | Bin 0 -> 3453 bytes roles/lemonldap_ng/files/logos/vtiger.png | Bin 0 -> 1600 bytes roles/lemonldap_ng/files/logos/wifi.png | Bin 0 -> 2732 bytes roles/lemonldap_ng/files/logos/wikijs.png | Bin 0 -> 2453 bytes roles/lemonldap_ng/files/logos/wordpress.png | Bin 0 -> 2722 bytes roles/lemonldap_ng/files/logos/wso2.png | Bin 0 -> 4351 bytes roles/lemonldap_ng/files/logos/xwiki.png | Bin 0 -> 7655 bytes roles/lemonldap_ng/files/logos/zabbix.png | Bin 0 -> 2801 bytes roles/lemonldap_ng/files/logos/zimbra.png | Bin 0 -> 9389 bytes roles/lemonldap_ng/files/logos/zulip.png | Bin 0 -> 7026 bytes roles/lemonldap_ng/files/mysql_schema.sql | 76 + roles/lemonldap_ng/handlers/main.yml | 7 + roles/lemonldap_ng/meta/main.yml | 7 + roles/lemonldap_ng/tasks/httpd.yml | 24 + roles/lemonldap_ng/tasks/main.yml | 163 ++ roles/lemonldap_ng/tasks/mysql.yml | 81 + roles/lemonldap_ng/tasks/nginx.yml | 58 + .../templates/httpd_handler.conf.j2 | 14 + .../templates/httpd_manager.conf.j2 | 75 + .../templates/httpd_portal.conf.j2 | 175 +++ .../templates/lemonldap-ng-file.ini.j2 | 6 + .../templates/lemonldap-ng.ini.j2 | 84 ++ .../templates/llng-fastcgi-server.j2 | 9 + .../templates/llng-fastcgi-server.service.j2 | 25 + .../templates/llng_headers.inc.j2 | 67 + .../templates/nginx_handler.conf.j2 | 9 + .../templates/nginx_manager.conf.j2 | 53 + .../templates/nginx_portal.conf.j2 | 106 ++ roles/lemonldap_ng/vars/RedHat-7.yml | 26 + roles/lemonldap_ng/vars/RedHat-8.yml | 26 + roles/lemonldap_ng/vars/main.yml | 20 + roles/lemonldap_ng_handler/defaults/main.yml | 9 + roles/lemonldap_ng_handler/files/03-perl.conf | 1 + roles/lemonldap_ng_handler/handlers/main.yml | 3 + roles/lemonldap_ng_handler/meta/main.yml | 6 + roles/lemonldap_ng_handler/tasks/main.yml | 41 + .../templates/lemonldap-ng-handler.conf.j2 | 8 + .../templates/lemonldap-ng.ini.j2 | 20 + roles/letsencrypt/defaults/main.yml | 76 + .../letsencrypt/files/common_letsencrypt.inc | 2 + roles/letsencrypt/files/httpd_dehydrated.conf | 16 + roles/letsencrypt/handlers/main.yml | 6 + roles/letsencrypt/tasks/main.yml | 167 +++ roles/letsencrypt/templates/cert_config.j2 | 5 + roles/letsencrypt/templates/config.j2 | 33 + roles/letsencrypt/templates/cron.j2 | 10 + .../templates/dns-lexicon-clean_challenge.j2 | 5 + .../templates/dns-lexicon-deploy_challenge.j2 | 7 + roles/letsencrypt/templates/domains.txt.j2 | 51 + roles/letsencrypt/vars/Debian-10.yml | 6 + roles/letsencrypt/vars/Debian-11.yml | 6 + roles/letsencrypt/vars/Debian-9.yml | 6 + roles/letsencrypt/vars/RedHat-7.yml | 5 + roles/letsencrypt/vars/RedHat-8.yml | 5 + roles/libvirt_host/defaults/main.yml | 7 + .../files/libvirt-guests-timeout.conf | 2 + roles/libvirt_host/handlers/main.yml | 6 + roles/libvirt_host/meta/main.yml | 5 + roles/libvirt_host/tasks/main.yml | 60 + roles/libvirt_host/templates/libvirtd.conf.j2 | 7 + roles/libvirt_host/templates/qemu.conf.j2 | 1 + roles/libvirt_host/templates/sudo_libvirt.j2 | 1 + roles/mailman/defaults/main.yml | 63 + roles/mailman/handlers/main.yml | 13 + roles/mailman/meta/main.yml | 11 + roles/mailman/tasks/archive_post.yml | 10 + roles/mailman/tasks/archive_pre.yml | 51 + roles/mailman/tasks/cleanup.yml | 7 + roles/mailman/tasks/conf.yml | 39 + roles/mailman/tasks/directories.yml | 48 + roles/mailman/tasks/facts.yml | 96 ++ roles/mailman/tasks/install.yml | 172 +++ roles/mailman/tasks/iptables.yml | 15 + roles/mailman/tasks/main.yml | 17 + roles/mailman/tasks/selinux.yml | 6 + roles/mailman/tasks/services.yml | 15 + roles/mailman/tasks/user.yml | 9 + roles/mailman/tasks/write_version.yml | 6 + roles/mailman/templates/hyperkitty.cfg.j2 | 3 + .../mailman/templates/mailman-core.service.j2 | 24 + .../templates/mailman-digests.service.j2 | 9 + .../templates/mailman-digests.timer.j2 | 8 + .../templates/mailman-notify.service.j2 | 9 + .../mailman/templates/mailman-notify.timer.j2 | 8 + .../mailman/templates/mailman-web.service.j2 | 24 + roles/mailman/templates/mailman.cfg.j2 | 56 + roles/mailman/templates/post-backup.sh.j2 | 3 + roles/mailman/templates/pre-backup.sh.j2 | 33 + roles/mailman/templates/settings.py.j2 | 101 ++ roles/mailman/templates/urls.py.j2 | 35 + roles/mailman/templates/uwsgi.ini.j2 | 27 + roles/mate_desktop/meta/main.yml | 4 + roles/mate_desktop/tasks/main.yml | 46 + roles/matomo/defaults/main.yml | 79 + roles/matomo/files/matomo.sql | 352 +++++ roles/matomo/handlers/main.yml | 4 + roles/matomo/meta/main.yml | 4 + roles/matomo/tasks/archive_post.yml | 7 + roles/matomo/tasks/archive_pre.yml | 8 + roles/matomo/tasks/cleanup.yml | 29 + roles/matomo/tasks/conf.yml | 140 ++ roles/matomo/tasks/directories.yml | 20 + roles/matomo/tasks/facts.yml | 31 + roles/matomo/tasks/install.yml | 181 +++ roles/matomo/tasks/main.yml | 14 + roles/matomo/tasks/user.yml | 7 + roles/matomo/tasks/write_version.yml | 7 + roles/matomo/templates/config.ini.php.j2 | 24 + roles/matomo/templates/httpd.conf.j2 | 32 + roles/matomo/templates/perms.sh.j2 | 21 + roles/matomo/templates/php.conf.j2 | 37 + roles/matomo/templates/post-backup.j2 | 3 + roles/matomo/templates/pre-backup.j2 | 9 + roles/matrix_element/defaults/main.yml | 31 + roles/matrix_element/handlers/main.yml | 3 + roles/matrix_element/meta/main.yml | 3 + roles/matrix_element/tasks/archive_post.yml | 9 + roles/matrix_element/tasks/archive_pre.yml | 7 + roles/matrix_element/tasks/cleanup.yml | 16 + roles/matrix_element/tasks/conf.yml | 15 + roles/matrix_element/tasks/directories.yml | 11 + roles/matrix_element/tasks/facts.yml | 12 + roles/matrix_element/tasks/install.yml | 28 + roles/matrix_element/tasks/main.yml | 13 + roles/matrix_element/tasks/write_version.yml | 7 + roles/matrix_element/templates/config.json.j2 | 39 + roles/matrix_element/templates/httpd.conf.j2 | 14 + roles/matrix_element/templates/perms.sh.j2 | 5 + roles/matrix_ma1sd/defaults/main.yml | 75 + roles/matrix_ma1sd/handlers/main.yml | 7 + roles/matrix_ma1sd/tasks/archive_post.yml | 8 + roles/matrix_ma1sd/tasks/archive_pre.yml | 22 + roles/matrix_ma1sd/tasks/cleanup.yml | 8 + roles/matrix_ma1sd/tasks/conf.yml | 6 + roles/matrix_ma1sd/tasks/directories.yml | 18 + roles/matrix_ma1sd/tasks/facts.yml | 32 + roles/matrix_ma1sd/tasks/install.yml | 39 + roles/matrix_ma1sd/tasks/iptables.yml | 8 + roles/matrix_ma1sd/tasks/main.yml | 19 + roles/matrix_ma1sd/tasks/migrate_mxisd.yml | 37 + roles/matrix_ma1sd/tasks/service.yml | 6 + roles/matrix_ma1sd/tasks/user.yml | 5 + roles/matrix_ma1sd/tasks/write_version.yml | 6 + .../templates/gradle.properties.j2 | 6 + roles/matrix_ma1sd/templates/ma1sd.yaml.j2 | 105 ++ .../templates/matrix-ma1sd.service.j2 | 20 + roles/matrix_riot/defaults/main.yml | 31 + roles/matrix_riot/handlers/main.yml | 3 + roles/matrix_riot/meta/main.yml | 3 + roles/matrix_riot/tasks/archive_post.yml | 9 + roles/matrix_riot/tasks/archive_pre.yml | 7 + roles/matrix_riot/tasks/cleanup.yml | 8 + roles/matrix_riot/tasks/conf.yml | 15 + roles/matrix_riot/tasks/directories.yml | 11 + roles/matrix_riot/tasks/facts.yml | 12 + roles/matrix_riot/tasks/install.yml | 28 + roles/matrix_riot/tasks/main.yml | 13 + roles/matrix_riot/tasks/write_version.yml | 7 + roles/matrix_riot/templates/config.json.j2 | 30 + roles/matrix_riot/templates/httpd.conf.j2 | 14 + roles/matrix_riot/templates/perms.sh.j2 | 5 + roles/matrix_synapse/defaults/main.yml | 131 ++ roles/matrix_synapse/handlers/main.yml | 5 + roles/matrix_synapse/meta/main.yml | 1 + roles/matrix_synapse/tasks/archive_post.yml | 10 + roles/matrix_synapse/tasks/archive_pre.yml | 31 + roles/matrix_synapse/tasks/cleanup.yml | 16 + roles/matrix_synapse/tasks/conf.yml | 31 + roles/matrix_synapse/tasks/directories.yml | 24 + roles/matrix_synapse/tasks/facts.yml | 46 + roles/matrix_synapse/tasks/install.yml | 113 ++ roles/matrix_synapse/tasks/iptables.yml | 16 + roles/matrix_synapse/tasks/main.yml | 17 + roles/matrix_synapse/tasks/service.yml | 6 + roles/matrix_synapse/tasks/user.yml | 6 + roles/matrix_synapse/tasks/write_version.yml | 5 + .../templates/homeserver.yaml.j2 | 214 +++ .../matrix_synapse/templates/logging.conf.j2 | 31 + .../templates/matrix-synapse.service.j2 | 29 + .../templates/post-backup.sh.j2 | 3 + .../matrix_synapse/templates/pre-backup.sh.j2 | 10 + .../templates/synapse_janitor.sh.j2 | 7 + roles/matrix_synapse/vars/RedHat-7.yml | 29 + roles/matrix_synapse/vars/RedHat-8.yml | 28 + roles/matrix_synapse_admin/defaults/main.yml | 24 + roles/matrix_synapse_admin/meta/main.yml | 4 + .../tasks/archive_post.yml | 7 + .../tasks/archive_pre.yml | 7 + roles/matrix_synapse_admin/tasks/cleanup.yml | 9 + roles/matrix_synapse_admin/tasks/conf.yml | 6 + .../tasks/directories.yml | 12 + roles/matrix_synapse_admin/tasks/facts.yml | 10 + roles/matrix_synapse_admin/tasks/install.yml | 24 + roles/matrix_synapse_admin/tasks/main.yml | 13 + .../tasks/write_version.yml | 7 + .../templates/httpd.conf.j2 | 14 + .../templates/perms.sh.j2 | 5 + roles/maven/defaults/main.yml | 6 + roles/maven/tasks/cleanup.yml | 8 + roles/maven/tasks/directories.yml | 12 + roles/maven/tasks/facts.yml | 30 + roles/maven/tasks/install.yml | 46 + roles/maven/tasks/main.yml | 6 + roles/maven/templates/maven.xml.j2 | 15 + roles/maven/templates/profile.sh.j2 | 6 + roles/memcached_server/defaults/main.yml | 8 + roles/memcached_server/handlers/main.yml | 4 + roles/memcached_server/tasks/main.yml | 23 + roles/memcached_server/templates/memcached.j2 | 5 + roles/metabase/defaults/main.yml | 56 + roles/metabase/handlers/main.yml | 4 + roles/metabase/meta/main.yml | 7 + roles/metabase/tasks/archive_post.yml | 10 + roles/metabase/tasks/archive_pre.yml | 52 + roles/metabase/tasks/cleanup.yml | 8 + roles/metabase/tasks/conf.yml | 6 + roles/metabase/tasks/directories.yml | 23 + roles/metabase/tasks/facts.yml | 29 + roles/metabase/tasks/install.yml | 79 + roles/metabase/tasks/iptables.yml | 8 + roles/metabase/tasks/main.yml | 16 + roles/metabase/tasks/services.yml | 5 + roles/metabase/tasks/user.yml | 5 + roles/metabase/tasks/write_version.yml | 5 + roles/metabase/templates/env.j2 | 26 + roles/metabase/templates/metabase.service.j2 | 26 + roles/metabase/templates/post-backup.j2 | 3 + roles/metabase/templates/pre-backup.j2 | 24 + roles/miniflux/defaults/main.yml | 43 + roles/miniflux/handlers/main.yml | 5 + roles/miniflux/meta/main.yml | 5 + roles/miniflux/tasks/archive_post.yml | 10 + roles/miniflux/tasks/archive_pre.yml | 23 + roles/miniflux/tasks/cleanup.yml | 7 + roles/miniflux/tasks/conf.yml | 7 + roles/miniflux/tasks/directories.yml | 17 + roles/miniflux/tasks/facts.yml | 29 + roles/miniflux/tasks/install.yml | 71 + roles/miniflux/tasks/iptables.yml | 8 + roles/miniflux/tasks/main.yml | 16 + roles/miniflux/tasks/services.yml | 6 + roles/miniflux/tasks/user.yml | 5 + roles/miniflux/tasks/write_version.yml | 5 + roles/miniflux/templates/miniflux.conf.j2 | 19 + roles/miniflux/templates/miniflux.service.j2 | 23 + roles/miniflux/templates/post-backup.j2 | 3 + roles/miniflux/templates/pre-backup.j2 | 12 + roles/mkdir/tasks/main.yml | 40 + roles/mongodb_server/defaults/main.yml | 11 + roles/mongodb_server/handlers/main.yml | 4 + roles/mongodb_server/meta/main.yml | 5 + roles/mongodb_server/tasks/conf.yml | 40 + roles/mongodb_server/tasks/facts.yml | 19 + roles/mongodb_server/tasks/install.yml | 60 + roles/mongodb_server/tasks/iptables.yml | 9 + roles/mongodb_server/tasks/main.yml | 12 + roles/mongodb_server/tasks/selinux.yml | 14 + roles/mongodb_server/tasks/services.yml | 6 + roles/mongodb_server/templates/mongod.conf.j2 | 16 + roles/mongodb_server/templates/mongorc.js.j2 | 2 + roles/mongodb_server/templates/post-backup.j2 | 3 + roles/mongodb_server/templates/pre-backup.j2 | 6 + roles/mongodb_server/vars/RedHat-7.yml | 6 + roles/mongodb_server/vars/RedHat-8.yml | 6 + roles/mysql_server/defaults/main.yml | 44 + roles/mysql_server/handlers/main.yml | 9 + roles/mysql_server/meta/main.yml | 6 + roles/mysql_server/tasks/main.yml | 132 ++ roles/mysql_server/templates/my.cnf.j2 | 47 + roles/mysql_server/templates/post-backup.j2 | 7 + roles/mysql_server/templates/pre-backup.j2 | 46 + roles/mysql_server/templates/root_my.cnf.j2 | 2 + .../templates/systemd_limits.conf.j2 | 5 + roles/mysql_server/vars/RedHat-7.yml | 7 + roles/mysql_server/vars/RedHat-8.yml | 6 + roles/mysql_server/vars/defaults.yml | 6 + roles/n8n/defaults/main.yml | 66 + roles/n8n/handlers/main.yml | 5 + roles/n8n/meta/main.yml | 6 + roles/n8n/tasks/archive_post.yml | 10 + roles/n8n/tasks/archive_pre.yml | 37 + roles/n8n/tasks/cleanup.yml | 7 + roles/n8n/tasks/conf.yml | 9 + roles/n8n/tasks/directories.yml | 29 + roles/n8n/tasks/facts.yml | 29 + roles/n8n/tasks/install.yml | 65 + roles/n8n/tasks/iptables.yml | 8 + roles/n8n/tasks/main.yml | 15 + roles/n8n/tasks/services.yml | 6 + roles/n8n/tasks/user.yml | 5 + roles/n8n/tasks/write_version.yml | 5 + roles/n8n/templates/env.j2 | 11 + roles/n8n/templates/n8n.json.j2 | 1 + roles/n8n/templates/n8n.service.j2 | 24 + roles/n8n/templates/post-backup.sh.j2 | 3 + roles/n8n/templates/pre-backup.sh.j2 | 13 + roles/navidrome/defaults/main.yml | 35 + roles/navidrome/handlers/main.yml | 4 + roles/navidrome/meta/main.yml | 5 + roles/navidrome/tasks/archive_post.yml | 7 + roles/navidrome/tasks/archive_pre.yml | 23 + roles/navidrome/tasks/cleanup.yml | 8 + roles/navidrome/tasks/conf.yml | 6 + roles/navidrome/tasks/directories.yml | 29 + roles/navidrome/tasks/facts.yml | 11 + roles/navidrome/tasks/install.yml | 43 + roles/navidrome/tasks/iptables.yml | 8 + roles/navidrome/tasks/main.yml | 16 + roles/navidrome/tasks/services.yml | 5 + roles/navidrome/tasks/user.yml | 5 + roles/navidrome/tasks/write_version.yml | 5 + .../navidrome/templates/navidrome.service.j2 | 44 + roles/navidrome/templates/navidrome.toml.j2 | 9 + roles/navidrome/templates/post-backup.j2 | 3 + roles/navidrome/templates/pre-backup.j2 | 6 + roles/network/defaults/main.yml | 32 + roles/network/handlers/main.yml | 9 + roles/network/tasks/main.yml | 27 + roles/network/templates/hosts.j2 | 9 + roles/network/templates/ifcfg.j2 | 29 + roles/nfs_server/defaults/main.yml | 9 + roles/nfs_server/handlers/main.yml | 4 + roles/nfs_server/tasks/main.yml | 28 + roles/nfs_server/templates/exports.j2 | 3 + roles/nginx/defaults/main.yml | 116 ++ roles/nginx/files/dehydrated_deploy_hook | 3 + roles/nginx/files/lasagna.pl | 138 ++ roles/nginx/handlers/main.yml | 15 + roles/nginx/meta/main.yml | 6 + roles/nginx/tasks/conf.yml | 67 + roles/nginx/tasks/dir.yml | 17 + roles/nginx/tasks/facts.yml | 32 + roles/nginx/tasks/filebeat.yml | 4 + roles/nginx/tasks/htpasswd.yml | 15 + roles/nginx/tasks/install.yml | 8 + roles/nginx/tasks/install_nginx.yml | 28 + roles/nginx/tasks/install_openresty.yml | 69 + roles/nginx/tasks/iptables.yml | 8 + roles/nginx/tasks/letsencrypt.yml | 95 ++ roles/nginx/tasks/main.yml | 12 + roles/nginx/tasks/selinux.yml | 24 + roles/nginx/tasks/service.yml | 42 + roles/nginx/tasks/ssl.yml | 14 + .../ansible_conf.d/09-cacheable.conf.j2 | 16 + .../templates/ansible_conf.d/10-cache.conf.j2 | 11 + .../ansible_conf.d/10-limits.conf.j2 | 18 + .../ansible_conf.d/10-naxsi_rules.conf.j2 | 1 + .../templates/ansible_conf.d/10-perf.conf.j2 | 8 + .../templates/ansible_conf.d/10-ssl.conf.j2 | 12 + .../templates/ansible_conf.d/10-ws.conf.j2 | 4 + .../ansible_conf.d/30-vhosts.conf.j2 | 244 +++ .../templates/ansible_conf.d/acme.inc.j2 | 8 + .../templates/ansible_conf.d/cache.inc.j2 | 9 + .../templates/ansible_conf.d/custom.inc.j2 | 1 + .../templates/ansible_conf.d/force_ssl.inc.j2 | 15 + .../templates/ansible_conf.d/headers.inc.j2 | 4 + .../ansible_conf.d/maintenance.inc.j2 | 9 + .../templates/ansible_conf.d/naxsi.inc.j2 | 9 + .../templates/ansible_conf.d/perf.inc.j2 | 18 + .../ansible_location.d/10-status.conf.j2 | 6 + .../ansible_modules.d/10-common.conf.j2 | 3 + roles/nginx/templates/filebeat.yml.j2 | 10 + roles/nginx/templates/logrotate.conf.j2 | 12 + roles/nginx/templates/mime.types.j2 | 98 ++ roles/nginx/templates/nginx.conf.j2 | 105 ++ roles/nodejs/meta/main.yml | 3 + roles/nodejs/tasks/install_RedHat.yml | 4 + roles/nodejs/tasks/main.yml | 3 + roles/ntp_client/defaults/main.yml | 10 + roles/ntp_client/handlers/main.yml | 7 + roles/ntp_client/tasks/main.yml | 53 + roles/ntp_client/templates/chrony.conf.j2 | 12 + roles/ntp_client/vars/Debian-10.yml | 6 + roles/ntp_client/vars/Debian-11.yml | 6 + roles/ntp_client/vars/Debian-8.yml | 6 + roles/ntp_client/vars/Debian-9.yml | 6 + roles/ntp_client/vars/RedHat-7.yml | 6 + roles/ntp_client/vars/RedHat-8.yml | 6 + roles/ntp_client/vars/Ubuntu-20.yml | 6 + .../defaults/main.yml | 21 + .../handlers/main.yml | 6 + .../onlyoffice_document_server/meta/main.yml | 9 + .../tasks/cleanup.yml | 8 + .../onlyoffice_document_server/tasks/conf.yml | 13 + .../tasks/directories.yml | 5 + .../tasks/facts.yml | 33 + .../tasks/install.yml | 89 ++ .../onlyoffice_document_server/tasks/main.yml | 12 + .../tasks/selinux.yml | 27 + .../tasks/services.yml | 11 + .../onlyoffice_document_server/tasks/user.yml | 10 + .../tasks/write_version.yml | 14 + .../documentserver-converter.service.j2 | 25 + .../documentserver-docservice.service.j2 | 24 + .../documentserver-metrics.service.j2 | 21 + .../templates/httpd.conf.j2 | 32 + .../templates/nginx_vhost.conf.j2 | 6 + .../templates/oods.json.j2 | 103 ++ roles/openproject/defaults/main.yml | 25 + roles/openproject/handlers/main.yml | 7 + roles/openproject/meta/main.yml | 7 + roles/openproject/tasks/conf.yml | 22 + roles/openproject/tasks/directories.yml | 12 + roles/openproject/tasks/facts.yml | 28 + roles/openproject/tasks/install.yml | 48 + roles/openproject/tasks/iptables.yml | 9 + roles/openproject/tasks/main.yml | 8 + roles/openproject/tasks/service.yml | 26 + roles/openproject/templates/conf.d/ansible.j2 | 17 + roles/openproject/templates/installer.dat.j2 | 11 + .../templates/openproject-worker.service.j2 | 21 + .../templates/openproject.service.j2 | 21 + roles/openproject/templates/post-backup.sh.j2 | 4 + roles/openproject/templates/pre-backup.sh.j2 | 7 + roles/openvpn/defaults/main.yml | 45 + roles/openvpn/handlers/main.yml | 10 + roles/openvpn/tasks/main.yml | 93 ++ roles/openvpn/templates/openvpn.conf.j2 | 111 ++ roles/openvpn/templates/openvpn@.service.j2 | 24 + roles/openxpki/defaults/main.yml | 103 ++ roles/openxpki/files/openxpki-auth-ldap | 765 ++++++++++ roles/openxpki/files/openxpki.te | 10 + ...-for-reply-and-cc-fields-for-SMTP-no.patch | 29 + roles/openxpki/files/session_table.sql | 7 + roles/openxpki/files/upgrade_to_v3.14.sql | 9 + roles/openxpki/files/upgrade_to_v3.4.sql | 13 + roles/openxpki/files/upgrade_to_v3.8.sql | 8 + roles/openxpki/files/upgrade_to_v3.sql | 22 + roles/openxpki/handlers/main.yml | 12 + roles/openxpki/meta/main.yml | 6 + roles/openxpki/tasks/archive_post.yml | 8 + roles/openxpki/tasks/archive_pre.yml | 30 + roles/openxpki/tasks/cleanup.yml | 24 + roles/openxpki/tasks/conf.yml | 118 ++ roles/openxpki/tasks/directories.yml | 52 + roles/openxpki/tasks/facts.yml | 83 + roles/openxpki/tasks/install.yml | 284 ++++ roles/openxpki/tasks/main.yml | 23 + roles/openxpki/tasks/pki.yml | 211 +++ roles/openxpki/tasks/selinux.yml | 37 + roles/openxpki/tasks/service.yml | 7 + roles/openxpki/tasks/user.yml | 10 + roles/openxpki/tasks/write_version.yml | 6 + roles/openxpki/templates/bin/crl_update.j2 | 8 + roles/openxpki/templates/bin/notify_expiry.j2 | 8 + roles/openxpki/templates/bin/openxpkiadm.j2 | 5 + roles/openxpki/templates/bin/openxpkicmd.j2 | 5 + .../config.d/realm/auth/handler.yaml.j2 | 22 + .../config.d/realm/auth/stack.yaml.j2 | 9 + .../templates/config.d/realm/crypto.yaml.j2 | 37 + .../templates/config.d/realm/nice.yaml.j2 | 5 + .../config.d/realm/notification/smtp.yaml.j2 | 118 ++ .../config.d/realm/profile/default.yaml.j2 | 69 + .../config.d/realm/profile/signer.yaml.j2 | 52 + .../config.d/realm/profile/tls_client.yaml.j2 | 58 + .../config.d/realm/profile/tls_server.yaml.j2 | 123 ++ .../realm/profile/user_auth_enc.yaml.j2 | 61 + .../config.d/realm/publishing.yaml.j2 | 28 + .../config.d/realm/scep/scep-server.yaml.j2 | 60 + .../global/validator/password_quality.yaml.j2 | 22 + .../templates/config.d/system/crypto.yaml.j2 | 23 + .../config.d/system/database.yaml.j2 | 8 + .../templates/config.d/system/realms.yaml.j2 | 6 + .../templates/config.d/system/server.yaml.j2 | 37 + .../config.d/system/watchdog.yaml.j2 | 15 + roles/openxpki/templates/httpd.conf.j2 | 59 + roles/openxpki/templates/localconfig.js.j2 | 9 + roles/openxpki/templates/log.conf.j2 | 88 ++ .../notification/email/_footer.html.j2 | 1 + .../notification/email/_footer.txt.j2 | 1 + roles/openxpki/templates/openssl.cnf.j2 | 97 ++ roles/openxpki/templates/openxpki.service.j2 | 23 + roles/openxpki/templates/perms.sh.j2 | 8 + roles/openxpki/templates/post-backup.j2 | 3 + roles/openxpki/templates/pre-backup.j2 | 12 + roles/openxpki/templates/scep/default.conf.j2 | 10 + roles/openxpki/templates/scep/log.conf.j2 | 5 + .../openxpki/templates/webui/default.conf.j2 | 24 + roles/openxpki/templates/webui/log.conf.j2 | 6 + roles/openxpki/vars/RedHat-7.yml | 19 + roles/openxpki/vars/RedHat-8.yml | 20 + roles/paperless_ng/defaults/main.yml | 60 + roles/paperless_ng/files/paperless.te | 18 + roles/paperless_ng/handlers/main.yml | 9 + roles/paperless_ng/meta/main.yml | 10 + roles/paperless_ng/tasks/archive_post.yml | 10 + roles/paperless_ng/tasks/archive_pre.yml | 39 + roles/paperless_ng/tasks/cleanup.yml | 9 + roles/paperless_ng/tasks/conf.yml | 44 + roles/paperless_ng/tasks/directories.yml | 32 + roles/paperless_ng/tasks/facts.yml | 63 + roles/paperless_ng/tasks/install.yml | 97 ++ roles/paperless_ng/tasks/iptables.yml | 14 + roles/paperless_ng/tasks/main.yml | 18 + roles/paperless_ng/tasks/selinux.yml | 15 + roles/paperless_ng/tasks/services.yml | 9 + roles/paperless_ng/tasks/user.yml | 9 + roles/paperless_ng/tasks/write_version.yml | 5 + .../templates/gunicorn.conf.py.j2 | 36 + .../templates/paperless-consumer.service.j2 | 22 + .../templates/paperless-scheduler.service.j2 | 22 + .../templates/paperless-webserver.service.j2 | 24 + .../paperless_ng/templates/paperless.conf.j2 | 35 + roles/paperless_ng/templates/post-backup.j2 | 3 + roles/paperless_ng/templates/pre-backup.j2 | 12 + roles/paperless_ng/vars/RedHat-8.yml | 24 + roles/patrix/defaults/main.yml | 16 + roles/patrix/tasks/install_Debian.yml | 25 + roles/patrix/tasks/install_RedHat.yml | 5 + roles/patrix/tasks/main.yml | 9 + roles/patrix/templates/patrixrc.j2 | 11 + roles/pbs/defaults/main.yml | 7 + roles/pbs/files/remove_nag.patch | 13 + roles/pbs/meta/main.yml | 5 + roles/pbs/tasks/install.yml | 17 + roles/pbs/tasks/iptables.yml | 9 + roles/pbs/tasks/main.yml | 6 + roles/pbs/tasks/services.yml | 9 + roles/pbs/templates/dehydrated_hook.sh.j2 | 11 + roles/pgadmin4/defaults/main.yml | 38 + roles/pgadmin4/handlers/main.yml | 5 + roles/pgadmin4/meta/main.yml | 1 + roles/pgadmin4/tasks/conf.yml | 37 + roles/pgadmin4/tasks/directories.yml | 19 + roles/pgadmin4/tasks/facts.yml | 23 + roles/pgadmin4/tasks/install.yml | 83 + roles/pgadmin4/tasks/iptables.yml | 8 + roles/pgadmin4/tasks/main.yml | 11 + roles/pgadmin4/tasks/service.yml | 6 + roles/pgadmin4/tasks/user.yml | 10 + roles/pgadmin4/tasks/write_version.yml | 6 + roles/pgadmin4/templates/config_local.py.j2 | 38 + roles/pgadmin4/templates/logrotate.conf.j2 | 8 + roles/pgadmin4/templates/pgadmin4.service.j2 | 25 + roles/pgadmin4/templates/post-backup.j2 | 5 + roles/pgadmin4/templates/pre-backup.j2 | 5 + roles/pgadmin4/vars/RedHat-7.yml | 13 + roles/pgadmin4/vars/RedHat-8.yml | 12 + roles/phpmyadmin/defaults/main.yml | 74 + roles/phpmyadmin/handlers/main.yml | 3 + roles/phpmyadmin/meta/main.yml | 7 + roles/phpmyadmin/tasks/archive_post.yml | 8 + roles/phpmyadmin/tasks/archive_pre.yml | 8 + roles/phpmyadmin/tasks/cleanup.yml | 9 + roles/phpmyadmin/tasks/conf.yml | 17 + roles/phpmyadmin/tasks/directories.yml | 14 + roles/phpmyadmin/tasks/facts.yml | 37 + roles/phpmyadmin/tasks/install.yml | 54 + roles/phpmyadmin/tasks/main.yml | 14 + roles/phpmyadmin/tasks/user.yml | 8 + roles/phpmyadmin/tasks/write_version.yml | 7 + roles/phpmyadmin/templates/config.inc.php.j2 | 36 + roles/phpmyadmin/templates/httpd.conf.j2 | 44 + roles/phpmyadmin/templates/perms.sh.j2 | 16 + roles/phpmyadmin/templates/php.conf.j2 | 37 + roles/phpmyadmin/templates/sso.php.j2 | 59 + roles/phpmyadmin/vars/RedHat-7.yml | 7 + roles/phpmyadmin/vars/RedHat-8.yml | 6 + roles/pmg/defaults/main.yml | 43 + roles/pmg/files/imap-sa-learn | 148 ++ roles/pmg/files/remove_nag.patch | 11 + roles/pmg/handlers/main.yml | 24 + roles/pmg/meta/main.yml | 4 + roles/pmg/tasks/cleanup.yml | 24 + roles/pmg/tasks/filebeat.yml | 5 + roles/pmg/tasks/main.yml | 283 ++++ roles/pmg/templates/dehydrated_deploy_hook.j2 | 11 + roles/pmg/templates/filebeat.yml.j2 | 8 + roles/pmg/templates/imap-sa-learn.j2 | 15 + roles/pmg/templates/imap-sa-learn.service.j2 | 8 + roles/pmg/templates/imap-sa-learn.timer.j2 | 8 + roles/pmg/templates/keytable.j2 | 3 + roles/pmg/templates/logrotate.d/rsyslog.j2 | 37 + roles/pmg/templates/master.cf.in.j2 | 154 ++ roles/pmg/templates/opendkim.conf.j2 | 23 + roles/pmg/templates/opendkim.service.j2 | 23 + roles/pmg/templates/pmg_post_backup.sh.j2 | 3 + roles/pmg/templates/pmg_pre_backup.sh.j2 | 6 + roles/pmg/templates/saslauthd.conf.j2 | 10 + roles/pmg/templates/saslauthd.j2 | 6 + roles/pmg/templates/signingtable.j2 | 3 + roles/pmg/templates/smtpd.conf.j2 | 2 + .../spamassassin/bayes_auto_learn.cf.j2 | 2 + .../spamassassin/fromnamespoof.cf.j2 | 36 + .../spamassassin/fromnamespoof.pre.j2 | 1 + roles/pmg/templates/spamassassin/hashbl.cf.j2 | 3 + .../pmg/templates/spamassassin/hashbl.pre.j2 | 1 + .../pmg/templates/spamassassin/phishing.cf.j2 | 7 + .../templates/spamassassin/phishing.pre.j2 | 1 + roles/pmg/templates/update-phishing-feeds.j2 | 34 + roles/pmg/vars/main.yml | 5 + roles/postfix/defaults/main.yml | 34 + roles/postfix/handlers/main.yml | 5 + roles/postfix/tasks/main.yml | 56 + roles/postfix/templates/main.cf.j2 | 52 + roles/postfix/templates/relay_auth.j2 | 5 + roles/postgresql_exporter/defaults/main.yml | 22 + roles/postgresql_exporter/handlers/main.yml | 4 + .../tasks/archive_post.yml | 5 + .../postgresql_exporter/tasks/archive_pre.yml | 11 + roles/postgresql_exporter/tasks/cleanup.yml | 9 + roles/postgresql_exporter/tasks/conf.yml | 6 + .../postgresql_exporter/tasks/directories.yml | 16 + roles/postgresql_exporter/tasks/facts.yml | 11 + roles/postgresql_exporter/tasks/install.yml | 36 + roles/postgresql_exporter/tasks/iptables.yml | 9 + roles/postgresql_exporter/tasks/main.yml | 15 + roles/postgresql_exporter/tasks/service.yml | 5 + .../tasks/write_version.yml | 5 + .../templates/postgres-exporter.conf.j2 | 8 + .../templates/postgres-exporter.service.j2 | 24 + roles/postgresql_server/defaults/main.yml | 73 + roles/postgresql_server/handlers/main.yml | 7 + roles/postgresql_server/meta/main.yml | 5 + roles/postgresql_server/tasks/main.yml | 143 ++ .../templates/pg_hba.conf.j2 | 5 + .../templates/post-backup.sh.j2 | 6 + .../templates/postgresql.conf.j2 | 16 + .../templates/pre-backup.sh.j2 | 61 + roles/postgresql_server/vars/RedHat-7.yml | 7 + roles/postgresql_server/vars/RedHat-8.yml | 7 + roles/prosody/defaults/main.yml | 100 ++ .../files/mod_participant_metadata.lua | 53 + roles/prosody/handlers/main.yml | 10 + roles/prosody/tasks/conf.yml | 13 + roles/prosody/tasks/directories.yml | 8 + roles/prosody/tasks/facts.yml | 7 + roles/prosody/tasks/install.yml | 46 + roles/prosody/tasks/iptables.yml | 19 + roles/prosody/tasks/main.yml | 8 + roles/prosody/tasks/service.yml | 5 + roles/prosody/templates/prosody.cfg.lua.j2 | 73 + roles/pve/defaults/main.yml | 36 + roles/pve/files/online_hook.pl | 111 ++ roles/pve/files/pve-online | 328 ++++ roles/pve/files/pve_dump | 4 + roles/pve/files/pve_rm_dump | 3 + roles/pve/files/remove_nag.patch | 11 + roles/pve/files/unlock_dev | 65 + roles/pve/handlers/main.yml | 19 + roles/pve/meta/main.yml | 5 + roles/pve/tasks/facts.yml | 7 + roles/pve/tasks/filebeat.yml | 5 + roles/pve/tasks/main.yml | 165 ++ roles/pve/tasks/ovh.yml | 6 + roles/pve/tasks/pve_online.yml | 38 + roles/pve/tasks/zabbix.yml | 16 + roles/pve/templates/dehydrated_hook.sh.j2 | 11 + roles/pve/templates/filebeat.yml.j2 | 11 + roles/pve/templates/ksmtuned.conf.j2 | 6 + roles/pve/templates/o2cb.j2 | 17 + roles/pve/templates/ocfs2.conf.j2 | 12 + roles/pve/templates/pve-hookd.service.j2 | 11 + roles/pve/templates/pve-online-gre.service.j2 | 12 + roles/pve/templates/pve-online.conf.j2 | 7 + roles/pve/templates/vzdump.conf.j2 | 6 + roles/pve/vars/main.yml | 10 + roles/rabbitmq_server/defaults/main.yml | 34 + roles/rabbitmq_server/handlers/main.yml | 4 + roles/rabbitmq_server/meta/main.yml | 8 + roles/rabbitmq_server/tasks/conf.yml | 26 + roles/rabbitmq_server/tasks/facts.yml | 12 + roles/rabbitmq_server/tasks/install.yml | 22 + roles/rabbitmq_server/tasks/iptables.yml | 18 + roles/rabbitmq_server/tasks/main.yml | 8 + roles/rabbitmq_server/tasks/services.yml | 5 + .../templates/dehydrated_hook.sh.j2 | 21 + .../templates/enabled_plugins.j2 | 1 + .../rabbitmq_server/templates/post-backup.j2 | 8 + roles/rabbitmq_server/templates/pre-backup.j2 | 11 + .../templates/rabbitmq.conf.j2 | 10 + .../templates/rabbitmq.config.j2 | 12 + roles/radius_server/defaults/main.yml | 48 + .../radius_server/files/rad_check_client_cert | 97 ++ roles/radius_server/handlers/main.yml | 4 + roles/radius_server/tasks/main.yml | 116 ++ roles/radius_server/templates/clients.conf.j2 | 7 + .../templates/modules/eap.conf.j2 | 27 + roles/radius_server/templates/radiusd.conf.j2 | 46 + .../templates/radiusd.service.j2 | 21 + roles/radius_server/templates/sites.conf.j2 | 31 + roles/radius_server/templates/tmpfiles.conf | 2 + roles/redis_server/defaults/main.yml | 12 + roles/redis_server/files/redis_copy_dumps.sh | 16 + .../redis_server/files/redis_delete_dumps.sh | 4 + roles/redis_server/handlers/main.yml | 4 + roles/redis_server/meta/main.yml | 4 + roles/redis_server/tasks/main.yml | 42 + roles/redis_server/templates/redis.conf.j2 | 21 + roles/repo_asterisk/defaults/main.yml | 2 + roles/repo_asterisk/tasks/main.yml | 37 + roles/repo_base/defaults/main.yml | 7 + roles/repo_base/tasks/AlmaLinux-8.yml | 29 + roles/repo_base/tasks/CentOS-7.yml | 51 + roles/repo_base/tasks/CentOS-8.yml | 125 ++ roles/repo_base/tasks/Debian.yml | 1 + roles/repo_base/tasks/epel_RedHat-7.yml | 11 + roles/repo_base/tasks/epel_RedHat-8.yml | 20 + roles/repo_base/tasks/fws_RedHat.yml | 22 + roles/repo_base/tasks/main.yml | 12 + .../tasks/postgres_client_RedHat.yml | 5 + .../templates/postgresql-client.repo.j2 | 10 + roles/repo_codeit/tasks/main.yml | 9 + roles/repo_docker/defaults/main.yml | 4 + roles/repo_docker/tasks/RedHat.yml | 10 + roles/repo_docker/tasks/main.yml | 3 + roles/repo_elasticsearch/defaults/main.yml | 3 + .../tasks/install_Debian.yml | 11 + .../tasks/install_RedHat.yml | 10 + roles/repo_elasticsearch/tasks/main.yml | 3 + roles/repo_elrepo/tasks/main.yml | 12 + roles/repo_filebeat/defaults/main.yml | 3 + roles/repo_filebeat/tasks/install_Debian.yml | 15 + roles/repo_filebeat/tasks/install_RedHat.yml | 11 + roles/repo_filebeat/tasks/main.yml | 3 + roles/repo_google_chrome/tasks/main.yml | 11 + roles/repo_grafana/tasks/main.yml | 11 + roles/repo_graylog/defaults/main.yml | 2 + roles/repo_graylog/tasks/main.yml | 34 + roles/repo_lemonldap_ng/tasks/main.yml | 18 + roles/repo_lux/tasks/main.yml | 50 + roles/repo_mariadb/defaults/main.yml | 6 + roles/repo_mariadb/tasks/main.yml | 8 + roles/repo_mariadb/templates/mariadb.repo.j2 | 12 + roles/repo_mongodb/defaults/main.yml | 2 + roles/repo_mongodb/tasks/main.yml | 10 + roles/repo_nginx/tasks/main.yml | 13 + roles/repo_nodejs/defaults/main.yml | 3 + roles/repo_nodejs/tasks/main.yml | 6 + roles/repo_nodejs/templates/nodejs.repo.j2 | 11 + roles/repo_nux_dextop/tasks/main.yml | 11 + roles/repo_onlyoffice/tasks/main.yml | 9 + roles/repo_openproject/defaults/main.yml | 3 + roles/repo_openproject/tasks/main.yml | 28 + roles/repo_openresty/tasks/main.yml | 10 + roles/repo_pbs/tasks/main.yml | 15 + roles/repo_postgresql/defaults/main.yml | 5 + roles/repo_postgresql/tasks/main.yml | 8 + .../templates/postgresql.repo.j2 | 11 + roles/repo_rabbitmq/tasks/main.yml | 49 + roles/repo_redis/tasks/main.yml | 12 + roles/repo_remi/tasks/main.yml | 30 + .../repo_remi/templates/remi-modular.repo.j2 | 6 + roles/repo_remi/vars/RedHat-7.yml | 3 + roles/repo_remi/vars/RedHat-8.yml | 3 + roles/repo_remi/vars/defaults.yml | 3 + roles/repo_rpmfusion/tasks/main.yml | 11 + roles/repo_samba4/defaults/main.yml | 3 + roles/repo_samba4/tasks/main.yml | 17 + roles/repo_scl/tasks/main.yml | 21 + roles/repo_seadrive/tasks/main.yml | 9 + roles/repo_wapt/defaults/main.yml | 2 + roles/repo_wapt/tasks/main.yml | 9 + roles/repo_xsendfile/tasks/main.yml | 37 + roles/repo_zabbix/defaults/main.yml | 2 + roles/repo_zabbix/tasks/Debian.yml | 13 + roles/repo_zabbix/tasks/RedHat.yml | 63 + roles/repo_zabbix/tasks/main.yml | 3 + roles/repo_zfs/defaults/main.yml | 6 + roles/repo_zfs/tasks/main.yml | 47 + roles/rsync_server/defaults/main.yml | 4 + roles/rsync_server/tasks/main.yml | 38 + roles/rsync_server/templates/rsyncd.conf.j2 | 4 + roles/rsync_server/vars/Debian-10.yml | 4 + roles/rsync_server/vars/Debian-11.yml | 4 + roles/rsync_server/vars/RedHat-7.yml | 5 + roles/rsync_server/vars/RedHat-8.yml | 6 + roles/rust/defaults/main.yml | 3 + roles/rust/meta/main.yml | 4 + roles/rust/tasks/cleanup.yml | 7 + roles/rust/tasks/directories.yml | 8 + roles/rust/tasks/facts.yml | 6 + roles/rust/tasks/install.yml | 43 + roles/rust/tasks/main.yml | 6 + roles/samba/defaults/main.yml | 100 ++ roles/samba/files/dehydrated_deploy_hook | 3 + roles/samba/files/ldb_modules_samba.sh | 3 + roles/samba/files/samba-dc.te | 11 + roles/samba/handlers/main.yml | 9 + roles/samba/meta/main.yml | 9 + roles/samba/tasks/conf.yml | 157 ++ roles/samba/tasks/directory.yml | 22 + roles/samba/tasks/facts.yml | 49 + roles/samba/tasks/filebeat.yml | 5 + roles/samba/tasks/install.yml | 107 ++ roles/samba/tasks/iptables.yml | 27 + roles/samba/tasks/main.yml | 11 + roles/samba/tasks/member_join.yml | 10 + roles/samba/tasks/selinux.yml | 36 + roles/samba/templates/filebeat.yml.j2 | 7 + roles/samba/templates/logrotate.conf.j2 | 11 + roles/samba/templates/rsyncd.conf.j2 | 10 + roles/samba/templates/samba_post_backup.sh.j2 | 3 + roles/samba/templates/samba_pre_backup.sh.j2 | 22 + roles/samba/templates/smb.conf.j2 | 55 + roles/samba/vars/RedHat-7.yml | 16 + roles/samba/vars/RedHat-8.yml | 16 + roles/seadrive/defaults/main.yml | 16 + roles/seadrive/files/seadrive.te | 10 + roles/seadrive/handlers/main.yml | 5 + roles/seadrive/meta/main.yml | 1 + roles/seadrive/tasks/main.yml | 110 ++ roles/seadrive/tasks/selinux.yml | 19 + roles/seadrive/templates/seadrive.conf.j2 | 16 + roles/seadrive/templates/seadrive.service.j2 | 16 + roles/seafile/defaults/main.yml | 117 ++ .../files/avatars/default-non-register.jpg | Bin 0 -> 3869 bytes roles/seafile/files/avatars/default.png | Bin 0 -> 7642 bytes .../seafile/files/office-template/empty.docx | Bin 0 -> 4089 bytes .../seafile/files/office-template/empty.pptx | Bin 0 -> 21030 bytes .../seafile/files/office-template/empty.xlsx | Bin 0 -> 4321 bytes ...ile-pro-server_8.0.14_x86-64_CentOS.tar.gz | 3 + roles/seafile/handlers/main.yml | 11 + roles/seafile/meta/main.yml | 9 + roles/seafile/tasks/archive_post.yml | 15 + roles/seafile/tasks/archive_pre.yml | 41 + roles/seafile/tasks/cleanup.yml | 21 + roles/seafile/tasks/conf.yml | 49 + roles/seafile/tasks/directories.yml | 39 + roles/seafile/tasks/facts.yml | 90 ++ roles/seafile/tasks/filebeat.yml | 5 + roles/seafile/tasks/install.yml | 286 ++++ roles/seafile/tasks/iptables.yml | 10 + roles/seafile/tasks/main.yml | 16 + roles/seafile/tasks/services.yml | 17 + roles/seafile/tasks/user.yml | 6 + roles/seafile/tasks/write_version.yml | 6 + roles/seafile/templates/admin.txt.j2 | 4 + roles/seafile/templates/ccnet.conf.j2 | 49 + roles/seafile/templates/clean_db.sh.j2 | 10 + roles/seafile/templates/filebeat.yml.j2 | 8 + roles/seafile/templates/gc.sh.j2 | 9 + roles/seafile/templates/gunicorn.conf.py.j2 | 16 + roles/seafile/templates/logrotate.conf.j2 | 23 + roles/seafile/templates/perms.sh.j2 | 5 + roles/seafile/templates/post-backup.sh.j2 | 7 + roles/seafile/templates/pre-backup.sh.j2 | 18 + roles/seafile/templates/seafdav.conf.j2 | 5 + roles/seafile/templates/seafevents.conf.j2 | 32 + .../templates/seafile-clean-db.service.j2 | 7 + .../templates/seafile-clean-db.timer.j2 | 9 + roles/seafile/templates/seafile-gc.service.j2 | 7 + roles/seafile/templates/seafile-gc.timer.j2 | 9 + roles/seafile/templates/seafile.conf.j2 | 41 + roles/seafile/templates/seafile.service.j2 | 24 + roles/seafile/templates/seahub.service.j2 | 22 + roles/seafile/templates/seahub_settings.py.j2 | 165 ++ roles/seafile/vars/RedHat-7.yml | 41 + roles/seafile/vars/RedHat-8.yml | 46 + roles/seafile/vars/main.yml | 3 + roles/sftpgo/defaults/main.yml | 100 ++ roles/sftpgo/handlers/main.yml | 4 + roles/sftpgo/meta/main.yml | 5 + roles/sftpgo/tasks/archive_post.yml | 10 + roles/sftpgo/tasks/archive_pre.yml | 23 + roles/sftpgo/tasks/cleanup.yml | 9 + roles/sftpgo/tasks/conf.yml | 12 + roles/sftpgo/tasks/directories.yml | 29 + roles/sftpgo/tasks/facts.yml | 28 + roles/sftpgo/tasks/install.yml | 72 + roles/sftpgo/tasks/iptables.yml | 21 + roles/sftpgo/tasks/main.yml | 18 + roles/sftpgo/tasks/selinux.yml | 15 + roles/sftpgo/tasks/services.yml | 5 + roles/sftpgo/tasks/user.yml | 10 + roles/sftpgo/tasks/write_version.yml | 5 + roles/sftpgo/templates/post-backup.j2 | 5 + roles/sftpgo/templates/pre-backup.j2 | 16 + roles/sftpgo/templates/sftpgo.service.j2 | 33 + roles/sftpgo/templates/sftpgo.yml.j2 | 3 + roles/sftpgo/vars/RedHat.yml | 6 + roles/snmp_mibs/README.ms | 3 + roles/snmp_mibs/defaults/main.yml | 2 + roles/snmp_mibs/files/mibs/SOPHOS-MIB.txt | 656 ++++++++ .../files/mibs/SYNOLOGY-DISK-MIB.txt | 216 +++ .../files/mibs/SYNOLOGY-EBOX-MIB.txt | 95 ++ .../files/mibs/SYNOLOGY-FLASHCACHE-MIB.txt | 218 +++ .../files/mibs/SYNOLOGY-GPUINFO-MIB.txt | 103 ++ .../files/mibs/SYNOLOGY-ISCSILUN-MIB.txt | 230 +++ .../files/mibs/SYNOLOGY-ISCSITarget-MIB.txt | 93 ++ .../snmp_mibs/files/mibs/SYNOLOGY-NFS-MIB.txt | 148 ++ .../files/mibs/SYNOLOGY-PORT-MIB.txt | 102 ++ .../files/mibs/SYNOLOGY-RAID-MIB.txt | 144 ++ .../files/mibs/SYNOLOGY-SERVICES-MIB.txt | 86 ++ .../snmp_mibs/files/mibs/SYNOLOGY-SHA-MIB.txt | 141 ++ .../files/mibs/SYNOLOGY-SMART-MIB.txt | 141 ++ .../files/mibs/SYNOLOGY-SPACEIO-MIB.txt | 199 +++ .../files/mibs/SYNOLOGY-STORAGEIO-MIB.txt | 197 +++ .../files/mibs/SYNOLOGY-SYSTEM-MIB.txt | 168 +++ .../snmp_mibs/files/mibs/SYNOLOGY-UPS-MIB.txt | 1336 +++++++++++++++++ roles/snmp_mibs/tasks/main.yml | 13 + roles/squid/defaults/main.yml | 305 ++++ roles/squid/files/URLblocked.cgi | 884 +++++++++++ roles/squid/files/acl/service_fws.domains | 3 + roles/squid/files/acl/service_various.domains | 7 + .../files/acl/software_almalinux.domains | 11 + roles/squid/files/acl/software_centos.domains | 15 + roles/squid/files/acl/software_codeit.urls | 1 + roles/squid/files/acl/software_debian.domains | 13 + roles/squid/files/acl/software_epel.domains | 12 + roles/squid/files/acl/software_fws.domains | 2 + roles/squid/files/acl/software_remi.domains | 2 + .../files/acl/software_smeserver.domains | 19 + .../squid/files/acl/software_various.domains | 365 +++++ .../squid/files/acl/software_windows.domains | 47 + roles/squid/files/ufdb.pp | Bin 0 -> 1224 bytes roles/squid/files/ufdb.te | 15 + roles/squid/handlers/main.yml | 23 + roles/squid/meta/main.yml | 5 + roles/squid/tasks/filebeat.yml | 5 + roles/squid/tasks/main.yml | 258 ++++ roles/squid/tasks/selinux.yml | 20 + roles/squid/templates/c-icap.conf.j2 | 12 + roles/squid/templates/clamd.conf.j2 | 8 + roles/squid/templates/filebeat.yml.j2 | 8 + .../templates/local_blacklist.domains.j2 | 5 + roles/squid/templates/local_blacklist.urls.j2 | 5 + .../templates/local_whitelist.domains.j2 | 5 + roles/squid/templates/local_whitelist.urls.j2 | 5 + roles/squid/templates/squid-clamd.service.j2 | 15 + roles/squid/templates/squid.conf.j2 | 96 ++ roles/squid/templates/squidclamav.conf.j2 | 15 + roles/squid/templates/ufdbGuard.conf.j2 | 92 ++ roles/squid/templates/ufdb_update.sh.j2 | 20 + roles/ssh/defaults/main.yml | 67 + roles/ssh/handlers/main.yml | 4 + roles/ssh/meta/main.yml | 1 + roles/ssh/tasks/main.yml | 139 ++ roles/ssh/templates/sshd_config.j2 | 91 ++ roles/ssh/templates/sudo.j2 | 11 + roles/sssd_ad_auth/defaults/main.yml | 38 + roles/sssd_ad_auth/handlers/main.yml | 13 + roles/sssd_ad_auth/tasks/install_Debian.yml | 17 + roles/sssd_ad_auth/tasks/install_RedHat.yml | 10 + roles/sssd_ad_auth/tasks/main.yml | 100 ++ roles/sssd_ad_auth/tasks/pam_Debian.yml | 9 + roles/sssd_ad_auth/tasks/pam_RedHat.yml | 13 + .../templates/deb_pam_common_account.j2 | 5 + .../templates/deb_pam_common_auth.j2 | 4 + .../templates/deb_pam_common_password.j2 | 4 + .../templates/deb_pam_common_session.j2 | 9 + roles/sssd_ad_auth/templates/krb5.conf | 8 + roles/sssd_ad_auth/templates/krb5.conf.j2 | 5 + roles/sssd_ad_auth/templates/sssd.conf.j2 | 66 + roles/sssd_ldap_auth/defaults/main.yml | 17 + roles/sssd_ldap_auth/handlers/main.yml | 6 + roles/sssd_ldap_auth/tasks/install_Debian.yml | 19 + roles/sssd_ldap_auth/tasks/install_RedHat.yml | 9 + roles/sssd_ldap_auth/tasks/main.yml | 42 + roles/sssd_ldap_auth/tasks/pam_Debian.yml | 10 + roles/sssd_ldap_auth/tasks/pam_RedHat.yml | 13 + .../templates/deb_pam_common_account.j2 | 5 + .../templates/deb_pam_common_auth.j2 | 4 + .../templates/deb_pam_common_password.j2 | 4 + .../templates/deb_pam_common_session.j2 | 10 + roles/sssd_ldap_auth/templates/sssd.conf.j2 | 37 + roles/sudo/defaults/main.yml | 10 + roles/sudo/tasks/main.yml | 9 + roles/sudo/templates/fws.j2 | 7 + roles/system_proxy/defaults/main.yml | 10 + roles/system_proxy/handlers/main.yml | 2 + roles/system_proxy/tasks/main.yml | 84 ++ roles/system_proxy/templates/proxy.sh.j2 | 12 + roles/system_proxy/templates/systemd.conf.j2 | 6 + roles/timers/README.md | 21 + roles/timers/defaults/main.yml | 37 + roles/timers/meta/main.yml | 4 + roles/timers/tasks/facts.yml | 12 + roles/timers/tasks/install.yml | 94 ++ roles/timers/tasks/main.yml | 4 + roles/tomcat/defaults/main.yml | 4 + roles/tomcat/handlers/main.yml | 4 + roles/tomcat/tasks/conf.yml | 8 + roles/tomcat/tasks/install.yml | 7 + roles/tomcat/tasks/iptables.yml | 8 + roles/tomcat/tasks/main.yml | 7 + roles/tomcat/tasks/services.yml | 5 + roles/tomcat/templates/server.xml.j2 | 19 + roles/transmission_daemon/defaults/main.yml | 11 + roles/transmission_daemon/handlers/main.yml | 4 + roles/transmission_daemon/tasks/main.yml | 56 + .../templates/sysconfig.j2 | 1 + .../templates/transmission-daemon.service.j2 | 20 + roles/turnserver/defaults/main.yml | 38 + roles/turnserver/files/dehydrated_deploy_hook | 3 + roles/turnserver/files/turnserver.service | 21 + roles/turnserver/handlers/main.yml | 5 + roles/turnserver/tasks/main.yml | 79 + roles/turnserver/templates/turnserver.conf.j2 | 40 + roles/unbound/defaults/main.yml | 18 + roles/unbound/handlers/main.yml | 3 + roles/unbound/tasks/main.yml | 31 + roles/unbound/templates/unbound.conf.j2 | 51 + roles/unifi/defaults/main.yml | 22 + roles/unifi/handlers/main.yml | 4 + roles/unifi/meta/main.yml | 7 + roles/unifi/tasks/filebeat.yml | 5 + roles/unifi/tasks/main.yml | 236 +++ roles/unifi/templates/filebeat.yml.j2 | 5 + roles/unifi/templates/post-backup.sh.j2 | 3 + roles/unifi/templates/pre-backup.sh.j2 | 6 + roles/unifi/templates/system.properties.j2 | 10 + roles/unifi/templates/unifi.service.j2 | 21 + roles/unifi/vars/RedHat-7.yml | 6 + roles/unifi/vars/RedHat-8.yml | 6 + roles/unmaintained/bitwarden_rs/README.md | 1 + .../bitwarden_rs/defaults/main.yml | 49 + .../bitwarden_rs/handlers/main.yml | 5 + roles/unmaintained/bitwarden_rs/meta/main.yml | 9 + .../bitwarden_rs/tasks/archive_post.yml | 12 + .../bitwarden_rs/tasks/archive_pre.yml | 38 + .../bitwarden_rs/tasks/cleanup.yml | 10 + .../unmaintained/bitwarden_rs/tasks/conf.yml | 11 + .../bitwarden_rs/tasks/directories.yml | 24 + .../unmaintained/bitwarden_rs/tasks/facts.yml | 67 + .../bitwarden_rs/tasks/install.yml | 109 ++ .../bitwarden_rs/tasks/iptables.yml | 9 + .../unmaintained/bitwarden_rs/tasks/main.yml | 15 + .../bitwarden_rs/tasks/service.yml | 6 + .../unmaintained/bitwarden_rs/tasks/user.yml | 5 + .../bitwarden_rs/tasks/write_version.yml | 10 + .../templates/bitwarden_rs.conf.j2 | 28 + .../templates/bitwarden_rs.service.j2 | 27 + .../bitwarden_rs/templates/nginx.conf.j2 | 69 + .../bitwarden_rs/templates/post-backup.sh.j2 | 4 + .../bitwarden_rs/templates/pre-backup.sh.j2 | 19 + roles/unmaintained/bluemind/defaults/main.yml | 117 ++ roles/unmaintained/bluemind/handlers/main.yml | 4 + roles/unmaintained/bluemind/tasks/main.yml | 118 ++ .../bluemind/templates/bm-core.log.xml.j2 | 53 + .../bluemind/templates/bm-eas.log.xml.j2 | 59 + .../bluemind/templates/bm-hps.log.xml.j2 | 12 + .../bluemind/templates/bm-ips.log.xml.j2 | 12 + .../bluemind/templates/bm-lmtp.log.xml.j2 | 12 + .../bluemind/templates/bm-locator.log.xml.j2 | 13 + .../bluemind/templates/bm-milter.log.xml.j2 | 12 + .../bluemind/templates/bm-node.log.xml.j2 | 13 + .../bluemind/templates/bm-syslog.service.j2 | 19 + .../bluemind/templates/bm-tika.log.xml.j2 | 12 + .../templates/bm-webserver.log.xml.j2 | 43 + .../bluemind/templates/bm-xmpp.log.xml.j2 | 12 + .../bluemind/templates/bm-ysnp.log.xml.j2 | 14 + .../templates/dehydrated_deploy_hook.j2 | 12 + .../bluemind/templates/post-backup.j2 | 5 + .../bluemind/templates/pre-backup.j2 | 17 + .../bluemind/templates/rules.json.j2 | 11 + roles/unmaintained/bounca/defaults/main.yml | 19 + roles/unmaintained/bounca/handlers/main.yml | 5 + roles/unmaintained/bounca/meta/main.yml | 2 + roles/unmaintained/bounca/tasks/main.yml | 323 ++++ .../bounca/templates/bounca.service.j2 | 17 + .../unmaintained/bounca/templates/main.ini.j2 | 14 + .../bounca/templates/uwsgi.ini.j2 | 17 + .../matrix_mxisd/defaults/main.yml | 77 + .../matrix_mxisd/handlers/main.yml | 8 + .../unmaintained/matrix_mxisd/tasks/main.yml | 62 + .../templates/gradle.properties.j2 | 6 + .../templates/matrix-mxisd.service.j2 | 19 + .../matrix_mxisd/templates/mxisd.yaml.j2 | 105 ++ .../unmaintained/mayan_edms/defaults/main.yml | 115 ++ .../unmaintained/mayan_edms/handlers/main.yml | 11 + roles/unmaintained/mayan_edms/meta/main.yml | 17 + .../mayan_edms/tasks/archive_post.yml | 10 + .../mayan_edms/tasks/archive_pre.yml | 56 + .../unmaintained/mayan_edms/tasks/cleanup.yml | 7 + roles/unmaintained/mayan_edms/tasks/conf.yml | 9 + .../mayan_edms/tasks/directories.yml | 28 + roles/unmaintained/mayan_edms/tasks/facts.yml | 35 + .../unmaintained/mayan_edms/tasks/install.yml | 168 +++ .../mayan_edms/tasks/iptables.yml | 9 + roles/unmaintained/mayan_edms/tasks/main.yml | 15 + .../mayan_edms/tasks/services.yml | 11 + roles/unmaintained/mayan_edms/tasks/user.yml | 6 + .../mayan_edms/tasks/write_version.yml | 5 + .../mayan_edms/templates/auth.py.j2 | 84 ++ .../unmaintained/mayan_edms/templates/env.j2 | 18 + .../templates/mayan-edms-beat.service.j2 | 21 + .../templates/mayan-edms-web.service.j2 | 22 + .../mayan-edms-worker-fast.service.j2 | 22 + .../mayan-edms-worker-medium.service.j2 | 22 + .../mayan-edms-worker-slow.service.j2 | 22 + .../mayan_edms/templates/mayan-edms.j2 | 6 + .../mayan_edms/templates/post_backup.sh.j2 | 7 + .../mayan_edms/templates/pre_backup.sh.j2 | 29 + roles/unmaintained/nas/defaults/main.yml | 79 + roles/unmaintained/nas/files/mkhomedir | 22 + roles/unmaintained/nas/handlers/main.yml | 4 + roles/unmaintained/nas/meta/main.yml | 6 + roles/unmaintained/nas/tasks/main.yml | 104 ++ roles/unmaintained/nas/templates/exports.j2 | 7 + .../unmaintained/nas/templates/httpd.conf.j2 | 51 + .../nas/templates/mod_authnz_external.conf.j2 | 3 + .../nas/templates/mod_dav.conf.j2 | 2 + .../nas/templates/rsync.secrets.j2 | 6 + .../unmaintained/nas/templates/rsyncd.conf.j2 | 18 + .../unmaintained/nas/templates/setfacl.sh.j2 | 42 + roles/unmaintained/nas/templates/smb.conf.j2 | 56 + roles/unmaintained/odoo/defaults/main.yml | 18 + roles/unmaintained/odoo/handlers/main.yml | 4 + roles/unmaintained/odoo/meta/main.yml | 4 + roles/unmaintained/odoo/tasks/main.yml | 264 ++++ .../odoo/templates/odoo-server.conf.j2 | 11 + .../odoo/templates/odoo-server.service.j2 | 17 + .../odoo/templates/post-backup.sh.j2 | 3 + .../odoo/templates/pre-backup.sh.j2 | 11 + roles/unmaintained/omv/defaults/main.yml | 24 + roles/unmaintained/omv/files/auth_http.patch | 19 + .../omv/files/dont_reset_owner.patch | 13 + roles/unmaintained/omv/handlers/main.yml | 12 + roles/unmaintained/omv/meta/main.yml | 4 + roles/unmaintained/omv/tasks/main.yml | 168 +++ .../omv/templates/omv_post_backup.sh.j2 | 3 + .../omv/templates/omv_pre_backup.sh.j2 | 6 + .../unmaintained/papermerge/defaults/main.yml | 45 + .../unmaintained/papermerge/handlers/main.yml | 7 + roles/unmaintained/papermerge/meta/main.yml | 10 + .../papermerge/tasks/archive_post.yml | 8 + .../papermerge/tasks/archive_pre.yml | 45 + .../unmaintained/papermerge/tasks/cleanup.yml | 8 + roles/unmaintained/papermerge/tasks/conf.yml | 50 + .../papermerge/tasks/directories.yml | 27 + roles/unmaintained/papermerge/tasks/facts.yml | 40 + .../unmaintained/papermerge/tasks/install.yml | 120 ++ .../papermerge/tasks/iptables.yml | 9 + roles/unmaintained/papermerge/tasks/main.yml | 18 + .../unmaintained/papermerge/tasks/selinux.yml | 5 + .../papermerge/tasks/services.yml | 8 + roles/unmaintained/papermerge/tasks/user.yml | 5 + .../papermerge/tasks/write_version.yml | 5 + .../papermerge/templates/gunicorn.conf.py.j2 | 2 + .../papermerge/templates/nginx.conf.j2 | 18 + .../templates/papermerge-web.service.j2 | 23 + .../templates/papermerge-worker.service.j2 | 24 + .../templates/papermerge.conf.py.j2 | 41 + .../papermerge/templates/production.py.j2 | 5 + roles/unmaintained/psono/defaults/main.yml | 94 ++ roles/unmaintained/psono/handlers/main.yml | 4 + roles/unmaintained/psono/meta/main.yml | 9 + .../unmaintained/psono/tasks/archive_post.yml | 17 + .../unmaintained/psono/tasks/archive_pre.yml | 38 + roles/unmaintained/psono/tasks/cleanup.yml | 9 + roles/unmaintained/psono/tasks/conf.yml | 80 + .../unmaintained/psono/tasks/directories.yml | 20 + roles/unmaintained/psono/tasks/facts.yml | 80 + roles/unmaintained/psono/tasks/install.yml | 164 ++ roles/unmaintained/psono/tasks/iptables.yml | 11 + roles/unmaintained/psono/tasks/main.yml | 15 + roles/unmaintained/psono/tasks/service.yml | 9 + roles/unmaintained/psono/tasks/user.yml | 5 + .../psono/tasks/write_version.yml | 12 + .../psono/templates/httpd.conf.j2 | 8 + .../psono/templates/nginx.conf.j2 | 67 + .../psono/templates/post-backup.sh.j2 | 3 + .../psono/templates/pre-backup.sh.j2 | 11 + .../templates/psono-cleartoken.service.j2 | 9 + .../psono/templates/psono-cleartoken.timer.j2 | 9 + .../psono/templates/psono-server.service.j2 | 21 + .../psono/templates/settings.yaml.j2 | 56 + .../psono/templates/webclient.json.j2 | 1 + .../systemd_journal_gelf/defaults/main.yml | 7 + .../systemd_journal_gelf/handlers/main.yml | 4 + .../tasks/install_Debian.yml | 8 + .../tasks/install_RedHat.yml | 8 + .../systemd_journal_gelf/tasks/main.yml | 48 + .../templates/journal-gelf.yml.j2 | 9 + roles/unmaintained/ttrss/defaults/main.yml | 32 + roles/unmaintained/ttrss/handlers/main.yml | 7 + roles/unmaintained/ttrss/meta/main.yml | 2 + roles/unmaintained/ttrss/tasks/main.yml | 223 +++ .../ttrss/templates/config.php.j2 | 43 + roles/unmaintained/ttrss/templates/dump_db.j2 | 7 + .../ttrss/templates/httpd.conf.j2 | 45 + .../unmaintained/ttrss/templates/perms.sh.j2 | 13 + .../unmaintained/ttrss/templates/php.conf.j2 | 35 + roles/unmaintained/ttrss/templates/rm_dump.j2 | 3 + .../ttrss/templates/ttrss-updater.service.j2 | 19 + roles/unmaintained/ttrss/vars/RedHat-7.yml | 6 + roles/unmaintained/ttrss/vars/RedHat-8.yml | 6 + roles/unmaintained/wbo/defaults/main.yml | 8 + roles/unmaintained/wbo/handlers/main.yml | 4 + roles/unmaintained/wbo/meta/main.yml | 3 + roles/unmaintained/wbo/tasks/main.yml | 57 + .../unmaintained/wbo/templates/wbo.service.j2 | 21 + roles/vaultwarden/defaults/main.yml | 49 + roles/vaultwarden/handlers/main.yml | 5 + roles/vaultwarden/meta/main.yml | 9 + roles/vaultwarden/tasks/archive_post.yml | 12 + roles/vaultwarden/tasks/archive_pre.yml | 38 + roles/vaultwarden/tasks/cleanup.yml | 10 + roles/vaultwarden/tasks/conf.yml | 11 + roles/vaultwarden/tasks/directories.yml | 25 + roles/vaultwarden/tasks/facts.yml | 74 + roles/vaultwarden/tasks/install.yml | 109 ++ roles/vaultwarden/tasks/iptables.yml | 8 + roles/vaultwarden/tasks/main.yml | 18 + .../tasks/migrate_bitwarden_rs.yml | 73 + roles/vaultwarden/tasks/service.yml | 6 + roles/vaultwarden/tasks/user.yml | 5 + roles/vaultwarden/tasks/write_version.yml | 10 + roles/vaultwarden/templates/nginx.conf.j2 | 69 + roles/vaultwarden/templates/post-backup.sh.j2 | 3 + roles/vaultwarden/templates/pre-backup.sh.j2 | 18 + .../vaultwarden/templates/vaultwarden.conf.j2 | 28 + .../templates/vaultwarden.service.j2 | 27 + roles/wapt_server/defaults/main.yml | 13 + roles/wapt_server/handlers/main.yml | 13 + roles/wapt_server/meta/main.yml | 5 + roles/wapt_server/tasks/main.yml | 218 +++ roles/wapt_server/templates/nginx.conf.j2 | 23 + roles/wapt_server/templates/post-backup.sh.j2 | 3 + roles/wapt_server/templates/pre-backup.sh.j2 | 10 + roles/wapt_server/templates/wapt.conf.j2 | 56 + roles/wapt_server/vars/RedHat-7.yml | 7 + roles/wapt_server/vars/RedHat-8.yml | 7 + roles/wb_ad_auth/defaults/main.yml | 20 + roles/wb_ad_auth/handlers/main.yml | 9 + roles/wb_ad_auth/tasks/main.yml | 62 + roles/wb_ad_auth/templates/krb5.conf | 5 + roles/wb_ad_auth/templates/krb5.conf.j2 | 5 + roles/wb_ad_auth/templates/sssd.conf.j2 | 24 + roles/wordpress/defaults/main.yml | 51 + roles/wordpress/handlers/main.yml | 1 + roles/wordpress/meta/main.yml | 8 + roles/wordpress/tasks/archive_post.yml | 7 + roles/wordpress/tasks/archive_pre.yml | 9 + roles/wordpress/tasks/conf.yml | 21 + roles/wordpress/tasks/directories.yml | 24 + roles/wordpress/tasks/facts.yml | 93 ++ roles/wordpress/tasks/install.yml | 78 + roles/wordpress/tasks/main.yml | 11 + roles/wordpress/tasks/user.yml | 7 + roles/wordpress/templates/httpd.conf.j2 | 36 + roles/wordpress/templates/perms.sh.j2 | 4 + roles/wordpress/templates/php.conf.j2 | 35 + roles/wordpress/templates/post-backup.sh.j2 | 3 + roles/wordpress/templates/pre-backup.sh.j2 | 14 + roles/wordpress/templates/wp-config.php.j2 | 37 + roles/x2go_server/tasks/main.yml | 8 + roles/zabbix_agent/defaults/main.yml | 31 + roles/zabbix_agent/handlers/main.yml | 3 + roles/zabbix_agent/meta/main.yml | 3 + roles/zabbix_agent/tasks/conf.yml | 17 + roles/zabbix_agent/tasks/facts.yml | 9 + roles/zabbix_agent/tasks/install_Debian.yml | 60 + roles/zabbix_agent/tasks/install_RedHat.yml | 8 + roles/zabbix_agent/tasks/iptables.yml | 8 + roles/zabbix_agent/tasks/main.yml | 11 + roles/zabbix_agent/tasks/psk.yml | 12 + roles/zabbix_agent/tasks/selinux.yml | 12 + roles/zabbix_agent/tasks/sensors.yml | 26 + roles/zabbix_agent/tasks/sensors_Debian.yml | 42 + roles/zabbix_agent/tasks/sensors_RedHat.yml | 50 + roles/zabbix_agent/tasks/service.yml | 4 + .../templates/block_devices.conf.j2 | 6 + .../templates/zabbix_agentd.conf.j2 | 9 + roles/zabbix_agent/vars/Debian-10.yml | 14 + roles/zabbix_agent/vars/Debian-11.yml | 14 + roles/zabbix_agent/vars/Debian-8.yml | 13 + roles/zabbix_agent/vars/Debian-9.yml | 14 + roles/zabbix_agent/vars/RedHat-7.yml | 7 + roles/zabbix_agent/vars/RedHat-8.yml | 8 + roles/zabbix_agent/vars/Ubuntu-20.yml | 14 + roles/zabbix_lld_all_graph/README.md | 4 + roles/zabbix_lld_all_graph/defaults/main.yml | 5 + .../files/zabbix_lld_all_graph | 561 +++++++ roles/zabbix_lld_all_graph/meta/main.yml | 4 + roles/zabbix_lld_all_graph/tasks/conf.yml | 5 + roles/zabbix_lld_all_graph/tasks/install.yml | 26 + roles/zabbix_lld_all_graph/tasks/main.yml | 5 + roles/zabbix_lld_all_graph/tasks/services.yml | 8 + .../templates/zabbix-lld-all-graph.j2 | 9 + .../templates/zabbix-lld-all-graph.service.j2 | 9 + .../templates/zabbix-lld-all-graph.timer.j2 | 8 + roles/zabbix_proxy/defaults/main.yml | 26 + roles/zabbix_proxy/files/zabbix_proxy.te | 20 + roles/zabbix_proxy/handlers/main.yml | 5 + roles/zabbix_proxy/meta/main.yml | 4 + roles/zabbix_proxy/tasks/conf.yml | 9 + roles/zabbix_proxy/tasks/directories.yml | 8 + roles/zabbix_proxy/tasks/install.yml | 23 + roles/zabbix_proxy/tasks/iptables.yml | 8 + roles/zabbix_proxy/tasks/main.yml | 12 + roles/zabbix_proxy/tasks/psk.yml | 19 + roles/zabbix_proxy/tasks/selinux.yml | 28 + roles/zabbix_proxy/tasks/service.yml | 41 + roles/zabbix_proxy/tasks/upgrade.yml | 11 + .../templates/zabbix_proxy.conf.j2 | 29 + roles/zabbix_server/defaults/main.yml | 65 + .../zabbix_server/files/scripts/check_cert.pl | 109 ++ .../zabbix_server/files/scripts/matrix_notify | 26 + roles/zabbix_server/files/zabbix_server.te | 20 + roles/zabbix_server/handlers/main.yml | 12 + roles/zabbix_server/meta/main.yml | 6 + roles/zabbix_server/tasks/conf.yml | 90 ++ roles/zabbix_server/tasks/directories.yml | 17 + roles/zabbix_server/tasks/facts.yml | 10 + roles/zabbix_server/tasks/install.yml | 27 + roles/zabbix_server/tasks/iptables.yml | 9 + roles/zabbix_server/tasks/main.yml | 11 + roles/zabbix_server/tasks/selinux.yml | 40 + roles/zabbix_server/tasks/service.yml | 48 + roles/zabbix_server/templates/httpd.conf.j2 | 18 + roles/zabbix_server/templates/patrixrc.j2 | 11 + roles/zabbix_server/templates/php.conf.j2 | 36 + .../zabbix_server/templates/post_backup.sh.j2 | 7 + .../zabbix_server/templates/pre_backup.sh.j2 | 47 + .../templates/zabbix.conf.php.j2 | 15 + .../templates/zabbix_java_gateway.conf.j2 | 3 + .../templates/zabbix_server.conf.j2 | 16 + roles/zfs/defaults/main.yml | 67 + roles/zfs/files/z_resume_scrubs | 9 + roles/zfs/files/z_suspend_scrubs | 9 + roles/zfs/handlers/main.yml | 8 + roles/zfs/meta/main.yml | 5 + roles/zfs/tasks/install_Debian.yml | 46 + roles/zfs/tasks/install_RedHat.yml | 10 + roles/zfs/tasks/main.yml | 151 ++ roles/zfs/templates/recv-sudo.j2 | 6 + roles/zfs/templates/sanoid.conf.j2 | 19 + roles/zfs/templates/sanoid.service.j2 | 9 + roles/zfs/templates/sanoid.timer.j2 | 10 + roles/zfs/templates/syncoid.service.j2 | 10 + roles/zfs/templates/syncoid.timer.j2 | 8 + roles/zfs/templates/zfs-scrub@.service.j2 | 9 + roles/zfs/templates/zfs-scrub@.timer.j2 | 9 + roles/zfs/templates/zfs-trim@.service.j2 | 9 + roles/zfs/templates/zfs-trim@.timer.j2 | 9 + roles/zfs_common/defaults/main.yml | 8 + roles/zfs_common/tasks/main.yml | 6 + roles/zfs_common/templates/zfs.conf.j2 | 15 + roles/zimbra/amavis.yml | 1 + roles/zimbra/defaults/main.yml | 79 + roles/zimbra/files/zmpostfixpolicyd | 217 +++ .../zmpostfixpolicyd_recipient_delim.patch | 97 ++ roles/zimbra/handlers/main.yml | 11 + roles/zimbra/meta/main.yml | 4 + roles/zimbra/service.yml | 1 + roles/zimbra/stats.yml | 1 + roles/zimbra/tasks/antispam.yml | 1 + roles/zimbra/tasks/apache.yml | 1 + roles/zimbra/tasks/cas.yml | 239 +++ roles/zimbra/tasks/filebeat.yml | 5 + roles/zimbra/tasks/install.yml | 36 + roles/zimbra/tasks/ldap.yml | 9 + roles/zimbra/tasks/logger.yml | 10 + roles/zimbra/tasks/mailbox.yml | 158 ++ roles/zimbra/tasks/main.yml | 211 +++ roles/zimbra/tasks/memcached.yml | 10 + roles/zimbra/tasks/mta.yml | 36 + roles/zimbra/tasks/opendkim.yml | 1 + roles/zimbra/tasks/proxy.yml | 32 + roles/zimbra/tasks/snmp.yml | 1 + roles/zimbra/tasks/spell.yml | 9 + roles/zimbra/tasks/zmldapsync.yml | 56 + roles/zimbra/templates/cas_preauth.jsp.j2 | 98 ++ .../zimbra/templates/cas_preauth_admin.jsp.j2 | 100 ++ roles/zimbra/templates/dehydrated_hook.sh.j2 | 60 + roles/zimbra/templates/filebeat.yml.j2 | 9 + roles/zimbra/templates/post_backup.sh.j2 | 11 + roles/zimbra/templates/pre_backup.sh.j2 | 68 + roles/zimbra/templates/rsyslog.conf.j2 | 23 + roles/zimbra/templates/zcs_init_config.j2 | 86 ++ roles/zimbra/templates/zcs_install_answers.j2 | 6 + roles/zimbra/templates/zimbra_wrapper.j2 | 3 + roles/zimbra/templates/zmldapsync.service.j2 | 7 + roles/zimbra/templates/zmldapsync.timer.j2 | 8 + roles/zimbra/templates/zmldapsync.yml.j2 | 14 + roles/zimbra/vars/RedHat-7.yml | 7 + roles/zimbra/vars/RedHat-8.yml | 7 + roles/zimbra/vars/main.yml | 2 + roles/zimbra/zimbra.yml | 1 + roles/zimbra/zimbraAdmin.yml | 1 + roles/zimbra/zimlet.yml | 1 + 2153 files changed, 60999 insertions(+) create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 library/iptables_raw.py create mode 100644 playbooks/update_all.yml create mode 100644 playbooks/update_cacertificates.yml create mode 100644 playbooks/update_zabbix.yml create mode 100644 roles/akeneo_pim/README.md create mode 100644 roles/akeneo_pim/defaults/main.yml create mode 100644 roles/akeneo_pim/handlers/main.yml create mode 100644 roles/akeneo_pim/meta/main.yml create mode 100644 roles/akeneo_pim/tasks/archive_post.yml create mode 100644 roles/akeneo_pim/tasks/archive_pre.yml create mode 100644 roles/akeneo_pim/tasks/cleanup.yml create mode 100644 roles/akeneo_pim/tasks/conf.yml create mode 100644 roles/akeneo_pim/tasks/directories.yml create mode 100644 roles/akeneo_pim/tasks/facts.yml create mode 100644 roles/akeneo_pim/tasks/install.yml create mode 100644 roles/akeneo_pim/tasks/main.yml create mode 100644 roles/akeneo_pim/tasks/services.yml create mode 100644 roles/akeneo_pim/tasks/user.yml create mode 100644 roles/akeneo_pim/tasks/write_version.yml create mode 100644 roles/akeneo_pim/templates/akeneo-pim-events-api.service.j2 create mode 100644 roles/akeneo_pim/templates/akeneo-pim-jobs.service.j2 create mode 100644 roles/akeneo_pim/templates/composer.json.j2 create mode 100644 roles/akeneo_pim/templates/env.j2 create mode 100644 roles/akeneo_pim/templates/httpd.conf.j2 create mode 100644 roles/akeneo_pim/templates/logrotate.conf.j2 create mode 100644 roles/akeneo_pim/templates/perms.sh.j2 create mode 100644 roles/akeneo_pim/templates/php.conf.j2 create mode 100644 roles/akeneo_pim/templates/post-backup.j2 create mode 100644 roles/akeneo_pim/templates/pre-backup.j2 create mode 100644 roles/ampache/defaults/main.yml create mode 100644 roles/ampache/handlers/main.yml create mode 100644 roles/ampache/meta/main.yml create mode 100644 roles/ampache/tasks/main.yml create mode 100644 roles/ampache/templates/ampache.cfg.php.j2 create mode 100644 roles/ampache/templates/cron.sh.j2 create mode 100644 roles/ampache/templates/httpd.conf.j2 create mode 100644 roles/ampache/templates/motd.php.j2 create mode 100644 roles/ampache/templates/perms.sh.j2 create mode 100644 roles/ampache/templates/php.conf.j2 create mode 100644 roles/ampache/templates/post-backup.j2 create mode 100644 roles/ampache/templates/pre-backup.j2 create mode 100644 roles/ampache/templates/sso.php.j2 create mode 100644 roles/appsmith/defaults/main.yml create mode 100644 roles/appsmith/handlers/main.yml create mode 100644 roles/appsmith/meta/main.yml create mode 100644 roles/appsmith/tasks/archive_post.yml create mode 100644 roles/appsmith/tasks/archive_pre.yml create mode 100644 roles/appsmith/tasks/cleanup.yml create mode 100644 roles/appsmith/tasks/conf.yml create mode 100644 roles/appsmith/tasks/directories.yml create mode 100644 roles/appsmith/tasks/facts.yml create mode 100644 roles/appsmith/tasks/install.yml create mode 100644 roles/appsmith/tasks/iptables.yml create mode 100644 roles/appsmith/tasks/main.yml create mode 100644 roles/appsmith/tasks/services.yml create mode 100644 roles/appsmith/tasks/user.yml create mode 100644 roles/appsmith/tasks/write_version.yml create mode 100644 roles/appsmith/templates/appsmith-server.service.j2 create mode 100644 roles/appsmith/templates/env.j2 create mode 100644 roles/appsmith/templates/nginx.conf.j2 create mode 100644 roles/appsmith/templates/post-backup.sh.j2 create mode 100644 roles/appsmith/templates/pre-backup.sh.j2 create mode 100644 roles/appsmith/templates/pre-start.sh.j2 create mode 100644 roles/backup/defaults/main.yml create mode 100644 roles/backup/files/dump-megaraid-cfg create mode 100644 roles/backup/files/dump-rpms-list create mode 100644 roles/backup/files/post-backup create mode 100644 roles/backup/files/pre-backup create mode 100644 roles/backup/files/rm-megaraid-cfg create mode 100644 roles/backup/tasks/main.yml create mode 100644 roles/backup/templates/sudo.j2 create mode 100644 roles/backuppc/defaults/main.yml create mode 100644 roles/backuppc/handlers/main.yml create mode 100644 roles/backuppc/meta/main.yml create mode 100644 roles/backuppc/tasks/main.yml create mode 100644 roles/backuppc/templates/httpd.conf.j2 create mode 100644 roles/backuppc/templates/sudoers.j2 create mode 100644 roles/bookstack/defaults/main.yml create mode 100644 roles/bookstack/meta/main.yml create mode 100644 roles/bookstack/tasks/archive_post.yml create mode 100644 roles/bookstack/tasks/archive_pre.yml create mode 100644 roles/bookstack/tasks/cleanup.yml create mode 100644 roles/bookstack/tasks/conf.yml create mode 100644 roles/bookstack/tasks/directories.yml create mode 100644 roles/bookstack/tasks/facts.yml create mode 100644 roles/bookstack/tasks/install.yml create mode 100644 roles/bookstack/tasks/main.yml create mode 100644 roles/bookstack/tasks/user.yml create mode 100644 roles/bookstack/tasks/write_version.yml create mode 100644 roles/bookstack/templates/env.j2 create mode 100644 roles/bookstack/templates/httpd.conf.j2 create mode 100644 roles/bookstack/templates/perms.sh.j2 create mode 100644 roles/bookstack/templates/php.conf.j2 create mode 100644 roles/bookstack/templates/post-backup.j2 create mode 100644 roles/bookstack/templates/pre-backup.j2 create mode 100644 roles/clamav/defaults/main.yml create mode 100644 roles/clamav/handlers/main.yml create mode 100644 roles/clamav/tasks/main.yml create mode 100644 roles/clamav/templates/clamd.conf.j2 create mode 100644 roles/clamav/templates/clamd.service.j2 create mode 100644 roles/clamav/templates/freshclam.conf.j2 create mode 100644 roles/clamav/templates/freshclam.service.j2 create mode 100644 roles/common/defaults/main.yml create mode 100644 roles/common/files/MegaCli-8.07.14-1.noarch.rpm create mode 100644 roles/common/files/bash_aliases.sh create mode 100644 roles/common/files/crond create mode 100644 roles/common/files/fstrim_all create mode 100644 roles/common/files/megacli_8.07.14-1_all.deb create mode 100644 roles/common/files/vimrc.local_Debian create mode 100644 roles/common/handlers/main.yml create mode 100644 roles/common/meta/main.yml create mode 100644 roles/common/tasks/facts.yml create mode 100644 roles/common/tasks/guest.yml create mode 100644 roles/common/tasks/guest_Debian.yml create mode 100644 roles/common/tasks/guest_RedHat.yml create mode 100644 roles/common/tasks/hardware.yml create mode 100644 roles/common/tasks/hardware_Debian.yml create mode 100644 roles/common/tasks/hardware_RedHat.yml create mode 100644 roles/common/tasks/hostname.yml create mode 100644 roles/common/tasks/mail.yml create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/common/tasks/system.yml create mode 100644 roles/common/tasks/tuned.yml create mode 100644 roles/common/tasks/tz.yml create mode 100644 roles/common/tasks/utils.yml create mode 100644 roles/common/templates/bash_aliases.sh.j2 create mode 100644 roles/common/templates/journal-upload.conf.j2 create mode 100644 roles/common/templates/journald.conf.j2 create mode 100644 roles/common/templates/rc-local-shutdown.service.j2 create mode 100644 roles/common/templates/rc.local.j2 create mode 100644 roles/common/templates/rc.local.shutdown.j2 create mode 100644 roles/common/templates/systemd-journal-upload.service.j2 create mode 100644 roles/common/vars/Debian-10.yml create mode 100644 roles/common/vars/Debian-11.yml create mode 100644 roles/common/vars/Debian-8.yml create mode 100644 roles/common/vars/Debian-9.yml create mode 100644 roles/common/vars/RedHat-7.yml create mode 100644 roles/common/vars/RedHat-8.yml create mode 100644 roles/common/vars/Ubuntu-20.yml create mode 100644 roles/composer/meta/main.yml create mode 100644 roles/composer/tasks/cleanup.yml create mode 100644 roles/composer/tasks/install.yml create mode 100644 roles/composer/tasks/main.yml create mode 100644 roles/coturn/defaults/main.yml create mode 100644 roles/coturn/handlers/main.yml create mode 100644 roles/coturn/meta/main.yml create mode 100644 roles/coturn/tasks/main.yml create mode 100644 roles/coturn/templates/dehydrated_deploy_hook.j2 create mode 100644 roles/coturn/templates/turnserver.conf.j2 create mode 100644 roles/crowdsec/defaults/main.yml create mode 100644 roles/crowdsec/handlers/main.yml create mode 100644 roles/crowdsec/meta/main.yml create mode 100644 roles/crowdsec/tasks/cleanup.yml create mode 100644 roles/crowdsec/tasks/conf.yml create mode 100644 roles/crowdsec/tasks/directories.yml create mode 100644 roles/crowdsec/tasks/facts.yml create mode 100644 roles/crowdsec/tasks/install.yml create mode 100644 roles/crowdsec/tasks/iptables.yml create mode 100644 roles/crowdsec/tasks/main.yml create mode 100644 roles/crowdsec/tasks/services.yml create mode 100644 roles/crowdsec/tasks/user.yml create mode 100644 roles/crowdsec/templates/acquis.yaml.j2 create mode 100644 roles/crowdsec/templates/acquis/system.yaml.j2 create mode 100644 roles/crowdsec/templates/config.yaml.j2 create mode 100644 roles/crowdsec/templates/dev.yaml.j2 create mode 100644 roles/crowdsec/templates/local_api_credentials.yaml.j2 create mode 100644 roles/crowdsec/templates/online_api_credentials.yaml.j2 create mode 100644 roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2 create mode 100644 roles/crowdsec/templates/post-backup.j2 create mode 100644 roles/crowdsec/templates/pre-backup.j2 create mode 100644 roles/crowdsec/templates/profiles.yaml.j2 create mode 100644 roles/crowdsec/templates/simulation.yaml.j2 create mode 100644 roles/crowdsec_firewall_bouncer/defaults/main.yml create mode 100644 roles/crowdsec_firewall_bouncer/handlers/main.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/cleanup.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/conf.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/directories.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/facts.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/install.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/iptables.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/main.yml create mode 100644 roles/crowdsec_firewall_bouncer/tasks/services.yml create mode 100644 roles/crowdsec_firewall_bouncer/templates/cs-firewall-bouncer.yaml.j2 create mode 100644 roles/crowdsec_firewall_bouncer/vars/Debian.yml create mode 100644 roles/crowdsec_firewall_bouncer/vars/RedHat.yml create mode 100644 roles/diagrams/defaults/main.yml create mode 100644 roles/diagrams/handlers/main.yml create mode 100644 roles/diagrams/meta/main.yml create mode 100644 roles/diagrams/tasks/archive_post.yml create mode 100644 roles/diagrams/tasks/archive_pre.yml create mode 100644 roles/diagrams/tasks/cleanup.yml create mode 100644 roles/diagrams/tasks/conf.yml create mode 100644 roles/diagrams/tasks/directories.yml create mode 100644 roles/diagrams/tasks/facts.yml create mode 100644 roles/diagrams/tasks/install.yml create mode 100644 roles/diagrams/tasks/iptables.yml create mode 100644 roles/diagrams/tasks/main.yml create mode 100644 roles/diagrams/tasks/selinux.yml create mode 100644 roles/diagrams/tasks/services.yml create mode 100644 roles/diagrams/tasks/write_version.yml create mode 100644 roles/diagrams/templates/server.xml.j2 create mode 100644 roles/diagrams/templates/sysconfig.j2 create mode 100644 roles/dnscache/defaults/main.yml create mode 100644 roles/dnscache/handlers/main.yml create mode 100644 roles/dnscache/tasks/main.yml create mode 100644 roles/dnscache/templates/dnscache.conf.j2 create mode 100644 roles/dnscache/templates/roots.j2 create mode 100644 roles/docker/defaults/main.yml create mode 100644 roles/docker/handlers/main.yml create mode 100644 roles/docker/meta/main.yml create mode 100644 roles/docker/tasks/conf.yml create mode 100644 roles/docker/tasks/directories.yml create mode 100644 roles/docker/tasks/facts.yml create mode 100644 roles/docker/tasks/install.yml create mode 100644 roles/docker/tasks/install_RedHat.yml create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/docker/tasks/service.yml create mode 100644 roles/docker/templates/daemon.json.j2 create mode 100644 roles/docker/templates/docker-service-ansible.conf.j2 create mode 100644 roles/docker_compose/defaults/main.yml create mode 100644 roles/docker_compose/tasks/main.yml create mode 100644 roles/docker_volume_local_persist/defaults/main.yml create mode 100644 roles/docker_volume_local_persist/handlers/main.yml create mode 100644 roles/docker_volume_local_persist/meta/main.yml create mode 100644 roles/docker_volume_local_persist/tasks/main.yml create mode 100644 roles/docker_volume_local_persist/templates/docker-volume-local-persist.service.j2 create mode 100644 roles/documize/defaults/main.yml create mode 100644 roles/documize/handlers/main.yml create mode 100644 roles/documize/meta/main.yml create mode 100644 roles/documize/tasks/archive_post.yml create mode 100644 roles/documize/tasks/archive_pre.yml create mode 100644 roles/documize/tasks/cleanup.yml create mode 100644 roles/documize/tasks/conf.yml create mode 100644 roles/documize/tasks/directories.yml create mode 100644 roles/documize/tasks/facts.yml create mode 100644 roles/documize/tasks/install.yml create mode 100644 roles/documize/tasks/iptables.yml create mode 100644 roles/documize/tasks/main.yml create mode 100644 roles/documize/tasks/services.yml create mode 100644 roles/documize/tasks/user.yml create mode 100644 roles/documize/tasks/write_version.yml create mode 100644 roles/documize/templates/documize.conf.j2 create mode 100644 roles/documize/templates/documize.service.j2 create mode 100644 roles/documize/templates/post-backup.j2 create mode 100644 roles/documize/templates/pre-backup.j2 create mode 100644 roles/dokuwiki/defaults/main.yml create mode 100644 roles/dokuwiki/files/authhttpldap/auth.php create mode 100644 roles/dokuwiki/files/authhttpldap/plugin.info.txt create mode 100644 roles/dokuwiki/handlers/main.yml create mode 100644 roles/dokuwiki/meta/main.yml create mode 100644 roles/dokuwiki/tasks/filebeat.yml create mode 100644 roles/dokuwiki/tasks/main.yml create mode 100644 roles/dokuwiki/templates/filebeat.yml.j2 create mode 100644 roles/dokuwiki/templates/htaccess.j2 create mode 100644 roles/dokuwiki/templates/httpd.conf.j2 create mode 100644 roles/dokuwiki/templates/local.php.j2 create mode 100644 roles/dokuwiki/templates/local.protected.php.j2 create mode 100644 roles/dokuwiki/templates/perms.sh.j2 create mode 100644 roles/dokuwiki/templates/php.conf.j2 create mode 100644 roles/dokuwiki/templates/plugins.protected.php.j2 create mode 100644 roles/dolibarr/defaults/main.yml create mode 100644 roles/dolibarr/files/dolibarr_token.patch create mode 100644 roles/dolibarr/handlers/main.yml create mode 100644 roles/dolibarr/meta/main.yml create mode 100644 roles/dolibarr/tasks/archive_post.yml create mode 100644 roles/dolibarr/tasks/archive_pre.yml create mode 100644 roles/dolibarr/tasks/cleanup.yml create mode 100644 roles/dolibarr/tasks/conf.yml create mode 100644 roles/dolibarr/tasks/directories.yml create mode 100644 roles/dolibarr/tasks/facts.yml create mode 100644 roles/dolibarr/tasks/install.yml create mode 100644 roles/dolibarr/tasks/main.yml create mode 100644 roles/dolibarr/tasks/user.yml create mode 100644 roles/dolibarr/tasks/write_version.yml create mode 100644 roles/dolibarr/templates/dolibarr.conf.j2 create mode 100644 roles/dolibarr/templates/httpd.conf.j2 create mode 100644 roles/dolibarr/templates/logrotate.conf.j2 create mode 100644 roles/dolibarr/templates/perms.sh.j2 create mode 100644 roles/dolibarr/templates/php.conf.j2 create mode 100644 roles/dolibarr/templates/post-backup.j2 create mode 100644 roles/dolibarr/templates/pre-backup.j2 create mode 100644 roles/elasticsearch/defaults/main.yml create mode 100644 roles/elasticsearch/handlers/main.yml create mode 100644 roles/elasticsearch/meta/main.yml create mode 100644 roles/elasticsearch/tasks/backup.yml create mode 100644 roles/elasticsearch/tasks/conf.yml create mode 100644 roles/elasticsearch/tasks/directories.yml create mode 100644 roles/elasticsearch/tasks/install.yml create mode 100644 roles/elasticsearch/tasks/iptables.yml create mode 100644 roles/elasticsearch/tasks/main.yml create mode 100644 roles/elasticsearch/tasks/services.yml create mode 100644 roles/elasticsearch/templates/elasticsearch.yml.j2 create mode 100644 roles/elasticsearch/templates/log4j2.properties.j2 create mode 100644 roles/elasticsearch/templates/post-backup.j2 create mode 100644 roles/elasticsearch/templates/pre-backup.j2 create mode 100644 roles/ethercalc/defaults/main.yml create mode 100644 roles/ethercalc/handlers/main.yml create mode 100644 roles/ethercalc/meta/main.yml create mode 100644 roles/ethercalc/tasks/main.yml create mode 100644 roles/ethercalc/templates/env.j2 create mode 100644 roles/ethercalc/templates/ethercalc.service.j2 create mode 100644 roles/etherpad/defaults/main.yml create mode 100644 roles/etherpad/handlers/main.yml create mode 100644 roles/etherpad/meta/main.yml create mode 100644 roles/etherpad/tasks/archive_post.yml create mode 100644 roles/etherpad/tasks/archive_pre.yml create mode 100644 roles/etherpad/tasks/cleanup.yml create mode 100644 roles/etherpad/tasks/conf.yml create mode 100644 roles/etherpad/tasks/directories.yml create mode 100644 roles/etherpad/tasks/facts.yml create mode 100644 roles/etherpad/tasks/install.yml create mode 100644 roles/etherpad/tasks/iptables.yml create mode 100644 roles/etherpad/tasks/main.yml create mode 100644 roles/etherpad/tasks/service.yml create mode 100644 roles/etherpad/tasks/user.yml create mode 100644 roles/etherpad/tasks/write_version.yml create mode 100644 roles/etherpad/templates/etherpad.service.j2 create mode 100644 roles/etherpad/templates/perms.sh.j2 create mode 100644 roles/etherpad/templates/post_backup.sh.j2 create mode 100644 roles/etherpad/templates/pre_backup.sh.j2 create mode 100644 roles/etherpad/templates/settings.json.j2 create mode 100644 roles/filebeat/defaults/main.yml create mode 100644 roles/filebeat/handlers/main.yml create mode 100644 roles/filebeat/meta/main.yml create mode 100644 roles/filebeat/tasks/main.yml create mode 100644 roles/filebeat/templates/ansible_inputs.d/system_specific.yml.j2 create mode 100644 roles/filebeat/templates/ansible_modules.d/auditd.yml.j2 create mode 100644 roles/filebeat/templates/ansible_modules.d/system.yml.j2 create mode 100644 roles/filebeat/templates/filebeat.service.j2 create mode 100644 roles/filebeat/templates/filebeat.yml.j2 create mode 100644 roles/filebeat/templates/journalbeat.service.j2 create mode 100644 roles/filebeat/templates/journalbeat.yml.j2 create mode 100644 roles/framadate/defaults/main.yml create mode 100644 roles/framadate/files/framadate.sql create mode 100644 roles/framadate/handlers/main.yml create mode 100644 roles/framadate/meta/main.yml create mode 100644 roles/framadate/tasks/main.yml create mode 100644 roles/framadate/templates/config.php.j2 create mode 100644 roles/framadate/templates/httpd.conf.j2 create mode 100644 roles/framadate/templates/perms.sh.j2 create mode 100644 roles/framadate/templates/php.conf.j2 create mode 100644 roles/freepbx/defaults/main.yml create mode 100644 roles/freepbx/files/agi/jitsi_conf_pin create mode 100644 roles/freepbx/files/patches/install_dbhost.patch create mode 100644 roles/freepbx/files/patches/webrtc_proxy.patch create mode 100755 roles/freepbx/files/safe_asterisk create mode 100644 roles/freepbx/handlers/main.yml create mode 100644 roles/freepbx/meta/main.yml create mode 100644 roles/freepbx/tasks/filebeat.yml create mode 100644 roles/freepbx/tasks/main.yml create mode 100644 roles/freepbx/templates/amportal.j2 create mode 100644 roles/freepbx/templates/asterisk/manager.conf.j2 create mode 100644 roles/freepbx/templates/filebeat.yml.j2 create mode 100644 roles/freepbx/templates/freepbx.conf.j2 create mode 100644 roles/freepbx/templates/freepbx.service.j2 create mode 100644 roles/freepbx/templates/fwconsole.j2 create mode 100644 roles/freepbx/templates/httpd.conf.j2 create mode 100644 roles/freepbx/templates/logrotate.conf.j2 create mode 100644 roles/freepbx/templates/perms.sh.j2 create mode 100644 roles/freepbx/templates/php.conf.j2 create mode 100644 roles/freepbx/templates/post_backup.sh.j2 create mode 100644 roles/freepbx/templates/pre_backup.sh.j2 create mode 100644 roles/freepbx/templates/vsftpd/chroot_list.j2 create mode 100644 roles/freepbx/templates/vsftpd/pam.j2 create mode 100644 roles/freepbx/templates/vsftpd/user_list.j2 create mode 100644 roles/freepbx/templates/vsftpd/vsftpd.conf.j2 create mode 100644 roles/freepbx/vars/RedHat-7.yml create mode 100644 roles/freepbx/vars/RedHat-8.yml create mode 100644 roles/funkwhale/defaults/main.yml create mode 100644 roles/funkwhale/handlers/main.yml create mode 100644 roles/funkwhale/meta/main.yml create mode 100644 roles/funkwhale/tasks/archive_post.yml create mode 100644 roles/funkwhale/tasks/archive_pre.yml create mode 100644 roles/funkwhale/tasks/cleanup.yml create mode 100644 roles/funkwhale/tasks/conf.yml create mode 100644 roles/funkwhale/tasks/directories.yml create mode 100644 roles/funkwhale/tasks/facts.yml create mode 100644 roles/funkwhale/tasks/install.yml create mode 100644 roles/funkwhale/tasks/main.yml create mode 100644 roles/funkwhale/tasks/service.yml create mode 100644 roles/funkwhale/tasks/user.yml create mode 100644 roles/funkwhale/tasks/write_version.yml create mode 100644 roles/funkwhale/templates/env.j2 create mode 100644 roles/funkwhale/templates/funkwhale-beat.service.j2 create mode 100644 roles/funkwhale/templates/funkwhale-server.service.j2 create mode 100644 roles/funkwhale/templates/funkwhale-update-media.service.j2 create mode 100644 roles/funkwhale/templates/funkwhale-update-media.timer.j2 create mode 100644 roles/funkwhale/templates/funkwhale-worker.service.j2 create mode 100644 roles/funkwhale/templates/httpd.conf.j2 create mode 100644 roles/funkwhale/templates/perms.sh.j2 create mode 100644 roles/funkwhale/templates/post-backup.sh.j2 create mode 100644 roles/funkwhale/templates/pre-backup.sh.j2 create mode 100644 roles/funkwhale/vars/RedHat-7.yml create mode 100644 roles/funkwhale/vars/RedHat-8.yml create mode 100644 roles/fusioninventory_agent/defaults/main.yml create mode 100644 roles/fusioninventory_agent/handlers/main.yml create mode 100644 roles/fusioninventory_agent/tasks/install_Debian.yml create mode 100644 roles/fusioninventory_agent/tasks/install_RedHat.yml create mode 100644 roles/fusioninventory_agent/tasks/main.yml create mode 100644 roles/fusioninventory_agent/templates/agent.cfg.j2 create mode 100644 roles/g2cs/README.md create mode 100644 roles/g2cs/defaults/main.yml create mode 100644 roles/g2cs/files/g2cs.pl create mode 100644 roles/g2cs/handlers/main.yml create mode 100644 roles/g2cs/tasks/install.yml create mode 100644 roles/g2cs/tasks/iptables.yml create mode 100644 roles/g2cs/tasks/main.yml create mode 100644 roles/g2cs/tasks/service.yml create mode 100644 roles/g2cs/tasks/user.yml create mode 100644 roles/g2cs/templates/g2cs.service.j2 create mode 100644 roles/geoipupdate/defaults/main.yml create mode 100644 roles/geoipupdate/handlers/main.yml create mode 100644 roles/geoipupdate/tasks/main.yml create mode 100644 roles/geoipupdate/templates/GeoIP.conf.j2 create mode 100644 roles/geoipupdate/templates/geoipupdate.service.j2 create mode 100644 roles/geoipupdate/templates/geoipupdate.timer.j2 create mode 100644 roles/gitea/defaults/main.yml create mode 100644 roles/gitea/handlers/main.yml create mode 100644 roles/gitea/meta/main.yml create mode 100644 roles/gitea/tasks/admin_user.yml create mode 100644 roles/gitea/tasks/archive_post.yml create mode 100644 roles/gitea/tasks/archive_pre.yml create mode 100644 roles/gitea/tasks/cleanup.yml create mode 100644 roles/gitea/tasks/conf.yml create mode 100644 roles/gitea/tasks/directories.yml create mode 100644 roles/gitea/tasks/facts.yml create mode 100644 roles/gitea/tasks/install.yml create mode 100644 roles/gitea/tasks/iptables.yml create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/gitea/tasks/service.yml create mode 100644 roles/gitea/tasks/user.yml create mode 100644 roles/gitea/tasks/write_version.yml create mode 100644 roles/gitea/templates/app.ini.j2 create mode 100644 roles/gitea/templates/git.sh.j2 create mode 100644 roles/gitea/templates/gitea.service.j2 create mode 100644 roles/gitea/templates/perms.sh.j2 create mode 100644 roles/gitea/templates/post_backup.sh.j2 create mode 100644 roles/gitea/templates/pre_backup.sh.j2 create mode 100644 roles/gitea/vars/RedHat-7.yml create mode 100644 roles/gitea/vars/RedHat-8.yml create mode 100644 roles/glpi/defaults/main.yml create mode 100644 roles/glpi/handlers/main.yml create mode 100644 roles/glpi/meta/main.yml create mode 100644 roles/glpi/tasks/archive_post.yml create mode 100644 roles/glpi/tasks/archive_pre.yml create mode 100644 roles/glpi/tasks/cleanup.yml create mode 100644 roles/glpi/tasks/conf.yml create mode 100644 roles/glpi/tasks/directories.yml create mode 100644 roles/glpi/tasks/facts.yml create mode 100644 roles/glpi/tasks/filebeat.yml create mode 100644 roles/glpi/tasks/install.yml create mode 100644 roles/glpi/tasks/main.yml create mode 100644 roles/glpi/tasks/user.yml create mode 100644 roles/glpi/tasks/write_version.yml create mode 100644 roles/glpi/templates/config_db.php.j2 create mode 100644 roles/glpi/templates/filebeat.yml.j2 create mode 100644 roles/glpi/templates/httpd.conf.j2 create mode 100644 roles/glpi/templates/local_define.php.j2 create mode 100644 roles/glpi/templates/logrotate.conf.j2 create mode 100644 roles/glpi/templates/perms.sh.j2 create mode 100644 roles/glpi/templates/php.conf.j2 create mode 100644 roles/glpi/templates/post_backup.j2 create mode 100644 roles/glpi/templates/pre_backup.j2 create mode 100644 roles/glpi/templates/sso.php.j2 create mode 100644 roles/grafana/defaults/main.yml create mode 100644 roles/grafana/handlers/main.yml create mode 100644 roles/grafana/meta/main.yml create mode 100644 roles/grafana/tasks/main.yml create mode 100644 roles/grafana/templates/grafana.ini.j2 create mode 100644 roles/grafana/templates/ldap.toml.j2 create mode 100644 roles/graylog/defaults/main.yml create mode 100644 roles/graylog/handlers/main.yml create mode 100644 roles/graylog/meta/main.yml create mode 100644 roles/graylog/tasks/archive_post.yml create mode 100644 roles/graylog/tasks/archive_pre.yml create mode 100644 roles/graylog/tasks/cleanup.yml create mode 100644 roles/graylog/tasks/conf.yml create mode 100644 roles/graylog/tasks/directories.yml create mode 100644 roles/graylog/tasks/facts.yml create mode 100644 roles/graylog/tasks/filebeat.yml create mode 100644 roles/graylog/tasks/install.yml create mode 100644 roles/graylog/tasks/iptables.yml create mode 100644 roles/graylog/tasks/main.yml create mode 100644 roles/graylog/tasks/service.yml create mode 100644 roles/graylog/tasks/user.yml create mode 100644 roles/graylog/tasks/write_version.yml create mode 100644 roles/graylog/templates/dehydrated_deploy_hook.j2 create mode 100644 roles/graylog/templates/filebeat.yml.j2 create mode 100644 roles/graylog/templates/graylog-server.j2 create mode 100644 roles/graylog/templates/graylog-server.service.j2 create mode 100644 roles/graylog/templates/log4j2.xml.j2 create mode 100644 roles/graylog/templates/logrotate.conf.j2 create mode 100644 roles/graylog/templates/post-backup.j2 create mode 100644 roles/graylog/templates/pre-backup.j2 create mode 100644 roles/graylog/templates/server.conf.j2 create mode 100644 roles/httpd_common/defaults/main.yml create mode 100644 roles/httpd_common/files/index_default.html create mode 100644 roles/httpd_common/files/index_maintenance.html create mode 100644 roles/httpd_common/handlers/main.yml create mode 100644 roles/httpd_common/meta/main.yml create mode 100644 roles/httpd_common/tasks/filebeat.yml create mode 100644 roles/httpd_common/tasks/main.yml create mode 100644 roles/httpd_common/templates/00-base_mod.conf.j2 create mode 100644 roles/httpd_common/templates/10-mpm.conf.j2 create mode 100644 roles/httpd_common/templates/20-cgi.conf.j2 create mode 100644 roles/httpd_common/templates/autoindex.conf.j2 create mode 100644 roles/httpd_common/templates/common_env.inc.j2 create mode 100644 roles/httpd_common/templates/dir_ansible.conf.j2 create mode 100644 roles/httpd_common/templates/errors.conf.j2 create mode 100644 roles/httpd_common/templates/filebeat.yml.j2 create mode 100644 roles/httpd_common/templates/httpd.conf.j2 create mode 100644 roles/httpd_common/templates/logrotate.conf.j2 create mode 100644 roles/httpd_common/templates/status.conf.j2 create mode 100644 roles/httpd_common/templates/vhost_ansible.conf.j2 create mode 100644 roles/httpd_common/templates/vhost_default.conf.j2 create mode 100644 roles/httpd_common/vars/RedHat-7.yml create mode 100644 roles/httpd_common/vars/RedHat-8.yml create mode 100644 roles/httpd_common/vars/defaults.yml create mode 100644 roles/httpd_front/defaults/main.yml create mode 100644 roles/httpd_front/files/dehydrated_deploy_hook create mode 100644 roles/httpd_front/handlers/main.yml create mode 100644 roles/httpd_front/meta/main.yml create mode 100644 roles/httpd_front/tasks/main.yml create mode 100644 roles/httpd_front/templates/01-front.conf.j2 create mode 100644 roles/httpd_front/templates/02-evasive.conf.j2 create mode 100644 roles/httpd_front/templates/common_cache.inc.j2 create mode 100644 roles/httpd_front/templates/common_filter.inc.j2 create mode 100644 roles/httpd_front/templates/common_force_ssl.inc.j2 create mode 100644 roles/httpd_front/templates/common_maintenance.inc.j2 create mode 100644 roles/httpd_front/templates/common_mod_security2.inc.j2 create mode 100644 roles/httpd_front/templates/common_perf.inc.j2 create mode 100644 roles/httpd_front/templates/evasive.conf.j2 create mode 100644 roles/httpd_front/templates/htcacheclean.j2 create mode 100644 roles/httpd_front/templates/security.conf.j2 create mode 100644 roles/httpd_front/templates/ssl.conf.j2 create mode 100644 roles/httpd_front/templates/vhost_downtime.conf.j2 create mode 100644 roles/httpd_mod_perl/files/03-perl.conf create mode 100644 roles/httpd_mod_perl/tasks/main.yml create mode 100644 roles/httpd_mod_proxy_uwsgi/files/04-proxy_uwsgi.conf create mode 100644 roles/httpd_mod_proxy_uwsgi/meta/main.yml create mode 100644 roles/httpd_mod_proxy_uwsgi/tasks/main.yml create mode 100644 roles/httpd_php/defaults/main.yml create mode 100644 roles/httpd_php/files/tmpfiles.conf create mode 100644 roles/httpd_php/handlers/main.yml create mode 100644 roles/httpd_php/meta/main.yml create mode 100644 roles/httpd_php/tasks/main.yml create mode 100644 roles/httpd_php/templates/default_fpm_pool.conf.j2 create mode 100644 roles/httpd_php/templates/httpd_php.conf.j2 create mode 100644 roles/httpd_php/templates/php-fpm.conf.j2 create mode 100644 roles/httpd_php/templates/php.ini.j2 create mode 100644 roles/httpd_php/templates/php_fpm_ansible_pools.conf.j2 create mode 100644 roles/httpd_php/templates/php_fpm_pool.conf.j2 create mode 100644 roles/httpd_webdav/meta/main.yml create mode 100644 roles/includes/create_selfsigned_cert.yml create mode 100644 roles/includes/create_system_user.yml create mode 100644 roles/includes/disable_selinux.yml create mode 100644 roles/includes/get_rand_pass.yml create mode 100644 roles/includes/vars/Debian.yml create mode 100644 roles/includes/vars/RedHat-7.yml create mode 100644 roles/includes/vars/RedHat-8.yml create mode 100644 roles/includes/webapps_archive.yml create mode 100644 roles/includes/webapps_compress_archive.yml create mode 100644 roles/includes/webapps_create_mysql_db.yml create mode 100644 roles/includes/webapps_post.yml create mode 100644 roles/includes/webapps_set_install_mode.yml create mode 100644 roles/includes/webapps_webconf.yml create mode 100644 roles/iptables/defaults/main.yml create mode 100644 roles/iptables/tasks/install_Debian.yml create mode 100644 roles/iptables/tasks/install_RedHat.yml create mode 100644 roles/iptables/tasks/main.yml create mode 100644 roles/iscsi_target/defaults/main.yml create mode 100644 roles/iscsi_target/tasks/main.yml create mode 100644 roles/itop/README.md create mode 100644 roles/itop/defaults/main.yml create mode 100644 roles/itop/meta/main.yml create mode 100644 roles/itop/tasks/archive_post.yml create mode 100644 roles/itop/tasks/archive_pre.yml create mode 100644 roles/itop/tasks/cleanup.yml create mode 100644 roles/itop/tasks/conf.yml create mode 100644 roles/itop/tasks/directories.yml create mode 100644 roles/itop/tasks/facts.yml create mode 100644 roles/itop/tasks/filebeat.yml create mode 100644 roles/itop/tasks/install.yml create mode 100644 roles/itop/tasks/main.yml create mode 100644 roles/itop/tasks/user.yml create mode 100644 roles/itop/tasks/write_version.yml create mode 100644 roles/itop/templates/cron.param.j2 create mode 100644 roles/itop/templates/filebeat.yml.j2 create mode 100644 roles/itop/templates/httpd.conf.j2 create mode 100644 roles/itop/templates/itop.service.j2 create mode 100644 roles/itop/templates/itop.timer.j2 create mode 100644 roles/itop/templates/perms.sh.j2 create mode 100644 roles/itop/templates/php.conf.j2 create mode 100644 roles/itop/templates/post-backup.sh.j2 create mode 100644 roles/itop/templates/pre-backup.sh.j2 create mode 100644 roles/jitsi/defaults/main.yml create mode 100644 roles/jitsi/handlers/main.yml create mode 100644 roles/jitsi/meta/main.yml create mode 100644 roles/jitsi/tasks/cleanup.yml create mode 100644 roles/jitsi/tasks/conf.yml create mode 100644 roles/jitsi/tasks/directories.yml create mode 100644 roles/jitsi/tasks/facts.yml create mode 100644 roles/jitsi/tasks/install.yml create mode 100644 roles/jitsi/tasks/iptables.yml create mode 100644 roles/jitsi/tasks/main.yml create mode 100644 roles/jitsi/tasks/services.yml create mode 100644 roles/jitsi/tasks/update_lang.yml create mode 100644 roles/jitsi/tasks/user.yml create mode 100644 roles/jitsi/templates/confmapper.json.j2 create mode 100644 roles/jitsi/templates/dehydrated_hook.sh.j2 create mode 100644 roles/jitsi/templates/jicofo/jicofo.conf.j2 create mode 100644 roles/jitsi/templates/jicofo/sip-communicator.properties.j2 create mode 100644 roles/jitsi/templates/jigasi/jigasi.conf.j2 create mode 100644 roles/jitsi/templates/jigasi/sip-communicator.properties.j2 create mode 100644 roles/jitsi/templates/jitsi-confmapper.service.j2 create mode 100644 roles/jitsi/templates/jitsi-jicofo.service.j2 create mode 100644 roles/jitsi/templates/jitsi-jigasi.service.j2 create mode 100644 roles/jitsi/templates/meet.js.j2 create mode 100644 roles/jitsi/templates/meet_interface.js.j2 create mode 100644 roles/jitsi/templates/mod_jibri_bypass_pwd.lua.j2 create mode 100644 roles/jitsi/templates/nginx.conf.j2 create mode 100644 roles/jitsi/templates/prosody.cfg.lua.j2 create mode 100644 roles/jitsi_jibri/README.md create mode 100644 roles/jitsi_jibri/defaults/main.yml create mode 100644 roles/jitsi_jibri/handlers/main.yml create mode 100644 roles/jitsi_jibri/meta/main.yml create mode 100644 roles/jitsi_jibri/tasks/cleanup.yml create mode 100644 roles/jitsi_jibri/tasks/conf.yml create mode 100644 roles/jitsi_jibri/tasks/directories.yml create mode 100644 roles/jitsi_jibri/tasks/facts.yml create mode 100644 roles/jitsi_jibri/tasks/install.yml create mode 100644 roles/jitsi_jibri/tasks/main.yml create mode 100644 roles/jitsi_jibri/tasks/services.yml create mode 100644 roles/jitsi_jibri/tasks/user.yml create mode 100644 roles/jitsi_jibri/templates/asound.conf.j2 create mode 100644 roles/jitsi_jibri/templates/clean_records.sh.j2 create mode 100644 roles/jitsi_jibri/templates/finalize.pl.j2 create mode 100644 roles/jitsi_jibri/templates/finalize.yml.j2 create mode 100644 roles/jitsi_jibri/templates/jibri.conf.j2 create mode 100644 roles/jitsi_jibri/templates/jitsi-jibri-cleaner.service.j2 create mode 100644 roles/jitsi_jibri/templates/jitsi-jibri-cleaner.timer.j2 create mode 100644 roles/jitsi_jibri/templates/jitsi-jibri-xorg.service.j2 create mode 100644 roles/jitsi_jibri/templates/jitsi-jibri.service.j2 create mode 100644 roles/jitsi_jibri/templates/nginx.conf.j2 create mode 100644 roles/jitsi_jibri/templates/xorg-video-dummy.conf.j2 create mode 100644 roles/jitsi_videobridge/defaults/main.yml create mode 100644 roles/jitsi_videobridge/handlers/main.yml create mode 100644 roles/jitsi_videobridge/meta/main.yml create mode 100644 roles/jitsi_videobridge/tasks/cleanup.yml create mode 100644 roles/jitsi_videobridge/tasks/conf.yml create mode 100644 roles/jitsi_videobridge/tasks/directories.yml create mode 100644 roles/jitsi_videobridge/tasks/facts.yml create mode 100644 roles/jitsi_videobridge/tasks/install.yml create mode 100644 roles/jitsi_videobridge/tasks/iptables.yml create mode 100644 roles/jitsi_videobridge/tasks/main.yml create mode 100644 roles/jitsi_videobridge/tasks/services.yml create mode 100644 roles/jitsi_videobridge/tasks/user.yml create mode 100644 roles/jitsi_videobridge/templates/jitsi-videobridge.service.j2 create mode 100644 roles/jitsi_videobridge/templates/sip-communicator.properties.j2 create mode 100644 roles/jitsi_videobridge/templates/videobridge.conf.j2 create mode 100644 roles/journal_remote/defaults/main.yml create mode 100644 roles/journal_remote/handlers/main.yml create mode 100644 roles/journal_remote/tasks/main.yml create mode 100644 roles/journal_remote/templates/dehydrated_hook.sh.j2 create mode 100644 roles/journal_remote/templates/journal-remote.conf.j2 create mode 100644 roles/journal_remote/templates/systemd-journal-remote.service.j2 create mode 100644 roles/kanboard/defaults/main.yml create mode 100644 roles/kanboard/handlers/main.yml create mode 100644 roles/kanboard/meta/main.yml create mode 100644 roles/kanboard/tasks/archive_post.yml create mode 100644 roles/kanboard/tasks/archive_pre.yml create mode 100644 roles/kanboard/tasks/cleanup.yml create mode 100644 roles/kanboard/tasks/conf.yml create mode 100644 roles/kanboard/tasks/directories.yml create mode 100644 roles/kanboard/tasks/facts.yml create mode 100644 roles/kanboard/tasks/install.yml create mode 100644 roles/kanboard/tasks/main.yml create mode 100644 roles/kanboard/tasks/user.yml create mode 100644 roles/kanboard/tasks/write_version.yml create mode 100644 roles/kanboard/templates/config.php.j2 create mode 100644 roles/kanboard/templates/cron.j2 create mode 100644 roles/kanboard/templates/httpd.conf.j2 create mode 100644 roles/kanboard/templates/perms.sh.j2 create mode 100644 roles/kanboard/templates/php.conf.j2 create mode 100644 roles/lemonldap_ng/defaults/main.yml create mode 100644 roles/lemonldap_ng/files/logos/akeneo.png create mode 100644 roles/lemonldap_ng/files/logos/ampache.png create mode 100644 roles/lemonldap_ng/files/logos/appsmith.png create mode 100644 roles/lemonldap_ng/files/logos/artifactory.png create mode 100644 roles/lemonldap_ng/files/logos/backuppc.png create mode 100644 roles/lemonldap_ng/files/logos/basecamp.png create mode 100644 roles/lemonldap_ng/files/logos/bitwarden.png create mode 100644 roles/lemonldap_ng/files/logos/bodet.png create mode 100644 roles/lemonldap_ng/files/logos/bookstack.png create mode 100644 roles/lemonldap_ng/files/logos/calendar.png create mode 100644 roles/lemonldap_ng/files/logos/camera.png create mode 100644 roles/lemonldap_ng/files/logos/cas.png create mode 100644 roles/lemonldap_ng/files/logos/composer.png create mode 100644 roles/lemonldap_ng/files/logos/compta.png create mode 100644 roles/lemonldap_ng/files/logos/diagrams.png create mode 100644 roles/lemonldap_ng/files/logos/dl.png create mode 100644 roles/lemonldap_ng/files/logos/dokuwiki.png create mode 100644 roles/lemonldap_ng/files/logos/dolibarr.png create mode 100644 roles/lemonldap_ng/files/logos/etherpad.png create mode 100644 roles/lemonldap_ng/files/logos/firewall.png create mode 100644 roles/lemonldap_ng/files/logos/freepbx.png create mode 100644 roles/lemonldap_ng/files/logos/funkwhale.png create mode 100644 roles/lemonldap_ng/files/logos/fusiondirectory.png create mode 100644 roles/lemonldap_ng/files/logos/gitea.png create mode 100644 roles/lemonldap_ng/files/logos/gitlab.png create mode 100644 roles/lemonldap_ng/files/logos/glpi.png create mode 100644 roles/lemonldap_ng/files/logos/google.png create mode 100644 roles/lemonldap_ng/files/logos/grafana.png create mode 100644 roles/lemonldap_ng/files/logos/graylog.png create mode 100644 roles/lemonldap_ng/files/logos/hdd.png create mode 100644 roles/lemonldap_ng/files/logos/itop.png create mode 100644 roles/lemonldap_ng/files/logos/jappix.png create mode 100644 roles/lemonldap_ng/files/logos/jasperreports.png create mode 100644 roles/lemonldap_ng/files/logos/jenkins.png create mode 100644 roles/lemonldap_ng/files/logos/jitsi.png create mode 100644 roles/lemonldap_ng/files/logos/jobscheduler.png create mode 100644 roles/lemonldap_ng/files/logos/kanboard.png create mode 100644 roles/lemonldap_ng/files/logos/kibana.png create mode 100644 roles/lemonldap_ng/files/logos/knowage.png create mode 100644 roles/lemonldap_ng/files/logos/lemonldap.png create mode 100644 roles/lemonldap_ng/files/logos/liferay.png create mode 100644 roles/lemonldap_ng/files/logos/mailman.png create mode 100644 roles/lemonldap_ng/files/logos/matomo.png create mode 100644 roles/lemonldap_ng/files/logos/mediawiki.png create mode 100644 roles/lemonldap_ng/files/logos/metabase.png create mode 100644 roles/lemonldap_ng/files/logos/miniflux.png create mode 100644 roles/lemonldap_ng/files/logos/mulesoft.png create mode 100644 roles/lemonldap_ng/files/logos/n8n.png create mode 100644 roles/lemonldap_ng/files/logos/navidrome.png create mode 100644 roles/lemonldap_ng/files/logos/openmediavault.png create mode 100644 roles/lemonldap_ng/files/logos/openproject.png create mode 100644 roles/lemonldap_ng/files/logos/openxpki.png create mode 100644 roles/lemonldap_ng/files/logos/orangescrum.png create mode 100644 roles/lemonldap_ng/files/logos/paperless.png create mode 100644 roles/lemonldap_ng/files/logos/pda.png create mode 100644 roles/lemonldap_ng/files/logos/penpot.png create mode 100644 roles/lemonldap_ng/files/logos/pfsense.png create mode 100644 roles/lemonldap_ng/files/logos/pgadmin.png create mode 100644 roles/lemonldap_ng/files/logos/phabricator.png create mode 100644 roles/lemonldap_ng/files/logos/phaseanet.png create mode 100644 roles/lemonldap_ng/files/logos/phpldapadmin.png create mode 100644 roles/lemonldap_ng/files/logos/phplist.png create mode 100644 roles/lemonldap_ng/files/logos/phpmyadmin.png create mode 100644 roles/lemonldap_ng/files/logos/power.png create mode 100644 roles/lemonldap_ng/files/logos/processmaker.png create mode 100644 roles/lemonldap_ng/files/logos/proxmox.png create mode 100644 roles/lemonldap_ng/files/logos/pydio.png create mode 100644 roles/lemonldap_ng/files/logos/rabbitmq.png create mode 100644 roles/lemonldap_ng/files/logos/razuna.png create mode 100644 roles/lemonldap_ng/files/logos/redmine.png create mode 100644 roles/lemonldap_ng/files/logos/registry.png create mode 100644 roles/lemonldap_ng/files/logos/riot.png create mode 100644 roles/lemonldap_ng/files/logos/rocketchat.png create mode 100644 roles/lemonldap_ng/files/logos/scandm.png create mode 100644 roles/lemonldap_ng/files/logos/scandm_dev.png create mode 100644 roles/lemonldap_ng/files/logos/scandm_prd.png create mode 100644 roles/lemonldap_ng/files/logos/scandm_qal.png create mode 100644 roles/lemonldap_ng/files/logos/scandm_stg.png create mode 100644 roles/lemonldap_ng/files/logos/seafile.png create mode 100644 roles/lemonldap_ng/files/logos/sentry.png create mode 100644 roles/lemonldap_ng/files/logos/sftpgo.png create mode 100644 roles/lemonldap_ng/files/logos/smeserver.png create mode 100644 roles/lemonldap_ng/files/logos/sogo.png create mode 100644 roles/lemonldap_ng/files/logos/sonar.png create mode 100644 roles/lemonldap_ng/files/logos/sophos.png create mode 100644 roles/lemonldap_ng/files/logos/soti.png create mode 100644 roles/lemonldap_ng/files/logos/survey.png create mode 100644 roles/lemonldap_ng/files/logos/switch.png create mode 100644 roles/lemonldap_ng/files/logos/taiga.png create mode 100644 roles/lemonldap_ng/files/logos/telephone.png create mode 100644 roles/lemonldap_ng/files/logos/timezone.png create mode 100644 roles/lemonldap_ng/files/logos/transmission.png create mode 100644 roles/lemonldap_ng/files/logos/ttrss.png create mode 100644 roles/lemonldap_ng/files/logos/unifi.png create mode 100644 roles/lemonldap_ng/files/logos/vtiger.png create mode 100644 roles/lemonldap_ng/files/logos/wifi.png create mode 100644 roles/lemonldap_ng/files/logos/wikijs.png create mode 100644 roles/lemonldap_ng/files/logos/wordpress.png create mode 100644 roles/lemonldap_ng/files/logos/wso2.png create mode 100644 roles/lemonldap_ng/files/logos/xwiki.png create mode 100644 roles/lemonldap_ng/files/logos/zabbix.png create mode 100644 roles/lemonldap_ng/files/logos/zimbra.png create mode 100644 roles/lemonldap_ng/files/logos/zulip.png create mode 100644 roles/lemonldap_ng/files/mysql_schema.sql create mode 100644 roles/lemonldap_ng/handlers/main.yml create mode 100644 roles/lemonldap_ng/meta/main.yml create mode 100644 roles/lemonldap_ng/tasks/httpd.yml create mode 100644 roles/lemonldap_ng/tasks/main.yml create mode 100644 roles/lemonldap_ng/tasks/mysql.yml create mode 100644 roles/lemonldap_ng/tasks/nginx.yml create mode 100644 roles/lemonldap_ng/templates/httpd_handler.conf.j2 create mode 100644 roles/lemonldap_ng/templates/httpd_manager.conf.j2 create mode 100644 roles/lemonldap_ng/templates/httpd_portal.conf.j2 create mode 100644 roles/lemonldap_ng/templates/lemonldap-ng-file.ini.j2 create mode 100644 roles/lemonldap_ng/templates/lemonldap-ng.ini.j2 create mode 100644 roles/lemonldap_ng/templates/llng-fastcgi-server.j2 create mode 100644 roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 create mode 100644 roles/lemonldap_ng/templates/llng_headers.inc.j2 create mode 100644 roles/lemonldap_ng/templates/nginx_handler.conf.j2 create mode 100644 roles/lemonldap_ng/templates/nginx_manager.conf.j2 create mode 100644 roles/lemonldap_ng/templates/nginx_portal.conf.j2 create mode 100644 roles/lemonldap_ng/vars/RedHat-7.yml create mode 100644 roles/lemonldap_ng/vars/RedHat-8.yml create mode 100644 roles/lemonldap_ng/vars/main.yml create mode 100644 roles/lemonldap_ng_handler/defaults/main.yml create mode 100644 roles/lemonldap_ng_handler/files/03-perl.conf create mode 100644 roles/lemonldap_ng_handler/handlers/main.yml create mode 100644 roles/lemonldap_ng_handler/meta/main.yml create mode 100644 roles/lemonldap_ng_handler/tasks/main.yml create mode 100644 roles/lemonldap_ng_handler/templates/lemonldap-ng-handler.conf.j2 create mode 100644 roles/lemonldap_ng_handler/templates/lemonldap-ng.ini.j2 create mode 100644 roles/letsencrypt/defaults/main.yml create mode 100644 roles/letsencrypt/files/common_letsencrypt.inc create mode 100644 roles/letsencrypt/files/httpd_dehydrated.conf create mode 100644 roles/letsencrypt/handlers/main.yml create mode 100644 roles/letsencrypt/tasks/main.yml create mode 100644 roles/letsencrypt/templates/cert_config.j2 create mode 100644 roles/letsencrypt/templates/config.j2 create mode 100644 roles/letsencrypt/templates/cron.j2 create mode 100644 roles/letsencrypt/templates/dns-lexicon-clean_challenge.j2 create mode 100644 roles/letsencrypt/templates/dns-lexicon-deploy_challenge.j2 create mode 100644 roles/letsencrypt/templates/domains.txt.j2 create mode 100644 roles/letsencrypt/vars/Debian-10.yml create mode 100644 roles/letsencrypt/vars/Debian-11.yml create mode 100644 roles/letsencrypt/vars/Debian-9.yml create mode 100644 roles/letsencrypt/vars/RedHat-7.yml create mode 100644 roles/letsencrypt/vars/RedHat-8.yml create mode 100644 roles/libvirt_host/defaults/main.yml create mode 100644 roles/libvirt_host/files/libvirt-guests-timeout.conf create mode 100644 roles/libvirt_host/handlers/main.yml create mode 100644 roles/libvirt_host/meta/main.yml create mode 100644 roles/libvirt_host/tasks/main.yml create mode 100644 roles/libvirt_host/templates/libvirtd.conf.j2 create mode 100644 roles/libvirt_host/templates/qemu.conf.j2 create mode 100644 roles/libvirt_host/templates/sudo_libvirt.j2 create mode 100644 roles/mailman/defaults/main.yml create mode 100644 roles/mailman/handlers/main.yml create mode 100644 roles/mailman/meta/main.yml create mode 100644 roles/mailman/tasks/archive_post.yml create mode 100644 roles/mailman/tasks/archive_pre.yml create mode 100644 roles/mailman/tasks/cleanup.yml create mode 100644 roles/mailman/tasks/conf.yml create mode 100644 roles/mailman/tasks/directories.yml create mode 100644 roles/mailman/tasks/facts.yml create mode 100644 roles/mailman/tasks/install.yml create mode 100644 roles/mailman/tasks/iptables.yml create mode 100644 roles/mailman/tasks/main.yml create mode 100644 roles/mailman/tasks/selinux.yml create mode 100644 roles/mailman/tasks/services.yml create mode 100644 roles/mailman/tasks/user.yml create mode 100644 roles/mailman/tasks/write_version.yml create mode 100644 roles/mailman/templates/hyperkitty.cfg.j2 create mode 100644 roles/mailman/templates/mailman-core.service.j2 create mode 100644 roles/mailman/templates/mailman-digests.service.j2 create mode 100644 roles/mailman/templates/mailman-digests.timer.j2 create mode 100644 roles/mailman/templates/mailman-notify.service.j2 create mode 100644 roles/mailman/templates/mailman-notify.timer.j2 create mode 100644 roles/mailman/templates/mailman-web.service.j2 create mode 100644 roles/mailman/templates/mailman.cfg.j2 create mode 100644 roles/mailman/templates/post-backup.sh.j2 create mode 100644 roles/mailman/templates/pre-backup.sh.j2 create mode 100644 roles/mailman/templates/settings.py.j2 create mode 100644 roles/mailman/templates/urls.py.j2 create mode 100644 roles/mailman/templates/uwsgi.ini.j2 create mode 100644 roles/mate_desktop/meta/main.yml create mode 100644 roles/mate_desktop/tasks/main.yml create mode 100644 roles/matomo/defaults/main.yml create mode 100644 roles/matomo/files/matomo.sql create mode 100644 roles/matomo/handlers/main.yml create mode 100644 roles/matomo/meta/main.yml create mode 100644 roles/matomo/tasks/archive_post.yml create mode 100644 roles/matomo/tasks/archive_pre.yml create mode 100644 roles/matomo/tasks/cleanup.yml create mode 100644 roles/matomo/tasks/conf.yml create mode 100644 roles/matomo/tasks/directories.yml create mode 100644 roles/matomo/tasks/facts.yml create mode 100644 roles/matomo/tasks/install.yml create mode 100644 roles/matomo/tasks/main.yml create mode 100644 roles/matomo/tasks/user.yml create mode 100644 roles/matomo/tasks/write_version.yml create mode 100644 roles/matomo/templates/config.ini.php.j2 create mode 100644 roles/matomo/templates/httpd.conf.j2 create mode 100644 roles/matomo/templates/perms.sh.j2 create mode 100644 roles/matomo/templates/php.conf.j2 create mode 100644 roles/matomo/templates/post-backup.j2 create mode 100644 roles/matomo/templates/pre-backup.j2 create mode 100644 roles/matrix_element/defaults/main.yml create mode 100644 roles/matrix_element/handlers/main.yml create mode 100644 roles/matrix_element/meta/main.yml create mode 100644 roles/matrix_element/tasks/archive_post.yml create mode 100644 roles/matrix_element/tasks/archive_pre.yml create mode 100644 roles/matrix_element/tasks/cleanup.yml create mode 100644 roles/matrix_element/tasks/conf.yml create mode 100644 roles/matrix_element/tasks/directories.yml create mode 100644 roles/matrix_element/tasks/facts.yml create mode 100644 roles/matrix_element/tasks/install.yml create mode 100644 roles/matrix_element/tasks/main.yml create mode 100644 roles/matrix_element/tasks/write_version.yml create mode 100644 roles/matrix_element/templates/config.json.j2 create mode 100644 roles/matrix_element/templates/httpd.conf.j2 create mode 100644 roles/matrix_element/templates/perms.sh.j2 create mode 100644 roles/matrix_ma1sd/defaults/main.yml create mode 100644 roles/matrix_ma1sd/handlers/main.yml create mode 100644 roles/matrix_ma1sd/tasks/archive_post.yml create mode 100644 roles/matrix_ma1sd/tasks/archive_pre.yml create mode 100644 roles/matrix_ma1sd/tasks/cleanup.yml create mode 100644 roles/matrix_ma1sd/tasks/conf.yml create mode 100644 roles/matrix_ma1sd/tasks/directories.yml create mode 100644 roles/matrix_ma1sd/tasks/facts.yml create mode 100644 roles/matrix_ma1sd/tasks/install.yml create mode 100644 roles/matrix_ma1sd/tasks/iptables.yml create mode 100644 roles/matrix_ma1sd/tasks/main.yml create mode 100644 roles/matrix_ma1sd/tasks/migrate_mxisd.yml create mode 100644 roles/matrix_ma1sd/tasks/service.yml create mode 100644 roles/matrix_ma1sd/tasks/user.yml create mode 100644 roles/matrix_ma1sd/tasks/write_version.yml create mode 100644 roles/matrix_ma1sd/templates/gradle.properties.j2 create mode 100644 roles/matrix_ma1sd/templates/ma1sd.yaml.j2 create mode 100644 roles/matrix_ma1sd/templates/matrix-ma1sd.service.j2 create mode 100644 roles/matrix_riot/defaults/main.yml create mode 100644 roles/matrix_riot/handlers/main.yml create mode 100644 roles/matrix_riot/meta/main.yml create mode 100644 roles/matrix_riot/tasks/archive_post.yml create mode 100644 roles/matrix_riot/tasks/archive_pre.yml create mode 100644 roles/matrix_riot/tasks/cleanup.yml create mode 100644 roles/matrix_riot/tasks/conf.yml create mode 100644 roles/matrix_riot/tasks/directories.yml create mode 100644 roles/matrix_riot/tasks/facts.yml create mode 100644 roles/matrix_riot/tasks/install.yml create mode 100644 roles/matrix_riot/tasks/main.yml create mode 100644 roles/matrix_riot/tasks/write_version.yml create mode 100644 roles/matrix_riot/templates/config.json.j2 create mode 100644 roles/matrix_riot/templates/httpd.conf.j2 create mode 100644 roles/matrix_riot/templates/perms.sh.j2 create mode 100644 roles/matrix_synapse/defaults/main.yml create mode 100644 roles/matrix_synapse/handlers/main.yml create mode 100644 roles/matrix_synapse/meta/main.yml create mode 100644 roles/matrix_synapse/tasks/archive_post.yml create mode 100644 roles/matrix_synapse/tasks/archive_pre.yml create mode 100644 roles/matrix_synapse/tasks/cleanup.yml create mode 100644 roles/matrix_synapse/tasks/conf.yml create mode 100644 roles/matrix_synapse/tasks/directories.yml create mode 100644 roles/matrix_synapse/tasks/facts.yml create mode 100644 roles/matrix_synapse/tasks/install.yml create mode 100644 roles/matrix_synapse/tasks/iptables.yml create mode 100644 roles/matrix_synapse/tasks/main.yml create mode 100644 roles/matrix_synapse/tasks/service.yml create mode 100644 roles/matrix_synapse/tasks/user.yml create mode 100644 roles/matrix_synapse/tasks/write_version.yml create mode 100644 roles/matrix_synapse/templates/homeserver.yaml.j2 create mode 100644 roles/matrix_synapse/templates/logging.conf.j2 create mode 100644 roles/matrix_synapse/templates/matrix-synapse.service.j2 create mode 100644 roles/matrix_synapse/templates/post-backup.sh.j2 create mode 100644 roles/matrix_synapse/templates/pre-backup.sh.j2 create mode 100644 roles/matrix_synapse/templates/synapse_janitor.sh.j2 create mode 100644 roles/matrix_synapse/vars/RedHat-7.yml create mode 100644 roles/matrix_synapse/vars/RedHat-8.yml create mode 100644 roles/matrix_synapse_admin/defaults/main.yml create mode 100644 roles/matrix_synapse_admin/meta/main.yml create mode 100644 roles/matrix_synapse_admin/tasks/archive_post.yml create mode 100644 roles/matrix_synapse_admin/tasks/archive_pre.yml create mode 100644 roles/matrix_synapse_admin/tasks/cleanup.yml create mode 100644 roles/matrix_synapse_admin/tasks/conf.yml create mode 100644 roles/matrix_synapse_admin/tasks/directories.yml create mode 100644 roles/matrix_synapse_admin/tasks/facts.yml create mode 100644 roles/matrix_synapse_admin/tasks/install.yml create mode 100644 roles/matrix_synapse_admin/tasks/main.yml create mode 100644 roles/matrix_synapse_admin/tasks/write_version.yml create mode 100644 roles/matrix_synapse_admin/templates/httpd.conf.j2 create mode 100644 roles/matrix_synapse_admin/templates/perms.sh.j2 create mode 100644 roles/maven/defaults/main.yml create mode 100644 roles/maven/tasks/cleanup.yml create mode 100644 roles/maven/tasks/directories.yml create mode 100644 roles/maven/tasks/facts.yml create mode 100644 roles/maven/tasks/install.yml create mode 100644 roles/maven/tasks/main.yml create mode 100644 roles/maven/templates/maven.xml.j2 create mode 100644 roles/maven/templates/profile.sh.j2 create mode 100644 roles/memcached_server/defaults/main.yml create mode 100644 roles/memcached_server/handlers/main.yml create mode 100644 roles/memcached_server/tasks/main.yml create mode 100644 roles/memcached_server/templates/memcached.j2 create mode 100644 roles/metabase/defaults/main.yml create mode 100644 roles/metabase/handlers/main.yml create mode 100644 roles/metabase/meta/main.yml create mode 100644 roles/metabase/tasks/archive_post.yml create mode 100644 roles/metabase/tasks/archive_pre.yml create mode 100644 roles/metabase/tasks/cleanup.yml create mode 100644 roles/metabase/tasks/conf.yml create mode 100644 roles/metabase/tasks/directories.yml create mode 100644 roles/metabase/tasks/facts.yml create mode 100644 roles/metabase/tasks/install.yml create mode 100644 roles/metabase/tasks/iptables.yml create mode 100644 roles/metabase/tasks/main.yml create mode 100644 roles/metabase/tasks/services.yml create mode 100644 roles/metabase/tasks/user.yml create mode 100644 roles/metabase/tasks/write_version.yml create mode 100644 roles/metabase/templates/env.j2 create mode 100644 roles/metabase/templates/metabase.service.j2 create mode 100644 roles/metabase/templates/post-backup.j2 create mode 100644 roles/metabase/templates/pre-backup.j2 create mode 100644 roles/miniflux/defaults/main.yml create mode 100644 roles/miniflux/handlers/main.yml create mode 100644 roles/miniflux/meta/main.yml create mode 100644 roles/miniflux/tasks/archive_post.yml create mode 100644 roles/miniflux/tasks/archive_pre.yml create mode 100644 roles/miniflux/tasks/cleanup.yml create mode 100644 roles/miniflux/tasks/conf.yml create mode 100644 roles/miniflux/tasks/directories.yml create mode 100644 roles/miniflux/tasks/facts.yml create mode 100644 roles/miniflux/tasks/install.yml create mode 100644 roles/miniflux/tasks/iptables.yml create mode 100644 roles/miniflux/tasks/main.yml create mode 100644 roles/miniflux/tasks/services.yml create mode 100644 roles/miniflux/tasks/user.yml create mode 100644 roles/miniflux/tasks/write_version.yml create mode 100644 roles/miniflux/templates/miniflux.conf.j2 create mode 100644 roles/miniflux/templates/miniflux.service.j2 create mode 100644 roles/miniflux/templates/post-backup.j2 create mode 100644 roles/miniflux/templates/pre-backup.j2 create mode 100644 roles/mkdir/tasks/main.yml create mode 100644 roles/mongodb_server/defaults/main.yml create mode 100644 roles/mongodb_server/handlers/main.yml create mode 100644 roles/mongodb_server/meta/main.yml create mode 100644 roles/mongodb_server/tasks/conf.yml create mode 100644 roles/mongodb_server/tasks/facts.yml create mode 100644 roles/mongodb_server/tasks/install.yml create mode 100644 roles/mongodb_server/tasks/iptables.yml create mode 100644 roles/mongodb_server/tasks/main.yml create mode 100644 roles/mongodb_server/tasks/selinux.yml create mode 100644 roles/mongodb_server/tasks/services.yml create mode 100644 roles/mongodb_server/templates/mongod.conf.j2 create mode 100644 roles/mongodb_server/templates/mongorc.js.j2 create mode 100644 roles/mongodb_server/templates/post-backup.j2 create mode 100644 roles/mongodb_server/templates/pre-backup.j2 create mode 100644 roles/mongodb_server/vars/RedHat-7.yml create mode 100644 roles/mongodb_server/vars/RedHat-8.yml create mode 100644 roles/mysql_server/defaults/main.yml create mode 100644 roles/mysql_server/handlers/main.yml create mode 100644 roles/mysql_server/meta/main.yml create mode 100644 roles/mysql_server/tasks/main.yml create mode 100644 roles/mysql_server/templates/my.cnf.j2 create mode 100644 roles/mysql_server/templates/post-backup.j2 create mode 100644 roles/mysql_server/templates/pre-backup.j2 create mode 100644 roles/mysql_server/templates/root_my.cnf.j2 create mode 100644 roles/mysql_server/templates/systemd_limits.conf.j2 create mode 100644 roles/mysql_server/vars/RedHat-7.yml create mode 100644 roles/mysql_server/vars/RedHat-8.yml create mode 100644 roles/mysql_server/vars/defaults.yml create mode 100644 roles/n8n/defaults/main.yml create mode 100644 roles/n8n/handlers/main.yml create mode 100644 roles/n8n/meta/main.yml create mode 100644 roles/n8n/tasks/archive_post.yml create mode 100644 roles/n8n/tasks/archive_pre.yml create mode 100644 roles/n8n/tasks/cleanup.yml create mode 100644 roles/n8n/tasks/conf.yml create mode 100644 roles/n8n/tasks/directories.yml create mode 100644 roles/n8n/tasks/facts.yml create mode 100644 roles/n8n/tasks/install.yml create mode 100644 roles/n8n/tasks/iptables.yml create mode 100644 roles/n8n/tasks/main.yml create mode 100644 roles/n8n/tasks/services.yml create mode 100644 roles/n8n/tasks/user.yml create mode 100644 roles/n8n/tasks/write_version.yml create mode 100644 roles/n8n/templates/env.j2 create mode 100644 roles/n8n/templates/n8n.json.j2 create mode 100644 roles/n8n/templates/n8n.service.j2 create mode 100644 roles/n8n/templates/post-backup.sh.j2 create mode 100644 roles/n8n/templates/pre-backup.sh.j2 create mode 100644 roles/navidrome/defaults/main.yml create mode 100644 roles/navidrome/handlers/main.yml create mode 100644 roles/navidrome/meta/main.yml create mode 100644 roles/navidrome/tasks/archive_post.yml create mode 100644 roles/navidrome/tasks/archive_pre.yml create mode 100644 roles/navidrome/tasks/cleanup.yml create mode 100644 roles/navidrome/tasks/conf.yml create mode 100644 roles/navidrome/tasks/directories.yml create mode 100644 roles/navidrome/tasks/facts.yml create mode 100644 roles/navidrome/tasks/install.yml create mode 100644 roles/navidrome/tasks/iptables.yml create mode 100644 roles/navidrome/tasks/main.yml create mode 100644 roles/navidrome/tasks/services.yml create mode 100644 roles/navidrome/tasks/user.yml create mode 100644 roles/navidrome/tasks/write_version.yml create mode 100644 roles/navidrome/templates/navidrome.service.j2 create mode 100644 roles/navidrome/templates/navidrome.toml.j2 create mode 100644 roles/navidrome/templates/post-backup.j2 create mode 100644 roles/navidrome/templates/pre-backup.j2 create mode 100644 roles/network/defaults/main.yml create mode 100644 roles/network/handlers/main.yml create mode 100644 roles/network/tasks/main.yml create mode 100644 roles/network/templates/hosts.j2 create mode 100644 roles/network/templates/ifcfg.j2 create mode 100644 roles/nfs_server/defaults/main.yml create mode 100644 roles/nfs_server/handlers/main.yml create mode 100644 roles/nfs_server/tasks/main.yml create mode 100644 roles/nfs_server/templates/exports.j2 create mode 100644 roles/nginx/defaults/main.yml create mode 100644 roles/nginx/files/dehydrated_deploy_hook create mode 100644 roles/nginx/files/lasagna.pl create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/meta/main.yml create mode 100644 roles/nginx/tasks/conf.yml create mode 100644 roles/nginx/tasks/dir.yml create mode 100644 roles/nginx/tasks/facts.yml create mode 100644 roles/nginx/tasks/filebeat.yml create mode 100644 roles/nginx/tasks/htpasswd.yml create mode 100644 roles/nginx/tasks/install.yml create mode 100644 roles/nginx/tasks/install_nginx.yml create mode 100644 roles/nginx/tasks/install_openresty.yml create mode 100644 roles/nginx/tasks/iptables.yml create mode 100644 roles/nginx/tasks/letsencrypt.yml create mode 100644 roles/nginx/tasks/main.yml create mode 100644 roles/nginx/tasks/selinux.yml create mode 100644 roles/nginx/tasks/service.yml create mode 100644 roles/nginx/tasks/ssl.yml create mode 100644 roles/nginx/templates/ansible_conf.d/09-cacheable.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-cache.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-limits.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-naxsi_rules.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-perf.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-ssl.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/10-ws.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/acme.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/cache.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/custom.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/force_ssl.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/headers.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/maintenance.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/naxsi.inc.j2 create mode 100644 roles/nginx/templates/ansible_conf.d/perf.inc.j2 create mode 100644 roles/nginx/templates/ansible_location.d/10-status.conf.j2 create mode 100644 roles/nginx/templates/ansible_modules.d/10-common.conf.j2 create mode 100644 roles/nginx/templates/filebeat.yml.j2 create mode 100644 roles/nginx/templates/logrotate.conf.j2 create mode 100644 roles/nginx/templates/mime.types.j2 create mode 100644 roles/nginx/templates/nginx.conf.j2 create mode 100644 roles/nodejs/meta/main.yml create mode 100644 roles/nodejs/tasks/install_RedHat.yml create mode 100644 roles/nodejs/tasks/main.yml create mode 100644 roles/ntp_client/defaults/main.yml create mode 100644 roles/ntp_client/handlers/main.yml create mode 100644 roles/ntp_client/tasks/main.yml create mode 100644 roles/ntp_client/templates/chrony.conf.j2 create mode 100644 roles/ntp_client/vars/Debian-10.yml create mode 100644 roles/ntp_client/vars/Debian-11.yml create mode 100644 roles/ntp_client/vars/Debian-8.yml create mode 100644 roles/ntp_client/vars/Debian-9.yml create mode 100644 roles/ntp_client/vars/RedHat-7.yml create mode 100644 roles/ntp_client/vars/RedHat-8.yml create mode 100644 roles/ntp_client/vars/Ubuntu-20.yml create mode 100644 roles/onlyoffice_document_server/defaults/main.yml create mode 100644 roles/onlyoffice_document_server/handlers/main.yml create mode 100644 roles/onlyoffice_document_server/meta/main.yml create mode 100644 roles/onlyoffice_document_server/tasks/cleanup.yml create mode 100644 roles/onlyoffice_document_server/tasks/conf.yml create mode 100644 roles/onlyoffice_document_server/tasks/directories.yml create mode 100644 roles/onlyoffice_document_server/tasks/facts.yml create mode 100644 roles/onlyoffice_document_server/tasks/install.yml create mode 100644 roles/onlyoffice_document_server/tasks/main.yml create mode 100644 roles/onlyoffice_document_server/tasks/selinux.yml create mode 100644 roles/onlyoffice_document_server/tasks/services.yml create mode 100644 roles/onlyoffice_document_server/tasks/user.yml create mode 100644 roles/onlyoffice_document_server/tasks/write_version.yml create mode 100644 roles/onlyoffice_document_server/templates/documentserver-converter.service.j2 create mode 100644 roles/onlyoffice_document_server/templates/documentserver-docservice.service.j2 create mode 100644 roles/onlyoffice_document_server/templates/documentserver-metrics.service.j2 create mode 100644 roles/onlyoffice_document_server/templates/httpd.conf.j2 create mode 100644 roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2 create mode 100644 roles/onlyoffice_document_server/templates/oods.json.j2 create mode 100644 roles/openproject/defaults/main.yml create mode 100644 roles/openproject/handlers/main.yml create mode 100644 roles/openproject/meta/main.yml create mode 100644 roles/openproject/tasks/conf.yml create mode 100644 roles/openproject/tasks/directories.yml create mode 100644 roles/openproject/tasks/facts.yml create mode 100644 roles/openproject/tasks/install.yml create mode 100644 roles/openproject/tasks/iptables.yml create mode 100644 roles/openproject/tasks/main.yml create mode 100644 roles/openproject/tasks/service.yml create mode 100644 roles/openproject/templates/conf.d/ansible.j2 create mode 100644 roles/openproject/templates/installer.dat.j2 create mode 100644 roles/openproject/templates/openproject-worker.service.j2 create mode 100644 roles/openproject/templates/openproject.service.j2 create mode 100644 roles/openproject/templates/post-backup.sh.j2 create mode 100644 roles/openproject/templates/pre-backup.sh.j2 create mode 100644 roles/openvpn/defaults/main.yml create mode 100644 roles/openvpn/handlers/main.yml create mode 100644 roles/openvpn/tasks/main.yml create mode 100644 roles/openvpn/templates/openvpn.conf.j2 create mode 100644 roles/openvpn/templates/openvpn@.service.j2 create mode 100644 roles/openxpki/defaults/main.yml create mode 100755 roles/openxpki/files/openxpki-auth-ldap create mode 100644 roles/openxpki/files/openxpki.te create mode 100644 roles/openxpki/files/patches/0001-Render-templates-for-reply-and-cc-fields-for-SMTP-no.patch create mode 100644 roles/openxpki/files/session_table.sql create mode 100644 roles/openxpki/files/upgrade_to_v3.14.sql create mode 100644 roles/openxpki/files/upgrade_to_v3.4.sql create mode 100644 roles/openxpki/files/upgrade_to_v3.8.sql create mode 100644 roles/openxpki/files/upgrade_to_v3.sql create mode 100644 roles/openxpki/handlers/main.yml create mode 100644 roles/openxpki/meta/main.yml create mode 100644 roles/openxpki/tasks/archive_post.yml create mode 100644 roles/openxpki/tasks/archive_pre.yml create mode 100644 roles/openxpki/tasks/cleanup.yml create mode 100644 roles/openxpki/tasks/conf.yml create mode 100644 roles/openxpki/tasks/directories.yml create mode 100644 roles/openxpki/tasks/facts.yml create mode 100644 roles/openxpki/tasks/install.yml create mode 100644 roles/openxpki/tasks/main.yml create mode 100644 roles/openxpki/tasks/pki.yml create mode 100644 roles/openxpki/tasks/selinux.yml create mode 100644 roles/openxpki/tasks/service.yml create mode 100644 roles/openxpki/tasks/user.yml create mode 100644 roles/openxpki/tasks/write_version.yml create mode 100644 roles/openxpki/templates/bin/crl_update.j2 create mode 100644 roles/openxpki/templates/bin/notify_expiry.j2 create mode 100644 roles/openxpki/templates/bin/openxpkiadm.j2 create mode 100644 roles/openxpki/templates/bin/openxpkicmd.j2 create mode 100644 roles/openxpki/templates/config.d/realm/auth/handler.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/auth/stack.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/crypto.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/nice.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/notification/smtp.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/profile/default.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/profile/signer.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/profile/tls_client.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/profile/tls_server.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/profile/user_auth_enc.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/publishing.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/scep/scep-server.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/realm/workflow/global/validator/password_quality.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/system/crypto.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/system/database.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/system/realms.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/system/server.yaml.j2 create mode 100644 roles/openxpki/templates/config.d/system/watchdog.yaml.j2 create mode 100644 roles/openxpki/templates/httpd.conf.j2 create mode 100644 roles/openxpki/templates/localconfig.js.j2 create mode 100644 roles/openxpki/templates/log.conf.j2 create mode 100644 roles/openxpki/templates/notification/email/_footer.html.j2 create mode 100644 roles/openxpki/templates/notification/email/_footer.txt.j2 create mode 100644 roles/openxpki/templates/openssl.cnf.j2 create mode 100644 roles/openxpki/templates/openxpki.service.j2 create mode 100644 roles/openxpki/templates/perms.sh.j2 create mode 100644 roles/openxpki/templates/post-backup.j2 create mode 100644 roles/openxpki/templates/pre-backup.j2 create mode 100644 roles/openxpki/templates/scep/default.conf.j2 create mode 100644 roles/openxpki/templates/scep/log.conf.j2 create mode 100644 roles/openxpki/templates/webui/default.conf.j2 create mode 100644 roles/openxpki/templates/webui/log.conf.j2 create mode 100644 roles/openxpki/vars/RedHat-7.yml create mode 100644 roles/openxpki/vars/RedHat-8.yml create mode 100644 roles/paperless_ng/defaults/main.yml create mode 100644 roles/paperless_ng/files/paperless.te create mode 100644 roles/paperless_ng/handlers/main.yml create mode 100644 roles/paperless_ng/meta/main.yml create mode 100644 roles/paperless_ng/tasks/archive_post.yml create mode 100644 roles/paperless_ng/tasks/archive_pre.yml create mode 100644 roles/paperless_ng/tasks/cleanup.yml create mode 100644 roles/paperless_ng/tasks/conf.yml create mode 100644 roles/paperless_ng/tasks/directories.yml create mode 100644 roles/paperless_ng/tasks/facts.yml create mode 100644 roles/paperless_ng/tasks/install.yml create mode 100644 roles/paperless_ng/tasks/iptables.yml create mode 100644 roles/paperless_ng/tasks/main.yml create mode 100644 roles/paperless_ng/tasks/selinux.yml create mode 100644 roles/paperless_ng/tasks/services.yml create mode 100644 roles/paperless_ng/tasks/user.yml create mode 100644 roles/paperless_ng/tasks/write_version.yml create mode 100644 roles/paperless_ng/templates/gunicorn.conf.py.j2 create mode 100644 roles/paperless_ng/templates/paperless-consumer.service.j2 create mode 100644 roles/paperless_ng/templates/paperless-scheduler.service.j2 create mode 100644 roles/paperless_ng/templates/paperless-webserver.service.j2 create mode 100644 roles/paperless_ng/templates/paperless.conf.j2 create mode 100644 roles/paperless_ng/templates/post-backup.j2 create mode 100644 roles/paperless_ng/templates/pre-backup.j2 create mode 100644 roles/paperless_ng/vars/RedHat-8.yml create mode 100644 roles/patrix/defaults/main.yml create mode 100644 roles/patrix/tasks/install_Debian.yml create mode 100644 roles/patrix/tasks/install_RedHat.yml create mode 100644 roles/patrix/tasks/main.yml create mode 100644 roles/patrix/templates/patrixrc.j2 create mode 100644 roles/pbs/defaults/main.yml create mode 100644 roles/pbs/files/remove_nag.patch create mode 100644 roles/pbs/meta/main.yml create mode 100644 roles/pbs/tasks/install.yml create mode 100644 roles/pbs/tasks/iptables.yml create mode 100644 roles/pbs/tasks/main.yml create mode 100644 roles/pbs/tasks/services.yml create mode 100644 roles/pbs/templates/dehydrated_hook.sh.j2 create mode 100644 roles/pgadmin4/defaults/main.yml create mode 100644 roles/pgadmin4/handlers/main.yml create mode 100644 roles/pgadmin4/meta/main.yml create mode 100644 roles/pgadmin4/tasks/conf.yml create mode 100644 roles/pgadmin4/tasks/directories.yml create mode 100644 roles/pgadmin4/tasks/facts.yml create mode 100644 roles/pgadmin4/tasks/install.yml create mode 100644 roles/pgadmin4/tasks/iptables.yml create mode 100644 roles/pgadmin4/tasks/main.yml create mode 100644 roles/pgadmin4/tasks/service.yml create mode 100644 roles/pgadmin4/tasks/user.yml create mode 100644 roles/pgadmin4/tasks/write_version.yml create mode 100644 roles/pgadmin4/templates/config_local.py.j2 create mode 100644 roles/pgadmin4/templates/logrotate.conf.j2 create mode 100644 roles/pgadmin4/templates/pgadmin4.service.j2 create mode 100644 roles/pgadmin4/templates/post-backup.j2 create mode 100644 roles/pgadmin4/templates/pre-backup.j2 create mode 100644 roles/pgadmin4/vars/RedHat-7.yml create mode 100644 roles/pgadmin4/vars/RedHat-8.yml create mode 100644 roles/phpmyadmin/defaults/main.yml create mode 100644 roles/phpmyadmin/handlers/main.yml create mode 100644 roles/phpmyadmin/meta/main.yml create mode 100644 roles/phpmyadmin/tasks/archive_post.yml create mode 100644 roles/phpmyadmin/tasks/archive_pre.yml create mode 100644 roles/phpmyadmin/tasks/cleanup.yml create mode 100644 roles/phpmyadmin/tasks/conf.yml create mode 100644 roles/phpmyadmin/tasks/directories.yml create mode 100644 roles/phpmyadmin/tasks/facts.yml create mode 100644 roles/phpmyadmin/tasks/install.yml create mode 100644 roles/phpmyadmin/tasks/main.yml create mode 100644 roles/phpmyadmin/tasks/user.yml create mode 100644 roles/phpmyadmin/tasks/write_version.yml create mode 100644 roles/phpmyadmin/templates/config.inc.php.j2 create mode 100644 roles/phpmyadmin/templates/httpd.conf.j2 create mode 100644 roles/phpmyadmin/templates/perms.sh.j2 create mode 100644 roles/phpmyadmin/templates/php.conf.j2 create mode 100644 roles/phpmyadmin/templates/sso.php.j2 create mode 100644 roles/phpmyadmin/vars/RedHat-7.yml create mode 100644 roles/phpmyadmin/vars/RedHat-8.yml create mode 100644 roles/pmg/defaults/main.yml create mode 100644 roles/pmg/files/imap-sa-learn create mode 100644 roles/pmg/files/remove_nag.patch create mode 100644 roles/pmg/handlers/main.yml create mode 100644 roles/pmg/meta/main.yml create mode 100644 roles/pmg/tasks/cleanup.yml create mode 100644 roles/pmg/tasks/filebeat.yml create mode 100644 roles/pmg/tasks/main.yml create mode 100644 roles/pmg/templates/dehydrated_deploy_hook.j2 create mode 100644 roles/pmg/templates/filebeat.yml.j2 create mode 100644 roles/pmg/templates/imap-sa-learn.j2 create mode 100644 roles/pmg/templates/imap-sa-learn.service.j2 create mode 100644 roles/pmg/templates/imap-sa-learn.timer.j2 create mode 100644 roles/pmg/templates/keytable.j2 create mode 100644 roles/pmg/templates/logrotate.d/rsyslog.j2 create mode 100644 roles/pmg/templates/master.cf.in.j2 create mode 100644 roles/pmg/templates/opendkim.conf.j2 create mode 100644 roles/pmg/templates/opendkim.service.j2 create mode 100644 roles/pmg/templates/pmg_post_backup.sh.j2 create mode 100644 roles/pmg/templates/pmg_pre_backup.sh.j2 create mode 100644 roles/pmg/templates/saslauthd.conf.j2 create mode 100644 roles/pmg/templates/saslauthd.j2 create mode 100644 roles/pmg/templates/signingtable.j2 create mode 100644 roles/pmg/templates/smtpd.conf.j2 create mode 100644 roles/pmg/templates/spamassassin/bayes_auto_learn.cf.j2 create mode 100644 roles/pmg/templates/spamassassin/fromnamespoof.cf.j2 create mode 100644 roles/pmg/templates/spamassassin/fromnamespoof.pre.j2 create mode 100644 roles/pmg/templates/spamassassin/hashbl.cf.j2 create mode 100644 roles/pmg/templates/spamassassin/hashbl.pre.j2 create mode 100644 roles/pmg/templates/spamassassin/phishing.cf.j2 create mode 100644 roles/pmg/templates/spamassassin/phishing.pre.j2 create mode 100644 roles/pmg/templates/update-phishing-feeds.j2 create mode 100644 roles/pmg/vars/main.yml create mode 100644 roles/postfix/defaults/main.yml create mode 100644 roles/postfix/handlers/main.yml create mode 100644 roles/postfix/tasks/main.yml create mode 100644 roles/postfix/templates/main.cf.j2 create mode 100644 roles/postfix/templates/relay_auth.j2 create mode 100644 roles/postgresql_exporter/defaults/main.yml create mode 100644 roles/postgresql_exporter/handlers/main.yml create mode 100644 roles/postgresql_exporter/tasks/archive_post.yml create mode 100644 roles/postgresql_exporter/tasks/archive_pre.yml create mode 100644 roles/postgresql_exporter/tasks/cleanup.yml create mode 100644 roles/postgresql_exporter/tasks/conf.yml create mode 100644 roles/postgresql_exporter/tasks/directories.yml create mode 100644 roles/postgresql_exporter/tasks/facts.yml create mode 100644 roles/postgresql_exporter/tasks/install.yml create mode 100644 roles/postgresql_exporter/tasks/iptables.yml create mode 100644 roles/postgresql_exporter/tasks/main.yml create mode 100644 roles/postgresql_exporter/tasks/service.yml create mode 100644 roles/postgresql_exporter/tasks/write_version.yml create mode 100644 roles/postgresql_exporter/templates/postgres-exporter.conf.j2 create mode 100644 roles/postgresql_exporter/templates/postgres-exporter.service.j2 create mode 100644 roles/postgresql_server/defaults/main.yml create mode 100644 roles/postgresql_server/handlers/main.yml create mode 100644 roles/postgresql_server/meta/main.yml create mode 100644 roles/postgresql_server/tasks/main.yml create mode 100644 roles/postgresql_server/templates/pg_hba.conf.j2 create mode 100644 roles/postgresql_server/templates/post-backup.sh.j2 create mode 100644 roles/postgresql_server/templates/postgresql.conf.j2 create mode 100644 roles/postgresql_server/templates/pre-backup.sh.j2 create mode 100644 roles/postgresql_server/vars/RedHat-7.yml create mode 100644 roles/postgresql_server/vars/RedHat-8.yml create mode 100644 roles/prosody/defaults/main.yml create mode 100644 roles/prosody/files/mod_participant_metadata.lua create mode 100644 roles/prosody/handlers/main.yml create mode 100644 roles/prosody/tasks/conf.yml create mode 100644 roles/prosody/tasks/directories.yml create mode 100644 roles/prosody/tasks/facts.yml create mode 100644 roles/prosody/tasks/install.yml create mode 100644 roles/prosody/tasks/iptables.yml create mode 100644 roles/prosody/tasks/main.yml create mode 100644 roles/prosody/tasks/service.yml create mode 100644 roles/prosody/templates/prosody.cfg.lua.j2 create mode 100644 roles/pve/defaults/main.yml create mode 100755 roles/pve/files/online_hook.pl create mode 100644 roles/pve/files/pve-online create mode 100644 roles/pve/files/pve_dump create mode 100644 roles/pve/files/pve_rm_dump create mode 100644 roles/pve/files/remove_nag.patch create mode 100755 roles/pve/files/unlock_dev create mode 100644 roles/pve/handlers/main.yml create mode 100644 roles/pve/meta/main.yml create mode 100644 roles/pve/tasks/facts.yml create mode 100644 roles/pve/tasks/filebeat.yml create mode 100644 roles/pve/tasks/main.yml create mode 100644 roles/pve/tasks/ovh.yml create mode 100644 roles/pve/tasks/pve_online.yml create mode 100644 roles/pve/tasks/zabbix.yml create mode 100644 roles/pve/templates/dehydrated_hook.sh.j2 create mode 100644 roles/pve/templates/filebeat.yml.j2 create mode 100644 roles/pve/templates/ksmtuned.conf.j2 create mode 100644 roles/pve/templates/o2cb.j2 create mode 100644 roles/pve/templates/ocfs2.conf.j2 create mode 100644 roles/pve/templates/pve-hookd.service.j2 create mode 100644 roles/pve/templates/pve-online-gre.service.j2 create mode 100644 roles/pve/templates/pve-online.conf.j2 create mode 100644 roles/pve/templates/vzdump.conf.j2 create mode 100644 roles/pve/vars/main.yml create mode 100644 roles/rabbitmq_server/defaults/main.yml create mode 100644 roles/rabbitmq_server/handlers/main.yml create mode 100644 roles/rabbitmq_server/meta/main.yml create mode 100644 roles/rabbitmq_server/tasks/conf.yml create mode 100644 roles/rabbitmq_server/tasks/facts.yml create mode 100644 roles/rabbitmq_server/tasks/install.yml create mode 100644 roles/rabbitmq_server/tasks/iptables.yml create mode 100644 roles/rabbitmq_server/tasks/main.yml create mode 100644 roles/rabbitmq_server/tasks/services.yml create mode 100644 roles/rabbitmq_server/templates/dehydrated_hook.sh.j2 create mode 100644 roles/rabbitmq_server/templates/enabled_plugins.j2 create mode 100644 roles/rabbitmq_server/templates/post-backup.j2 create mode 100644 roles/rabbitmq_server/templates/pre-backup.j2 create mode 100644 roles/rabbitmq_server/templates/rabbitmq.conf.j2 create mode 100644 roles/rabbitmq_server/templates/rabbitmq.config.j2 create mode 100644 roles/radius_server/defaults/main.yml create mode 100644 roles/radius_server/files/rad_check_client_cert create mode 100644 roles/radius_server/handlers/main.yml create mode 100644 roles/radius_server/tasks/main.yml create mode 100644 roles/radius_server/templates/clients.conf.j2 create mode 100644 roles/radius_server/templates/modules/eap.conf.j2 create mode 100644 roles/radius_server/templates/radiusd.conf.j2 create mode 100644 roles/radius_server/templates/radiusd.service.j2 create mode 100644 roles/radius_server/templates/sites.conf.j2 create mode 100644 roles/radius_server/templates/tmpfiles.conf create mode 100644 roles/redis_server/defaults/main.yml create mode 100644 roles/redis_server/files/redis_copy_dumps.sh create mode 100644 roles/redis_server/files/redis_delete_dumps.sh create mode 100644 roles/redis_server/handlers/main.yml create mode 100644 roles/redis_server/meta/main.yml create mode 100644 roles/redis_server/tasks/main.yml create mode 100644 roles/redis_server/templates/redis.conf.j2 create mode 100644 roles/repo_asterisk/defaults/main.yml create mode 100644 roles/repo_asterisk/tasks/main.yml create mode 100644 roles/repo_base/defaults/main.yml create mode 100644 roles/repo_base/tasks/AlmaLinux-8.yml create mode 100644 roles/repo_base/tasks/CentOS-7.yml create mode 100644 roles/repo_base/tasks/CentOS-8.yml create mode 100644 roles/repo_base/tasks/Debian.yml create mode 100644 roles/repo_base/tasks/epel_RedHat-7.yml create mode 100644 roles/repo_base/tasks/epel_RedHat-8.yml create mode 100644 roles/repo_base/tasks/fws_RedHat.yml create mode 100644 roles/repo_base/tasks/main.yml create mode 100644 roles/repo_base/tasks/postgres_client_RedHat.yml create mode 100644 roles/repo_base/templates/postgresql-client.repo.j2 create mode 100644 roles/repo_codeit/tasks/main.yml create mode 100644 roles/repo_docker/defaults/main.yml create mode 100644 roles/repo_docker/tasks/RedHat.yml create mode 100644 roles/repo_docker/tasks/main.yml create mode 100644 roles/repo_elasticsearch/defaults/main.yml create mode 100644 roles/repo_elasticsearch/tasks/install_Debian.yml create mode 100644 roles/repo_elasticsearch/tasks/install_RedHat.yml create mode 100644 roles/repo_elasticsearch/tasks/main.yml create mode 100644 roles/repo_elrepo/tasks/main.yml create mode 100644 roles/repo_filebeat/defaults/main.yml create mode 100644 roles/repo_filebeat/tasks/install_Debian.yml create mode 100644 roles/repo_filebeat/tasks/install_RedHat.yml create mode 100644 roles/repo_filebeat/tasks/main.yml create mode 100644 roles/repo_google_chrome/tasks/main.yml create mode 100644 roles/repo_grafana/tasks/main.yml create mode 100644 roles/repo_graylog/defaults/main.yml create mode 100644 roles/repo_graylog/tasks/main.yml create mode 100644 roles/repo_lemonldap_ng/tasks/main.yml create mode 100644 roles/repo_lux/tasks/main.yml create mode 100644 roles/repo_mariadb/defaults/main.yml create mode 100644 roles/repo_mariadb/tasks/main.yml create mode 100644 roles/repo_mariadb/templates/mariadb.repo.j2 create mode 100644 roles/repo_mongodb/defaults/main.yml create mode 100644 roles/repo_mongodb/tasks/main.yml create mode 100644 roles/repo_nginx/tasks/main.yml create mode 100644 roles/repo_nodejs/defaults/main.yml create mode 100644 roles/repo_nodejs/tasks/main.yml create mode 100644 roles/repo_nodejs/templates/nodejs.repo.j2 create mode 100644 roles/repo_nux_dextop/tasks/main.yml create mode 100644 roles/repo_onlyoffice/tasks/main.yml create mode 100644 roles/repo_openproject/defaults/main.yml create mode 100644 roles/repo_openproject/tasks/main.yml create mode 100644 roles/repo_openresty/tasks/main.yml create mode 100644 roles/repo_pbs/tasks/main.yml create mode 100644 roles/repo_postgresql/defaults/main.yml create mode 100644 roles/repo_postgresql/tasks/main.yml create mode 100644 roles/repo_postgresql/templates/postgresql.repo.j2 create mode 100644 roles/repo_rabbitmq/tasks/main.yml create mode 100644 roles/repo_redis/tasks/main.yml create mode 100644 roles/repo_remi/tasks/main.yml create mode 100644 roles/repo_remi/templates/remi-modular.repo.j2 create mode 100644 roles/repo_remi/vars/RedHat-7.yml create mode 100644 roles/repo_remi/vars/RedHat-8.yml create mode 100644 roles/repo_remi/vars/defaults.yml create mode 100644 roles/repo_rpmfusion/tasks/main.yml create mode 100644 roles/repo_samba4/defaults/main.yml create mode 100644 roles/repo_samba4/tasks/main.yml create mode 100644 roles/repo_scl/tasks/main.yml create mode 100644 roles/repo_seadrive/tasks/main.yml create mode 100644 roles/repo_wapt/defaults/main.yml create mode 100644 roles/repo_wapt/tasks/main.yml create mode 100644 roles/repo_xsendfile/tasks/main.yml create mode 100644 roles/repo_zabbix/defaults/main.yml create mode 100644 roles/repo_zabbix/tasks/Debian.yml create mode 100644 roles/repo_zabbix/tasks/RedHat.yml create mode 100644 roles/repo_zabbix/tasks/main.yml create mode 100644 roles/repo_zfs/defaults/main.yml create mode 100644 roles/repo_zfs/tasks/main.yml create mode 100644 roles/rsync_server/defaults/main.yml create mode 100644 roles/rsync_server/tasks/main.yml create mode 100644 roles/rsync_server/templates/rsyncd.conf.j2 create mode 100644 roles/rsync_server/vars/Debian-10.yml create mode 100644 roles/rsync_server/vars/Debian-11.yml create mode 100644 roles/rsync_server/vars/RedHat-7.yml create mode 100644 roles/rsync_server/vars/RedHat-8.yml create mode 100644 roles/rust/defaults/main.yml create mode 100644 roles/rust/meta/main.yml create mode 100644 roles/rust/tasks/cleanup.yml create mode 100644 roles/rust/tasks/directories.yml create mode 100644 roles/rust/tasks/facts.yml create mode 100644 roles/rust/tasks/install.yml create mode 100644 roles/rust/tasks/main.yml create mode 100644 roles/samba/defaults/main.yml create mode 100644 roles/samba/files/dehydrated_deploy_hook create mode 100644 roles/samba/files/ldb_modules_samba.sh create mode 100644 roles/samba/files/samba-dc.te create mode 100644 roles/samba/handlers/main.yml create mode 100644 roles/samba/meta/main.yml create mode 100644 roles/samba/tasks/conf.yml create mode 100644 roles/samba/tasks/directory.yml create mode 100644 roles/samba/tasks/facts.yml create mode 100644 roles/samba/tasks/filebeat.yml create mode 100644 roles/samba/tasks/install.yml create mode 100644 roles/samba/tasks/iptables.yml create mode 100644 roles/samba/tasks/main.yml create mode 100644 roles/samba/tasks/member_join.yml create mode 100644 roles/samba/tasks/selinux.yml create mode 100644 roles/samba/templates/filebeat.yml.j2 create mode 100644 roles/samba/templates/logrotate.conf.j2 create mode 100644 roles/samba/templates/rsyncd.conf.j2 create mode 100644 roles/samba/templates/samba_post_backup.sh.j2 create mode 100644 roles/samba/templates/samba_pre_backup.sh.j2 create mode 100644 roles/samba/templates/smb.conf.j2 create mode 100644 roles/samba/vars/RedHat-7.yml create mode 100644 roles/samba/vars/RedHat-8.yml create mode 100644 roles/seadrive/defaults/main.yml create mode 100644 roles/seadrive/files/seadrive.te create mode 100644 roles/seadrive/handlers/main.yml create mode 100644 roles/seadrive/meta/main.yml create mode 100644 roles/seadrive/tasks/main.yml create mode 100644 roles/seadrive/tasks/selinux.yml create mode 100644 roles/seadrive/templates/seadrive.conf.j2 create mode 100644 roles/seadrive/templates/seadrive.service.j2 create mode 100644 roles/seafile/defaults/main.yml create mode 100644 roles/seafile/files/avatars/default-non-register.jpg create mode 100644 roles/seafile/files/avatars/default.png create mode 100644 roles/seafile/files/office-template/empty.docx create mode 100644 roles/seafile/files/office-template/empty.pptx create mode 100644 roles/seafile/files/office-template/empty.xlsx create mode 100644 roles/seafile/files/seafile-pro-server_8.0.14_x86-64_CentOS.tar.gz create mode 100644 roles/seafile/handlers/main.yml create mode 100644 roles/seafile/meta/main.yml create mode 100644 roles/seafile/tasks/archive_post.yml create mode 100644 roles/seafile/tasks/archive_pre.yml create mode 100644 roles/seafile/tasks/cleanup.yml create mode 100644 roles/seafile/tasks/conf.yml create mode 100644 roles/seafile/tasks/directories.yml create mode 100644 roles/seafile/tasks/facts.yml create mode 100644 roles/seafile/tasks/filebeat.yml create mode 100644 roles/seafile/tasks/install.yml create mode 100644 roles/seafile/tasks/iptables.yml create mode 100644 roles/seafile/tasks/main.yml create mode 100644 roles/seafile/tasks/services.yml create mode 100644 roles/seafile/tasks/user.yml create mode 100644 roles/seafile/tasks/write_version.yml create mode 100644 roles/seafile/templates/admin.txt.j2 create mode 100644 roles/seafile/templates/ccnet.conf.j2 create mode 100644 roles/seafile/templates/clean_db.sh.j2 create mode 100644 roles/seafile/templates/filebeat.yml.j2 create mode 100644 roles/seafile/templates/gc.sh.j2 create mode 100644 roles/seafile/templates/gunicorn.conf.py.j2 create mode 100644 roles/seafile/templates/logrotate.conf.j2 create mode 100644 roles/seafile/templates/perms.sh.j2 create mode 100644 roles/seafile/templates/post-backup.sh.j2 create mode 100644 roles/seafile/templates/pre-backup.sh.j2 create mode 100644 roles/seafile/templates/seafdav.conf.j2 create mode 100644 roles/seafile/templates/seafevents.conf.j2 create mode 100644 roles/seafile/templates/seafile-clean-db.service.j2 create mode 100644 roles/seafile/templates/seafile-clean-db.timer.j2 create mode 100644 roles/seafile/templates/seafile-gc.service.j2 create mode 100644 roles/seafile/templates/seafile-gc.timer.j2 create mode 100644 roles/seafile/templates/seafile.conf.j2 create mode 100644 roles/seafile/templates/seafile.service.j2 create mode 100644 roles/seafile/templates/seahub.service.j2 create mode 100644 roles/seafile/templates/seahub_settings.py.j2 create mode 100644 roles/seafile/vars/RedHat-7.yml create mode 100644 roles/seafile/vars/RedHat-8.yml create mode 100644 roles/seafile/vars/main.yml create mode 100644 roles/sftpgo/defaults/main.yml create mode 100644 roles/sftpgo/handlers/main.yml create mode 100644 roles/sftpgo/meta/main.yml create mode 100644 roles/sftpgo/tasks/archive_post.yml create mode 100644 roles/sftpgo/tasks/archive_pre.yml create mode 100644 roles/sftpgo/tasks/cleanup.yml create mode 100644 roles/sftpgo/tasks/conf.yml create mode 100644 roles/sftpgo/tasks/directories.yml create mode 100644 roles/sftpgo/tasks/facts.yml create mode 100644 roles/sftpgo/tasks/install.yml create mode 100644 roles/sftpgo/tasks/iptables.yml create mode 100644 roles/sftpgo/tasks/main.yml create mode 100644 roles/sftpgo/tasks/selinux.yml create mode 100644 roles/sftpgo/tasks/services.yml create mode 100644 roles/sftpgo/tasks/user.yml create mode 100644 roles/sftpgo/tasks/write_version.yml create mode 100644 roles/sftpgo/templates/post-backup.j2 create mode 100644 roles/sftpgo/templates/pre-backup.j2 create mode 100644 roles/sftpgo/templates/sftpgo.service.j2 create mode 100644 roles/sftpgo/templates/sftpgo.yml.j2 create mode 100644 roles/sftpgo/vars/RedHat.yml create mode 100644 roles/snmp_mibs/README.ms create mode 100644 roles/snmp_mibs/defaults/main.yml create mode 100644 roles/snmp_mibs/files/mibs/SOPHOS-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-DISK-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-EBOX-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-FLASHCACHE-MIB.txt create mode 100755 roles/snmp_mibs/files/mibs/SYNOLOGY-GPUINFO-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-ISCSILUN-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-ISCSITarget-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-NFS-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-PORT-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-RAID-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-SERVICES-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-SHA-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-SMART-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-SPACEIO-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-STORAGEIO-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-SYSTEM-MIB.txt create mode 100644 roles/snmp_mibs/files/mibs/SYNOLOGY-UPS-MIB.txt create mode 100644 roles/snmp_mibs/tasks/main.yml create mode 100644 roles/squid/defaults/main.yml create mode 100755 roles/squid/files/URLblocked.cgi create mode 100644 roles/squid/files/acl/service_fws.domains create mode 100644 roles/squid/files/acl/service_various.domains create mode 100644 roles/squid/files/acl/software_almalinux.domains create mode 100644 roles/squid/files/acl/software_centos.domains create mode 100644 roles/squid/files/acl/software_codeit.urls create mode 100644 roles/squid/files/acl/software_debian.domains create mode 100644 roles/squid/files/acl/software_epel.domains create mode 100644 roles/squid/files/acl/software_fws.domains create mode 100644 roles/squid/files/acl/software_remi.domains create mode 100644 roles/squid/files/acl/software_smeserver.domains create mode 100644 roles/squid/files/acl/software_various.domains create mode 100644 roles/squid/files/acl/software_windows.domains create mode 100644 roles/squid/files/ufdb.pp create mode 100644 roles/squid/files/ufdb.te create mode 100644 roles/squid/handlers/main.yml create mode 100644 roles/squid/meta/main.yml create mode 100644 roles/squid/tasks/filebeat.yml create mode 100644 roles/squid/tasks/main.yml create mode 100644 roles/squid/tasks/selinux.yml create mode 100644 roles/squid/templates/c-icap.conf.j2 create mode 100644 roles/squid/templates/clamd.conf.j2 create mode 100644 roles/squid/templates/filebeat.yml.j2 create mode 100644 roles/squid/templates/local_blacklist.domains.j2 create mode 100644 roles/squid/templates/local_blacklist.urls.j2 create mode 100644 roles/squid/templates/local_whitelist.domains.j2 create mode 100644 roles/squid/templates/local_whitelist.urls.j2 create mode 100644 roles/squid/templates/squid-clamd.service.j2 create mode 100644 roles/squid/templates/squid.conf.j2 create mode 100644 roles/squid/templates/squidclamav.conf.j2 create mode 100644 roles/squid/templates/ufdbGuard.conf.j2 create mode 100644 roles/squid/templates/ufdb_update.sh.j2 create mode 100644 roles/ssh/defaults/main.yml create mode 100644 roles/ssh/handlers/main.yml create mode 100644 roles/ssh/meta/main.yml create mode 100644 roles/ssh/tasks/main.yml create mode 100644 roles/ssh/templates/sshd_config.j2 create mode 100644 roles/ssh/templates/sudo.j2 create mode 100644 roles/sssd_ad_auth/defaults/main.yml create mode 100644 roles/sssd_ad_auth/handlers/main.yml create mode 100644 roles/sssd_ad_auth/tasks/install_Debian.yml create mode 100644 roles/sssd_ad_auth/tasks/install_RedHat.yml create mode 100644 roles/sssd_ad_auth/tasks/main.yml create mode 100644 roles/sssd_ad_auth/tasks/pam_Debian.yml create mode 100644 roles/sssd_ad_auth/tasks/pam_RedHat.yml create mode 100644 roles/sssd_ad_auth/templates/deb_pam_common_account.j2 create mode 100644 roles/sssd_ad_auth/templates/deb_pam_common_auth.j2 create mode 100644 roles/sssd_ad_auth/templates/deb_pam_common_password.j2 create mode 100644 roles/sssd_ad_auth/templates/deb_pam_common_session.j2 create mode 100644 roles/sssd_ad_auth/templates/krb5.conf create mode 100644 roles/sssd_ad_auth/templates/krb5.conf.j2 create mode 100644 roles/sssd_ad_auth/templates/sssd.conf.j2 create mode 100644 roles/sssd_ldap_auth/defaults/main.yml create mode 100644 roles/sssd_ldap_auth/handlers/main.yml create mode 100644 roles/sssd_ldap_auth/tasks/install_Debian.yml create mode 100644 roles/sssd_ldap_auth/tasks/install_RedHat.yml create mode 100644 roles/sssd_ldap_auth/tasks/main.yml create mode 100644 roles/sssd_ldap_auth/tasks/pam_Debian.yml create mode 100644 roles/sssd_ldap_auth/tasks/pam_RedHat.yml create mode 100644 roles/sssd_ldap_auth/templates/deb_pam_common_account.j2 create mode 100644 roles/sssd_ldap_auth/templates/deb_pam_common_auth.j2 create mode 100644 roles/sssd_ldap_auth/templates/deb_pam_common_password.j2 create mode 100644 roles/sssd_ldap_auth/templates/deb_pam_common_session.j2 create mode 100644 roles/sssd_ldap_auth/templates/sssd.conf.j2 create mode 100644 roles/sudo/defaults/main.yml create mode 100644 roles/sudo/tasks/main.yml create mode 100644 roles/sudo/templates/fws.j2 create mode 100644 roles/system_proxy/defaults/main.yml create mode 100644 roles/system_proxy/handlers/main.yml create mode 100644 roles/system_proxy/tasks/main.yml create mode 100644 roles/system_proxy/templates/proxy.sh.j2 create mode 100644 roles/system_proxy/templates/systemd.conf.j2 create mode 100644 roles/timers/README.md create mode 100644 roles/timers/defaults/main.yml create mode 100644 roles/timers/meta/main.yml create mode 100644 roles/timers/tasks/facts.yml create mode 100644 roles/timers/tasks/install.yml create mode 100644 roles/timers/tasks/main.yml create mode 100644 roles/tomcat/defaults/main.yml create mode 100644 roles/tomcat/handlers/main.yml create mode 100644 roles/tomcat/tasks/conf.yml create mode 100644 roles/tomcat/tasks/install.yml create mode 100644 roles/tomcat/tasks/iptables.yml create mode 100644 roles/tomcat/tasks/main.yml create mode 100644 roles/tomcat/tasks/services.yml create mode 100644 roles/tomcat/templates/server.xml.j2 create mode 100644 roles/transmission_daemon/defaults/main.yml create mode 100644 roles/transmission_daemon/handlers/main.yml create mode 100644 roles/transmission_daemon/tasks/main.yml create mode 100644 roles/transmission_daemon/templates/sysconfig.j2 create mode 100644 roles/transmission_daemon/templates/transmission-daemon.service.j2 create mode 100644 roles/turnserver/defaults/main.yml create mode 100644 roles/turnserver/files/dehydrated_deploy_hook create mode 100644 roles/turnserver/files/turnserver.service create mode 100644 roles/turnserver/handlers/main.yml create mode 100644 roles/turnserver/tasks/main.yml create mode 100644 roles/turnserver/templates/turnserver.conf.j2 create mode 100644 roles/unbound/defaults/main.yml create mode 100644 roles/unbound/handlers/main.yml create mode 100644 roles/unbound/tasks/main.yml create mode 100644 roles/unbound/templates/unbound.conf.j2 create mode 100644 roles/unifi/defaults/main.yml create mode 100644 roles/unifi/handlers/main.yml create mode 100644 roles/unifi/meta/main.yml create mode 100644 roles/unifi/tasks/filebeat.yml create mode 100644 roles/unifi/tasks/main.yml create mode 100644 roles/unifi/templates/filebeat.yml.j2 create mode 100644 roles/unifi/templates/post-backup.sh.j2 create mode 100644 roles/unifi/templates/pre-backup.sh.j2 create mode 100644 roles/unifi/templates/system.properties.j2 create mode 100644 roles/unifi/templates/unifi.service.j2 create mode 100644 roles/unifi/vars/RedHat-7.yml create mode 100644 roles/unifi/vars/RedHat-8.yml create mode 100644 roles/unmaintained/bitwarden_rs/README.md create mode 100644 roles/unmaintained/bitwarden_rs/defaults/main.yml create mode 100644 roles/unmaintained/bitwarden_rs/handlers/main.yml create mode 100644 roles/unmaintained/bitwarden_rs/meta/main.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/archive_post.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/archive_pre.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/cleanup.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/conf.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/directories.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/facts.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/install.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/iptables.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/main.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/service.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/user.yml create mode 100644 roles/unmaintained/bitwarden_rs/tasks/write_version.yml create mode 100644 roles/unmaintained/bitwarden_rs/templates/bitwarden_rs.conf.j2 create mode 100644 roles/unmaintained/bitwarden_rs/templates/bitwarden_rs.service.j2 create mode 100644 roles/unmaintained/bitwarden_rs/templates/nginx.conf.j2 create mode 100644 roles/unmaintained/bitwarden_rs/templates/post-backup.sh.j2 create mode 100644 roles/unmaintained/bitwarden_rs/templates/pre-backup.sh.j2 create mode 100644 roles/unmaintained/bluemind/defaults/main.yml create mode 100644 roles/unmaintained/bluemind/handlers/main.yml create mode 100644 roles/unmaintained/bluemind/tasks/main.yml create mode 100644 roles/unmaintained/bluemind/templates/bm-core.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-eas.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-hps.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-ips.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-lmtp.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-locator.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-milter.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-node.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-syslog.service.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-tika.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-webserver.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-xmpp.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/bm-ysnp.log.xml.j2 create mode 100644 roles/unmaintained/bluemind/templates/dehydrated_deploy_hook.j2 create mode 100644 roles/unmaintained/bluemind/templates/post-backup.j2 create mode 100644 roles/unmaintained/bluemind/templates/pre-backup.j2 create mode 100644 roles/unmaintained/bluemind/templates/rules.json.j2 create mode 100644 roles/unmaintained/bounca/defaults/main.yml create mode 100644 roles/unmaintained/bounca/handlers/main.yml create mode 100644 roles/unmaintained/bounca/meta/main.yml create mode 100644 roles/unmaintained/bounca/tasks/main.yml create mode 100644 roles/unmaintained/bounca/templates/bounca.service.j2 create mode 100644 roles/unmaintained/bounca/templates/main.ini.j2 create mode 100644 roles/unmaintained/bounca/templates/uwsgi.ini.j2 create mode 100644 roles/unmaintained/matrix_mxisd/defaults/main.yml create mode 100644 roles/unmaintained/matrix_mxisd/handlers/main.yml create mode 100644 roles/unmaintained/matrix_mxisd/tasks/main.yml create mode 100644 roles/unmaintained/matrix_mxisd/templates/gradle.properties.j2 create mode 100644 roles/unmaintained/matrix_mxisd/templates/matrix-mxisd.service.j2 create mode 100644 roles/unmaintained/matrix_mxisd/templates/mxisd.yaml.j2 create mode 100644 roles/unmaintained/mayan_edms/defaults/main.yml create mode 100644 roles/unmaintained/mayan_edms/handlers/main.yml create mode 100644 roles/unmaintained/mayan_edms/meta/main.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/archive_post.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/archive_pre.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/cleanup.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/conf.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/directories.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/facts.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/install.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/iptables.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/main.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/services.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/user.yml create mode 100644 roles/unmaintained/mayan_edms/tasks/write_version.yml create mode 100644 roles/unmaintained/mayan_edms/templates/auth.py.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/env.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms-beat.service.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms-web.service.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms-worker-fast.service.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms-worker-medium.service.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms-worker-slow.service.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/mayan-edms.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/post_backup.sh.j2 create mode 100644 roles/unmaintained/mayan_edms/templates/pre_backup.sh.j2 create mode 100644 roles/unmaintained/nas/defaults/main.yml create mode 100644 roles/unmaintained/nas/files/mkhomedir create mode 100644 roles/unmaintained/nas/handlers/main.yml create mode 100644 roles/unmaintained/nas/meta/main.yml create mode 100644 roles/unmaintained/nas/tasks/main.yml create mode 100644 roles/unmaintained/nas/templates/exports.j2 create mode 100644 roles/unmaintained/nas/templates/httpd.conf.j2 create mode 100644 roles/unmaintained/nas/templates/mod_authnz_external.conf.j2 create mode 100644 roles/unmaintained/nas/templates/mod_dav.conf.j2 create mode 100644 roles/unmaintained/nas/templates/rsync.secrets.j2 create mode 100644 roles/unmaintained/nas/templates/rsyncd.conf.j2 create mode 100644 roles/unmaintained/nas/templates/setfacl.sh.j2 create mode 100644 roles/unmaintained/nas/templates/smb.conf.j2 create mode 100644 roles/unmaintained/odoo/defaults/main.yml create mode 100644 roles/unmaintained/odoo/handlers/main.yml create mode 100644 roles/unmaintained/odoo/meta/main.yml create mode 100644 roles/unmaintained/odoo/tasks/main.yml create mode 100644 roles/unmaintained/odoo/templates/odoo-server.conf.j2 create mode 100644 roles/unmaintained/odoo/templates/odoo-server.service.j2 create mode 100644 roles/unmaintained/odoo/templates/post-backup.sh.j2 create mode 100644 roles/unmaintained/odoo/templates/pre-backup.sh.j2 create mode 100644 roles/unmaintained/omv/defaults/main.yml create mode 100644 roles/unmaintained/omv/files/auth_http.patch create mode 100644 roles/unmaintained/omv/files/dont_reset_owner.patch create mode 100644 roles/unmaintained/omv/handlers/main.yml create mode 100644 roles/unmaintained/omv/meta/main.yml create mode 100644 roles/unmaintained/omv/tasks/main.yml create mode 100644 roles/unmaintained/omv/templates/omv_post_backup.sh.j2 create mode 100644 roles/unmaintained/omv/templates/omv_pre_backup.sh.j2 create mode 100644 roles/unmaintained/papermerge/defaults/main.yml create mode 100644 roles/unmaintained/papermerge/handlers/main.yml create mode 100644 roles/unmaintained/papermerge/meta/main.yml create mode 100644 roles/unmaintained/papermerge/tasks/archive_post.yml create mode 100644 roles/unmaintained/papermerge/tasks/archive_pre.yml create mode 100644 roles/unmaintained/papermerge/tasks/cleanup.yml create mode 100644 roles/unmaintained/papermerge/tasks/conf.yml create mode 100644 roles/unmaintained/papermerge/tasks/directories.yml create mode 100644 roles/unmaintained/papermerge/tasks/facts.yml create mode 100644 roles/unmaintained/papermerge/tasks/install.yml create mode 100644 roles/unmaintained/papermerge/tasks/iptables.yml create mode 100644 roles/unmaintained/papermerge/tasks/main.yml create mode 100644 roles/unmaintained/papermerge/tasks/selinux.yml create mode 100644 roles/unmaintained/papermerge/tasks/services.yml create mode 100644 roles/unmaintained/papermerge/tasks/user.yml create mode 100644 roles/unmaintained/papermerge/tasks/write_version.yml create mode 100644 roles/unmaintained/papermerge/templates/gunicorn.conf.py.j2 create mode 100644 roles/unmaintained/papermerge/templates/nginx.conf.j2 create mode 100644 roles/unmaintained/papermerge/templates/papermerge-web.service.j2 create mode 100644 roles/unmaintained/papermerge/templates/papermerge-worker.service.j2 create mode 100644 roles/unmaintained/papermerge/templates/papermerge.conf.py.j2 create mode 100644 roles/unmaintained/papermerge/templates/production.py.j2 create mode 100644 roles/unmaintained/psono/defaults/main.yml create mode 100644 roles/unmaintained/psono/handlers/main.yml create mode 100644 roles/unmaintained/psono/meta/main.yml create mode 100644 roles/unmaintained/psono/tasks/archive_post.yml create mode 100644 roles/unmaintained/psono/tasks/archive_pre.yml create mode 100644 roles/unmaintained/psono/tasks/cleanup.yml create mode 100644 roles/unmaintained/psono/tasks/conf.yml create mode 100644 roles/unmaintained/psono/tasks/directories.yml create mode 100644 roles/unmaintained/psono/tasks/facts.yml create mode 100644 roles/unmaintained/psono/tasks/install.yml create mode 100644 roles/unmaintained/psono/tasks/iptables.yml create mode 100644 roles/unmaintained/psono/tasks/main.yml create mode 100644 roles/unmaintained/psono/tasks/service.yml create mode 100644 roles/unmaintained/psono/tasks/user.yml create mode 100644 roles/unmaintained/psono/tasks/write_version.yml create mode 100644 roles/unmaintained/psono/templates/httpd.conf.j2 create mode 100644 roles/unmaintained/psono/templates/nginx.conf.j2 create mode 100644 roles/unmaintained/psono/templates/post-backup.sh.j2 create mode 100644 roles/unmaintained/psono/templates/pre-backup.sh.j2 create mode 100644 roles/unmaintained/psono/templates/psono-cleartoken.service.j2 create mode 100644 roles/unmaintained/psono/templates/psono-cleartoken.timer.j2 create mode 100644 roles/unmaintained/psono/templates/psono-server.service.j2 create mode 100644 roles/unmaintained/psono/templates/settings.yaml.j2 create mode 100644 roles/unmaintained/psono/templates/webclient.json.j2 create mode 100644 roles/unmaintained/systemd_journal_gelf/defaults/main.yml create mode 100644 roles/unmaintained/systemd_journal_gelf/handlers/main.yml create mode 100644 roles/unmaintained/systemd_journal_gelf/tasks/install_Debian.yml create mode 100644 roles/unmaintained/systemd_journal_gelf/tasks/install_RedHat.yml create mode 100644 roles/unmaintained/systemd_journal_gelf/tasks/main.yml create mode 100644 roles/unmaintained/systemd_journal_gelf/templates/journal-gelf.yml.j2 create mode 100644 roles/unmaintained/ttrss/defaults/main.yml create mode 100644 roles/unmaintained/ttrss/handlers/main.yml create mode 100644 roles/unmaintained/ttrss/meta/main.yml create mode 100644 roles/unmaintained/ttrss/tasks/main.yml create mode 100644 roles/unmaintained/ttrss/templates/config.php.j2 create mode 100644 roles/unmaintained/ttrss/templates/dump_db.j2 create mode 100644 roles/unmaintained/ttrss/templates/httpd.conf.j2 create mode 100644 roles/unmaintained/ttrss/templates/perms.sh.j2 create mode 100644 roles/unmaintained/ttrss/templates/php.conf.j2 create mode 100644 roles/unmaintained/ttrss/templates/rm_dump.j2 create mode 100644 roles/unmaintained/ttrss/templates/ttrss-updater.service.j2 create mode 100644 roles/unmaintained/ttrss/vars/RedHat-7.yml create mode 100644 roles/unmaintained/ttrss/vars/RedHat-8.yml create mode 100644 roles/unmaintained/wbo/defaults/main.yml create mode 100644 roles/unmaintained/wbo/handlers/main.yml create mode 100644 roles/unmaintained/wbo/meta/main.yml create mode 100644 roles/unmaintained/wbo/tasks/main.yml create mode 100644 roles/unmaintained/wbo/templates/wbo.service.j2 create mode 100644 roles/vaultwarden/defaults/main.yml create mode 100644 roles/vaultwarden/handlers/main.yml create mode 100644 roles/vaultwarden/meta/main.yml create mode 100644 roles/vaultwarden/tasks/archive_post.yml create mode 100644 roles/vaultwarden/tasks/archive_pre.yml create mode 100644 roles/vaultwarden/tasks/cleanup.yml create mode 100644 roles/vaultwarden/tasks/conf.yml create mode 100644 roles/vaultwarden/tasks/directories.yml create mode 100644 roles/vaultwarden/tasks/facts.yml create mode 100644 roles/vaultwarden/tasks/install.yml create mode 100644 roles/vaultwarden/tasks/iptables.yml create mode 100644 roles/vaultwarden/tasks/main.yml create mode 100644 roles/vaultwarden/tasks/migrate_bitwarden_rs.yml create mode 100644 roles/vaultwarden/tasks/service.yml create mode 100644 roles/vaultwarden/tasks/user.yml create mode 100644 roles/vaultwarden/tasks/write_version.yml create mode 100644 roles/vaultwarden/templates/nginx.conf.j2 create mode 100644 roles/vaultwarden/templates/post-backup.sh.j2 create mode 100644 roles/vaultwarden/templates/pre-backup.sh.j2 create mode 100644 roles/vaultwarden/templates/vaultwarden.conf.j2 create mode 100644 roles/vaultwarden/templates/vaultwarden.service.j2 create mode 100644 roles/wapt_server/defaults/main.yml create mode 100644 roles/wapt_server/handlers/main.yml create mode 100644 roles/wapt_server/meta/main.yml create mode 100644 roles/wapt_server/tasks/main.yml create mode 100644 roles/wapt_server/templates/nginx.conf.j2 create mode 100644 roles/wapt_server/templates/post-backup.sh.j2 create mode 100644 roles/wapt_server/templates/pre-backup.sh.j2 create mode 100644 roles/wapt_server/templates/wapt.conf.j2 create mode 100644 roles/wapt_server/vars/RedHat-7.yml create mode 100644 roles/wapt_server/vars/RedHat-8.yml create mode 100644 roles/wb_ad_auth/defaults/main.yml create mode 100644 roles/wb_ad_auth/handlers/main.yml create mode 100644 roles/wb_ad_auth/tasks/main.yml create mode 100644 roles/wb_ad_auth/templates/krb5.conf create mode 100644 roles/wb_ad_auth/templates/krb5.conf.j2 create mode 100644 roles/wb_ad_auth/templates/sssd.conf.j2 create mode 100644 roles/wordpress/defaults/main.yml create mode 100644 roles/wordpress/handlers/main.yml create mode 100644 roles/wordpress/meta/main.yml create mode 100644 roles/wordpress/tasks/archive_post.yml create mode 100644 roles/wordpress/tasks/archive_pre.yml create mode 100644 roles/wordpress/tasks/conf.yml create mode 100644 roles/wordpress/tasks/directories.yml create mode 100644 roles/wordpress/tasks/facts.yml create mode 100644 roles/wordpress/tasks/install.yml create mode 100644 roles/wordpress/tasks/main.yml create mode 100644 roles/wordpress/tasks/user.yml create mode 100644 roles/wordpress/templates/httpd.conf.j2 create mode 100644 roles/wordpress/templates/perms.sh.j2 create mode 100644 roles/wordpress/templates/php.conf.j2 create mode 100644 roles/wordpress/templates/post-backup.sh.j2 create mode 100644 roles/wordpress/templates/pre-backup.sh.j2 create mode 100644 roles/wordpress/templates/wp-config.php.j2 create mode 100644 roles/x2go_server/tasks/main.yml create mode 100644 roles/zabbix_agent/defaults/main.yml create mode 100644 roles/zabbix_agent/handlers/main.yml create mode 100644 roles/zabbix_agent/meta/main.yml create mode 100644 roles/zabbix_agent/tasks/conf.yml create mode 100644 roles/zabbix_agent/tasks/facts.yml create mode 100644 roles/zabbix_agent/tasks/install_Debian.yml create mode 100644 roles/zabbix_agent/tasks/install_RedHat.yml create mode 100644 roles/zabbix_agent/tasks/iptables.yml create mode 100644 roles/zabbix_agent/tasks/main.yml create mode 100644 roles/zabbix_agent/tasks/psk.yml create mode 100644 roles/zabbix_agent/tasks/selinux.yml create mode 100644 roles/zabbix_agent/tasks/sensors.yml create mode 100644 roles/zabbix_agent/tasks/sensors_Debian.yml create mode 100644 roles/zabbix_agent/tasks/sensors_RedHat.yml create mode 100644 roles/zabbix_agent/tasks/service.yml create mode 100644 roles/zabbix_agent/templates/block_devices.conf.j2 create mode 100644 roles/zabbix_agent/templates/zabbix_agentd.conf.j2 create mode 100644 roles/zabbix_agent/vars/Debian-10.yml create mode 100644 roles/zabbix_agent/vars/Debian-11.yml create mode 100644 roles/zabbix_agent/vars/Debian-8.yml create mode 100644 roles/zabbix_agent/vars/Debian-9.yml create mode 100644 roles/zabbix_agent/vars/RedHat-7.yml create mode 100644 roles/zabbix_agent/vars/RedHat-8.yml create mode 100644 roles/zabbix_agent/vars/Ubuntu-20.yml create mode 100644 roles/zabbix_lld_all_graph/README.md create mode 100644 roles/zabbix_lld_all_graph/defaults/main.yml create mode 100755 roles/zabbix_lld_all_graph/files/zabbix_lld_all_graph create mode 100644 roles/zabbix_lld_all_graph/meta/main.yml create mode 100644 roles/zabbix_lld_all_graph/tasks/conf.yml create mode 100644 roles/zabbix_lld_all_graph/tasks/install.yml create mode 100644 roles/zabbix_lld_all_graph/tasks/main.yml create mode 100644 roles/zabbix_lld_all_graph/tasks/services.yml create mode 100644 roles/zabbix_lld_all_graph/templates/zabbix-lld-all-graph.j2 create mode 100644 roles/zabbix_lld_all_graph/templates/zabbix-lld-all-graph.service.j2 create mode 100644 roles/zabbix_lld_all_graph/templates/zabbix-lld-all-graph.timer.j2 create mode 100644 roles/zabbix_proxy/defaults/main.yml create mode 100644 roles/zabbix_proxy/files/zabbix_proxy.te create mode 100644 roles/zabbix_proxy/handlers/main.yml create mode 100644 roles/zabbix_proxy/meta/main.yml create mode 100644 roles/zabbix_proxy/tasks/conf.yml create mode 100644 roles/zabbix_proxy/tasks/directories.yml create mode 100644 roles/zabbix_proxy/tasks/install.yml create mode 100644 roles/zabbix_proxy/tasks/iptables.yml create mode 100644 roles/zabbix_proxy/tasks/main.yml create mode 100644 roles/zabbix_proxy/tasks/psk.yml create mode 100644 roles/zabbix_proxy/tasks/selinux.yml create mode 100644 roles/zabbix_proxy/tasks/service.yml create mode 100644 roles/zabbix_proxy/tasks/upgrade.yml create mode 100644 roles/zabbix_proxy/templates/zabbix_proxy.conf.j2 create mode 100644 roles/zabbix_server/defaults/main.yml create mode 100644 roles/zabbix_server/files/scripts/check_cert.pl create mode 100644 roles/zabbix_server/files/scripts/matrix_notify create mode 100644 roles/zabbix_server/files/zabbix_server.te create mode 100644 roles/zabbix_server/handlers/main.yml create mode 100644 roles/zabbix_server/meta/main.yml create mode 100644 roles/zabbix_server/tasks/conf.yml create mode 100644 roles/zabbix_server/tasks/directories.yml create mode 100644 roles/zabbix_server/tasks/facts.yml create mode 100644 roles/zabbix_server/tasks/install.yml create mode 100644 roles/zabbix_server/tasks/iptables.yml create mode 100644 roles/zabbix_server/tasks/main.yml create mode 100644 roles/zabbix_server/tasks/selinux.yml create mode 100644 roles/zabbix_server/tasks/service.yml create mode 100644 roles/zabbix_server/templates/httpd.conf.j2 create mode 100644 roles/zabbix_server/templates/patrixrc.j2 create mode 100644 roles/zabbix_server/templates/php.conf.j2 create mode 100644 roles/zabbix_server/templates/post_backup.sh.j2 create mode 100644 roles/zabbix_server/templates/pre_backup.sh.j2 create mode 100644 roles/zabbix_server/templates/zabbix.conf.php.j2 create mode 100644 roles/zabbix_server/templates/zabbix_java_gateway.conf.j2 create mode 100644 roles/zabbix_server/templates/zabbix_server.conf.j2 create mode 100644 roles/zfs/defaults/main.yml create mode 100644 roles/zfs/files/z_resume_scrubs create mode 100644 roles/zfs/files/z_suspend_scrubs create mode 100644 roles/zfs/handlers/main.yml create mode 100644 roles/zfs/meta/main.yml create mode 100644 roles/zfs/tasks/install_Debian.yml create mode 100644 roles/zfs/tasks/install_RedHat.yml create mode 100644 roles/zfs/tasks/main.yml create mode 100644 roles/zfs/templates/recv-sudo.j2 create mode 100644 roles/zfs/templates/sanoid.conf.j2 create mode 100644 roles/zfs/templates/sanoid.service.j2 create mode 100644 roles/zfs/templates/sanoid.timer.j2 create mode 100644 roles/zfs/templates/syncoid.service.j2 create mode 100644 roles/zfs/templates/syncoid.timer.j2 create mode 100644 roles/zfs/templates/zfs-scrub@.service.j2 create mode 100644 roles/zfs/templates/zfs-scrub@.timer.j2 create mode 100644 roles/zfs/templates/zfs-trim@.service.j2 create mode 100644 roles/zfs/templates/zfs-trim@.timer.j2 create mode 100644 roles/zfs_common/defaults/main.yml create mode 100644 roles/zfs_common/tasks/main.yml create mode 100644 roles/zfs_common/templates/zfs.conf.j2 create mode 100644 roles/zimbra/amavis.yml create mode 100644 roles/zimbra/defaults/main.yml create mode 100755 roles/zimbra/files/zmpostfixpolicyd create mode 100644 roles/zimbra/files/zmpostfixpolicyd_recipient_delim.patch create mode 100644 roles/zimbra/handlers/main.yml create mode 100644 roles/zimbra/meta/main.yml create mode 100644 roles/zimbra/service.yml create mode 100644 roles/zimbra/stats.yml create mode 100644 roles/zimbra/tasks/antispam.yml create mode 100644 roles/zimbra/tasks/apache.yml create mode 100644 roles/zimbra/tasks/cas.yml create mode 100644 roles/zimbra/tasks/filebeat.yml create mode 100644 roles/zimbra/tasks/install.yml create mode 100644 roles/zimbra/tasks/ldap.yml create mode 100644 roles/zimbra/tasks/logger.yml create mode 100644 roles/zimbra/tasks/mailbox.yml create mode 100644 roles/zimbra/tasks/main.yml create mode 100644 roles/zimbra/tasks/memcached.yml create mode 100644 roles/zimbra/tasks/mta.yml create mode 100644 roles/zimbra/tasks/opendkim.yml create mode 100644 roles/zimbra/tasks/proxy.yml create mode 100644 roles/zimbra/tasks/snmp.yml create mode 100644 roles/zimbra/tasks/spell.yml create mode 100644 roles/zimbra/tasks/zmldapsync.yml create mode 100644 roles/zimbra/templates/cas_preauth.jsp.j2 create mode 100644 roles/zimbra/templates/cas_preauth_admin.jsp.j2 create mode 100644 roles/zimbra/templates/dehydrated_hook.sh.j2 create mode 100644 roles/zimbra/templates/filebeat.yml.j2 create mode 100644 roles/zimbra/templates/post_backup.sh.j2 create mode 100644 roles/zimbra/templates/pre_backup.sh.j2 create mode 100644 roles/zimbra/templates/rsyslog.conf.j2 create mode 100644 roles/zimbra/templates/zcs_init_config.j2 create mode 100644 roles/zimbra/templates/zcs_install_answers.j2 create mode 100644 roles/zimbra/templates/zimbra_wrapper.j2 create mode 100644 roles/zimbra/templates/zmldapsync.service.j2 create mode 100644 roles/zimbra/templates/zmldapsync.timer.j2 create mode 100644 roles/zimbra/templates/zmldapsync.yml.j2 create mode 100644 roles/zimbra/vars/RedHat-7.yml create mode 100644 roles/zimbra/vars/RedHat-8.yml create mode 100644 roles/zimbra/vars/main.yml create mode 100644 roles/zimbra/zimbra.yml create mode 100644 roles/zimbra/zimbraAdmin.yml create mode 100644 roles/zimbra/zimlet.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..82c1a54 --- /dev/null +++ b/README.md @@ -0,0 +1,178 @@ +# Ansible roles + +I use Ansible. And I use it **a lot**. Like, there's now nearly nothing I deploy manually, without it. As such I've written a lot of roles, to deploy and manage various applications. This include : + +* Basic system configuration +* Authentication (eg, configure LDAP auth, or join an AD domain automatically) +* Plumber layers (like deploy a MySQL server, a PHP stack etc.) +* Authentication services (Samba4 in AD DC mode, Lemonldap::NG etc.) +* Collaborative apps (like Zimbra, Matrix, Etherpad, Seafile, OnlyOffice, Jitsi etc.) +* Monitoring tools (deploy Zabbix agent, proxy and server, Fusion Inventory agent, Graylog server) +* Web applications (GLPI, Ampache, Kanboard, Wordpress, Dolibarr, Matomo, Framadate, Dokuwiki etc.) +* Dev tools (Gitea) +* Security tools (OpenXPKI, Vaultwarden, manage SSH keys etc.) +* A lot more :-) + +Most of my roles are RHEL centric (tested on AlmaLinux now that CentOS Linux is dead), and are made to be deployed on AlmaLinux 8 servers. Basic roles (like basic system configuration, postfix etc.) also support Debian/Ubuntu systems, but are less tested. + +My roles are often dependent on other roles. For example, if you deploy glpi, it'll first pull all the required web and PHP stack. + +Most of the web application roles are made to run behind a reverse proxy. You can use for this the nginx (recommended) or the httpd_front role. + +## how to use this + +Here're the steps to make use of this. Note that this is not a complete ansible how-to, just a quick guide to use my roles. For example, it'll not explain how to make use of ansible-vault to protect sensitive informations. + +* Clone the repo +``` +git clone https://git.lapiole.org/fws/ansible-roles.git +cd ansible-roles +``` + +* Create a few directories +``` +mkdir {inventories,host_vars,group_vars,ssh,config} +``` + +* Create your SSH key. It's advised to set a passphrase to protect it +``` +ssh-keygen -t rsa -b 4096 -f ssh/id_rsa +``` + +* Create the ansible user account on the hosts you want to manage. This can be done manually or can be automated with tools like kickstart (you can have a look at https://ks.lapiole.org/alma8.ks for example). The ansible user must have elevated privileges with sudo (so you have to ensure sudo is installed) +``` +useradd -m ansible +mkdir ~ansible/.ssh +cat <<_EOF > ~ansible/.ssh/authorized_keys +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== ansible@fws.fr +_EOF +chown -R ansible:ansible ~ansible/.ssh/ +chmod 700 ~ansible/.ssh/ +chmod 600 ~ansible/.ssh/authorized_keys +cat <<_EOF > /etc/sudoers.d/ansible +Defaults:ansible !requiretty +ansible ALL=(ALL) NOPASSWD: ALL +_EOF +chmod 600 /etc/sudoers.d/ansible +``` + +* Create your inventory file. For example, inventories/acme.ini +``` +[infra] +db.acme.com +proxyin.acme.com +``` +This will create a single group **infra** with two hosts in it. + +* Create your main playbook. This is the file describing what to deploy on which host. You can store it at in the root dir, for example, acme.yml : +``` +- name: Deploy common profiles + hosts: infra + roles: + - common + - backup + +- name: Deploy databases servers + hosts: db.acme.com + roles: + - mysql_server + - postgresql_server + +- name: Deploy reverse proxy + hosts: proxyin.acme.com + roles: + - nginx + - letsencrypt + - lemonldap_ng +``` +It's pretty self-explanatory. First, roles **common** and **backup** will be deployed on every hosts in the infra group. Then, **mysql_server** and **postgresql_server** will be deployed on **db.acme.com**. And roles **nginx**, **letsencrypt** and **lemonldap_ng** will be deployed on host **proxyin.acme.com** + +* Now, it's time to configure a few things. Configuration is done be assigning values to varibles, and can be done at several levels. + * group_vars/all/vars.yml : variables here will be inherited by every hosts +``` +ansible_become: True +trusted_ip: + - 1.2.3.4 + - 192.168.47.0/24 +zabbix_ip: + - 10.11.12.13 + +system_admin_groups: + - 'admins' +system_admin_users: + - 'dani' +system_admin_email: servers@example.com + +zabbix_agent_encryption: psk +zabbix_agent_servers: "{{ zabbix_ip }}" +zabbix_proxy_encryption: psk +zabbix_proxy_server: 'zabbix.example.com' +``` + * group_vars/infra/vars.yml : variables here will be inherited by hosts in the **infra** group +``` +sshd_src_ip: "{{ trusted_ip }}" +postfix_relay_host: '[smtp.example.com]:587' +postfix_relay_user: smtp +postfix_relay_pass: "S3cretP@ssw0rd" + +ssh_users: + - name: ansible + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== ansible@fws.fr + - name: dani + allow_forwarding: True + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwnPxF7vmJA8Jr7I2q6BNRxQIcnlFaA3O58x8532qXIox8fUdYJo0KkjpEl6pBSWGlF4ObTB04/Nks5rhv9Ew+EHO5GvavzVp5L3u8T+PP+idlLlwIERL2R632TBWVbxqvhtc813ozpaMRI7nCabgiIp8rFf4hqYJIn/RMpRdPSQaHrPHQpFEW9uHPbFYZ9+ +dywY88WXY+VJI1rkIU3NlOAw3GKjEd6iqiOboDl8Ld4qqc+NpqDFPeidYbk5xjKv3l/Y804tdwqO1UYC+psr983rs1Kq91jI/5xSjSQFM51W3HCpZMTzSIt4Swy+m+eqUIrInxMmw72HF2CL+PePHgmusMUBYPdBfqHIxEHEbvPuO67hLAhqH1dUDBp+0oiRSM/J/DX7K+I+jNO43/UtcvnrBjNjzAiiJEG3WRAcBAUpccOu3JHcRN5CLRB26yfLXpFRzUNCnajmdZF7qc0G5gJuy8KpUZ49VTmZmJ0Uzx1rZLaytSjHpf4e5X6F8iTQ1QmORxvCdfdsqoeod7jK384NXq+UD24Y/tEgq/eT7pl3yLCpQo4qKd/aCEBqc2bnLggVRr+WX94ojMdK35qYbdXtLsN5y6L20yde8tGtWY+nmbJzLnqVJ4TKxXKMl7q9Sdj1t7BrqQQIK3H9kP7SZRhWNP6tvNKBgKFgc/k01ldw== dani@fws.fr + +# Default database server +mysql_server: db.acme.com +mysql_admin_pass: "r00tP@ss" +pg_server: db.acme.com +pg_admin_pass: "{{ mysql_admin_pass }}" + +letsencrypt_challenge: dns +letsencrypt_dns_provider: gandi +letsencrypt_dns_provider_options: '--api-protocol=rest' +letsencrypt_dns_auth_token: "G7BL9RzkZdUI" +``` + * host_vars/proxyin.acme.com/vars.yml : variables here will be inherited only by the host **proxyin.acme.com** +``` +nginx_auto_letsencrypt_cert: True + +# Default vhost settings +nginx_default_vhost_extra: + auth: llng + csp: >- + default-src 'self' 'unsafe-inline' blob:; + style-src-elem 'self' 'unsafe-inline' data:; + img-src 'self' data: blob: https://stats.fws.fr; + script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.acme.com blob:; + font-src 'self' data: + proxy: + cache: True + backend: http://web1.acme.com + +nginx_vhosts: + + - name: mail-filter.example.com + proxy: + backend: https://10.64.2.10:8006 + allowed_methods: [GET,HEAD,POST,PUT,DELETE] + src_ip: "{{ trusted_ip }}" + auth: False + + - name: graphes.acme.com + proxy: + backend: http://10.64.3.15:3000 + allowed_methods: [GET,HEAD,POST,PUT,DELETE] + +``` + +## How to check available variables + +Every role has default variables set in the defaults sub folder. You can have a look at it to see which variables are available and what default value they have. + +## Contact + +You can contact me at ansible AT lapiole DOT org if needed diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..5fdbbb5 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,15 @@ +[defaults] +remote_user = ansible +private_key_file = ssh/id_rsa +ansible_managed = Managed by ansible, manual modifications will be lost +ask_vault_pass = True +remote_tmp = /tmp/.ansible-${USER}/tmp +timeout = 30 + +[privilege_escalation] +become=True + +[ssh_connection] +ssh_args = -F ssh/config +control_path = /tmp/ans-ssh-%%C +pipelining = True diff --git a/library/iptables_raw.py b/library/iptables_raw.py new file mode 100644 index 0000000..fd1c863 --- /dev/null +++ b/library/iptables_raw.py @@ -0,0 +1,1089 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Make coding more python3-ish +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +""" +(c) 2016, Strahinja Kustudic +(c) 2016, Damir Markovic + +This file is part of Ansible + +Ansible is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +Ansible is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with Ansible. If not, see . +""" + +ANSIBLE_METADATA = { + 'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community' +} + +DOCUMENTATION = ''' +--- +module: iptables_raw +short_description: Manage iptables rules +version_added: "2.5" +description: + - Add/remove iptables rules while keeping state. +options: + backup: + description: + - Create a backup of the iptables state file before overwriting it. + required: false + choices: ["yes", "no"] + default: "no" + ipversion: + description: + - Target the IP version this rule is for. + required: false + default: "4" + choices: ["4", "6"] + keep_unmanaged: + description: + - If set to C(yes) keeps active iptables (unmanaged) rules for the target + C(table) and gives them C(weight=90). This means these rules will be + ordered after most of the rules, since default priority is 40, so they + shouldn't be able to block any allow rules. If set to C(no) deletes all + rules which are not set by this module. + - "WARNING: Be very careful when running C(keep_unmanaged=no) for the + first time, since if you don't specify correct rules, you can block + yourself out of the managed host." + required: false + choices: ["yes", "no"] + default: "yes" + name: + description: + - Name that will be used as an identifier for these rules. It can contain + alphanumeric characters, underscore, hyphen, dot, or a space; has to be + UNIQUE for a specified C(table). You can also pass C(name=*) with + C(state=absent) to flush all rules in the selected table, or even all + tables with C(table=*). + required: true + rules: + description: + - The rules that we want to add. Accepts multiline values. + - "Note: You can only use C(-A)/C(--append), C(-N)/C(--new-chain), and + C(-P)/C(--policy) to specify rules." + required: false + state: + description: + - The state this rules fragment should be in. + choices: ["present", "absent"] + required: false + default: present + table: + description: + - The table this rule applies to. You can specify C(table=*) only with + with C(name=*) and C(state=absent) to flush all rules in all tables. + choices: ["filter", "nat", "mangle", "raw", "security", "*"] + required: false + default: filter + weight: + description: + - Determines the order of the rules. Lower C(weight) means higher + priority. Supported range is C(0 - 99) + choices: ["0 - 99"] + required: false + default: 40 +notes: + - Requires C(iptables) package. Debian-based distributions additionally + require C(iptables-persistent). + - "Depending on the distribution, iptables rules are saved in different + locations, so that they can be loaded on boot. Red Hat distributions (RHEL, + CentOS, etc): C(/etc/sysconfig/iptables) and C(/etc/sysconfig/ip6tables); + Debian distributions (Debian, Ubuntu, etc): C(/etc/iptables/rules.v4) and + C(/etc/iptables/rules.v6); other distributions: C(/etc/sysconfig/iptables) + and C(/etc/sysconfig/ip6tables)." + - This module saves state in C(/etc/ansible-iptables) directory, so don't + modify this directory! +author: + - "Strahinja Kustudic (@kustodian)" + - "Damir Markovic (@damirda)" +''' + +EXAMPLES = ''' +# Allow all IPv4 traffic coming in on port 80 (http) +- iptables_raw: + name: allow_tcp_80 + rules: '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT' + +# Set default rules with weight 10 and disregard all unmanaged rules +- iptables_raw: + name: default_rules + weight: 10 + keep_unmanaged: no + rules: | + -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + -A INPUT -i lo -j ACCEPT + -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT + -P INPUT DROP + -P FORWARD DROP + -P OUTPUT ACCEPT + +# Allow all IPv6 traffic coming in on port 443 (https) with weight 50 +- iptables_raw: + ipversion: 6 + weight: 50 + name: allow_tcp_443 + rules: '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT' + +# Remove the above rule +- iptables_raw: + state: absent + ipversion: 6 + name: allow_tcp_443 + +# Define rules with a custom chain +- iptables_raw: + name: custom1_rules + rules: | + -N CUSTOM1 + -A CUSTOM1 -s 192.168.0.0/24 -j ACCEPT + +# Reset all IPv4 iptables rules in all tables and allow all traffic +- iptables_raw: + name: '*' + table: '*' + state: absent +''' + +RETURN = ''' +state: + description: state of the rules + returned: success + type: string + sample: present +name: + description: name of the rules + returned: success + type: string + sample: open_tcp_80 +weight: + description: weight of the rules + returned: success + type: int + sample: 40 +ipversion: + description: IP version of iptables used + returned: success + type: int + sample: 6 +rules: + description: passed rules + returned: success + type: string + sample: "-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT" +table: + description: iptables table used + returned: success + type: string + sample: filter +backup: + description: if the iptables file should backed up + returned: success + type: boolean + sample: False +keep_unmanaged: + description: if it should keep unmanaged rules + returned: success + type: boolean + sample: True +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import json + +import time +import fcntl +import re +import shlex +import os +import tempfile + +try: + from collections import defaultdict +except ImportError: + # This is a workaround for Python 2.4 which doesn't have defaultdict. + class defaultdict(dict): + def __init__(self, default_factory, *args, **kwargs): + super(defaultdict, self).__init__(*args, **kwargs) + self.default_factory = default_factory + + def __getitem__(self, key): + try: + return super(defaultdict, self).__getitem__(key) + except KeyError: + return self.__missing__(key) + + def __missing__(self, key): + try: + self[key] = self.default_factory() + except TypeError: + raise KeyError("Missing key %s" % (key, )) + else: + return self[key] + + +# Genereates a diff dictionary from an old and new table dump. +def generate_diff(dump_old, dump_new): + diff = dict() + if dump_old != dump_new: + diff['before'] = dump_old + diff['after'] = dump_new + return diff + + +def compare_dictionaries(dict1, dict2): + if dict1 is None or dict2 is None: + return False + if not (isinstance(dict1, dict) and isinstance(dict2, dict)): + return False + shared_keys = set(dict2.keys()) & set(dict2.keys()) + if not (len(shared_keys) == len(dict1.keys()) and len(shared_keys) == len(dict2.keys())): + return False + dicts_are_equal = True + for key in dict1.keys(): + if isinstance(dict1[key], dict): + dicts_are_equal = dicts_are_equal and compare_dictionaries(dict1[key], dict2[key]) + else: + dicts_are_equal = dicts_are_equal and (dict1[key] == dict2[key]) + if not dicts_are_equal: + break + return dicts_are_equal + + +class Iptables: + + # Default chains for each table + DEFAULT_CHAINS = { + 'filter': ['INPUT', 'FORWARD', 'OUTPUT'], + 'raw': ['PREROUTING', 'OUTPUT'], + 'nat': ['PREROUTING', 'INPUT', 'OUTPUT', 'POSTROUTING'], + 'mangle': ['PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT', 'POSTROUTING'], + 'security': ['INPUT', 'FORWARD', 'OUTPUT'] + } + + # List of tables + TABLES = list(DEFAULT_CHAINS.copy().keys()) + + # Directory which will store the state file. + STATE_DIR = '/etc/ansible-iptables' + + # Key used for unmanaged rules + UNMANAGED_RULES_KEY_NAME = '$unmanaged_rules$' + + # Only allow alphanumeric characters, underscore, hyphen, dots, or a space for + # now. We don't want to have problems while parsing comments using regular + # expressions. + RULE_NAME_ALLOWED_CHARS = 'a-zA-Z0-9_ .-' + + module = None + + def __init__(self, module, ipversion): + # Create directory for json files. + if not os.path.exists(self.STATE_DIR): + os.makedirs(self.STATE_DIR) + if Iptables.module is None: + Iptables.module = module + self.state_save_path = self._get_state_save_path(ipversion) + self.system_save_path = self._get_system_save_path(ipversion) + self.state_dict = self._read_state_file() + self.bins = self._get_bins(ipversion) + self.iptables_names_file = self._get_iptables_names_file(ipversion) + # Check if we have a required iptables version. + self._check_compatibility() + # Save active iptables rules for all tables, so that we don't + # need to fetch them every time using 'iptables-save' command. + self._active_rules = {} + self._refresh_active_rules(table='*') + + def __eq__(self, other): + return (isinstance(other, self.__class__) and compare_dictionaries(other.state_dict, self.state_dict)) + + def __ne__(self, other): + return not self.__eq__(other) + + def _get_bins(self, ipversion): + if ipversion == '4': + return {'iptables': Iptables.module.get_bin_path('iptables'), + 'iptables-save': Iptables.module.get_bin_path('iptables-save'), + 'iptables-restore': Iptables.module.get_bin_path('iptables-restore')} + else: + return {'iptables': Iptables.module.get_bin_path('ip6tables'), + 'iptables-save': Iptables.module.get_bin_path('ip6tables-save'), + 'iptables-restore': Iptables.module.get_bin_path('ip6tables-restore')} + + def _get_iptables_names_file(self, ipversion): + if ipversion == '4': + return '/proc/net/ip_tables_names' + else: + return '/proc/net/ip6_tables_names' + + # Return a list of active iptables tables + def _get_list_of_active_tables(self): + if os.path.isfile(self.iptables_names_file): + table_names = "filter\nnat\nmangle" + open(self.iptables_names_file, 'r').read() + list_set = set(table_names.splitlines()) + unique_list = (list(list_set)) + return unique_list + else: + return [] + + # If /etc/debian_version exist, this means this is a debian based OS (Ubuntu, Mint, etc...) + def _is_debian(self): + return os.path.isfile('/etc/debian_version') + # If /etc/alpine-release exist, this means this is AlpineLinux OS + def _is_alpine(self): + return os.path.isfile('/etc/alpine-release') + + # If /etc/arch-release exist, this means this is an ArchLinux OS + def _is_arch_linux(self): + return os.path.isfile('/etc/arch-release') + + # If /etc/gentoo-release exist, this means this is Gentoo + def _is_gentoo(self): + return os.path.isfile('/etc/gentoo-release') + + # Get the iptables system save path. + # Supports RHEL/CentOS '/etc/sysconfig/' location. + # Supports Debian/Ubuntu/Mint, '/etc/iptables/' location. + # Supports Gentoo, '/var/lib/iptables/' location. + def _get_system_save_path(self, ipversion): + # distro detection, path setting should be added + if self._is_debian(): + # Check if iptables-persistent packages is installed + if not os.path.isdir('/etc/iptables'): + Iptables.module.fail_json(msg="This module requires 'iptables-persistent' package!") + if ipversion == '4': + return '/etc/iptables/rules.v4' + else: + return '/etc/iptables/rules.v6' + elif self._is_arch_linux(): + if ipversion == '4': + return '/etc/iptables/iptables.rules' + else: + return '/etc/iptables/ip6tables.rules' + elif self._is_gentoo(): + if ipversion == '4': + return '/var/lib/iptables/rules-save' + else: + return '/var/lib/ip6tables/rules-save' + + elif self._is_alpine(): + if ipversion == '4': + return '/etc/iptables/rules-save' + else: + return '/etc/iptables/rules6-save' + else: + if ipversion == '4': + return '/etc/sysconfig/iptables' + else: + return '/etc/sysconfig/ip6tables' + + # Return path to json state file. + def _get_state_save_path(self, ipversion): + if ipversion == '4': + return self.STATE_DIR + '/iptables.json' + else: + return self.STATE_DIR + '/ip6tables.json' + + # Checks if iptables is installed and if we have a correct version. + def _check_compatibility(self): + from distutils.version import StrictVersion + cmd = [self.bins['iptables'], '--version'] + rc, stdout, stderr = Iptables.module.run_command(cmd, check_rc=False) + if rc == 0: + result = re.search(r'^ip6tables\s+v(\d+\.\d+)\.\d+$', stdout) + if result: + version = result.group(1) + # CentOS 5 ip6tables (v1.3.x) doesn't support comments, + # which means it cannot be used with this module. + if StrictVersion(version) < StrictVersion('1.4'): + Iptables.module.fail_json(msg="This module isn't compatible with ip6tables versions older than 1.4.x") + else: + Iptables.module.fail_json(msg="Could not fetch iptables version! Is iptables installed?") + + # Read rules from the json state file and return a dict. + def _read_state_file(self): + json_str = '{}' + if os.path.isfile(self.state_save_path): + try: + json_str = open(self.state_save_path, 'r').read() + except: + Iptables.module.fail_json(msg="Could not read the state file '%s'!" % self.state_save_path) + try: + read_dict = defaultdict(lambda: dict(dump='', rules_dict={}), json.loads(json_str)) + except: + Iptables.module.fail_json(msg="Could not parse the state file '%s'! Please manually delete it to continue." % self.state_save_path) + return read_dict + + # Checks if a table exists in the state_dict. + def _has_table(self, tbl): + return tbl in self.state_dict + + # Deletes table from the state_dict. + def _delete_table(self, tbl): + if self._has_table(tbl): + del self.state_dict[tbl] + + # Acquires lock or exits after wait_for_seconds if it cannot be acquired. + def acquire_lock_or_exit(self, wait_for_seconds=10): + lock_file = self.STATE_DIR + '/.iptables.lock' + i = 0 + f = open(lock_file, 'w+') + while i < wait_for_seconds: + try: + fcntl.flock(f, fcntl.LOCK_EX | fcntl.LOCK_NB) + return + except IOError: + i += 1 + time.sleep(1) + Iptables.module.fail_json(msg="Could not acquire lock to continue execution! " + "Probably another instance of this module is running.") + + # Check if a table has anything to flush (to check all tables pass table='*'). + def table_needs_flush(self, table): + needs_flush = False + if table == '*': + for tbl in Iptables.TABLES: + # If the table exists or if it needs to be flushed that means will make changes. + if self._has_table(tbl) or self._single_table_needs_flush(tbl): + needs_flush = True + break + # Only flush the specified table + else: + if self._has_table(table) or self._single_table_needs_flush(table): + needs_flush = True + return needs_flush + + # Check if a passed table needs to be flushed. + def _single_table_needs_flush(self, table): + needs_flush = False + active_rules = self._get_active_rules(table) + if active_rules: + policies = self._filter_default_chain_policies(active_rules, table) + chains = self._filter_custom_chains(active_rules, table) + rules = self._filter_rules(active_rules, table) + # Go over default policies and check if they are all ACCEPT. + for line in policies.splitlines(): + if not re.search(r'\bACCEPT\b', line): + needs_flush = True + break + # If there is at least one rule or custom chain, that means we need flush. + if len(chains) > 0 or len(rules) > 0: + needs_flush = True + return needs_flush + + # Returns a copy of the rules dict of a passed table. + def _get_table_rules_dict(self, table): + return self.state_dict[table]['rules_dict'].copy() + + # Returns saved table dump. + def get_saved_table_dump(self, table): + return self.state_dict[table]['dump'] + + # Sets saved table dump. + def _set_saved_table_dump(self, table, dump): + self.state_dict[table]['dump'] = dump + + # Updates saved table dump from the active rules. + def refresh_saved_table_dump(self, table): + active_rules = self._get_active_rules(table) + self._set_saved_table_dump(table, active_rules) + + # Sets active rules of the passed table. + def _set_active_rules(self, table, rules): + self._active_rules[table] = rules + + # Return active rules of the passed table. + def _get_active_rules(self, table, clean=True): + active_rules = '' + if table == '*': + all_rules = [] + for tbl in Iptables.TABLES: + if tbl in self._active_rules: + all_rules.append(self._active_rules[tbl]) + active_rules = '\n'.join(all_rules) + else: + active_rules = self._active_rules[table] + if clean: + return self._clean_save_dump(active_rules) + else: + return active_rules + + # Refresh active rules of a table ('*' for all tables). + def _refresh_active_rules(self, table): + if table == '*': + for tbl in Iptables.TABLES: + self._set_active_rules(tbl, self._get_system_active_rules(tbl)) + else: + self._set_active_rules(table, self._get_system_active_rules(table)) + + # Get iptables-save dump of active rules of one or all tables (pass '*') and return it as a string. + def _get_system_active_rules(self, table): + active_tables = self._get_list_of_active_tables() + if table == '*': + cmd = [self.bins['iptables-save']] + # If there are no active tables, that means there are no rules + if not active_tables: + return "" + else: + cmd = [self.bins['iptables-save'], '-t', table] + # If the table is not active, that means it has no rules + if table not in active_tables: + return "" + rc, stdout, stderr = Iptables.module.run_command(cmd, check_rc=True) + return stdout + + # Splits a rule into tokens + def _split_rule_into_tokens(self, rule): + try: + return shlex.split(rule, comments=True) + except: + msg = "Could not parse the iptables rule:\n%s" % rule + Iptables.module.fail_json(msg=msg) + + # Removes comment lines and empty lines from rules. + @staticmethod + def clean_up_rules(rules): + cleaned_rules = [] + for line in rules.splitlines(): + # Remove lines with comments and empty lines. + if not (Iptables.is_comment(line) or Iptables.is_empty_line(line)): + cleaned_rules.append(line) + return '\n'.join(cleaned_rules) + + # Checks if the line is a custom chain in specific iptables table. + @staticmethod + def is_custom_chain(line, table): + default_chains = Iptables.DEFAULT_CHAINS[table] + if re.match(r'\s*(:|(-N|--new-chain)\s+)[^\s]+', line) \ + and not re.match(r'\s*(:|(-N|--new-chain)\s+)\b(' + '|'.join(default_chains) + r')\b', line): + return True + else: + return False + + # Checks if the line is a default chain of an iptables table. + @staticmethod + def is_default_chain(line, table): + default_chains = Iptables.DEFAULT_CHAINS[table] + if re.match(r'\s*(:|(-P|--policy)\s+)\b(' + '|'.join(default_chains) + r')\b\s+(ACCEPT|DROP)', line): + return True + else: + return False + + # Checks if a line is an iptables rule. + @staticmethod + def is_rule(line): + # We should only allow adding rules with '-A/--append', since others don't make any sense. + if re.match(r'\s*(-A|--append)\s+[^\s]+', line): + return True + else: + return False + + # Checks if a line starts with '#'. + @staticmethod + def is_comment(line): + if re.match(r'\s*#', line): + return True + else: + return False + + # Checks if a line is empty. + @staticmethod + def is_empty_line(line): + if re.match(r'^$', line.strip()): + return True + else: + return False + + # Return name of custom chain from the rule. + def _get_custom_chain_name(self, line, table): + if Iptables.is_custom_chain(line, table): + return re.match(r'\s*(:|(-N|--new-chain)\s+)([^\s]+)', line).group(3) + else: + return '' + + # Return name of default chain from the rule. + def _get_default_chain_name(self, line, table): + if Iptables.is_default_chain(line, table): + return re.match(r'\s*(:|(-N|--new-chain)\s+)([^\s]+)', line).group(3) + else: + return '' + + # Return target of the default chain from the rule. + def _get_default_chain_target(self, line, table): + if Iptables.is_default_chain(line, table): + return re.match(r'\s*(:|(-N|--new-chain)\s+)([^\s]+)\s+([A-Z]+)', line).group(4) + else: + return '' + + # Removes duplicate custom chains from the table rules. + def _remove_duplicate_custom_chains(self, rules, table): + all_rules = [] + custom_chain_names = [] + for line in rules.splitlines(): + # Extract custom chains. + if Iptables.is_custom_chain(line, table): + chain_name = self._get_custom_chain_name(line, table) + if chain_name not in custom_chain_names: + custom_chain_names.append(chain_name) + all_rules.append(line) + else: + all_rules.append(line) + return '\n'.join(all_rules) + + # Returns current iptables-save dump cleaned from comments and packet/byte counters. + def _clean_save_dump(self, simple_rules): + cleaned_dump = [] + for line in simple_rules.splitlines(): + # Ignore comments. + if Iptables.is_comment(line): + continue + # Reset counters for chains (begin with ':'), for easier comparing later on. + if re.match(r'\s*:', line): + cleaned_dump.append(re.sub(r'\[([0-9]+):([0-9]+)\]', '[0:0]', line)) + else: + cleaned_dump.append(line) + cleaned_dump.append('\n') + return '\n'.join(cleaned_dump) + + # Returns lines with default chain policies. + def _filter_default_chain_policies(self, rules, table): + chains = [] + for line in rules.splitlines(): + if Iptables.is_default_chain(line, table): + chains.append(line) + return '\n'.join(chains) + + # Returns lines with iptables rules from an iptables-save table dump + # (removes chain policies, custom chains, comments and everything else). By + # default returns all rules, if 'only_unmanged=True' returns rules which + # are not managed by Ansible. + def _filter_rules(self, rules, table, only_unmanaged=False): + filtered_rules = [] + for line in rules.splitlines(): + if Iptables.is_rule(line): + if only_unmanaged: + tokens = self._split_rule_into_tokens(line) + # We need to check if a rule has a comment which starts with 'ansible[name]' + if '--comment' in tokens: + comment_index = tokens.index('--comment') + 1 + if comment_index < len(tokens): + # Fetch the comment + comment = tokens[comment_index] + # Skip the rule if the comment starts with 'ansible[name]' + if not re.match(r'ansible\[[' + Iptables.RULE_NAME_ALLOWED_CHARS + r']+\]', comment): + filtered_rules.append(line) + else: + # Fail if there is no comment after the --comment parameter + msg = "Iptables rule is missing a comment after the '--comment' parameter:\n%s" % line + Iptables.module.fail_json(msg=msg) + # If it doesn't have comment, this means it is not managed by Ansible and we should append it. + else: + filtered_rules.append(line) + else: + filtered_rules.append(line) + return '\n'.join(filtered_rules) + + # Same as _filter_rules(), but returns custom chains + def _filter_custom_chains(self, rules, table, only_unmanaged=False): + filtered_chains = [] + # Get list of managed custom chains, which is needed to detect unmanaged custom chains + managed_custom_chains_list = self._get_custom_chains_list(table) + for line in rules.splitlines(): + if Iptables.is_custom_chain(line, table): + if only_unmanaged: + # The chain is not managed by this module if it's not in the list of managed custom chains. + chain_name = self._get_custom_chain_name(line, table) + if chain_name not in managed_custom_chains_list: + filtered_chains.append(line) + else: + filtered_chains.append(line) + return '\n'.join(filtered_chains) + + # Returns list of custom chains of a table. + def _get_custom_chains_list(self, table): + custom_chains_list = [] + for key, value in self._get_table_rules_dict(table).items(): + # Ignore UNMANAGED_RULES_KEY_NAME key, since we only want managed custom chains. + if key != Iptables.UNMANAGED_RULES_KEY_NAME: + for line in value['rules'].splitlines(): + if Iptables.is_custom_chain(line, table): + chain_name = self._get_custom_chain_name(line, table) + if chain_name not in custom_chains_list: + custom_chains_list.append(chain_name) + return custom_chains_list + + # Prepends 'ansible[name]: ' to iptables rule '--comment' argument, + # or adds 'ansible[name]' as a comment if there is no comment. + def _prepend_ansible_comment(self, rules, name): + commented_lines = [] + for line in rules.splitlines(): + # Extract rules only since we cannot add comments to custom chains. + if Iptables.is_rule(line): + tokens = self._split_rule_into_tokens(line) + if '--comment' in tokens: + # If there is a comment parameter, we need to prepand 'ansible[name]: '. + comment_index = tokens.index('--comment') + 1 + if comment_index < len(tokens): + # We need to remove double quotes from comments, since there + # is an incompatiblity with older iptables versions + comment_text = tokens[comment_index].replace('"', '') + tokens[comment_index] = 'ansible[' + name + ']: ' + comment_text + else: + # Fail if there is no comment after the --comment parameter + msg = "Iptables rule is missing a comment after the '--comment' parameter:\n%s" % line + Iptables.module.fail_json(msg=msg) + else: + # If comment doesn't exist, we add a comment 'ansible[name]' + tokens += ['-m', 'comment', '--comment', 'ansible[' + name + ']'] + # Escape and quote tokens in case they have spaces + tokens = [self._escape_and_quote_string(x) for x in tokens] + commented_lines.append(" ".join(tokens)) + # Otherwise it's a chain, and we should just return it. + else: + commented_lines.append(line) + return '\n'.join(commented_lines) + + # Double quote a string if it contains a space and escape double quotes. + def _escape_and_quote_string(self, s): + escaped = s.replace('"', r'\"') + if re.search(r'\s', escaped): + return '"' + escaped + '"' + else: + return escaped + + # Add table rule to the state_dict. + def add_table_rule(self, table, name, weight, rules, prepend_ansible_comment=True): + self._fail_on_bad_rules(rules, table) + if prepend_ansible_comment: + self.state_dict[table]['rules_dict'][name] = {'weight': weight, 'rules': self._prepend_ansible_comment(rules, name)} + else: + self.state_dict[table]['rules_dict'][name] = {'weight': weight, 'rules': rules} + + # Remove table rule from the state_dict. + def remove_table_rule(self, table, name): + if name in self.state_dict[table]['rules_dict']: + del self.state_dict[table]['rules_dict'][name] + + # TODO: Add sorting of rules so that diffs in check_mode look nicer and easier to follow. + # Sorting would be done from top to bottom like this: + # * default chain policies + # * custom chains + # * rules + # + # Converts rules from a state_dict to an iptables-save readable format. + def get_table_rules(self, table): + generated_rules = '' + # We first add a header e.g. '*filter'. + generated_rules += '*' + table + '\n' + rules_list = [] + custom_chains_list = [] + default_chain_policies = [] + dict_rules = self._get_table_rules_dict(table) + # Return list of rule names sorted by ('weight', 'rules') tuple. + for rule_name in sorted(dict_rules, key=lambda x: (dict_rules[x]['weight'], dict_rules[x]['rules'])): + rules = dict_rules[rule_name]['rules'] + # Fail if some of the rules are bad + self._fail_on_bad_rules(rules, table) + rules_list.append(self._filter_rules(rules, table)) + custom_chains_list.append(self._filter_custom_chains(rules, table)) + default_chain_policies.append(self._filter_default_chain_policies(rules, table)) + # Clean up empty strings from these two lists. + rules_list = list(filter(None, rules_list)) + custom_chains_list = list(filter(None, custom_chains_list)) + default_chain_policies = list(filter(None, default_chain_policies)) + if default_chain_policies: + # Since iptables-restore applies the last chain policy it reads, we + # have to reverse the order of chain policies so that those with + # the lowest weight (higher priority) are read last. + generated_rules += '\n'.join(reversed(default_chain_policies)) + '\n' + if custom_chains_list: + # We remove duplicate custom chains so that iptables-restore + # doesn't fail because of that. + generated_rules += self._remove_duplicate_custom_chains('\n'.join(sorted(custom_chains_list)), table) + '\n' + if rules_list: + generated_rules += '\n'.join(rules_list) + '\n' + generated_rules += 'COMMIT\n' + return generated_rules + + # Sets unmanaged rules for the passed table in the state_dict. + def _set_unmanaged_rules(self, table, rules): + self.add_table_rule(table, Iptables.UNMANAGED_RULES_KEY_NAME, 90, rules, prepend_ansible_comment=False) + + # Clears unmanaged rules of a table. + def clear_unmanaged_rules(self, table): + self._set_unmanaged_rules(table, '') + + # Updates unmanaged rules of a table from the active rules. + def refresh_unmanaged_rules(self, table): + # Get active iptables rules and clean them up. + active_rules = self._get_active_rules(table) + unmanaged_chains_and_rules = [] + unmanaged_chains_and_rules.append(self._filter_custom_chains(active_rules, table, only_unmanaged=True)) + unmanaged_chains_and_rules.append(self._filter_rules(active_rules, table, only_unmanaged=True)) + # Clean items which are empty strings + unmanaged_chains_and_rules = list(filter(None, unmanaged_chains_and_rules)) + self._set_unmanaged_rules(table, '\n'.join(unmanaged_chains_and_rules)) + + # Check if there are bad lines in the specified rules. + def _fail_on_bad_rules(self, rules, table): + for line in rules.splitlines(): + tokens = self._split_rule_into_tokens(line) + if '-t' in tokens or '--table' in tokens: + msg = ("Iptables rules cannot contain '-t/--table' parameter. " + "You should use the 'table' parameter of the module to set rules " + "for a specific table.") + Iptables.module.fail_json(msg=msg) + # Fail if the parameter --comment doesn't have a comment after + if '--comment' in tokens and len(tokens) <= tokens.index('--comment') + 1: + msg = "Iptables rule is missing a comment after the '--comment' parameter:\n%s" % line + Iptables.module.fail_json(msg=msg) + if not (Iptables.is_rule(line) or + Iptables.is_custom_chain(line, table) or + Iptables.is_default_chain(line, table) or + Iptables.is_comment(line)): + msg = ("Bad iptables rule '%s'! You can only use -A/--append, -N/--new-chain " + "and -P/--policy to specify rules." % line) + Iptables.module.fail_json(msg=msg) + + # Write rules to dest path. + def _write_rules_to_file(self, rules, dest): + tmp_path = self._write_to_temp_file(rules) + Iptables.module.atomic_move(tmp_path, dest) + + # Write text to a temp file and return path to that file. + def _write_to_temp_file(self, text): + fd, path = tempfile.mkstemp() + Iptables.module.add_cleanup_file(path) # add file for cleanup later + tmp = os.fdopen(fd, 'w') + tmp.write(text) + tmp.close() + return path + + # + # Public and private methods which make changes on the system + # are named 'system_*' and '_system_*', respectively. + # + + # Flush all rules in a passed table. + def _system_flush_single_table_rules(self, table): + # Set all default chain policies to ACCEPT. + for chain in Iptables.DEFAULT_CHAINS[table]: + cmd = [self.bins['iptables'], '-t', table, '-P', chain, 'ACCEPT'] + Iptables.module.run_command(cmd, check_rc=True) + # Then flush all rules. + cmd = [self.bins['iptables'], '-t', table, '-F'] + Iptables.module.run_command(cmd, check_rc=True) + # And delete custom chains. + cmd = [self.bins['iptables'], '-t', table, '-X'] + Iptables.module.run_command(cmd, check_rc=True) + # Update active rules in the object. + self._refresh_active_rules(table) + + # Save active iptables rules to the system path. + def _system_save_active(self, backup=False): + # Backup if needed + if backup: + Iptables.module.backup_local(self.system_save_path) + # Get iptables-save dump of all tables + all_active_rules = self._get_active_rules(table='*', clean=False) + # Move iptables-save dump of all tables to the iptables_save_path + self._write_rules_to_file(all_active_rules, self.system_save_path) + + # Apply table dict rules to the system. + def system_apply_table_rules(self, table, test=False): + dump_path = self._write_to_temp_file(self.get_table_rules(table)) + if test: + cmd = [self.bins['iptables-restore'], '-t', dump_path] + else: + cmd = [self.bins['iptables-restore'], dump_path] + rc, stdout, stderr = Iptables.module.run_command(cmd, check_rc=False) + if rc != 0: + if test: + dump_contents_file = open(dump_path, 'r') + dump_contents = dump_contents_file.read() + dump_contents_file.close() + msg = "There is a problem with the iptables rules:" \ + + '\n\nError message:\n' \ + + stderr \ + + '\nGenerated rules:\n#######\n' \ + + dump_contents + '#####' + else: + msg = "Could not load iptables rules:\n\n" + stderr + Iptables.module.fail_json(msg=msg) + self._refresh_active_rules(table) + + # Flush one or all tables (to flush all tables pass table='*'). + def system_flush_table_rules(self, table): + if table == '*': + for tbl in Iptables.TABLES: + self._delete_table(tbl) + if self._single_table_needs_flush(tbl): + self._system_flush_single_table_rules(tbl) + # Only flush the specified table. + else: + self._delete_table(table) + if self._single_table_needs_flush(table): + self._system_flush_single_table_rules(table) + + # Saves state file and system iptables rules. + def system_save(self, backup=False): + self._system_save_active(backup=backup) + rules = json.dumps(self.state_dict, sort_keys=True, indent=4, separators=(',', ': ')) + self._write_rules_to_file(rules, self.state_save_path) + + +def main(): + + module = AnsibleModule( + argument_spec=dict( + ipversion=dict(required=False, choices=["4", "6"], type='str', default="4"), + state=dict(required=False, choices=['present', 'absent'], default='present', type='str'), + weight=dict(required=False, type='int', default=40), + name=dict(required=True, type='str'), + table=dict(required=False, choices=Iptables.TABLES + ['*'], default="filter", type='str'), + rules=dict(required=False, type='str', default=""), + backup=dict(required=False, type='bool', default=False), + keep_unmanaged=dict(required=False, type='bool', default=True), + ), + supports_check_mode=True, + ) + + check_mode = module.check_mode + changed = False + ipversion = module.params['ipversion'] + state = module.params['state'] + weight = module.params['weight'] + name = module.params['name'] + table = module.params['table'] + rules = module.params['rules'] + backup = module.params['backup'] + keep_unmanaged = module.params['keep_unmanaged'] + + kw = dict(state=state, name=name, rules=rules, weight=weight, ipversion=ipversion, + table=table, backup=backup, keep_unmanaged=keep_unmanaged) + + iptables = Iptables(module, ipversion) + + # Acquire lock so that only one instance of this object can exist. + # Fail if the lock cannot be acquired within 10 seconds. + iptables.acquire_lock_or_exit(wait_for_seconds=10) + + # Clean up rules of comments and empty lines. + rules = Iptables.clean_up_rules(rules) + + # Check additional parameter requirements + if state == 'present' and name == '*': + module.fail_json(msg="Parameter 'name' can only be '*' if 'state=absent'") + if state == 'present' and table == '*': + module.fail_json(msg="Parameter 'table' can only be '*' if 'name=*' and 'state=absent'") + if state == 'present' and not name: + module.fail_json(msg="Parameter 'name' cannot be empty") + if state == 'present' and not re.match('^[' + Iptables.RULE_NAME_ALLOWED_CHARS + ']+$', name): + module.fail_json(msg="Parameter 'name' not valid! It can only contain alphanumeric characters, " + "underscore, hyphen, or a space, got: '%s'" % name) + if weight < 0 or weight > 99: + module.fail_json(msg="Parameter 'weight' can be 0-99, got: %d" % weight) + if state == 'present' and rules == '': + module.fail_json(msg="Parameter 'rules' cannot be empty when 'state=present'") + + # Flush rules of one or all tables + if state == 'absent' and name == '*': + # Check if table(s) need to be flushed + if iptables.table_needs_flush(table): + changed = True + if not check_mode: + # Flush table(s) + iptables.system_flush_table_rules(table) + # Save state and system iptables rules + iptables.system_save(backup=backup) + # Exit since there is nothing else to do + kw['changed'] = changed + module.exit_json(**kw) + + # Initialize new iptables object which will store new rules + iptables_new = Iptables(module, ipversion) + + if state == 'present': + iptables_new.add_table_rule(table, name, weight, rules) + else: + iptables_new.remove_table_rule(table, name) + + if keep_unmanaged: + iptables_new.refresh_unmanaged_rules(table) + else: + iptables_new.clear_unmanaged_rules(table) + + # Refresh saved table dump with active iptables rules + iptables_new.refresh_saved_table_dump(table) + + # Check if there are changes in iptables, and if yes load new rules + if iptables != iptables_new: + + changed = True + + # Test generated rules + iptables_new.system_apply_table_rules(table, test=True) + + if check_mode: + # Create a predicted diff for check_mode. + # Diff will be created from rules generated from the state dictionary. + if hasattr(module, '_diff') and module._diff: + # Update unmanaged rules in the old object so the generated diff + # from the rules dictionaries is more accurate. + iptables.refresh_unmanaged_rules(table) + # Generate table rules from rules dictionaries. + table_rules_old = iptables.get_table_rules(table) + table_rules_new = iptables_new.get_table_rules(table) + # If rules generated from dicts are not equal, we generate a diff from them. + if table_rules_old != table_rules_new: + kw['diff'] = generate_diff(table_rules_old, table_rules_new) + else: + # TODO: Update this comment to be better. + kw['diff'] = {'prepared': "System rules were not changed (e.g. rule " + "weight changed, redundant rule, etc)"} + else: + # We need to fetch active table dump before we apply new rules + # since we will need them to generate a diff. + table_active_rules = iptables_new.get_saved_table_dump(table) + + # Apply generated rules. + iptables_new.system_apply_table_rules(table) + + # Refresh saved table dump with active iptables rules. + iptables_new.refresh_saved_table_dump(table) + + # Save state and system iptables rules. + iptables_new.system_save(backup=backup) + + # Generate a diff. + if hasattr(module, '_diff') and module._diff: + table_active_rules_new = iptables_new.get_saved_table_dump(table) + if table_active_rules != table_active_rules_new: + kw['diff'] = generate_diff(table_active_rules, table_active_rules_new) + else: + # TODO: Update this comment to be better. + kw['diff'] = {'prepared': "System rules were not changed (e.g. rule " + "weight changed, redundant rule, etc)"} + + kw['changed'] = changed + module.exit_json(**kw) + + +if __name__ == '__main__': + main() diff --git a/playbooks/update_all.yml b/playbooks/update_all.yml new file mode 100644 index 0000000..e21024f --- /dev/null +++ b/playbooks/update_all.yml @@ -0,0 +1,9 @@ +--- +- name: Update everything + hosts: '*' + tasks: + - yum: name='*' state=latest + when: ansible_os_family == 'RedHat' + - apt: name='*' state=latest + when: ansible_os_family == 'Debian' + diff --git a/playbooks/update_cacertificates.yml b/playbooks/update_cacertificates.yml new file mode 100644 index 0000000..d79cf4d --- /dev/null +++ b/playbooks/update_cacertificates.yml @@ -0,0 +1,7 @@ +--- + +- name: Update ca-certificates + hosts: '*' + tasks: + - name: Update ca-certificates + package: name=ca-certificates state=latest diff --git a/playbooks/update_zabbix.yml b/playbooks/update_zabbix.yml new file mode 100644 index 0000000..3b07314 --- /dev/null +++ b/playbooks/update_zabbix.yml @@ -0,0 +1,42 @@ +--- +- name: Update Zabbix + hosts: '*' + tasks: + - yum: + name: + - zabbix-agent + - zabbix-agent-addons + state: latest + when: ansible_os_family == 'RedHat' + notify: restart zabbix-agent + - apt: + name: + - zabbix-agent + update_cache: True + state: latest + when: ansible_os_family == 'Debian' + notify: restart zabbix-agent + - git: + repo: https://git.fws.fr/fws/zabbix-agent-addons.git + dest: /var/lib/zabbix/addons + register: zabbix_agent_addons_git + when: ansible_os_family == 'Debian' + notify: restart zabbix-agent + - shell: cp -af /var/lib/zabbix/addons/{{ item.src }}/* {{ item.dest }}/ + with_items: + - { src: zabbix_conf, dest: /etc/zabbix/zabbix_agentd.conf.d } + - { src: zabbix_scripts, dest: /var/lib/zabbix/bin } + - { src: lib, dest: /usr/local/lib/site_perl } + when: + - zabbix_agent_addons_git.changed + - ansible_os_family == 'Debian' + - shell: chmod +x /var/lib/zabbix/bin/* + args: + warn: False + when: + - zabbix_agent_addons_git.changed + - ansible_os_family == 'Debian' + + handlers: + - name: restart zabbix-agent + service: name=zabbix-agent state=restarted diff --git a/roles/akeneo_pim/README.md b/roles/akeneo_pim/README.md new file mode 100644 index 0000000..e4f140b --- /dev/null +++ b/roles/akeneo_pim/README.md @@ -0,0 +1,34 @@ +# Akeneo PIM + +[Akeneo PIM](https://www.akeneo.com/) A Product Information Management (PIM) solution is aimed to centralize all the marketing data + +## Settings + +Akeneo requires a few settings at the host level. Something like this +``` +# This should be defined on the server which will host the database +# It's not mandatory to be on the same host as the PIM itself. But the important thing is that AKeneo PIM +# requires MySQL. It'll not work with MariaDB +mysql_engine: mysql + +# Prevent an error when checking system requirements. Note that this is only for the CLI +# as web access will use it's own FPM pool +php_conf_memory_limit: 512M + +# We need Elasticsearch 7. Same foir MySQL, it's not required to be on the same host +es_major_version: 7 + +# Define a vhost to expose the PIM. Note that this is a minimal example +# And you will most likely want to put a reverse proxy (look at the nginx role) in front of it +httpd_ansible_vhosts: + - name: pim.example.org + document_root: /opt/pim_1/app/public + +``` + +## Installation +Installation should be fully automatic + +## Upgrade +Major upgrades might require some manual steps, as detailed on https://docs.akeneo.com/5.0/migrate_pim/upgrade_major_version.html + diff --git a/roles/akeneo_pim/defaults/main.yml b/roles/akeneo_pim/defaults/main.yml new file mode 100644 index 0000000..70c5e48 --- /dev/null +++ b/roles/akeneo_pim/defaults/main.yml @@ -0,0 +1,36 @@ +--- + +# Version to deploy +pim_version: 5.0.43 +# User under which the PIM will run +pim_user: php-pim_{{ pim_id }} +# If you install several pim instance on the same host, you should change the ID for each of them +pim_id: 1 +# Root directory of the installation +pim_root_dir: /opt/pim_{{ pim_id }} +# Should anisble handle upgrades or just initial install +pim_manage_upgrade: True + +# PHP version to use +pim_php_version: 74 + +# Database settings +pim_db_server: "{{ mysql_server | default('localhost') }}" +pim_db_port: 3306 +pim_db_name: akeneopim_{{ pim_id }} +pim_db_user: akeneopim_{{ pim_id }} +# A random pass will be generated and stored in {{ pim_root_dir }}/meta/ansible_dbpass if not defined +# pim_db_pass: S3cr3t. + +# A secret used to sign cookies. A random one will be generated and stored in {{ pim_root_dir }}/meta/ansible_secret if not defined +# pim_secret: ChangeMe + +# Elasticsearch host +pim_es_server: localhost:9200 + +# Public URL used to reach AKeneo. Note that you'll have to define a vhost for Akeneo PIM to be reachable +pim_public_url: http://pim.{{ inventory_hostname }}/ + +# Define the initial admin password. If not defined, a random one will be generated ans stored under {{ pim_root_dir }}/meta/ansible_admin_pass +# Note that this is only used on initial install, and will be ignored for upgrades +# pim_admin_pass: p@ssw0rd diff --git a/roles/akeneo_pim/handlers/main.yml b/roles/akeneo_pim/handlers/main.yml new file mode 100644 index 0000000..0d79c93 --- /dev/null +++ b/roles/akeneo_pim/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: restart akeneo-pim + service: name={{ item }} state=restarted + loop: + - akeneo-pim_{{ pim_id }}-jobs + - akeneo-pim_{{ pim_id }}-events-api diff --git a/roles/akeneo_pim/meta/main.yml b/roles/akeneo_pim/meta/main.yml new file mode 100644 index 0000000..c5eb88a --- /dev/null +++ b/roles/akeneo_pim/meta/main.yml @@ -0,0 +1,12 @@ +--- + +allow_duplicates: True +dependencies: + - role: mkdir + - role: composer + - role: mysql_server + when: pim_db_server in ['localhost','127.0.0.1'] + - role: httpd_php + - role: nodejs + - role: elasticsearch + when: pim_es_server | regex_replace('(.*):\d+','\\1') in ['localhost','127.0.0.1'] diff --git a/roles/akeneo_pim/tasks/archive_post.yml b/roles/akeneo_pim/tasks/archive_post.yml new file mode 100644 index 0000000..0e1d306 --- /dev/null +++ b/roles/akeneo_pim/tasks/archive_post.yml @@ -0,0 +1,10 @@ +--- + +- name: Compress previous version + command: tar cf {{ pim_root_dir }}/archives/{{ pim_current_version }}.tar.zst ./ --use-compress-program=zstd + args: + chdir: "{{ pim_root_dir }}/archives/{{ pim_current_version }}" + warn: False + environment: + ZSTD_CLEVEL: 10 + tags: pim diff --git a/roles/akeneo_pim/tasks/archive_pre.yml b/roles/akeneo_pim/tasks/archive_pre.yml new file mode 100644 index 0000000..82d59af --- /dev/null +++ b/roles/akeneo_pim/tasks/archive_pre.yml @@ -0,0 +1,40 @@ +--- + +- name: Create the archive dir + file: path={{ pim_root_dir }}/archives/{{ pim_current_version }} state=directory + tags: pim + +- name: Stop jobs and event API services + service: name={{ item }} state=stopped + loop: + - akeneo-pim_{{ pim_id }}-jobs + - akeneo-pim_{{ pim_id }}-events-api + tags: pim + +- name: Disable cron jobs + file: path=/etc/cron.d/akeneopim_{{ pim_id }} state=absent + tags: pim + +- name: Archive current version + synchronize: + src: "{{ pim_root_dir }}/app" + dest: "{{ pim_root_dir }}/archives/{{ pim_current_version }}/" + compress: False + delete: True + delegate_to: "{{ inventory_hostname }}" + tags: pim + +- name: Dump the database + mysql_db: + state: dump + name: "{{ pim_db_name }}" + target: "{{ pim_root_dir }}/archives/{{ pim_current_version }}/{{ pim_db_name }}.sql.xz" + login_host: "{{ pim_db_server }}" + login_port: "{{ pim_db_port }}" + login_user: "{{ pim_db_user }}" + login_password: "{{ pim_db_pass }}" + quick: True + single_transaction: True + environment: + XZ_OPT: -T0 + tags: pim diff --git a/roles/akeneo_pim/tasks/cleanup.yml b/roles/akeneo_pim/tasks/cleanup.yml new file mode 100644 index 0000000..bcded67 --- /dev/null +++ b/roles/akeneo_pim/tasks/cleanup.yml @@ -0,0 +1,8 @@ +--- + +- name: Remove tmp and obsolete files + file: path={{ item }} state=absent + loop: + - "{{ pim_root_dir }}/archives/{{ pim_current_version }}" + tags: pim + diff --git a/roles/akeneo_pim/tasks/conf.yml b/roles/akeneo_pim/tasks/conf.yml new file mode 100644 index 0000000..5097311 --- /dev/null +++ b/roles/akeneo_pim/tasks/conf.yml @@ -0,0 +1,117 @@ +--- + +- name: Deploy configuration + template: src=env.j2 dest={{ pim_root_dir }}/app/.env.local group={{ pim_user }} mode=640 + tags: pim + +- import_tasks: ../includes/webapps_webconf.yml + vars: + - app_id: pim_{{ pim_id }} + - php_version: "{{ pim_php_version }}" + - php_fpm_pool: "{{ pim_php_fpm_pool | default('') }}" + tags: pim + +- name: Build and update frontend components + command: scl enable php{{ pim_php_version }} -- make upgrade-front + args: + chdir: "{{ pim_root_dir }}/app" + environment: + NO_DOCKER: true + APP_ENV: prod + become_user: "{{ pim_user }}" + when: pim_install_mode != 'none' + tags: pim + +- name: Initialize the database + command: scl enable php{{ pim_php_version }} -- make database O="--catalog vendor/akeneo/pim-community-dev/src/Akeneo/Platform/Bundle/InstallerBundle/Resources/fixtures/minimal" + args: + chdir: "{{ pim_root_dir }}/app" + environment: + NO_DOCKER: true + APP_ENV: prod + become_user: "{{ pim_user }}" + when: pim_install_mode == 'install' + tags: pim + +- name: Upgrade database + command: /bin/php{{ pim_php_version }} {{ pim_root_dir }}/app/bin/console doctrine:migrations:migrate --no-interaction + args: + chdir: "{{ pim_root_dir }}/app" + become_user: "{{ pim_user }}" + when: pim_install_mode == 'upgrade' + tags: pim + +- name: Deploy permission script + template: src=perms.sh.j2 dest={{ pim_root_dir }}/perms.sh mode=755 + register: pim_perm_script + tags: pim + +- name: Apply permissions + command: "{{ pim_root_dir }}/perms.sh" + when: pim_perm_script.changed or pim_install_mode != 'none' + tags: pim + +- name: Setup cron jobs + cron: + cron_file: akeneopim_{{ pim_id }} + user: "{{ pim_user }}" + name: "{{ item.name }}" + job: /bin/php{{ pim_php_version }} {{ pim_root_dir }}/app/bin/console {{ item.job }} + minute: "{{ item.minute | default('*') }}" + hour: "{{ item.hour | default('*') }}" + weekday: "{{ item.weekday | default('*') }}" + day: "{{ item.day | default('*') }}" + month: "{{ item.month | default('*') }}" + loop: + - name: refresh + job: pim:versioning:refresh + minute: 30 + hour: 1 + - name: purge + job: pim:versioning:purge --more-than-days 90 --no-interaction --force + minute: 30 + hour: 2 + - name: update-data + job: akeneo:connectivity-audit:update-data + minute: 1 + - name: purge-errors + job: akeneo:connectivity-connection:purge-error + minute: 10 + - name: purge-job-execution + job: akeneo:batch:purge-job-execution + minute: 20 + hour: 0 + day: 1 + - name: purge-error-count + job: akeneo:connectivity-audit:purge-error-count + minute: 40 + hour: 0 + - name: aggregate + job: pim:volume:aggregate + minute: 30 + hour: 4 + - name: schedule-periodic-tasks + job: pim:data-quality-insights:schedule-periodic-tasks + minute: 15 + hour: 0 + - name: prepare-evaluations + job: pim:data-quality-insights:prepare-evaluations + minute: '*/10' + - name: evaluations + job: pim:data-quality-insights:evaluations + minute: '*/30' + - name: purge-messages + job: akeneo:messenger:doctrine:purge-messages messenger_messages default + minute: 0 + hour: '*/2' + tags: pim + +- name: Create the admin user + command: /bin/php{{ pim_php_version }} {{ pim_root_dir }}/app/bin/console pim:user:create --admin -n -- admin {{ pim_admin_pass | quote }} admin@example.org Admin Admin fr_FR + when: pim_install_mode == 'install' + become_user: "{{ pim_user }}" + tags: pim + +- name: Deploy logrotate conf + template: src=logrotate.conf.j2 dest=/etc/logrotate.d/akeneopim_{{ pim_id }} + tags: pim diff --git a/roles/akeneo_pim/tasks/directories.yml b/roles/akeneo_pim/tasks/directories.yml new file mode 100644 index 0000000..906ef60 --- /dev/null +++ b/roles/akeneo_pim/tasks/directories.yml @@ -0,0 +1,30 @@ +--- + +- name: Create nedded directories + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: "{{ pim_root_dir }}/meta" + mode: 700 + - dir: "{{ pim_root_dir }}/archives" + mode: 700 + - dir: "{{ pim_root_dir }}/backup" + mode: 700 + - dir: "{{ pim_root_dir }}/data" + owner: "{{ pim_user }}" + mode: 700 + - dir: "{{ pim_root_dir }}/app" + owner: "{{ pim_user }}" + group: "{{ pim_user }}" + - dir: "{{ pim_root_dir }}/tmp" + owner: "{{ pim_user }}" + group: "{{ pim_user }}" + mode: 700 + - dir: "{{ pim_root_dir }}/sessions" + owner: "{{ pim_user }}" + group: "{{ pim_user }}" + mode: 700 + tags: pim + +- name: Link the var directory to the data dir + file: src={{ pim_root_dir }}/data dest={{ pim_root_dir }}/app/var state=link + tags: pim diff --git a/roles/akeneo_pim/tasks/facts.yml b/roles/akeneo_pim/tasks/facts.yml new file mode 100644 index 0000000..ee7b06a --- /dev/null +++ b/roles/akeneo_pim/tasks/facts.yml @@ -0,0 +1,38 @@ +--- + +# Detect installed version (if any) +- block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ pim_root_dir }}" + - version: "{{ pim_version }}" + - set_fact: pim_install_mode={{ (install_mode == 'upgrade' and not pim_manage_upgrade) | ternary('none',install_mode) }} + - set_fact: pim_current_version={{ current_version | default('') }} + tags: pim + +# Create a random pass for the DB if needed +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ pim_root_dir }}/meta/ansible_dbpass" + - set_fact: pim_db_pass={{ rand_pass }} + when: pim_db_pass is not defined + tags: pim + +# Create a random secret if needed +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ pim_root_dir }}/meta/ansible_secret" + - set_fact: pim_secret={{ rand_pass }} + when: pim_secret is not defined + tags: pim + +# Create a random admin pass if needed +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ pim_root_dir }}/meta/ansible_admin_pass" + - set_fact: pim_admin_pass={{ rand_pass }} + when: pim_admin_pass is not defined + tags: pim diff --git a/roles/akeneo_pim/tasks/install.yml b/roles/akeneo_pim/tasks/install.yml new file mode 100644 index 0000000..7ee7281 --- /dev/null +++ b/roles/akeneo_pim/tasks/install.yml @@ -0,0 +1,95 @@ +--- + +- name: Install needed tools + package: + name: + - make + - ghostscript + - aspell + tags: pim + +- when: pim_install_mode == 'upgrade' + block: + - name: Wipe install on upgrades + file: path={{ pim_root_dir }}/app state=absent + + - name: Create app subdir + file: path={{ pim_root_dir }}/app state=directory owner={{ pim_user }} group={{ pim_user }} + + - name: Link the var directory + file: src={{ pim_root_dir }}/data dest={{ pim_root_dir }}/app/var state=link + + tags: pim + +- when: pim_install_mode != 'none' + block: + - name: Deploy composer.json + template: src=composer.json.j2 dest={{ pim_root_dir }}/app/composer.json owner={{ pim_user }} + become_user: root + + - name: Install Akeneo with Composer + composer: + working_dir: "{{ pim_root_dir }}/app" + executable: /bin/php{{ pim_php_version }} + command: install + become_user: "{{ pim_user }}" + + - name: Install yarn globaly + npm: + name: yarn + path: "{{ pim_root_dir }}/app" + global: True + state: latest + + - name: Install typescript globaly + npm: + name: typescript + path: "{{ pim_root_dir }}/app" + global: True + state: latest + + tags: pim + + # the PIM makefile has /usr/local/bin/composer hardcoded +- name: Link composer in /usr/local/bin + file: src=/bin/composer dest=/usr/local/bin/composer state=link + tags: pim + +- import_tasks: ../includes/webapps_create_mysql_db.yml + vars: + - db_name: "{{ pim_db_name }}" + - db_user: "{{ pim_db_user }}" + - db_server: "{{ pim_db_server }}" + - db_pass: "{{ pim_db_pass }}" + tags: pim + +- name: Set correct SELinux context + sefcontext: + target: "{{ pim_root_dir }}(/.*)?" + setype: httpd_sys_content_t + state: present + when: ansible_selinux.status == 'enabled' + tags: pim + +- name: Install pre/post backup hooks + template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/pim_{{ pim_id }} mode=700 + loop: + - pre + - post + tags: pim + +- name: Install job consumer and events api service units + template: src={{ item.src }} dest=/etc/systemd/system/{{ item.dest }} + loop: + - src: akeneo-pim-jobs.service.j2 + dest: akeneo-pim_{{ pim_id }}-jobs.service + - src: akeneo-pim-events-api.service.j2 + dest: akeneo-pim_{{ pim_id }}-events-api.service + register: pim_job_unit + notify: restart akeneo-pim + tags: pim + +- name: Reload systemd + systemd: daemon_reload=True + when: pim_job_unit.results | selectattr('changed','equalto',True) | list | length > 0 + tags: pim diff --git a/roles/akeneo_pim/tasks/main.yml b/roles/akeneo_pim/tasks/main.yml new file mode 100644 index 0000000..a541d76 --- /dev/null +++ b/roles/akeneo_pim/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- include: user.yml +- include: directories.yml +- include: facts.yml +- include: archive_pre.yml + when: pim_install_mode == 'upgrade' +- include: install.yml +- include: conf.yml +- include: write_version.yml +- include: archive_post.yml + when: pim_install_mode == 'upgrade' +- include: cleanup.yml diff --git a/roles/akeneo_pim/tasks/services.yml b/roles/akeneo_pim/tasks/services.yml new file mode 100644 index 0000000..5970910 --- /dev/null +++ b/roles/akeneo_pim/tasks/services.yml @@ -0,0 +1,8 @@ +--- + +- name: Start services + service: name={{ item }} state=started enabled=True + loop: + - akeneo-pim_{{ pim_id }}-jobs + - akeneo-pim_{{ pim_id }}-events-api + tags: pim diff --git a/roles/akeneo_pim/tasks/user.yml b/roles/akeneo_pim/tasks/user.yml new file mode 100644 index 0000000..1dbe66f --- /dev/null +++ b/roles/akeneo_pim/tasks/user.yml @@ -0,0 +1,9 @@ +--- + +- name: Create user + user: + name: "{{ pim_user }}" + system: True + home: "{{ pim_root_dir }}" + shell: /sbin/nologin + tags: pim diff --git a/roles/akeneo_pim/tasks/write_version.yml b/roles/akeneo_pim/tasks/write_version.yml new file mode 100644 index 0000000..8f74ea6 --- /dev/null +++ b/roles/akeneo_pim/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write current installed version + copy: content={{ pim_version }} dest={{ pim_root_dir }}/meta/ansible_version + tags: pim diff --git a/roles/akeneo_pim/templates/akeneo-pim-events-api.service.j2 b/roles/akeneo_pim/templates/akeneo-pim-events-api.service.j2 new file mode 100644 index 0000000..77ed1eb --- /dev/null +++ b/roles/akeneo_pim/templates/akeneo-pim-events-api.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=Akeneo Events API worker for PIM {{ pim_id }} + +[Service] +User={{ pim_user }} +Group={{ pim_user }} +WorkingDirectory={{ pim_root_dir }}/app +ExecStart=/bin/php{{ pim_php_version }} bin/console messenger:consume webhook --env=prod +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryLimit=1024M +SyslogIdentifier=akeneo-pim_{{ pim_id }}-events-api +Restart=on-failure +StartLimitInterval=0 +RestartSec=30 + +[Install] +WantedBy=multi-user.target + diff --git a/roles/akeneo_pim/templates/akeneo-pim-jobs.service.j2 b/roles/akeneo_pim/templates/akeneo-pim-jobs.service.j2 new file mode 100644 index 0000000..c5fd495 --- /dev/null +++ b/roles/akeneo_pim/templates/akeneo-pim-jobs.service.j2 @@ -0,0 +1,22 @@ +[Unit] +Description=Akeneo jobs worker for PIM {{ pim_id }} + +[Service] +User={{ pim_user }} +Group={{ pim_user }} +WorkingDirectory={{ pim_root_dir }}/app +ExecStart=/bin/php{{ pim_php_version }} bin/console akeneo:batch:job-queue-consumer-daemon --env=prod +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryLimit=1024M +SyslogIdentifier=akeneo-pim_{{ pim_id }}-jobs +Restart=on-failure +StartLimitInterval=0 +RestartSec=30 + +[Install] +WantedBy=multi-user.target + diff --git a/roles/akeneo_pim/templates/composer.json.j2 b/roles/akeneo_pim/templates/composer.json.j2 new file mode 100644 index 0000000..0435746 --- /dev/null +++ b/roles/akeneo_pim/templates/composer.json.j2 @@ -0,0 +1,44 @@ +{ + "name": "akeneo/pim-community-standard", + "description": "The \"Akeneo Community Standard Edition\" distribution", + "license": "OSL-3.0", + "type": "project", + "authors": [ + { + "name": "Akeneo", + "homepage": "http://www.akeneo.com" + } + ], + "autoload": { + "psr-0": { + "": "src/" + }, + "psr-4": { + "Pim\\Upgrade\\": "upgrades/" + }, + "exclude-from-classmap": [ + "vendor/akeneo/pim-community-dev/src/Kernel.php" + ] + }, + "require": { + "akeneo/pim-community-dev": "^{{ pim_version }}" + }, + "require-dev": { + "doctrine/doctrine-migrations-bundle": "1.3.2", + "symfony/debug-bundle": "^4.4.7", + "symfony/web-profiler-bundle": "^4.4.7", + "symfony/web-server-bundle": "^4.4.7" + }, + "scripts": { + "post-update-cmd": [ + "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh" + ], + "post-install-cmd": [ + "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh" + ], + "post-create-project-cmd": [ + "bash vendor/akeneo/pim-community-dev/std-build/install-required-files.sh" + ] + }, + "minimum-stability": "stable" +} diff --git a/roles/akeneo_pim/templates/env.j2 b/roles/akeneo_pim/templates/env.j2 new file mode 100644 index 0000000..c0142bd --- /dev/null +++ b/roles/akeneo_pim/templates/env.j2 @@ -0,0 +1,17 @@ +APP_ENV=prod +APP_DEBUG=0 +APP_DATABASE_HOST={{ pim_db_server }} +APP_DATABASE_PORT={{ pim_db_port }} +APP_DATABASE_NAME={{ pim_db_name }} +APP_DATABASE_USER={{ pim_db_user }} +APP_DATABASE_PASSWORD={{ pim_db_pass | quote }} +APP_DEFAULT_LOCALE=en +APP_SECRET={{ pim_secret | quote }} +APP_INDEX_HOSTS={{ pim_es_server }} +APP_PRODUCT_AND_PRODUCT_MODEL_INDEX_NAME=akeneo_pim_product_and_product_model +APP_CONNECTION_ERROR_INDEX_NAME=akeneo_connectivity_connection_error +MAILER_URL=null://localhost&sender_address=no-reply@{{ ansible_domain }} +AKENEO_PIM_URL={{ pim_public_url }} +LOGGING_LEVEL=NOTICE +APP_EVENTS_API_DEBUG_INDEX_NAME=akeneo_connectivity_connection_events_api_debug +APP_PRODUCT_AND_PRODUCT_MODEL_INDEX_NAME=akeneo_pim_product_and_product_model diff --git a/roles/akeneo_pim/templates/httpd.conf.j2 b/roles/akeneo_pim/templates/httpd.conf.j2 new file mode 100644 index 0000000..ed08363 --- /dev/null +++ b/roles/akeneo_pim/templates/httpd.conf.j2 @@ -0,0 +1,31 @@ + + AllowOverride All + Options FollowSymLinks +{% if pim_src_ip is defined and pim_src_ip | length > 0 %} + Require ip {{ pim_src_ip | join(' ') }} +{% else %} + Require all granted +{% endif %} + + SetHandler "proxy:unix:/run/php-fpm/{{ pim_php_fpm_pool | default('pim_' + pim_id | string) }}.sock|fcgi://localhost" + + + RewriteEngine On + + # Handle Authorization Header + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + # Send Requests To Front Controller... + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.php [QSA,L] + + + Require all denied + + + + + + RewriteEngine Off + diff --git a/roles/akeneo_pim/templates/logrotate.conf.j2 b/roles/akeneo_pim/templates/logrotate.conf.j2 new file mode 100644 index 0000000..360d394 --- /dev/null +++ b/roles/akeneo_pim/templates/logrotate.conf.j2 @@ -0,0 +1,6 @@ +{{ pim_root_dir }}/data/logs/*.log { + daily + rotate 90 + compress + missingok +} diff --git a/roles/akeneo_pim/templates/perms.sh.j2 b/roles/akeneo_pim/templates/perms.sh.j2 new file mode 100644 index 0000000..4cfedea --- /dev/null +++ b/roles/akeneo_pim/templates/perms.sh.j2 @@ -0,0 +1,11 @@ +#!/bin/bash + +restorecon -R {{ pim_root_dir }} +chown root:root {{ pim_root_dir }} +chmod 700 {{ pim_root_dir }} +setfacl -R -k -b {{ pim_root_dir }} +setfacl -m u:{{ pim_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:x {{ pim_root_dir }} +find {{ pim_root_dir }}/app -type f -exec chmod 644 "{}" \; +find {{ pim_root_dir }}/app -type d -exec chmod 755 "{}" \; +chown -R {{ pim_user }}:{{ pim_user }} {{ pim_root_dir }}/app + diff --git a/roles/akeneo_pim/templates/php.conf.j2 b/roles/akeneo_pim/templates/php.conf.j2 new file mode 100644 index 0000000..9ec5d98 --- /dev/null +++ b/roles/akeneo_pim/templates/php.conf.j2 @@ -0,0 +1,35 @@ +[pim_{{ pim_id }}] + +listen.owner = root +listen.group = apache +listen.mode = 0660 +listen = /run/php-fpm/pim_{{ pim_id }}.sock +user = {{ pim_user }} +group = {{ pim_user }} +catch_workers_output = yes + +pm = dynamic +pm.max_children = 15 +pm.start_servers = 3 +pm.min_spare_servers = 3 +pm.max_spare_servers = 6 +pm.max_requests = 5000 +request_terminate_timeout = 5m + +php_flag[display_errors] = off +php_admin_flag[log_errors] = on +php_admin_value[error_log] = syslog +php_admin_value[memory_limit] = 1024M +php_admin_value[session.save_path] = {{ pim_root_dir }}/sessions +php_admin_value[upload_tmp_dir] = {{ pim_root_dir }}/tmp +php_admin_value[sys_temp_dir] = {{ pim_root_dir }}/tmp +php_admin_value[post_max_size] = 200M +php_admin_value[upload_max_filesize] = 200M +php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd +php_admin_value[open_basedir] = {{ pim_root_dir }}:/usr/share/pear/:/usr/share/php/ +php_admin_value[max_execution_time] = 1200 +php_admin_value[max_input_time] = 1200 +php_admin_flag[allow_url_include] = off +php_admin_flag[allow_url_fopen] = off +php_admin_flag[file_uploads] = on +php_admin_flag[session.cookie_httponly] = on diff --git a/roles/akeneo_pim/templates/post-backup.j2 b/roles/akeneo_pim/templates/post-backup.j2 new file mode 100644 index 0000000..c21cfe3 --- /dev/null +++ b/roles/akeneo_pim/templates/post-backup.j2 @@ -0,0 +1,3 @@ +#!/bin/bash -e + +rm -f {{ pim_root_dir }}/backup/*.sql.zst diff --git a/roles/akeneo_pim/templates/pre-backup.j2 b/roles/akeneo_pim/templates/pre-backup.j2 new file mode 100644 index 0000000..d2d1c40 --- /dev/null +++ b/roles/akeneo_pim/templates/pre-backup.j2 @@ -0,0 +1,14 @@ +#!/bin/sh + +set -eo pipefail + +/usr/bin/mysqldump \ +{% if pim_db_server not in ['localhost','127.0.0.1'] %} + --user={{ pim_db_user | quote }} \ + --password={{ pim_db_pass | quote }} \ + --host={{ pim_db_server | quote }} \ + --port={{ pim_db_port | quote }} \ +{% endif %} + --quick --single-transaction \ + --add-drop-table {{ pim_db_name | quote }} | zstd -c > {{ pim_root_dir }}/backup/{{ pim_db_name }}.sql.zst + diff --git a/roles/ampache/defaults/main.yml b/roles/ampache/defaults/main.yml new file mode 100644 index 0000000..0150dba --- /dev/null +++ b/roles/ampache/defaults/main.yml @@ -0,0 +1,95 @@ +--- + +ampache_id: "1" +ampache_manage_upgrade: True + +ampache_version: '5.1.1' +ampache_config_version: 58 +ampache_zip_url: https://github.com/ampache/ampache/releases/download/{{ ampache_version }}/ampache-{{ ampache_version }}_all.zip +ampache_zip_sha1: a5347181297ab188fe95b3875f75b7838d581974 + +ampache_root_dir: /opt/ampache_{{ ampache_id }} + +ampache_php_user: php-ampache_{{ ampache_id }} +ampache_php_version: 74 + +# If you prefer using a custom PHP FPM pool, set it's name. +# You might need to adjust ampache_php_user +# ampache_php_fpm_pool: php56 + + +ampache_mysql_server: "{{ mysql_server | default('localhost') }}" +# ampache_mysql_port: 3306 +ampache_mysql_db: ampache_{{ ampache_id }} +ampache_mysql_user: ampache_{{ ampache_id }} +# If not defined, a random pass will be generated and stored in the meta directory +# ampache_mysql_pass: ampache + +# ampache_alias: ampache +# ampache_allowed_ip: +# - 192.168.7.0/24 +# - 10.2.0.0/24 + +ampache_local_web_path: "http://ampache.{{ ansible_domain }}/" +ampache_auth_methods: + - mysql + +ampache_ldap_url: "{{ ad_auth | default(False) | ternary('ldap://' + ad_realm | default(samba_realm) | lower,ldap_uri) }}" +ampache_ldap_starttls: True +ampache_ldap_search_dn: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | regex_replace('\\.',',DC=')), ldap_base) }}" +ampache_ldap_username: "" +ampache_ldap_password: "" +ampache_ldap_objectclass: "{{ ad_auth | default(False) | ternary('user','inetOrgPerson') }}" +ampache_ldap_filter: "{{ ad_auth | default(False) | ternary('(&(objectCategory=person)(objectClass=user)(primaryGroupId=513)(sAMAccountName=%v))','(uid=%v)') }}" +ampache_ldap_email_field: mail +ampache_ldap_name_field: cn + +ampache_admin_users: + - admin + +#ampache_logout_redirect: https://sso.domain.org + +ampache_metadata_order: 'getID3,filename' + +ampache_lastfm_api_key: 697bad201ee93391630d845c7b3f9610 +ampache_lastfm_api_secret: 5f5fe59aa2f9c60220f04e94aa59c209 + +ampache_max_bit_rate: 192 +ampache_min_bit_rate: 64 + +# allowed, required or false +ampache_transcode_m4a: required +ampache_transcode_flac: required +ampache_transcode_mpc: required +ampache_transcode_ogg: required +ampache_transcode_oga: required +ampache_transcode_wav: required +ampache_transcode_wma: required +ampache_transcode_aif: required +ampache_transcode_aiff: required +ampache_transcode_ape: required +ampache_transcode_shn: required +ampache_transcode_mp3: allowed +ampache_transcode_avi: required +ampache_transcode_mkv: required +ampache_transcode_mpg: required +ampache_transcode_mpeg: required +ampache_transcode_m4v: required +ampache_transcode_mp4: required +ampache_transcode_mov: required +ampache_transcode_wmv: required +ampache_transcode_ogv: required +ampache_transcode_divx: required +ampache_transcode_m2ts: required +ampache_transcode_webm: required +ampache_transcode_flv: allowed +ampache_transcode_player_api_mp3: required +ampache_encode_player_api_target: mp3 +ampache_encode_player_webplayer: mp3 +ampache_encode_target: mp3 +ampache_encode_video_target: webm + +# If defined, will be printed on the login page. HTML can be used, eg +# ampache_motd: 'Use central authentication' + +... diff --git a/roles/ampache/handlers/main.yml b/roles/ampache/handlers/main.yml new file mode 100644 index 0000000..ea83645 --- /dev/null +++ b/roles/ampache/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- include: ../httpd_common/handlers/main.yml +- include: ../httpd_php/handlers/main.yml +... diff --git a/roles/ampache/meta/main.yml b/roles/ampache/meta/main.yml new file mode 100644 index 0000000..9fed297 --- /dev/null +++ b/roles/ampache/meta/main.yml @@ -0,0 +1,6 @@ +--- +allow_duplicates: true +dependencies: + - role: httpd_php + - role: repo_rpmfusion +... diff --git a/roles/ampache/tasks/main.yml b/roles/ampache/tasks/main.yml new file mode 100644 index 0000000..289950b --- /dev/null +++ b/roles/ampache/tasks/main.yml @@ -0,0 +1,213 @@ +--- + +- name: Install needed tools + yum: + name: + - unzip + - acl + - git + - ffmpeg + - mariadb + tags: ampache + +- import_tasks: ../includes/create_system_user.yml + vars: + - user: "{{ ampache_php_user }}" + - comment: "PHP FPM for ampache {{ ampache_id }}" + tags: ampache + +- import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ ampache_root_dir }}" + - version: "{{ ampache_version }}" + tags: ampache +- set_fact: ampache_install_mode={{ (install_mode == 'upgrade' and not ampache_manage_upgrade) | ternary('none',install_mode) }} + tags: ampache +- set_fact: ampache_current_version={{ current_version | default('') }} + tags: ampache + +- import_tasks: ../includes/webapps_archive.yml + vars: + - root_dir: "{{ ampache_root_dir }}" + - version: "{{ ampache_current_version }}" + - db_name: "{{ ampache_mysql_db }}" + when: ampache_install_mode == 'upgrade' + tags: ampache + +- name: Create directory structure + file: path={{ item }} state=directory + with_items: + - "{{ ampache_root_dir }}" + - "{{ ampache_root_dir }}/web" + - "{{ ampache_root_dir }}/tmp" + - "{{ ampache_root_dir }}/sessions" + - "{{ ampache_root_dir }}/meta" + - "{{ ampache_root_dir }}/logs" + - "{{ ampache_root_dir }}/data" + - "{{ ampache_root_dir }}/data/metadata" + - "{{ ampache_root_dir }}/data/music" + - "{{ ampache_root_dir }}/data/video" + - "{{ ampache_root_dir }}/backup" + failed_when: False # Don't fail when a fuse FS is mount on /music for example + tags: ampache + +- when: ampache_install_mode != 'none' + block: + - name: Create tmp dir + file: path={{ ampache_root_dir }}/tmp/ampache state=directory + + - name: Download Ampache + get_url: + url: "{{ ampache_zip_url }}" + dest: "{{ ampache_root_dir }}/tmp/" + checksum: "sha1:{{ ampache_zip_sha1 }}" + + - name: Extract ampache archive + unarchive: + src: "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip" + dest: "{{ ampache_root_dir }}/tmp/ampache" + remote_src: yes + + - name: Move files to the correct directory + synchronize: + src: "{{ ampache_root_dir }}/tmp/ampache/" + dest: "{{ ampache_root_dir }}/web/" + delete: True + compress: False + delegate_to: "{{ inventory_hostname }}" + tags: ampache + +- name: Check if htaccess files needs to be moved + stat: path={{ ampache_root_dir }}/web/public/{{ item }}/.htaccess.dist + with_items: + - channel + - play + - rest + register: htaccess + tags: ampache + +- name: Rename htaccess files + command: mv -f {{ ampache_root_dir }}/web/public/{{ item.item }}/.htaccess.dist {{ ampache_root_dir }}/web/public/{{ item.item }}/.htaccess + with_items: "{{ htaccess.results }}" + when: item.stat.exists + tags: ampache + +- import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ ampache_root_dir }}/meta/key.txt" + tags: ampache +- set_fact: ampache_key={{ rand_pass }} + tags: ampache + +- import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ampache_root_dir }}/meta/ansible_dbpass" + when: ampache_mysql_pass is not defined + tags: ampache +- set_fact: ampache_mysql_pass={{ rand_pass }} + when: ampache_mysql_pass is not defined + tags: ampache + +- import_tasks: ../includes/webapps_create_mysql_db.yml + vars: + - db_name: "{{ ampache_mysql_db }}" + - db_user: "{{ ampache_mysql_user }}" + - db_server: "{{ ampache_mysql_server }}" + - db_pass: "{{ ampache_mysql_pass }}" + tags: ampache + +- name: Inject SQL structure + mysql_db: + name: "{{ ampache_mysql_db }}" + state: import + target: "{{ ampache_root_dir }}/web/sql/ampache.sql" + login_host: "{{ ampache_mysql_server }}" + login_user: sqladmin + login_password: "{{ mysql_admin_pass }}" + when: ampache_install_mode == 'install' + tags: ampache + +- name: Deploy ampache configuration + template: src=ampache.cfg.php.j2 dest={{ ampache_root_dir }}/web/config/ampache.cfg.php group={{ ampache_php_user }} mode=640 + tags: ampache + +#- name: Upgrade SQL database +# command: php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/cli admin:updateDatabase +# become_user: "{{ ampache_php_user }}" +# when: ampache_install_mode == 'upgrade' +# tags: ampache + +- name: Grant admin privileges + command: mysql --host={{ ampache_mysql_server }} --user=sqladmin --password={{ mysql_admin_pass }} {{ ampache_mysql_db }} -e "UPDATE `user` SET `access`='100' WHERE `username`='{{ item }}'" + changed_when: False + become_user: "{{ ampache_php_user }}" + with_items: "{{ ampache_admin_users }}" + tags: ampache + +- import_tasks: ../includes/webapps_webconf.yml + vars: + - app_id: ampache_{{ ampache_id }} + - php_version: "{{ ampache_php_version }}" + - php_fpm_pool: "{{ ampache_php_fpm_pool | default('') }}" + tags: ampache + +- name: Deploy motd + template: src=motd.php.j2 dest={{ ampache_root_dir }}/web/config/motd.php + when: ampache_motd is defined + tags: ampache + +- name: Remove motd + file: path={{ ampache_root_dir }}/web/config/motd.php state=absent + when: ampache_motd is not defined + tags: ampache + +- name: Deploy cron scripts + template: src={{ item }}.j2 dest={{ ampache_root_dir }}/web/bin/{{ item }} + with_items: + - cron.sh + tags: ampache + +- name: Enable cronjob + cron: + name: ampache_{{ ampache_id }} + special_time: daily + user: "{{ ampache_php_user }}" + job: "/bin/sh {{ ampache_root_dir }}/web/bin/cron.sh" + cron_file: ampache_{{ ampache_id }} + tags: ampache + +- name: Deploy sso script + template: src=sso.php.j2 dest={{ ampache_root_dir }}/web/sso.php + tags: ampache + +- name: Deploy backup scripts + template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/ampache_{{ ampache_id }} mode=750 + loop: + - pre + - post + tags: ampache + +- import_tasks: ../includes/webapps_compress_archive.yml + vars: + - root_dir: "{{ ampache_root_dir }}" + - version: "{{ ampache_current_version }}" + when: ampache_install_mode == 'upgrade' + tags: ampache + +- import_tasks: ../includes/webapps_post.yml + vars: + - root_dir: "{{ ampache_root_dir }}" + - version: "{{ ampache_version }}" + tags: ampache + +- name: Remove temp and obsolete files + file: path={{ item }} state=absent + with_items: + - "{{ ampache_root_dir }}/tmp/ampache-{{ ampache_version }}_all.zip" + - "{{ ampache_root_dir }}/tmp/ampache/" + - "{{ ampache_root_dir }}/db_dumps" + - /etc/backup/pre.d/ampache_{{ ampache_id }}_dump_db + - /etc/backup/post.d/ampache_{{ ampache_id }}_rm_dump + tags: ampache + +... diff --git a/roles/ampache/templates/ampache.cfg.php.j2 b/roles/ampache/templates/ampache.cfg.php.j2 new file mode 100644 index 0000000..394dcc4 --- /dev/null +++ b/roles/ampache/templates/ampache.cfg.php.j2 @@ -0,0 +1,137 @@ +config_version = {{ ampache_config_version }} +{% if ampache_local_web_path is defined %} +local_web_path = "{{ ampache_local_web_path }}" +{% endif %} +database_hostname = {{ ampache_mysql_server }} +{% if ampache_mysql_port is defined %} +database_port = "{{ ampache_mysql_port }}" +{% endif %} +database_name = "{{ ampache_mysql_db }}" +database_username = "{{ ampache_mysql_user }}" +database_password = "{{ ampache_mysql_pass }}" +secret_key = "{{ ampache_key }}" +session_length = 3600 +stream_length = 7200 +remember_length = 604800 +session_name = ampache +session_cookielife = 0 +auth_methods = "{{ ampache_auth_methods | join(',') }}" +{% if 'ldap' in ampache_auth_methods %} +ldap_url = "{{ ampache_ldap_url }}" +ldap_username = "{{ ampache_ldap_username }}" +ldap_password = "{{ ampache_ldap_password }}" +ldap_start_tls = "{{ ampache_ldap_starttls | ternary('true','false') }}" +ldap_search_dn = "{{ ampache_ldap_search_dn }}" +ldap_objectclass = "{{ ampache_ldap_objectclass }}" +ldap_filter = "{{ ampache_ldap_filter }}" +ldap_email_field = "{{ ampache_ldap_email_field }}" +ldap_name_field = "{{ ampache_ldap_name_field }}" +external_auto_update = "true" +{% endif %} +{% if ampache_logout_redirect is defined %} +logout_redirect = "{{ ampache_logout_redirect }}" +{% endif %} +access_control = "true" +require_session = "true" +require_localnet_session = "true" +metadata_order = "{{ ampache_metadata_order }}" +getid3_tag_order = "id3v2,id3v1,vorbiscomment,quicktime,matroska,ape,asf,avi,mpeg,riff" +deferred_ext_metadata = "false" +additional_genre_delimiters = "[/]{2}|[/\\\\|,;]" +catalog_file_pattern = "mp3|mpc|m4p|m4a|aac|ogg|oga|wav|aif|aiff|rm|wma|asf|flac|opus|spx|ra|ape|shn|wv" +catalog_video_pattern = "avi|mpg|mpeg|flv|m4v|mp4|webm|mkv|wmv|ogv|mov|divx|m2ts" +catalog_playlist_pattern = "m3u|m3u8|pls|asx|xspf" +catalog_prefix_pattern = "The|An|A|Das|Ein|Eine|Les|Le|La" +track_user_ip = "true" +allow_zip_download = "true" +allow_zip_types = "album" +use_auth = "true" +ratings = "false" +userflags = "true" +directplay = "true" +sociable = "false" +licensing = "false" +memory_cache = "true" +album_art_store_disk = "true" +local_metadata_dir = "{{ ampache_root_dir }}/data/metadata" +max_upload_size = 1048576 +resize_images = "false" +art_order = "db,tags,folder,musicbrainz,lastfm,google" +lastfm_api_key = "{{ ampache_lastfm_api_key }}" +lastfm_api_secret = "{{ ampache_lastfm_api_secret }}" +channel = "false" +live_stream = "false" +refresh_limit = "60" +show_footer_statistics = "false" +debug = "true" +debug_level = 5 +log_path = "{{ ampache_root_dir }}/logs/" +log_filename = "%name.%Y%m%d.log" +site_charset = "UTF-8" +{% if 'ldap' in ampache_auth_methods or 'http' in ampache_auth_methods %} +auto_create = "true" +auto_user = "user" +{% endif %} +allow_public_registration = "false" +generate_video_preview = "true" +max_bit_rate = {{ ampache_max_bit_rate }} +min_bit_rate = {{ ampache_min_bit_rate }} +transcode_m4a = {{ ampache_transcode_m4a }} +transcode_flac = {{ ampache_transcode_flac }} +transcode_mpc = {{ ampache_transcode_mpc }} +transcode_ogg = {{ ampache_transcode_ogg }} +transcode_oga = {{ ampache_transcode_oga }} +transcode_wav = {{ ampache_transcode_wav }} +transcode_wma = {{ ampache_transcode_wma }} +transcode_aif = {{ ampache_transcode_aif }} +transcode_aiff = {{ ampache_transcode_aiff }} +transcode_ape = {{ ampache_transcode_ape }} +transcode_shn = {{ ampache_transcode_shn }} +transcode_mp3 = {{ ampache_transcode_mp3 }} +transcode_avi = {{ ampache_transcode_avi }} +transcode_mkv = {{ ampache_transcode_mkv }} +transcode_mpg = {{ ampache_transcode_mpg }} +transcode_mpeg = {{ ampache_transcode_mpeg }} +transcode_m4v = {{ ampache_transcode_m4v }} +transcode_mp4 = {{ ampache_transcode_mp4 }} +transcode_mov = {{ ampache_transcode_mov }} +transcode_wmv = {{ ampache_transcode_wmv }} +transcode_ogv = {{ ampache_transcode_ogv }} +transcode_divx = {{ ampache_transcode_divx }} +transcode_m2ts = {{ ampache_transcode_m2ts }} +transcode_webm = {{ ampache_transcode_webm }} +transcode_flv = {{ ampache_transcode_flv }} +encode_target = {{ ampache_encode_target }} +encode_player_webplayer_target = {{ ampache_encode_player_webplayer }} +transcode_player_api_mp3 = {{ ampache_transcode_player_api_mp3 }} +encode_video_target = {{ ampache_encode_video_target }} +transcode_player_customize = "true" +transcode_cmd = "/bin/ffmpeg" +transcode_input = "-i %FILE%" +encode_args_mp3 = "-vn -b:a %BITRATE%K -c:a libmp3lame -f mp3 pipe:1" +encode_args_ogg = "-vn -b:a %BITRATE%K -c:a libvorbis -f ogg pipe:1" +encode_args_m4a = "-vn -b:a %BITRATE%K -c:a libfdk_aac -f adts pipe:1" +encode_args_wav = "-vn -b:a %BITRATE%K -c:a pcm_s16le -f wav pipe:1" +encode_args_opus = "-vn -b:a %BITRATE%K -c:a libopus -compression_level 10 -vsync 2 -f ogg pipe:1" +encode_args_flv = "-b:a %BITRATE%K -ar 44100 -ac 2 -v 0 -f flv -c:v libx264 -preset superfast -threads 0 pipe:1" +encode_args_webm = "-q %QUALITY% -f webm -c:v libvpx -maxrate %MAXBITRATE%k -preset superfast -threads 0 pipe:1" +encode_args_ts = "-q %QUALITY% -s %RESOLUTION% -f mpegts -c:v libx264 -c:a libmp3lame -maxrate %MAXBITRATE%k -preset superfast -threads 0 pipe:1" +encode_get_image = "-ss %TIME% -f image2 -vframes 1 pipe:1" +encode_srt = "-vf \"subtitles='%SRTFILE%'\"" +encode_ss_frame = "-ss %TIME%" +encode_ss_duration = "-t %DURATION%" +force_ssl = "true" +common_abbr = "divx,xvid,dvdrip,hdtv,lol,axxo,repack,xor,pdtv,real,vtv,caph,2hd,proper,fqm,uncut,topaz,tvt,notv,fpn,fov,orenji,0tv,omicron,dsr,ws,sys,crimson,wat,hiqt,internal,brrip,boheme,vost,vostfr,fastsub,addiction,x264,LOL,720p,1080p,YIFY,evolve,fihtv,first,bokutox,bluray,tvboom,info" +mail_enable = "true" +mail_type = "sendmail" +mail_domain = "{{ ansible_domain }}" +{% if system_proxy is defined and system_proxy != '' %} +proxy_host = "{{ system_proxy | urlsplit('hostname') }}" +proxy_port = "{{ system_proxy | urlsplit('port') }}" +proxy_user = "{{ system_proxy | urlsplit('username') }}" +proxy_pass = "{{ system_proxy | urlsplit('password') }}" +{% endif %} +metadata_order_video = "filename,getID3" +registration_display_fields = "fullname,website" +registration_mandatory_fields = "fullnamep" +allow_upload_scripts = "false" diff --git a/roles/ampache/templates/cron.sh.j2 b/roles/ampache/templates/cron.sh.j2 new file mode 100644 index 0000000..6ee85c8 --- /dev/null +++ b/roles/ampache/templates/cron.sh.j2 @@ -0,0 +1,31 @@ +#!/bin/sh + +# Rotate logs +find {{ ampache_root_dir }}/logs -type f -mtime +7 -exec rm -f "{}" \; +find {{ ampache_root_dir }}/logs -type f -mtime +1 -exec xz -T0 "{}" \; + +# Do we have a previous filelist to compare against ? +PREV_HASH=$(cat {{ ampache_root_dir }}/tmp/data_hash.txt || echo 'none') + +# Now, compute a hash of the filelist +NEW_HASH=$(find {{ ampache_root_dir }}/data/{music,video} | sha1sum | cut -d' ' -f1) + +# Write new hash so we can compare next time +echo -n $NEW_HASH > {{ ampache_root_dir }}/tmp/data_hash.txt + +# If file list has changed since last time, then update the catalog +if [ "$PREV_HASH" != "$NEW_HASH" ]; then + # Clean (remove files which doesn't exists anymore) + /bin/php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/cli run:updateCatalog -c > /dev/null 2>&1 + # Add (files added) + /bin/php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/cli run:updateCatalog -a > /dev/null 2>&1 + # Update graphics + /bin/php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/cli run:updateCatalog -g > /dev/null 2>&1 +fi + +# Now check if files have changed recently. We can have the same file list, but metadata updates +NEW_FILES=$(find {{ ampache_root_dir }}/data/{music,video} -type f -mtime -1 | wc -l) +if [ "$NEW_FILES" -gt "0" ]; then + # Verify (update metadata) + /bin/php{{ ampache_php_version }} {{ ampache_root_dir }}/web/bin/cli run:updateCatalog -e > /dev/null 2>&1 +fi diff --git a/roles/ampache/templates/httpd.conf.j2 b/roles/ampache/templates/httpd.conf.j2 new file mode 100644 index 0000000..c2e2beb --- /dev/null +++ b/roles/ampache/templates/httpd.conf.j2 @@ -0,0 +1,27 @@ +{% if ampache_alias is defined %} +Alias /{{ ampache_alias }} {{ ampache_root_dir }}/web/public +{% else %} +# No alias defined, create a vhost to access it +{% endif %} + +RewriteEngine On + + AllowOverride All + Options FollowSymLinks +{% if ampache_allowed_ip is defined %} + Require ip {{ ampache_src_ip | join(' ') }} +{% else %} + Require all granted +{% endif %} + + SetHandler "proxy:unix:/run/php-fpm/{{ ampache_php_fpm_pool | default('ampache_' + ampache_id | string) }}.sock|fcgi://localhost" + + + Require all denied + + + + + Require all denied + + diff --git a/roles/ampache/templates/motd.php.j2 b/roles/ampache/templates/motd.php.j2 new file mode 100644 index 0000000..5dcd184 --- /dev/null +++ b/roles/ampache/templates/motd.php.j2 @@ -0,0 +1,3 @@ +{{ ampache_motd }}'; diff --git a/roles/ampache/templates/perms.sh.j2 b/roles/ampache/templates/perms.sh.j2 new file mode 100644 index 0000000..6a7e4e3 --- /dev/null +++ b/roles/ampache/templates/perms.sh.j2 @@ -0,0 +1,15 @@ +#!/bin/sh + +restorecon -R {{ ampache_root_dir }} +chown root:root {{ ampache_root_dir }} +chmod 700 {{ ampache_root_dir }} +setfacl -k -b {{ ampache_root_dir }} +setfacl -m u:{{ ampache_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:rx {{ ampache_root_dir }} +chown -R root:root {{ ampache_root_dir }}/web +chown {{ ampache_php_user }} {{ ampache_root_dir }}/data +chown -R {{ ampache_php_user }} {{ ampache_root_dir }}/{tmp,sessions,logs,data/metadata} +chmod 700 {{ ampache_root_dir }}/{tmp,sessions,logs,data} +find {{ ampache_root_dir }}/web -type f -exec chmod 644 "{}" \; +find {{ ampache_root_dir }}/web -type d -exec chmod 755 "{}" \; +chown :{{ ampache_php_user }} {{ ampache_root_dir }}/web/config/ampache.cfg.php +chmod 640 {{ ampache_root_dir }}/web/config/ampache.cfg.php diff --git a/roles/ampache/templates/php.conf.j2 b/roles/ampache/templates/php.conf.j2 new file mode 100644 index 0000000..6c17756 --- /dev/null +++ b/roles/ampache/templates/php.conf.j2 @@ -0,0 +1,37 @@ +; {{ ansible_managed }} + +[ampache_{{ ampache_id }}] + +listen.owner = root +listen.group = {{ httpd_user | default('apache') }} +listen.mode = 0660 +listen = /run/php-fpm/ampache_{{ ampache_id }}.sock +user = {{ ampache_php_user }} +group = {{ ampache_php_user }} +catch_workers_output = yes + +pm = dynamic +pm.max_children = 15 +pm.start_servers = 3 +pm.min_spare_servers = 3 +pm.max_spare_servers = 6 +pm.max_requests = 5000 +request_terminate_timeout = 60m + +php_flag[display_errors] = off +php_admin_flag[log_errors] = on +php_admin_value[error_log] = syslog +php_admin_value[memory_limit] = 512M +php_admin_value[session.save_path] = {{ ampache_root_dir }}/sessions +php_admin_value[upload_tmp_dir] = {{ ampache_root_dir }}/tmp +php_admin_value[sys_temp_dir] = {{ ampache_root_dir }}/tmp +php_admin_value[post_max_size] = 5M +php_admin_value[upload_max_filesize] = 5M +php_admin_value[disable_functions] = system, show_source, symlink, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd +php_admin_value[open_basedir] = {{ ampache_root_dir }} +php_admin_value[max_execution_time] = 1800 +php_admin_value[max_input_time] = 60 +php_admin_flag[allow_url_include] = off +php_admin_flag[allow_url_fopen] = on +php_admin_flag[file_uploads] = on +php_admin_flag[session.cookie_httponly] = on diff --git a/roles/ampache/templates/post-backup.j2 b/roles/ampache/templates/post-backup.j2 new file mode 100644 index 0000000..545c87c --- /dev/null +++ b/roles/ampache/templates/post-backup.j2 @@ -0,0 +1,3 @@ +#!/bin/sh + +rm -f {{ ampache_root_dir }}/backup/* diff --git a/roles/ampache/templates/pre-backup.j2 b/roles/ampache/templates/pre-backup.j2 new file mode 100644 index 0000000..16ef6cd --- /dev/null +++ b/roles/ampache/templates/pre-backup.j2 @@ -0,0 +1,9 @@ +#!/bin/sh + +set -eo pipefail + +/usr/bin/mysqldump --user={{ ampache_mysql_user | quote }} \ + --password={{ ampache_mysql_pass | quote }} \ + --host={{ ampache_mysql_server | quote }} \ + --quick --single-transaction \ + --add-drop-table {{ ampache_mysql_db | quote }} | zstd -c > {{ ampache_root_dir }}/backup/{{ ampache_mysql_db }}.sql.zst diff --git a/roles/ampache/templates/sso.php.j2 b/roles/ampache/templates/sso.php.j2 new file mode 100644 index 0000000..1f7c064 --- /dev/null +++ b/roles/ampache/templates/sso.php.j2 @@ -0,0 +1,6 @@ + diff --git a/roles/appsmith/defaults/main.yml b/roles/appsmith/defaults/main.yml new file mode 100644 index 0000000..460980c --- /dev/null +++ b/roles/appsmith/defaults/main.yml @@ -0,0 +1,53 @@ +--- + +# Version to deploy +appsmith_version: 1.5.25 +# URL of the source archive +appsmith_archive_url: https://github.com/appsmithorg/appsmith/archive/v{{ appsmith_version }}.tar.gz +# sha1sum of the archive +appsmith_archive_sha1: dceebde21c7b0a989aa7fb96bac044df4f2ddf50 + +# Root directory where appsmith will be installed +appsmith_root_dir: /opt/appsmith +# Should ansible handle upgrades (True) or only initial install (False) +appsmith_manage_upgrade: True + +# User account under which appsmith will run +appsmith_user: appsmith + +# appsmith needs a redis server and a mongodb one +appsmith_redis_url: redis://localhost:6379 +# A random one will be created and stored in the meta directory if not defined here +appsmith_mongo_user: appsmith +# appsmith_mongo_pass: S3cr3t. +# Note: if appsmith_mongo_pass is defined, it'll be used with appsmith_mongo_user to connect, even if not indicated in appsmith_mongo_url +# Else, anonymous connection is made. By default, if you do not set appsmith_mongo_pass, a random one will be created +# If you insist on using anonymous connections, you should set appsmith_mongo_pass to False +appsmith_mongo_url: mongodb://localhost/appsmith?retryWrites=true + +# appsmith server component +appsmith_server_port: 8088 +# List of IP/CIDR having access to appsmith_server_port +appsmith_server_src_ip: [] + +# Email settings +appsmith_email_from: noreply@{{ ansible_domain }} +appsmith_email_server: localhost +appsmith_email_port: 25 +appsmith_email_tls: "{{ (appsmith_email_port == 587) | ternary(True,False) }}" +# appsmith_email_user: account +# appsmith_email_pass: S3Cr3T4m@1l + +# Encryption settings. If not defined, random values will be created and used +# appsmith_encryption_pass: p@ssw0rd +# appsmith_encryption_salt: Salt + +# Public URL used to access appsmith +appsmith_public_url: http://{{ inventory_hostname }} + +# User signup can be disabled +appsmith_user_signup: True +# If signup is enabled, you can restrict which domains are allowed to signup (an empty list means no restriction) +appsmith_signup_whitelist: [] +# If signup is disabled, you can set a list of whitelisted email which will be allowed +appsmith_admin_emails: [] diff --git a/roles/appsmith/handlers/main.yml b/roles/appsmith/handlers/main.yml new file mode 100644 index 0000000..e7b75f6 --- /dev/null +++ b/roles/appsmith/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: restart appsmith-server + service: name=appsmith-server state=restarted diff --git a/roles/appsmith/meta/main.yml b/roles/appsmith/meta/main.yml new file mode 100644 index 0000000..cb8d365 --- /dev/null +++ b/roles/appsmith/meta/main.yml @@ -0,0 +1,11 @@ +--- + +dependencies: + - role: mkdir + - role: maven + - role: repo_mongodb + - role: redis_server + when: appsmith_redis_url | urlsplit('hostname') in ['localhost','127.0.0.1'] + - role: mongodb_server + when: appsmith_mongo_url | urlsplit('hostname') in ['localhost','127.0.0.1'] + - role: nginx diff --git a/roles/appsmith/tasks/archive_post.yml b/roles/appsmith/tasks/archive_post.yml new file mode 100644 index 0000000..85039f6 --- /dev/null +++ b/roles/appsmith/tasks/archive_post.yml @@ -0,0 +1,10 @@ +--- + +- name: Compress previous version + command: tar cf {{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}.tar.zst --use-compress-program=zstd ./ + environment: + ZST_CLEVEL: 10 + args: + chdir: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + warn: False + tags: appsmith diff --git a/roles/appsmith/tasks/archive_pre.yml b/roles/appsmith/tasks/archive_pre.yml new file mode 100644 index 0000000..5f93423 --- /dev/null +++ b/roles/appsmith/tasks/archive_pre.yml @@ -0,0 +1,33 @@ +--- + +- name: Create the archive dir + file: + path: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + state: directory + tags: appsmith + +- name: Archive previous version + synchronize: + src: "{{ appsmith_root_dir }}/{{ item }}" + dest: "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + recursive: True + delete: True + loop: + - server + - client + - etc + - meta + delegate_to: "{{ inventory_hostname }}" + tags: appsmith + +- name: Dump mongo database + shell: | + mongodump --quiet \ + --out {{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}/ \ + --uri \ + {% if appsmith_mongo_pass is defined and appsmith_mongo_pass != False %} + {{ appsmith_mongo_url | urlsplit('scheme') }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url | urlsplit('hostname') }}{% if appsmith_mongo_url | urlsplit('port') %}:{{ appsmith_mongo_url | urlsplit('port') }}{% endif %}{{ appsmith_mongo_url | urlsplit('path') }}?{{ appsmith_mongo_url | urlsplit('query') }} + {% else %} + {{ appsmith_mongo_url }} + {% endif %} + tags: appsmith diff --git a/roles/appsmith/tasks/cleanup.yml b/roles/appsmith/tasks/cleanup.yml new file mode 100644 index 0000000..7524f1b --- /dev/null +++ b/roles/appsmith/tasks/cleanup.yml @@ -0,0 +1,9 @@ +--- + +- name: Remove tmp and unused files + file: path={{ item }} state=absent + loop: + - "{{ appsmith_root_dir }}/archives/{{ appsmith_current_version }}" + - "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}" + - "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}.tar.gz" + tags: appsmith diff --git a/roles/appsmith/tasks/conf.yml b/roles/appsmith/tasks/conf.yml new file mode 100644 index 0000000..ea6c5f0 --- /dev/null +++ b/roles/appsmith/tasks/conf.yml @@ -0,0 +1,30 @@ +--- + +- name: Deploy appsmith server conf + template: src={{ item }}.j2 dest={{ appsmith_root_dir }}/etc/{{ item }} group={{ appsmith_user }} mode=640 + loop: + - env + notify: restart appsmith-server + tags: appsmith + +- name: Deploy nginx conf + template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/appsmith.conf + notify: reload nginx + tags: appsmith + +- name: Create the mongodb user + mongodb_user: + database: "{{ appsmith_mongo_url | urlsplit('path') | regex_replace('^\\/', '') }}" + name: "{{ appsmith_mongo_user }}" + password: "{{ appsmith_mongo_pass }}" + login_database: admin + login_host: "{{ appsmith_mongo_url | urlsplit('hostname') }}" + login_port: "{{ appsmith_mongo_url | urlsplit('port') | ternary(appsmith_mongo_url | urlsplit('port'),omit) }}" + login_user: mongoadmin + login_password: "{{ mongo_admin_pass }}" + roles: + - readWrite + when: + - appsmith_mongo_pass is defined + - appsmith_mongo_pass != False + tags: appsmith diff --git a/roles/appsmith/tasks/directories.yml b/roles/appsmith/tasks/directories.yml new file mode 100644 index 0000000..0c9ae84 --- /dev/null +++ b/roles/appsmith/tasks/directories.yml @@ -0,0 +1,28 @@ +--- + +- name: Create directories + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: "{{ appsmith_root_dir }}" + mode: 755 + - dir: "{{ appsmith_root_dir }}/archives" + mode: 700 + - dir: "{{ appsmith_root_dir }}/backup" + mode: 700 + - dir: "{{ appsmith_root_dir }}/tmp" + owner: "{{ appsmith_user }}" + mode: 700 + - dir: "{{ appsmith_root_dir }}/src" + owner: "{{ appsmith_user }}" + - dir: "{{ appsmith_root_dir }}/server" + owner: "{{ appsmith_user }}" + - dir: "{{ appsmith_root_dir }}/server/plugins" + owner: "{{ appsmith_user }}" + - dir: "{{ appsmith_root_dir }}/client" + - dir: "{{ appsmith_root_dir }}/meta" + mode: 700 + - dir: "{{ appsmith_root_dir }}/etc" + group: "{{ appsmith_user }}" + mode: 750 + - dir: "{{ appsmith_root_dir }}/bin" + tags: appsmith diff --git a/roles/appsmith/tasks/facts.yml b/roles/appsmith/tasks/facts.yml new file mode 100644 index 0000000..45ad89d --- /dev/null +++ b/roles/appsmith/tasks/facts.yml @@ -0,0 +1,61 @@ +--- + +# Detect installed version (if any) +- block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ appsmith_root_dir }}" + - version: "{{ appsmith_version }}" + - set_fact: appsmith_install_mode={{ (install_mode == 'upgrade' and not appsmith_manage_upgrade) | ternary('none',install_mode) }} + - set_fact: appsmith_current_version={{ current_version | default('') }} + tags: appsmith + +# Create a random encryption password +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_pass" + - set_fact: appsmith_encryption_pass={{ rand_pass }} + when: appsmith_encryption_pass is not defined + tags: appsmith + +# Create a random encryption salt +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ appsmith_root_dir }}/meta/ansible_encryption_salt" + - complex: False + - pass_size: 10 + - set_fact: appsmith_encryption_salt={{ rand_pass }} + when: appsmith_encryption_salt is not defined + tags: appsmith + +- set_fact: appsmith_mongo_pass={{ appsmith_mongo_url | urlsplit('password') | urldecode }} + when: + - appsmith_mongo_pass is not defined + - appsmith_mongo_url | urlsplit('password') is string + tags: mongo + +# Create a random password for mongo +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ appsmith_root_dir }}/meta/ansible_mongo_pass" + - set_fact: appsmith_mongo_pass={{ rand_pass }} + when: appsmith_mongo_pass is not defined + tags: appsmith + +# Try to read mongo admin pass +- name: Check if mongo pass file exists + stat: path=/root/.mongo.pw + register: appsmith_mongo_pw + tags: appsmith +- when: appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined + block: + - slurp: src=/root/.mongo.pw + register: appsmith_mongo_admin_pass + - set_fact: mongo_admin_pass={{ appsmith_mongo_admin_pass.content | b64decode | trim }} + tags: appsmith +- fail: msg='mongo_admin_pass must be provided' + when: not appsmith_mongo_pw.stat.exists and mongo_admin_pass is not defined + tags: appsmith diff --git a/roles/appsmith/tasks/install.yml b/roles/appsmith/tasks/install.yml new file mode 100644 index 0000000..f39a6d1 --- /dev/null +++ b/roles/appsmith/tasks/install.yml @@ -0,0 +1,141 @@ +--- + +- name: Install dependencies + yum: + name: + - nodejs + - java-11-openjdk + - java-11-openjdk-devel + - mongodb-org-tools + - make + - gcc-c++ + tags: appsmith + +- name: Detect exact JRE version + command: rpm -q java-11-openjdk + args: + warn: False + changed_when: False + register: appsmith_jre11_version + tags: appsmith + +- name: Select JRE 11 as default version + alternatives: + name: "{{ item.name }}" + link: "{{ item.link }}" + path: "{{ item.path }}" + loop: + - name: java + link: /usr/bin/java + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/java + - name: javac + link: /usr/bin/javac + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }}/bin/javac + - name: jre_openjdk + link: /usr/lib/jvm/jre-openjdk + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }} + - name: java_sdk_openjdk + link: /usr/lib/jvm/java-openjdk + path: /usr/lib/jvm/{{ appsmith_jre11_version.stdout | trim }} + tags: appsmith + +- name: Stop the service during upgrade + service: name=appsmith-server state=stopped + when: appsmith_install_mode == 'upgrade' + tags: appsmith + +- when: appsmith_install_mode != 'none' + block: + + - name: Download appsmith + get_url: + url: "{{ appsmith_archive_url }}" + dest: "{{ appsmith_root_dir }}/tmp" + checksum: sha1:{{ appsmith_archive_sha1 }} + + - name: Extract appsmith archive + unarchive: + src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}.tar.gz" + dest: "{{ appsmith_root_dir }}/tmp" + remote_src: True + + - name: Move sources + synchronize: + src: "{{ appsmith_root_dir }}/tmp/appsmith-{{ appsmith_version }}/" + dest: "{{ appsmith_root_dir }}/src/" + compress: False + delete: True + delegate_to: "{{ inventory_hostname }}" + + - name: Compile the server + command: /opt/maven/apache-maven/bin/mvn -DskipTests clean package + args: + chdir: "{{ appsmith_root_dir }}/src/app/server" + + - name: Remove previous server version + shell: find {{ appsmith_root_dir }}/server -name \*.jar -exec rm -f "{}" \; + + - name: Copy server jar + copy: src={{ appsmith_root_dir }}/src/app/server/appsmith-server/target/server-1.0-SNAPSHOT.jar dest={{ appsmith_root_dir }}/server/ remote_src=True + notify: restart appsmith-server + + - name: List plugins + shell: find {{ appsmith_root_dir }}/src/app/server/appsmith-*/*/target -maxdepth 1 -name \*.jar \! -name original\* + register: appsmith_plugins_jar + + - name: Install plugins jar + copy: src={{ item }} dest={{ appsmith_root_dir }}/server/plugins/ remote_src=True + loop: "{{ appsmith_plugins_jar.stdout_lines }}" + + - name: Install yarn + npm: + name: yarn + path: "{{ appsmith_root_dir }}/src/app/client" + + - name: Install NodeJS dependencies + command: ./node_modules/yarn/bin/yarn install --ignore-engines + args: + chdir: "{{ appsmith_root_dir }}/src/app/client" + + # Not sure why but yarn installs webpack 4.46.0 while appsmith wants 4.44.2 + - name: Install correct webpack version + command: ./node_modules/yarn/bin/yarn add webpack@4.44.2 --ignore-engines + args: + chdir: "{{ appsmith_root_dir }}/src/app/client" + + - name: Build the client + command: ./node_modules/.bin/craco --max-old-space-size=3072 build --config craco.build.config.js + args: + chdir: "{{ appsmith_root_dir }}/src/app/client" + + # Note : the client will be deployed in {{ appsmith_root_dir }}/client + # with a ExecStartPre hook of the server, which will take care of replacing + # placeholders with current settings. So no need to do it here + + become_user: "{{ appsmith_user }}" + tags: appsmith + +- name: Deploy systemd unit + template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} + loop: + - appsmith-server.service + register: appsmith_units + notify: restart appsmith-server + tags: appsmith + +- name: Reload systemd + systemd: daemon_reload=True + when: appsmith_units.results | selectattr('changed','equalto',True) | list | length > 0 + tags: appsmith + +- name: Install pre-start script + template: src=pre-start.sh.j2 dest={{ appsmith_root_dir }}/bin/pre-start mode=755 + notify: restart appsmith-server + tags: appsmith + +- name: Install pre/post backup hoooks + template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/appsmith mode=700 + loop: + - pre + - post + tags: appsmith diff --git a/roles/appsmith/tasks/iptables.yml b/roles/appsmith/tasks/iptables.yml new file mode 100644 index 0000000..2e689fd --- /dev/null +++ b/roles/appsmith/tasks/iptables.yml @@ -0,0 +1,12 @@ +--- + +- name: Handle appsmith ports in the firewall + iptables_raw: + name: "{{ item.name }}" + state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}" + rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT" + loop: + - name: appsmith_server_port + port: "{{ appsmith_server_port }}" + src_ip: "{{ appsmith_server_src_ip }}" + tags: firewall,appsmith diff --git a/roles/appsmith/tasks/main.yml b/roles/appsmith/tasks/main.yml new file mode 100644 index 0000000..1208952 --- /dev/null +++ b/roles/appsmith/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- include: user.yml +- include: directories.yml +- include: facts.yml +- include: archive_pre.yml + when: appsmith_install_mode == 'upgrade' +- include: install.yml +- include: conf.yml +- include: iptables.yml + when: iptables_manage | default(True) +- include: services.yml +- include: write_version.yml +- include: archive_post.yml + when: appsmith_install_mode == 'upgrade' +- include: cleanup.yml + diff --git a/roles/appsmith/tasks/services.yml b/roles/appsmith/tasks/services.yml new file mode 100644 index 0000000..30847a4 --- /dev/null +++ b/roles/appsmith/tasks/services.yml @@ -0,0 +1,7 @@ +--- + +- name: Start and enable the services + service: name={{ item }} state=started enabled=True + loop: + - appsmith-server + tags: appsmith diff --git a/roles/appsmith/tasks/user.yml b/roles/appsmith/tasks/user.yml new file mode 100644 index 0000000..8c773cb --- /dev/null +++ b/roles/appsmith/tasks/user.yml @@ -0,0 +1,8 @@ +--- + +- name: Create appsmith user + user: + name: "{{ appsmith_user }}" + home: "{{ appsmith_root_dir }}" + system: True + tags: appsmith diff --git a/roles/appsmith/tasks/write_version.yml b/roles/appsmith/tasks/write_version.yml new file mode 100644 index 0000000..8cbcf5e --- /dev/null +++ b/roles/appsmith/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write installed version + copy: content={{ appsmith_version }} dest={{ appsmith_root_dir }}/meta/ansible_version + tags: appsmith diff --git a/roles/appsmith/templates/appsmith-server.service.j2 b/roles/appsmith/templates/appsmith-server.service.j2 new file mode 100644 index 0000000..3af1456 --- /dev/null +++ b/roles/appsmith/templates/appsmith-server.service.j2 @@ -0,0 +1,35 @@ +[Unit] +Description=Opensource framework to build app and workflows +After=syslog.target network.target mongodb.service redis.service + +[Service] +Type=simple +User={{ appsmith_user }} +Group={{ appsmith_user }} +EnvironmentFile={{ appsmith_root_dir }}/etc/env +WorkingDirectory={{ appsmith_root_dir }}/server +PermissionsStartOnly=yes +ExecStartPre={{ appsmith_root_dir }}/bin/pre-start +ExecStart=/bin/java -Djava.net.preferIPv4Stack=true \ + -Dserver.port={{ appsmith_server_port }} \ + -Djava.security.egd="file:/dev/./urandom" \ +{% if system_proxy is defined and system_proxy != '' %} + -Dhttp.proxyHost={{ system_proxy | urlsplit('hostname') }} \ + -Dhttp.proxyPort={{ system_proxy | urlsplit('port') }} \ + -Dhttps.proxyHost={{ system_proxy | urlsplit('hostname') }} \ + -Dhttps.proxyPort={{ system_proxy | urlsplit('port') }} \ +{% endif %} + -jar server-1.0-SNAPSHOT.jar +PrivateTmp=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryLimit=4096M +Restart=on-failure +StartLimitInterval=0 +RestartSec=30 +SyslogIdentifier=appsmith-server + +[Install] +WantedBy=multi-user.target + diff --git a/roles/appsmith/templates/env.j2 b/roles/appsmith/templates/env.j2 new file mode 100644 index 0000000..62c416b --- /dev/null +++ b/roles/appsmith/templates/env.j2 @@ -0,0 +1,25 @@ +APPSMITH_MAIL_ENABLED=true +APPSMITH_MAIL_FROM={{ appsmith_email_from }} +APPSMITH_MAIL_HOST={{ appsmith_email_server }} +APPSMITH_MAIL_PORT={{ appsmith_email_port }} +APPSMITH_MAIL_SMTP_TLS_ENABLED={{ appsmith_email_tls | ternary('true','false') }} +{% if appsmith_email_user is defined and appsmith_email_pass is defined %} +APPSMITH_MAIL_SMTP_AUTH=true +APPSMITH_MAIL_USERNAME={{ appsmith_email_user }} +APPSMITH_MAIL_PASSWORD={{ appsmith_email_pass }} +{% endif %} +APPSMITH_REDIS_URL={{ appsmith_redis_url }} +{% if appsmith_mongo_user is defined and appsmith_mongo_pass is defined and appsmith_mongo_pass != False %} +{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %} +APPSMITH_MONGODB_URI={{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }} +{% else %} +APPSMITH_MONGODB_URI={{ appsmith_mongo_url }} +{% endif %} +APPSMITH_DISABLE_TELEMETRY=true +APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }} +APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }} +APPSMITH_SIGNUP_DISABLED={{ appsmith_user_signup | ternary('false','true') }} +{% if appsmith_signup_whitelist | length > 0 and appsmith_user_signup %} +APPSMITH_SIGNUP_ALLOWED_DOMAINS={{ appsmith_signup_whitelist | join(',') }} +{% endif %} +APPSMITH_ADMIN_EMAILS={{ appsmith_admin_emails | join(',') }} diff --git a/roles/appsmith/templates/nginx.conf.j2 b/roles/appsmith/templates/nginx.conf.j2 new file mode 100644 index 0000000..627b447 --- /dev/null +++ b/roles/appsmith/templates/nginx.conf.j2 @@ -0,0 +1,34 @@ +server { + listen 80; + server_name {{ appsmith_public_url | urlsplit('hostname') }}; + include /etc/nginx/ansible_conf.d/acme.inc; + root {{ appsmith_root_dir }}/client; + client_max_body_size 10M; + + if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE|PATCH)$ ) { + return 405; + } + + # Send info about the original request to the backend + proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for"; + proxy_set_header X-Real-IP "$remote_addr"; + proxy_set_header X-Forwarded-Proto "$scheme"; + proxy_set_header X-Forwarded-Host "$host"; + proxy_set_header Host "$host"; + + location / { + try_files $uri /index.html =404; + } + location /f { + proxy_pass https://cdn.optimizely.com/; + } + location /api { + proxy_pass http://127.0.0.1:{{ appsmith_server_port }}; + } + location /oauth2 { + proxy_pass http://127.0.0.1:{{ appsmith_server_port }}; + } + location /login { + proxy_pass http://127.0.0.1:{{ appsmith_server_port }}; + } +} diff --git a/roles/appsmith/templates/post-backup.sh.j2 b/roles/appsmith/templates/post-backup.sh.j2 new file mode 100644 index 0000000..8ac3f4d --- /dev/null +++ b/roles/appsmith/templates/post-backup.sh.j2 @@ -0,0 +1,3 @@ +#!/bin/bash -e + +rm -rf {{ appsmith_root_dir }}/backup/* diff --git a/roles/appsmith/templates/pre-backup.sh.j2 b/roles/appsmith/templates/pre-backup.sh.j2 new file mode 100644 index 0000000..ff5e338 --- /dev/null +++ b/roles/appsmith/templates/pre-backup.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/sh + +set -eo pipefail + +mongodump \ +{% if appsmith_mongo_pass is defined and appsmith_mongo_pass != False %} +{% set appsmith_mongo_url_obj = appsmith_mongo_url | urlsplit %} + --uri {{ appsmith_mongo_url_obj['scheme'] }}://{{ appsmith_mongo_user }}:{{ appsmith_mongo_pass | urlencode | regex_replace('/','%2F') }}@{{ appsmith_mongo_url_obj['hostname'] }}{% if appsmith_mongo_url_obj['port'] %}:{{ appsmith_mongo_url_obj['port'] }}{% endif %}{{ appsmith_mongo_url_obj['path'] }}?{{ appsmith_mongo_url_obj['query'] }} \ +{% else %} + --uri {{ appsmith_mongo_url }} \ +{% endif %} + --out {{ appsmith_root_dir }}/backup diff --git a/roles/appsmith/templates/pre-start.sh.j2 b/roles/appsmith/templates/pre-start.sh.j2 new file mode 100644 index 0000000..47bc1c4 --- /dev/null +++ b/roles/appsmith/templates/pre-start.sh.j2 @@ -0,0 +1,19 @@ +#!/bin/bash -e + +# If the conf changed since the last client deployement, or if the client build is newer than the one deployed, then re-deploy +if [ {{ appsmith_root_dir }}/etc/env -nt {{ appsmith_root_dir }}/client/ -o {{ appsmith_root_dir }}/src/app/client/build/ -nt {{ appsmith_root_dir }}/client/ ]; then + rsync -a --delete {{ appsmith_root_dir }}/src/app/client/build/ {{ appsmith_root_dir }}/client/ + find {{ appsmith_root_dir }}/client/ -type f | xargs \ + sed -i \ +{% for var in [ + "APPSMITH_SENTRY_DSN","APPSMITH_SMART_LOOK_ID","APPSMITH_OAUTH2_GOOGLE_CLIENT_ID", + "APPSMITH_OAUTH2_GITHUB_CLIENT_ID","APPSMITH_MARKETPLACE_ENABLED", + "APPSMITH_SEGMENT_KEY","APPSMITH_OPTIMIZELY_KEY","APPSMITH_ALGOLIA_API_ID", + "APPSMITH_ALGOLIA_SEARCH_INDEX_NAME","APPSMITH_ALGOLIA_API_KEY","APPSMITH_CLIENT_LOG_LEVEL", + "APPSMITH_GOOGLE_MAPS_API_KEY","APPSMITH_TNC_PP","APPSMITH_VERSION_ID", + "APPSMITH_VERSION_RELEASE_DATE","APPSMITH_INTERCOM_APP_ID","APPSMITH_MAIL_ENABLED","APPSMITH_DISABLE_TELEMETRY"] %} + -e "s/__{{ var }}__/${{ '{' ~ var ~ '}' }}/g"{% if not loop.last %} \{% endif %} + +{% endfor %} + +fi diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml new file mode 100644 index 0000000..5b1614e --- /dev/null +++ b/roles/backup/defaults/main.yml @@ -0,0 +1,36 @@ +--- + +# The shell of the lbkp account +backup_shell: '/bin/bash' + +# List of commands lbkp will be allowed to run as root, with sudo +backup_sudo_base_commands: + - /usr/bin/rsync + - /usr/local/bin/pre-backup + - /usr/local/bin/post-backup + - /bin/tar + - /bin/gtar +backup_sudo_extra_commands: [] +backup_sudo_commands: "{{ backup_sudo_base_commands + backup_sudo_extra_commands }}" + +# List of ssh public keys to deploy +backup_ssh_keys: [] + +# Options to set for the ssh keys, to restrict what they can do +backup_ssh_keys_options: + - no-X11-forwarding + - no-agent-forwarding + - no-pty + +# List of IP address allowed to use the ssh keys +# Empty list means no restriction +backup_src_ip: [] + +# Custom pre / post script +backup_pre_script: | + #!/bin/bash -e + # Nothing to do +backup_post_script: | + #!/bin/bash -e + # Nothing to do +... diff --git a/roles/backup/files/dump-megaraid-cfg b/roles/backup/files/dump-megaraid-cfg new file mode 100644 index 0000000..9cef7bf --- /dev/null +++ b/roles/backup/files/dump-megaraid-cfg @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w + +# This script will backup the config of MegaRAID based +# RAID controllers. The saved config can be restored with +# MegaCli -CfgRestore -f /home/lbkp/mega_0.bin for example +# It also create a backup of the config as text, so you can +# manually check how things were configured at a certain point in time + +# If MegaCli is not installed, then the script does nothing + +use strict; + +my $megacli = undef; + +if (-x '/opt/MegaRAID/MegaCli/MegaCli64'){ + $megacli = '/opt/MegaRAID/MegaCli/MegaCli64'; +} elsif (-x '/opt/MegaRAID/MegaCli/MegaCli'){ + $megacli = '/opt/MegaRAID/MegaCli/MegaCli'; +} + +if (!$megacli){ + print "MegaCli not installed, nothing to do\n"; + exit 0; +} + +my $adapters = 0; +foreach (qx($megacli -adpCount -NoLog)) { + if ( m/Controller Count:\s*(\d+)/ ) { + $adapters = $1; + last; + } +} + +foreach my $adp (0..$adapters-1){ + my $hba = 0; + my $failgrouplist = 0; + foreach my $line (qx($megacli -CfgDsply -a$adp -NoLog)) { + if ( $line =~ m/Failed to get Disk Group list/ ) { + $failgrouplist = 1; + } elsif ( $line =~ m/Product Name:.*(JBOD|HBA)/ ) { + $hba = 1; + } + } + # Skip adapter if in HBA mode + next if ($hba && $failgrouplist); + + # Save the config in binary format + print "Saving config for adapter $adp\n"; + qx($megacli -CfgSave -f /home/lbkp/megaraid/cfg_$adp.bin -a$adp -NoLog); + die "Failed to backup conf for adapter $adp\n" unless ($? == 0); + + # Now also save in text representation + open TXT, ">/home/lbkp/megaraid/cfg_$adp.txt"; + print TXT foreach qx($megacli -CfgDsply -a$adp -NoLog); + die "Failed to backup Cfg text description for adapter $adp\n" unless ($? == 0); + close TXT; +} diff --git a/roles/backup/files/dump-rpms-list b/roles/backup/files/dump-rpms-list new file mode 100644 index 0000000..a0fdc70 --- /dev/null +++ b/roles/backup/files/dump-rpms-list @@ -0,0 +1,3 @@ +#!/bin/sh + +/bin/rpm -qa --qf "%{NAME}\t%{VERSION}\t%{RELEASE}\n" | grep -v gpg-pubkey | sort > /home/lbkp/rpms.list diff --git a/roles/backup/files/post-backup b/roles/backup/files/post-backup new file mode 100644 index 0000000..4b55acc --- /dev/null +++ b/roles/backup/files/post-backup @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ -d "/etc/backup/post.d" ]; then + for H in $(find /etc/backup/post.d -type f -o -type l | sort); do + if [ -x $H ]; then + echo "Running hook $H" + $H "$@" + echo "Finished hook $H" + else + echo "Skiping hook $H as it's not executable" + fi + done +fi +# Remove the lock +rm -f /var/lock/bkp.lock diff --git a/roles/backup/files/pre-backup b/roles/backup/files/pre-backup new file mode 100644 index 0000000..78a8969 --- /dev/null +++ b/roles/backup/files/pre-backup @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +# 2 locks are needed. The first one ensure we don't run +# The pre-backup script twice. It's an atomic lock. +# Then we need a second lock which will last until the post-backup ran +# This one doesn't need to be atomic (as we already checked this) +PRELOCKFILE="/var/lock/pre-bkp.lock" +exec 200>$PRELOCKFILE +flock -n 200 || ( echo "Couldn't aquire pre-backup lock" && exit 1 ) +PID=$$ +echo $PID 1>&200 + +if [ -e /var/lock/bkp.lock ]; then + # Consider the lock to be stale if it's older than 8 hours + if [ "$(( $(date +"%s") - $(stat -c "%Y" /var/lock/bkp.lock) ))" -gt "28800" ]; then + rm /var/lock/bkp.lock + else + echo "Another backup is running" + exit 1 + fi +fi +touch /var/lock/bkp.lock +if [ -d "/etc/backup/pre.d" ]; then + for H in $(find /etc/backup/pre.d -type f -o -type l | sort); do + if [ -x $H ]; then + echo "Running hook $H" + $H "$@" + echo "Finished hook $H" + else + echo "Skiping hook $H as it's not executable" + fi + done +fi diff --git a/roles/backup/files/rm-megaraid-cfg b/roles/backup/files/rm-megaraid-cfg new file mode 100644 index 0000000..17a1243 --- /dev/null +++ b/roles/backup/files/rm-megaraid-cfg @@ -0,0 +1,3 @@ +#!/bin/bash -e + +rm -f /home/lbkp/megaraid/* diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml new file mode 100644 index 0000000..cb54730 --- /dev/null +++ b/roles/backup/tasks/main.yml @@ -0,0 +1,94 @@ +--- + +- name: Install backup tools + yum: name=rsync + when: ansible_os_family == 'RedHat' + +- name: Install backup tools + apt: name=rsync + when: ansible_os_family == 'Debian' + +- name: Create a local backup user account + user: name=lbkp comment="Local backup account" system=yes shell={{ backup_shell }} + tags: backup + +- name: Deploy sudo configuration + template: src=sudo.j2 dest=/etc/sudoers.d/backup mode=400 + tags: backup + +- name: Deploy SSH keys for the backup account + authorized_key: + user: lbkp + key: "{{ backup_ssh_keys | join(\"\n\") }}" + key_options: "{{ backup_ssh_keys_options | join(',') }}" + exclusive: yes + when: backup_src_ip is not defined or backup_src_ip | length < 1 + tags: backup + +- name: Deploy SSH keys for the backup account (with source IP restriction) + authorized_key: + user: lbkp + key: "{{ backup_ssh_keys | join(\"\n\") }}" + key_options: "from=\"{{ backup_src_ip | join(',') }}\",{{ backup_ssh_keys_options | join(',') }}" + exclusive: yes + when: + - backup_src_ip is defined + - backup_src_ip | length > 0 + tags: backup + +- name: Create pre and post backup hook dir + file: path={{ item }} state=directory mode=750 + with_items: + - /etc/backup/pre.d + - /etc/backup/post.d + tags: backup + +- name: Deploy default pre/post backup hooks + copy: + content: "{{ item.content }}" + dest: /etc/backup/{{ item.type }}.d/default + mode: 0755 + loop: + - type: pre + content: "{{ backup_pre_script }}" + - type: post + content: "{{ backup_post_script }}" + tags: backup + +- name: Copy pre-backup script + copy: src={{ item }} dest=/usr/local/bin/{{ item }} mode=750 group=lbkp + with_items: + - pre-backup + - post-backup + tags: backup + +- name: Deploy rpm dump list script + copy: src=dump-rpms-list dest=/etc/backup/pre.d/dump-rpms-list mode=755 + when: ansible_os_family == 'RedHat' + tags: backup + +- name: Create megaraid dump dir + file: path=/home/lbkp/megaraid state=directory + tags: backup + +- name: Deploy MegaCli backup scripts + copy: src={{ item.script }} dest=/etc/backup/{{ item.type }}.d/{{ item.script }} mode=750 + with_items: + - script: dump-megaraid-cfg + type: pre + - script: rm-megaraid-cfg + type: post + when: lsi_controllers | default([]) | length > 0 + tags: backup + +- name: Excludes for proxmox backup client + copy: + dest: /.pxarexclude + content: | + var/log/lastlog + when: + - ansible_virtualization_role == 'guest' + - ansible_virtualization_type == 'lxc' or ansible_virtualization_type == 'systemd-nspawn' + tags: backup + +... diff --git a/roles/backup/templates/sudo.j2 b/roles/backup/templates/sudo.j2 new file mode 100644 index 0000000..c272361 --- /dev/null +++ b/roles/backup/templates/sudo.j2 @@ -0,0 +1,2 @@ +Defaults:lbkp !requiretty +lbkp ALL=(root) NOPASSWD: {{ backup_sudo_commands | join(',') }} diff --git a/roles/backuppc/defaults/main.yml b/roles/backuppc/defaults/main.yml new file mode 100644 index 0000000..94af17f --- /dev/null +++ b/roles/backuppc/defaults/main.yml @@ -0,0 +1,19 @@ +--- + +# You can choose either 3 or 4 +bpc_major_version: 3 + +# Auth to access BackupPC. Can be basic, lemonldap, lemonldap2 or none +bpc_auth: basic + +# List of IP address allowed +bpc_src_ip: [] + +# Should backuppc be started on boot ? +# You might want to turn this off if for example you must unlock +# the device on which you have your backup, and manually start backuppc after that +bpc_enabled: True + +# Should /BackupPC aliases be added on the main vhost ? +# You might want to, but you can also disable this and grant access only through a dedicated vhost +bpc_alias_on_main_vhost: True diff --git a/roles/backuppc/handlers/main.yml b/roles/backuppc/handlers/main.yml new file mode 100644 index 0000000..dc1bfa2 --- /dev/null +++ b/roles/backuppc/handlers/main.yml @@ -0,0 +1,5 @@ +--- + +- include: ../httpd_common/handlers/main.yml + +... diff --git a/roles/backuppc/meta/main.yml b/roles/backuppc/meta/main.yml new file mode 100644 index 0000000..c8aca60 --- /dev/null +++ b/roles/backuppc/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: httpd_front } diff --git a/roles/backuppc/tasks/main.yml b/roles/backuppc/tasks/main.yml new file mode 100644 index 0000000..bfb5dc3 --- /dev/null +++ b/roles/backuppc/tasks/main.yml @@ -0,0 +1,53 @@ +--- + +- name: Install BackupPC 4 + yum: + name: + - BackupPC4 + - fuse-backuppcfs4 + when: bpc_major_version == 4 + tags: bpc + +- name: Install BackupPC 3 + yum: + name: + - BackupPC + - fuse-backuppcfs + when: bpc_major_version != 4 + tags: bpc + +- name: Install tools + yum: + name: + - rsync + - tar + - samba-client + - openssh-clients + - BackupPC-server-scripts + - fuse-chunkfs + tags: bpc + +- name: Deploy httpd conf + template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/40-BackupPC.conf + notify: reload httpd + tags: bpc + +- name: Deploy sudo config + template: src=sudoers.j2 dest=/etc/sudoers.d/backuppc mode=0400 + tags: bpc + +- name: Create SSH Key + user: + name: backuppc + generate_ssh_key: yes + ssh_key_bits: 4096 + tags: bpc + +- name: Start the service + service: name=backuppc state=started + when: bpc_enabled + tags: bpc + +- name: Handle backuppc service status + service: name=backuppc enabled={{ bpc_enabled }} + tags: bpc diff --git a/roles/backuppc/templates/httpd.conf.j2 b/roles/backuppc/templates/httpd.conf.j2 new file mode 100644 index 0000000..0df46f8 --- /dev/null +++ b/roles/backuppc/templates/httpd.conf.j2 @@ -0,0 +1,25 @@ + + SSLRequireSSL on +{% if bpc_auth == "lemonldap" %} + PerlHeaderParserHandler Lemonldap::NG::Handler +{% elif bpc_auth == "lemonldap2" %} + PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2 +{% elif bpc_auth == "basic" %} + AuthType Basic + AuthUserFile /etc/BackupPC/apache.users + AuthName "BackupPC" + Require valid-user +{% endif %} + +{% if bpc_src_ip | length < 1 %} + Require all denied +{% else %} + Require ip {{ bpc_src_ip | join(' ') }} +{% endif %} + + +{% if bpc_auth != False and bpc_auth != 'none' and bpc_alias_on_main_vhost == True %} +Alias /BackupPC/images /usr/share/BackupPC/html/ +ScriptAlias /BackupPC /usr/share/BackupPC/sbin/BackupPC_Admin +ScriptAlias /backuppc /usr/share/BackupPC/sbin/BackupPC_Admin +{% endif %} diff --git a/roles/backuppc/templates/sudoers.j2 b/roles/backuppc/templates/sudoers.j2 new file mode 100644 index 0000000..664f505 --- /dev/null +++ b/roles/backuppc/templates/sudoers.j2 @@ -0,0 +1,3 @@ +Defaults:backuppc !requiretty +Cmnd_Alias BACKUPPC = /usr/bin/rsync, /bin/tar, /bin/gtar, /usr/local/bin/pre-backup, /usr/local/bin/post-backup, /usr/bin/virt-backup +backuppc ALL=(root) NOPASSWD: BACKUPPC diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml new file mode 100644 index 0000000..1a4f930 --- /dev/null +++ b/roles/bookstack/defaults/main.yml @@ -0,0 +1,78 @@ +--- + +# Version to deploy +bookstack_version: '21.11.2' +# URL of the arhive +bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz +# Expected sha1 of the archive +bookstack_archive_sha1: c9e8a0da936f7a2840c416dde70451f046e2b7f3 + +# Should ansible handle bookstack upgrades or just the inintial install +bookstack_manage_upgrade: True + +# We can deploy several bookstack instance on a single host +# each one can have a different ID which can be a simple number +# or a short string +bookstack_id: 1 +# Where to install bookstack +bookstack_root_dir: /opt/bookstack_{{ bookstack_id }} +# User under which the app will be executed +bookstack_php_user: php-bookstack_{{ bookstack_id }} +# Version of PHP used +bookstack_php_version: 80 +# Or you can specify here the name of a custom PHP FPM pool. See the httpd_php role +# bookstack_php_fpm_pool: custom_bookstack + +# If defined, an alias will be added in httpd's config to access bookstack +# Else, you'll have to defined a vhost to make bookstack accessible. See httpd_common role +bookstack_web_alias: /bookstack_{{ bookstack_id }} + +# You can restrict access to bookstack. If not defined or empty, +# no restriction will be made +bookstack_src_ip: "{{ httpd_ssl_src_ip | default(httpd_src_ip) | default([]) }}" + +# List of trusted proxies from which we can trust the X-Forwarded-For header +# Useful to get real client IP when BookStack is running behind a reverse proxy +# bookstack_trusted_proxies: +# - 10.99.2.10 +# The default value is to use the same as bookstack_src_ip if it's not empty and doesn't contain 0.0.0.0/0 +bookstack_trusted_proxies: "{{ (bookstack_src_ip | length > 0 and '0.0.0.0/0' not in bookstack_src_ip) | ternary(bookstack_src_ip, []) }}" + +# MySQL Database +bookstack_db_server: "{{ mysql_server | default('locaclhost') }}" +bookstack_db_port: 3306 +bookstack_db_user: bookstack_{{ bookstack_id }} +bookstack_db_name: bookstack_{{ bookstack_id }} +# If no pass is defined, a random one will be created and stored in meta/ansible_dbpass +# bookstack_db_pass: S3cr3t. + +# Application key. If not defined, a random one will be generated and store in meta/ansible_app_key +# bookstack_app_key: base64:H/zDPBqtK2BjOkgCrMMGGH+sSjOBrBs/ibcD4ozQc90= + +# Public URL of the app +bookstack_public_url: http://{{ inventory_hostname }}/bookstack_{{ bookstack_id }} + +# Email settings. Default will use local postfix installation +bookstack_email_name: BookStack +bookstack_email_from: no-reply@{{ ansible_domain }} +bookstack_email_server: localhost +bookstack_email_port: 25 +# You can set user and pass if needed +# bookstack_email_user: user@example.org +# bookstack_email_pass: S3cR3t. +# Encryption can be tls, ssl or null +bookstack_email_encryption: 'null' + +# Default lang +bookstack_default_lang: fr + +# Session lifetime, in minutes +bookstack_session_lifetime: 480 + +# You can set custom directive with this: +# bookstack_settings: +# AUTH_METHOD: saml2 +# SAML2_NAME: SSO +# SAML2_EMAIL_ATTRIBUTE: email +bookstack_settings: {} + diff --git a/roles/bookstack/meta/main.yml b/roles/bookstack/meta/main.yml new file mode 100644 index 0000000..9391075 --- /dev/null +++ b/roles/bookstack/meta/main.yml @@ -0,0 +1,8 @@ +--- + +allow_duplicates: True +dependencies: + - role: mkdir + - role: mysql_server + when: bookstack_db_server in ['localhost','127.0.0.1'] + - role: composer diff --git a/roles/bookstack/tasks/archive_post.yml b/roles/bookstack/tasks/archive_post.yml new file mode 100644 index 0000000..a4e7284 --- /dev/null +++ b/roles/bookstack/tasks/archive_post.yml @@ -0,0 +1,10 @@ +--- + +- name: Compress previous version + command: tar cf {{ bookstack_root_dir }}/archives/{{ bookstack_current_version }}.tar.zst ./ --use-compress-program=zstd + args: + chdir: "{{ bookstack_root_dir }}/archives/{{ bookstack_current_version }}" + warn: False + environment: + ZSTD_CLEVEL: 10 + tags: bookstack diff --git a/roles/bookstack/tasks/archive_pre.yml b/roles/bookstack/tasks/archive_pre.yml new file mode 100644 index 0000000..b8d4a64 --- /dev/null +++ b/roles/bookstack/tasks/archive_pre.yml @@ -0,0 +1,31 @@ +--- + +- name: Create the archive dir + file: path={{ bookstack_root_dir }}/archives/{{ bookstack_current_version }} state=directory + tags: bookstack + +- name: Archive current version + synchronize: + src: "{{ bookstack_root_dir }}/app" + dest: "{{ bookstack_root_dir }}/archives/{{ bookstack_current_version }}/" + compress: False + delete: True + rsync_opts: + - '--exclude=/storage/' + delegate_to: "{{ inventory_hostname }}" + tags: bookstack + +- name: Dump the database + mysql_db: + state: dump + name: "{{ bookstack_db_name }}" + target: "{{ bookstack_root_dir }}/archives/{{ bookstack_current_version }}/{{ bookstack_db_name }}.sql.xz" + login_host: "{{ bookstack_db_server }}" + login_user: "{{ bookstack_db_user }}" + login_password: "{{ bookstack_db_pass }}" + quick: True + single_transaction: True + environment: + XZ_OPT: -T0 + tags: bookstack + diff --git a/roles/bookstack/tasks/cleanup.yml b/roles/bookstack/tasks/cleanup.yml new file mode 100644 index 0000000..63642a9 --- /dev/null +++ b/roles/bookstack/tasks/cleanup.yml @@ -0,0 +1,9 @@ +--- + +- name: Remove tmp and obsolete files + file: path={{ item }} state=absent + loop: + - "{{ bookstack_root_dir }}/archives/{{ bookstack_current_version }}" + - "{{ bookstack_root_dir }}/tmp/BookStack-{{ bookstack_version }}" + - "{{ bookstack_root_dir }}/tmp/BookStack-{{ bookstack_version }}.tar.gz" + tags: bookstack diff --git a/roles/bookstack/tasks/conf.yml b/roles/bookstack/tasks/conf.yml new file mode 100644 index 0000000..74fd9eb --- /dev/null +++ b/roles/bookstack/tasks/conf.yml @@ -0,0 +1,54 @@ +--- + +- import_tasks: ../includes/webapps_webconf.yml + vars: + - app_id: bookstack_{{ bookstack_id }} + - php_version: "{{ bookstack_php_version }}" + - php_fpm_pool: "{{ bookstack_php_fpm_pool | default('') }}" + tags: bookstack + +- when: bookstack_app_key is not defined + block: + - name: Generate a uniq application key + shell: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan key:generate --show > {{ bookstack_root_dir }}/meta/ansible_app_key + args: + creates: "{{ bookstack_root_dir }}/meta/ansible_app_key" + + - name: Read application key + slurp: src={{ bookstack_root_dir }}/meta/ansible_app_key + register: bookstack_rand_app_key + + - set_fact: bookstack_app_key={{ bookstack_rand_app_key.content | b64decode | trim }} + + tags: bookstack + +- name: Deploy BookStack configuration + template: src=env.j2 dest={{ bookstack_root_dir }}/app/.env group={{ bookstack_php_user }} mode=640 + tags: bookstack + +- when: bookstack_install_mode != 'none' + block: + - name: Migrate the database + shell: echo yes | /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan migrate + + - name: Clear cache + command: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan cache:clear + + - name: Clear views + command: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan view:clear + + - name: Regenerate search + command: /bin/php{{ bookstack_php_version }} {{ bookstack_root_dir }}/app/artisan bookstack:regenerate-search + + become_user: "{{ bookstack_php_user }}" + tags: bookstack + +- name: Deploy permission script + template: src=perms.sh.j2 dest={{ bookstack_root_dir }}/perms.sh mode=755 + register: bookstack_perm_script + tags: bookstack + +- name: Apply permissions + command: "{{ bookstack_root_dir }}/perms.sh" + when: bookstack_perm_script.changed or bookstack_install_mode != 'none' + tags: bookstack diff --git a/roles/bookstack/tasks/directories.yml b/roles/bookstack/tasks/directories.yml new file mode 100644 index 0000000..c3b6fa1 --- /dev/null +++ b/roles/bookstack/tasks/directories.yml @@ -0,0 +1,23 @@ +--- + +- name: Create required directories + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: "{{ bookstack_root_dir }}" + - dir: "{{ bookstack_root_dir }}/meta" + mode: 700 + - dir: "{{ bookstack_root_dir }}/backup" + mode: 700 + - dir: "{{ bookstack_root_dir }}/archives" + mode: 700 + - dir: "{{ bookstack_root_dir }}/app" + - dir: "{{ bookstack_root_dir }}/sessions" + group: "{{ bookstack_php_user }}" + mode: 770 + - dir: "{{ bookstack_root_dir }}/tmp" + group: "{{ bookstack_php_user }}" + mode: 770 + - dir: "{{ bookstack_root_dir }}/data" + group: "{{ bookstack_php_user }}" + mod: 700 + tags: bookstack diff --git a/roles/bookstack/tasks/facts.yml b/roles/bookstack/tasks/facts.yml new file mode 100644 index 0000000..cb53ed8 --- /dev/null +++ b/roles/bookstack/tasks/facts.yml @@ -0,0 +1,20 @@ +--- + +# Detect installed version (if any) +- block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ bookstack_root_dir }}" + - version: "{{ bookstack_version }}" + - set_fact: bookstack_install_mode={{ (install_mode == 'upgrade' and not bookstack_manage_upgrade) | ternary('none',install_mode) }} + - set_fact: bookstack_current_version={{ current_version | default('') }} + tags: bookstack + +# Create a random pass for the DB if needed +- block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ bookstack_root_dir }}/meta/ansible_dbpass" + - set_fact: bookstack_db_pass={{ rand_pass }} + when: bookstack_db_pass is not defined + tags: bookstack diff --git a/roles/bookstack/tasks/install.yml b/roles/bookstack/tasks/install.yml new file mode 100644 index 0000000..792b978 --- /dev/null +++ b/roles/bookstack/tasks/install.yml @@ -0,0 +1,86 @@ +--- + +- name: Install needed tools + package: + name: + - acl + - tar + - zstd + - mariadb + tags: bookstack + +- when: bookstack_install_mode != 'none' + block: + - name: Download bookstack + get_url: + url: "{{ bookstack_archive_url }}" + dest: "{{ bookstack_root_dir }}/tmp" + checksum: sha1:{{ bookstack_archive_sha1 }} + + - name: Extract the archive + unarchive: + src: "{{ bookstack_root_dir }}/tmp/BookStack-{{ bookstack_version }}.tar.gz" + dest: "{{ bookstack_root_dir }}/tmp" + remote_src: True + + - name: Move BookStack to its final dir + synchronize: + src: "{{ bookstack_root_dir }}/tmp/BookStack-{{ bookstack_version }}/" + dest: "{{ bookstack_root_dir }}/app/" + delete: True + compress: False + rsync_opts: + - '--exclude=/storage/' + - '--exclude=/public/uploads/' + delegate_to: "{{ inventory_hostname }}" + + - name: Populate data directories + synchronize: + src: "{{ bookstack_root_dir }}/tmp/BookStack-{{ bookstack_version }}/{{ item }}" + dest: "{{ bookstack_root_dir }}/data/" + compress: False + delegate_to: "{{ inventory_hostname }}" + loop: + - storage + - public/uploads + + - name: Link data directories + file: src={{ item.src }} dest={{ item.dest }} state=link + loop: + - src: "{{ bookstack_root_dir }}/data/storage" + dest: "{{ bookstack_root_dir }}/app/storage" + - src: "{{ bookstack_root_dir }}/data/uploads" + dest: "{{ bookstack_root_dir }}/app/public/uploads" + + - name: Install PHP libs with composer + composer: + command: install + working_dir: "{{ bookstack_root_dir }}/app" + executable: /bin/php{{ bookstack_php_version }} + environment: + php: /bin/php{{ bookstack_php_version }} + + tags: bookstack + +- import_tasks: ../includes/webapps_create_mysql_db.yml + vars: + - db_name: "{{ bookstack_db_name }}" + - db_user: "{{ bookstack_db_user }}" + - db_server: "{{ bookstack_db_server }}" + - db_pass: "{{ bookstack_db_pass }}" + tags: bookstack + +- name: Set correct SELinux context + sefcontext: + target: "{{ bookstack_root_dir }}(/.*)?" + setype: httpd_sys_content_t + state: present + when: ansible_selinux.status == 'enabled' + tags: bookstack + +- name: Install pre/post backup hooks + template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/bookstack_{{ bookstack_id }} mode=700 + loop: + - pre + - post + tags: bookstack diff --git a/roles/bookstack/tasks/main.yml b/roles/bookstack/tasks/main.yml new file mode 100644 index 0000000..57f4c85 --- /dev/null +++ b/roles/bookstack/tasks/main.yml @@ -0,0 +1,13 @@ +--- + +- include: user.yml +- include: directories.yml +- include: facts.yml +- include: archive_pre.yml + when: bookstack_install_mode == 'upgrade' +- include: install.yml +- include: conf.yml +- include: write_version.yml +- include: archive_post.yml + when: bookstack_install_mode == 'upgrade' +- include: cleanup.yml diff --git a/roles/bookstack/tasks/user.yml b/roles/bookstack/tasks/user.yml new file mode 100644 index 0000000..ccec17e --- /dev/null +++ b/roles/bookstack/tasks/user.yml @@ -0,0 +1,5 @@ +--- + +- name: Create user account + user: name={{ bookstack_php_user }} system=True shell=/sbin/nologin home={{ bookstack_root_dir }} + tags: bookstack diff --git a/roles/bookstack/tasks/write_version.yml b/roles/bookstack/tasks/write_version.yml new file mode 100644 index 0000000..d7e8744 --- /dev/null +++ b/roles/bookstack/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write current version + copy: content={{ bookstack_version }} dest={{ bookstack_root_dir }}/meta/ansible_version + tags: bookstack diff --git a/roles/bookstack/templates/env.j2 b/roles/bookstack/templates/env.j2 new file mode 100644 index 0000000..9fdbdb8 --- /dev/null +++ b/roles/bookstack/templates/env.j2 @@ -0,0 +1,28 @@ +APP_KEY={{ bookstack_app_key }} +APP_URL={{ bookstack_public_url }} +DB_HOST={{ bookstack_db_server }} +DB_DATABASE={{ bookstack_db_name }} +DB_USERNAME={{ bookstack_db_user }} +DB_PASSWORD={{ bookstack_db_pass | quote }} +MAIL_DRIVER=smtp +MAIL_FROM_NAME="{{ bookstack_email_name }}" +MAIL_FROM={{ bookstack_email_from }} +MAIL_HOST={{ bookstack_email_server }} +MAIL_PORT={{ bookstack_email_port }} +{% if bookstack_email_user is defined and bookstack_email_pass is defined %} +MAIL_USERNAME={{ bookstack_email_user }} +MAIL_PASSWORD={{ bookstack_email_pass | quote }} +{% endif %} +MAIL_ENCRYPTION={{ bookstack_email_encryption }} +APP_TIMEZONE={{ system_tz | default('UTC') }} +APP_LANG={{ bookstack_default_lang }} +SESSION_SECURE_COOKIE={{ (bookstack_public_url | urlsplit('scheme') == 'https') | ternary('true','false') }} +SESSION_COOKIE_NAME=bookstack_{{ bookstack_id }}_session +SESSION_LIFETIME={{ bookstack_session_lifetime }} +CACHE_PREFIX=bookstack_{{ bookstack_id }} +{% if bookstack_trusted_proxies | length > 0 %} +APP_PROXIES={{ bookstack_trusted_proxies | join(',') }} +{% endif %} +{% for key in bookstack_settings.keys() | list %} +{{ key }}="{{ bookstack_settings[key] }}" +{% endfor %} diff --git a/roles/bookstack/templates/httpd.conf.j2 b/roles/bookstack/templates/httpd.conf.j2 new file mode 100644 index 0000000..d42fa33 --- /dev/null +++ b/roles/bookstack/templates/httpd.conf.j2 @@ -0,0 +1,39 @@ +{% if bookstack_web_alias is defined and bookstack_web_alias != False %} +Alias /{{ bookstack_web_alias | regex_replace('^/','') }} {{ bookstack_root_dir }}/app/public +{% else %} +# No alias defined, create a vhost to access it +{% endif %} + + + AllowOverride All + Options FollowSymLinks +{% if bookstack_src_ip is defined and bookstack_src_ip | length > 0 %} + Require ip {{ bookstack_src_ip | join(' ') }} +{% else %} + Require all granted +{% endif %} + + SetHandler "proxy:unix:/run/php-fpm/{{ bookstack_php_fpm_pool | default('bookstack_' + bookstack_id | string) }}.sock|fcgi://localhost" + + + RewriteEngine On + + # Handle Authorization Header + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + # Redirect Trailing Slashes If Not A Folder... + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_URI} (.+)/$ + RewriteRule ^ %1 [L,R=301] + + # Send Requests To Front Controller... + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.php [L] + + + Require all denied + + + diff --git a/roles/bookstack/templates/perms.sh.j2 b/roles/bookstack/templates/perms.sh.j2 new file mode 100644 index 0000000..441ce84 --- /dev/null +++ b/roles/bookstack/templates/perms.sh.j2 @@ -0,0 +1,19 @@ +#!/bin/bash + +restorecon -R {{ bookstack_root_dir }} +chown root:root {{ bookstack_root_dir }} +chmod 700 {{ bookstack_root_dir }} +setfacl -R -k -b {{ bookstack_root_dir }} +setfacl -m u:{{ bookstack_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:x {{ bookstack_root_dir }} +find {{ bookstack_root_dir }}/app -type f -exec chmod 644 "{}" \; +find {{ bookstack_root_dir }}/app -type d -exec chmod 755 "{}" \; +chown root:{{ bookstack_php_user }} {{ bookstack_root_dir }}/app/.env +chmod 640 {{ bookstack_root_dir }}/app/.env +chown -R {{ bookstack_php_user }} {{ bookstack_root_dir }}/app/bootstrap/cache +chmod 700 {{ bookstack_root_dir }}/app/bootstrap/cache +chown -R {{ bookstack_php_user }} {{ bookstack_root_dir }}/data +chmod 700 {{ bookstack_root_dir }}/data +setfacl -R -m u:{{ httpd_user | default('apache') }}:rx {{ bookstack_root_dir }}/app/public +setfacl -m u:{{ httpd_user | default('apache') }}:x {{ bookstack_root_dir }}/data/ +setfacl -R -m u:{{ httpd_user | default('apache') }}:rx {{ bookstack_root_dir }}/data/uploads +find {{ bookstack_root_dir }} -name .htaccess -exec chmod 644 "{}" \; diff --git a/roles/bookstack/templates/php.conf.j2 b/roles/bookstack/templates/php.conf.j2 new file mode 100644 index 0000000..51a3b4b --- /dev/null +++ b/roles/bookstack/templates/php.conf.j2 @@ -0,0 +1,35 @@ +[bookstack_{{ bookstack_id }}] + +listen.owner = root +listen.group = apache +listen.mode = 0660 +listen = /run/php-fpm/bookstack_{{ bookstack_id }}.sock +user = {{ bookstack_php_user }} +group = {{ bookstack_php_user }} +catch_workers_output = yes + +pm = dynamic +pm.max_children = 15 +pm.start_servers = 3 +pm.min_spare_servers = 3 +pm.max_spare_servers = 6 +pm.max_requests = 5000 +request_terminate_timeout = 5m + +php_flag[display_errors] = off +php_admin_flag[log_errors] = on +php_admin_value[error_log] = syslog +php_admin_value[memory_limit] = 256M +php_admin_value[session.save_path] = {{ bookstack_root_dir }}/sessions +php_admin_value[upload_tmp_dir] = {{ bookstack_root_dir }}/tmp +php_admin_value[sys_temp_dir] = {{ bookstack_root_dir }}/tmp +php_admin_value[post_max_size] = 100M +php_admin_value[upload_max_filesize] = 100M +php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd +php_admin_value[open_basedir] = {{ bookstack_root_dir }}:/usr/share/pear/:/usr/share/php/ +php_admin_value[max_execution_time] = 60 +php_admin_value[max_input_time] = 60 +php_admin_flag[allow_url_include] = off +php_admin_flag[allow_url_fopen] = off +php_admin_flag[file_uploads] = on +php_admin_flag[session.cookie_httponly] = on diff --git a/roles/bookstack/templates/post-backup.j2 b/roles/bookstack/templates/post-backup.j2 new file mode 100644 index 0000000..4813cc1 --- /dev/null +++ b/roles/bookstack/templates/post-backup.j2 @@ -0,0 +1,3 @@ +#!/bin/bash -e + +rm -f {{ bookstack_root_dir }}/backup/*.sql.zst diff --git a/roles/bookstack/templates/pre-backup.j2 b/roles/bookstack/templates/pre-backup.j2 new file mode 100644 index 0000000..6611527 --- /dev/null +++ b/roles/bookstack/templates/pre-backup.j2 @@ -0,0 +1,13 @@ +#!/bin/sh +set -eo pipefail + +/usr/bin/mysqldump \ +{% if bookstack_db_server not in ['localhost','127.0.0.1'] %} + --user={{ bookstack_db_user | quote }} \ + --password={{ bookstack_db_pass | quote }} \ + --host={{ bookstack_db_server | quote }} \ + --port={{ bookstack_db_port | quote }} \ +{% endif %} + --quick --single-transaction \ + --add-drop-table {{ bookstack_db_name | quote }} | zstd -c > {{ bookstack_root_dir }}/backup/{{ bookstack_db_name }}.sql.zst + diff --git a/roles/clamav/defaults/main.yml b/roles/clamav/defaults/main.yml new file mode 100644 index 0000000..388103a --- /dev/null +++ b/roles/clamav/defaults/main.yml @@ -0,0 +1,16 @@ +--- +clam_mirror: database.clamav.net +clam_user: clamav +clam_group: clamav +clam_enable_clamd: False +clam_custom_db_url: [] +clam_safebrowsing: True +clam_listen_port: 3310 +clam_ports: "{{ [clam_listen_port] + [clam_stream_port_min + ':' + clam_stream_port_max] }}" +clam_listen_ip: 127.0.0.1 +clam_src_ip: [] +# Max stream size, in MB +clam_stream_max_size: 50 +clam_stream_port_min: 30000 +clam_stream_port_max: 32000 + diff --git a/roles/clamav/handlers/main.yml b/roles/clamav/handlers/main.yml new file mode 100644 index 0000000..eb97d88 --- /dev/null +++ b/roles/clamav/handlers/main.yml @@ -0,0 +1,9 @@ +--- + +- include: ../common/handlers/main.yml + +- name: restart freshclam + service: name=freshclam state=restarted + +- name: restart clamd + service: name=clamd state={{ clam_enable_clamd | ternary('restarted','stopped') }} diff --git a/roles/clamav/tasks/main.yml b/roles/clamav/tasks/main.yml new file mode 100644 index 0000000..598587d --- /dev/null +++ b/roles/clamav/tasks/main.yml @@ -0,0 +1,57 @@ +--- + +- name: Install packages + yum: + name: + - clamav + - clamav-data-empty + - clamav-server-systemd + - clamav-update + +- name: Create clamav user account + user: + name: clamav + system: True + shell: /sbin/nologin + comment: "ClamAV antivirus user account" + +- name: Set SELinux + seboolean: name={{ item }} state=True persistent=True + with_items: + - clamd_use_jit + - antivirus_can_scan_system + when: ansible_selinux.status == 'enabled' + +- name: Deploy freshclam configuration + template: src=freshclam.conf.j2 dest=/etc/freshclam.conf mode=644 + notify: restart freshclam + +- name: Deploy clamd configuration + template: src=clamd.conf.j2 dest=/etc/clamd.conf + notify: restart clamd + +- name: Deploy systemd units + template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} + with_items: + - freshclam.service + - clamd.service + notify: + - restart freshclam + - restart clamd + register: clamav_units + +- name: Deploy tmpfiles.d fragment + copy: + content: 'd /run/clamav 755 {{ clam_user }} {{ clam_group }}' + dest: /etc/tmpfiles.d/clamav.conf + notify: systemd-tmpfiles + +- name: Reload systemd + command: systemctl daemon-reload + when: clamav_units.changed + +- name: Start and enable freshclam + service: name=freshclam state=started enabled=True + +- name: Handle clamd service + service: name=clamd state={{ clam_enable_clamd | ternary('started','stopped') }} enabled={{ clam_enable_clamd }} diff --git a/roles/clamav/templates/clamd.conf.j2 b/roles/clamav/templates/clamd.conf.j2 new file mode 100644 index 0000000..5ec1c65 --- /dev/null +++ b/roles/clamav/templates/clamd.conf.j2 @@ -0,0 +1,12 @@ +LogSyslog yes +LogVerbose yes +ExtendedDetectionInfo yes +LocalSocket /var/run/clamav/clamd.sock +LocalSocketMode 666 +TCPSocket {{ clam_listen_port }} +TCPAddr {{ clam_listen_ip }} +StreamMinPort {{ clam_stream_port_min }} +StreamMaxPort {{ clam_stream_port_max }} +StreamMaxLength {{ clam_stream_max_size }}M +ExitOnOOM yes +Foreground yes diff --git a/roles/clamav/templates/clamd.service.j2 b/roles/clamav/templates/clamd.service.j2 new file mode 100644 index 0000000..4845593 --- /dev/null +++ b/roles/clamav/templates/clamd.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=ClamAV antivirus daemon +After=syslog.target network.target + +[Service] +Type=simple +ExecStart=/usr/sbin/clamd -c /etc/clamd.conf +User={{ clam_user }} +Group={{ clam_group }} +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/roles/clamav/templates/freshclam.conf.j2 b/roles/clamav/templates/freshclam.conf.j2 new file mode 100644 index 0000000..f072f62 --- /dev/null +++ b/roles/clamav/templates/freshclam.conf.j2 @@ -0,0 +1,12 @@ +DatabaseDirectory /var/lib/clamav +LogVerbose yes +LogSyslog yes +Checks {{ clam_safebrowsing | ternary('48','12') }} +DatabaseOwner clamupdate +DatabaseMirror {{ clam_mirror }} +{% for custom in clam_custom_db_url %} +DatabaseCustomURL={{ custom }} +{% endfor %} +NotifyClamd /etc/clamd.conf +Foreground yes +SafeBrowsing {{ clam_safebrowsing | ternary('yes','no') }} diff --git a/roles/clamav/templates/freshclam.service.j2 b/roles/clamav/templates/freshclam.service.j2 new file mode 100644 index 0000000..19b7b6a --- /dev/null +++ b/roles/clamav/templates/freshclam.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=ClamAV signature updater +After=network.target + +[Service] +Type=simple +User=clamupdate +Group=clamupdate +ExecStart=/usr/bin/freshclam --stdout --daemon +Restart=on-failure +PrivateTmp=true + +[Install] +WantedBy=multi-user.target + diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml new file mode 100644 index 0000000..069bac4 --- /dev/null +++ b/roles/common/defaults/main.yml @@ -0,0 +1,112 @@ +--- + +# List of UNIX group which will have full root access, using sudo +system_admin_groups: ['admins','Domain\ Admins'] + +# Email address of the admin (will receive root email) +# system_admin_email: admin@domain.net + +# List of basic system utilisties to install +# (Common list for EL and Debian based distro) +system_utils: + - htop + - screen + - iftop + - tcpdump + - bzip2 + - pbzip2 + - lzop + - vim + - bash-completion + - rsync + - lsof + - net-tools + - sysstat + - pciutils + - strace + - wget + - man-db + - unzip + - openssl + - pv + - less + - nano + - tree + - mc + - tar + +# Kernel modules to load +system_kmods: [] + +# List of extra package to install +system_extra_pkgs: [] + +# MegaCLI tool version +megacli_version: 8.07.14-1 + +# List of FS to mount +fstab: [] +# fstab: +# - name: /mnt/data +# src: files.domain.org:/data +# opts: noatime +# fstype: nfs +# state: present +# boot: yes + +# Various SELinux booleans +sebool: [] +# sebool: +# - name: httpd_use_fusefs +# state: True +# persistent: True + +system_swappiness: 10 +system_sysctl: {} +# system_sysctl: +# vm.vfs_cache_pressure: 500 +# vm.dirty_ratio: 10 +# vm.dirty_background_ratio: 5 + +# Disable traditional rsyslog daemon +system_disable_syslog: False + +# Send journald logs to a remote server using systemd-journal-upload +# system_journal_remote_uri: http://logs.example.com:19532 + +# Max disk space used by the Journal. Default is 10% of the available space. But must be exressed as an absolute value in the conf +# We can specify the max amount of space used, and the min amount of space left free. The smallest limit will apply +system_journal_max_use: 3G +system_journal_keep_free: 2G + +# System Timezone +system_tz: 'Europe/Paris' + +# Tuned profile to apply. If undefined, virt-host and virt-guest are applied automatically when needed +# system_tuned_profile: enterprise-storage + +# Frquency of the fstrim cron job. Can be daily, weekly or monthly +system_fstrim_freq: weekly + +system_base_bash_aliases: + ls: 'ls $LS_OPTIONS' + ll: 'ls $LS_OPTIONS -l' + l: 'ls $LS_OPTIONS -lA' + rm: 'rm -i' + cp: 'cp -i' + mv: 'mv -i' + +system_extra_bash_aliases: {} +system_bash_aliases: "{{ system_base_bash_aliases | combine(system_extra_bash_aliases, recursive=True) }}" + +# shell scriplet to exec on boot +system_rc_local_base_cmd: [] +system_rc_local_extra_cmd: [] +system_rc_local_cmd: "{{ system_rc_local_base_cmd + system_rc_local_extra_cmd }}" + +# shell scriplet to exec on shutdown +system_rc_local_shutdown_base_cmd: [] +system_rc_local_shutdown_extra_cmd: [] +system_rc_local_shutdown_cmd: "{{ system_rc_local_shutdown_base_cmd + system_rc_local_shutdown_extra_cmd }}" + +... diff --git a/roles/common/files/MegaCli-8.07.14-1.noarch.rpm b/roles/common/files/MegaCli-8.07.14-1.noarch.rpm new file mode 100644 index 0000000000000000000000000000000000000000..b79499e70374c971b4de061228d0c4451effc8fa GIT binary patch literal 1549650 zcmb@t1y~(Rvo?yea1AaCclY2DJXnB0aCe8`5Q4kAh2X(mf&>c=36|jQ?h@pmwKw~G zN4|6K^WW#Lq^IVsuC98kx~HcX35R7z^RQ6B=jpYXg^{GK6$?KrJ0B|tHwyRH8rwcz{p< z39&H+8VG2R&p*5&dB8m5T|h!G@-yCh#@Npok{1%taG&wvGZuKpM}UOnY5R;Jc|-g; zKI2nBLi(eg@fjc?{c+Fu{23QLgUjPy^KIyq1 zACN#iginBk^h4GOq`%~E2}cM>NPqJ)Ci)vA0^A^WaP)u#{3GH35;7jL#vm9n4uZv= zF~u{Me#Q*XSO$=QAH;w1k$uMhicAR+b8dhUN-FL2t={f>Zy#Dk23`11iI z#9r^YKkOOnKjQ{KLhOwJ3E?~Pj7^{Mk7sQ5jHjQm`7@q-#*jKg#xFc$2rmd;f5woy z1J4uUA3$PCLOt(4P|y1h6vsar@Eh?rU^Q_$De!9}dm{@oJ2QJ%u!gIZt(B`M>wg$o zxq#hV%uKFgZ#KGRx*}>M<%-Mw%hy|rqIcsfdY2wJj!NtSE$<4ya$D)^S1cjT~6f!NSS}Ea~9v=-_PRYUN-L^?#$4urzvaZv<8`ay7Gs zg3yPubai!n$;RgH?hXlM`&TSmD|GZXA?^(Bv%JF6H73ggQF`Oq#Te@f87B4 zGMkmXi>r~XEvv1A1u`;{l{r`k%wqm8TfhXYhl~UUgIz7n?2(a>%uFmDz?5%|ob9db zEhxY$&Svke9Nb*M&vgbn8kyJt)dT~DGqQCyGcxrAKZgLS=w@$f=KPm)u&I@^nTe}| zvnM4olDQT5U!lQlZZ6JjF2+{&|8V^OpTIv6{u_&D5{7Q}Ms{Xk79+3^*v!J&%n{6D z0`}nNHQ?no1hZJUg4rRAAoT!fKNp0T8*FUl3RZptHg^EBqy&qA*-Xvev)Q}Z+JZSn zXgU7FQpv#`>}+P|@E)iin2YnTVL-A*&YpnU7MNC3u(_43najU*;cWM>srfI{_*{M@ zBp{BhJ($JiKh5EPF|@TZb^*$621qMs7EV?d2Uf=a#pnMtMMg5Sbus&oRG!)Y-zNQB ztG|=}|CA;#HzZMWD<~urpxUkm4(0}Sz`{1MwK4$Kv5T;wt;_$C6C*Gg|C$&du)7JE z#TIOc{9he88(EneINDhJ8%MyJ_-738P=Nn>V5t8s3owhB(_c#k{NL7!+CQ`ZZ=cBj zv?l-EA_7(bi}U|7xxmEy8$SOe^A{fu$kP3b4f;ovjp;5Fjm;Ndbg=ixHv;uU~0Hs%)Koc#X6NEI=HfEp;N&&pH8tfn z=Qc5dGBsl7=HmrUdu9T>0%jcMW=6)Grl!1R>;eM(Cj9)6x6*(6I6FAFLjA9o=cN91 z?qzjxHeq#kw1Wc9ga7e)wgNoEi$OtQi2*N2c}Qb}Y=176Q2$6^98ev46(dhu2P0Ey z$o?Q}^xh2Eea)>r7@(fJB^~S>oy}Z;_Z7rK3E0G3Aa8wcR(9an&Be;j3ORmrvvRR= z{fFa!0{lO`xWF7-{Cpe&?7UpufHM$4@43N;nM1*cnF8&f>VW>YQ~p1BK1*J1sQ)?H zz_$b7I|2(k)W3Z!*q~UHIiXA(tsI~%ysR9d1paxu{r!?-aW*rxG;(G6>&3@nVebYt zDQM~T$b3D#5*dzLne8A6aR2M5{q%JI3Ao23j|5IRkPmFV9*P*Q#&xb9o}SwaDQ#cWHK7szuk6Y}R&aaCcE-|i^l48s!PrQjvtA3UE=s{*@@tQQ zV3-YLct7W0F`~Rs7OLHiJ+U2h=IELU(Kwo4x#!+4jsZgWV-u5dEpEP}j+d?R>(2h% zhAnaSLHBZZ>{A^VO<{arK#%dor1 z{t}OYljfqpsmIfB?!YtVRUqd!29d;ikM_L%SEhI)IX25*iq0$)zid-};X3!#d4D@Y zfByt(DT?2xb#|lpCFE?Dz{K&1)n#BhUbpU32eMl<;WqesXg0c->qp1<iJS|5wzf7gw zQwEg5ztA?k(tc76zG}t8hxU!pmD`Xvvf_1KRIZfU$dIiR-^fs?L```lXsJxxu+y;Y z@iT`~uH!sQ$BHt)aQG1`pFffv*XW2r_(~D{Ad_!7Eaq;G=9lubsqP{>YRvSLi1nun z6lwoQWwbR9%&xhRb>g|7Pi;)vkJohrM&;4?q)hA0c= zVN~&^d)HjlWBNZx)!d&G92(tZo1GC8J_$x0DN5u^!Vt?D z6Pd@^gEiURd8=5G3!2C@FhAV2F4#SM{dnmcGhIwoHohMv8eaI+H4)lWc%hY$BR#~I z_bBMnnQ-BXw3x6dn!MTc@#o^C(YNBZWO``UlOw`i14K4!x7t;Q>fztlo=`TJ!@iD=W>Y3ox5i4wbnx@#~t(f_{x2MahIZBqM<*nzmSn%)yU!Z zgC>?H=1=Wz8;mKxm0t`W!!bQse18(iuhYI=PxnD*auCQDH9EUS@?gKkVt#m;_;drm zzGf8OjuFbU`7Y6uU%?-2*tXa+)S3SCeTrYw&tIAMr?*KJ zp6Fuw%M>4P{Ka+_&K^Y`e?p%R>QJn;B3a_(#mde#W!6`{kF>;i5#>*~E;@K;ff#a4 z%KYGxLMF+{8GkxE_gjdzNP9CaopVd?I6==%E=F1>FWd>a`85Nx?2b zb)<(zOtq5xozf$@4jEip3JQ{bWKNbu!#E#LH60T2}o0}Jz zemrQ?jzM)ssqJYgIK^0S8!njdcVakCz#pUKtlJ)KbUEKD9;qGOUJ-H8L`aQK$cRs{ zT2D}uLv1?wiTj6{IMqryq`qLDc1iduC0x#Z*=xUjhC%L)J)z*w45_`dorT-;1kOV) zt^+wa6>DcAH;RNwS(a^!I7iL7`w?7hbJiRMzwP4U5m=Fg!}7<6fNL+--7ZhA?YL!z z>qR#`UA2kwSCQr-oZek-k^{b52L;+c3aJ0AUEr$iPTgvDr)8y7Lk;QI(=!OuP`Ny| zrCZe6Y34$hb(e%z0NsyAjxX#K#tSo5I?qHkejMEh!%+UV+D z`-)p-(I+%pCoVmQ!#hVfc{r=z-h6Jm*h#9L;T+E~)FK~M zAx|L<$;r#>NTK$Q3COy<0pTN1bC{&C1ZKWE54^)knLSrKkfTmTW#!?b+2pW<=9n4L z=Gqqj?n2)4y-;nKl5)cz9hK4UF`p!Za3OBMvu>-%g==!cj;qFrK=R#MTIk`oTFy5g zLe&W)i;**|l(o6%mG&P9cyp^wC3Z`78SBv#5=eJRT-&+JQH+KZDNbhJOiWZWs*D#< z?*tXd6pUq|9U5?7*8mF>i4`Q8qRgpONE*l;UyoSNA^755&R`+yNSdAUs`*$(azZ-N zTG-M@^>^_F1?of;jQcgX*v_TD8^WwDaH849;OGMf z#$~A_u5M#oC*rHk8&Rcbe2W&PIfC(6WX)0}4Z%g32||-1iKf>e4*!v8sZoV31hg%C zVm?+YdcrdMOpiamo#Z5`-GAL4g+w@Q_$^G8Hbu1yBiRQ(WMB^ZOG{@G*iniQMX&k@ zvB=sgBys1#(GB)656azNK4CapZ{nMX8K}I&kLi;{ub?T+)T)rAsYM7c2uQX9tJ%Tq z!6(pO1W8tpNmq7>`6{HrVpr-dAP60g(h}i|c)!;YL zH(}kTR68J0lwM1Ly6B3HVWM^RBP}s`NjAABCkD-F(MiVJ)U;DU#SPFbVawroN zwlXs&m?80AVzNZ1xIw*0!y$2sD=nDs!G8Qfq~W5l6xygSBs^Z6;!sd4En9;GT^8Pf zzB=k+1@(r{LK$&ekq0e?Jt3}6le~p7a<4@XiR1S!#JpN*uE4~$_>9_ZBVdmoWO}Lt zO`%Oq_92e>9V5ko%*jVba2HCqIEg!ngfYDaX2L5~o*+s7n9w-av3H zS-fR3P&m#s6a};2c)TNZ4GAdx+$zKow?+swxW+-!&0+e0u==|9I5>{kIiG^MLmxG$ zDXxJr$Yk&iPoj2!1d2jCs$blLsRje&KxLx^qKk852y(~t4meTz><^;Devsr3-y!e* z8ukbzcaIASr%(=dF2Ihn04H&rT-StA2Sd+4l zykUnR!m&_C1mK1%9OCDvJV4HYCny$hZ%K6*dcpz3ngkqXDO_Nz`ar;6c4`bk=~7Ra za{zD!95;Uem;?g~R$540g-{CW$Vn{^ba0VEn7!PE9hl_)rp|P|X zmsc?s9Uq(cE|`f~E6Un7s`xJ0i3_IHDba*S5f)pEP_1^Hcz-XIFo+X*<)DS6Wl$F6 zA!T4S2c9#KF@j@|J0D`3Pz zO6;KwkymR4=6o#og~z?_zTsM#*k+iN3?hhK-o&lRk=vI&wL4aM27(OK$RSgUJj%|UF zRAV&MOHwO>bh}fraWNuk%Xzp@IB_BIb16`+LKE!9^M>gq#uBZ)Q`ODzoOC$ zf?V67FM)Y)C4gMLsP@R`V_lIT*9+Py(MIxJwZEE1%Tk7j-%_)>|*CH``AT_jkC^Q)9vCnwsZd2&K{?Y z+%FbL&fw!EwCw24{)IC$vZ~Y#v04)IbqeDqd`d-;kfYRi zisBj5GTIkeJ+pqEf!y;xNcjrl(gUQX?6F;@wY1>`{tilq?0!sAQ}4FYZmCq`<2LHa zXzPDDrH$K0wjGfv*%aD%(L}OX*fM`kr~cZlA4P- zG^c*-mUf%VKLWq6b-2dfIQO>aOIA7Km=m9v1Gp0XDR=oLn2#aug+}xtw%LWvYR>Hw z&i2D1K5(RPRrj1dXLS+~_(lh)YH_%SScedW^-KRF9VnhG*Nm5n2Va5>SuUyIt9&PH)J> z@WA6vscJ6k`8aIe;Sp*1x}P4Ed@z42gM3MYr6uZjWE~!Y>`^-aNxK3N94+VIH#>37#k-T(Se;|%8?z**uKOaChzL+ zM>aRSh%oH2FbG)A;%hk|lEa0_tQpE*7nBrt-$A?}ylH-`hAo0y>I^}elmp3+xwP=x zfn_^ka~K||_h8j;-<0S2LEpa~Fp6%F6|sEr3?9*|+`W{zP=$SEe23t!EcZfg=$C{% z)<@0Weh` zXa9)3AWJ%L{_OnzqqLc1nm}A{4Py>E}uS_`D76T+Z&74%0$a=@GN)GgXsCa*WlTc$HbXAWY`+c?ko z8dE>X5nT6X3WUG!5sBmztU%+ZNo(Jw6$u#ADzK-jKr>=Xjwenys^z_Lwv6Ia_zC8y z^uTe&r09gpc(G3>B9LHuR#)cn;vw|UzG!;+lH+dD8$9X9<+04hx9N9B5=>iiv1aQs zDYMlV(sQb7op^%C+F^<5Zr$nV9hDNMtrHa03$4%*RoXP^fe~}k6VyJRq%~RcWk*p~ zlH`?Uj98hksbW|J(D9|VRPiF+(`vrG%lNiz4X4euV4`2uP#`JEC)Y`38~C~-Z#9WM zHg1QW=rw1PS@QcH-5ak!{}`Mk7a^>*;Zsk!7;j70fXnLCvX+>rxO+N(?{@a~gd%=v zg_CgM#V!Xwdt!#*vY8#kw~X0p0XQLfJ^t&~6IP2!i4EZ{QC(!U;afVMLu|`SkGGW< zo00RPhaheH;B4d=hd?f0IVDY`E}>B<_SB1z;=*~)2_})DvAY4x6u#i^#aqe2n;(17 zH$yk|rS$C1?s!gkpCZZ|ZZry_{bA2{!fbWqr^H4|(UKQU9^!_{Ofr^o%b(VVEBY)G zwEODt%v;O*SSOFt&V5Jo%QHz9e+Wgi_q@NR;5748FCbc~b_LNyk)}05`YiZAsnxtu~zJag^6D+CiomI@PUW zvNb?S^Mn4d^FA$XKVF?;HbO@3aOl3{zE!7<_Q{zJRd((LN)VbsB4 zn=a6aKNX&E=%{$-PS(wP$Ucw1Wn@XdlNXUEFaX2M%$$T}FFWoqwt_8J+W%Co;cnGA zMs|~IruL(9#Ip4X733cV@OpVlMS3#ho}Umu&E3TQ-qa->gtA{d)eiY>9PGiVf0ai=u&_*1M4)E&A5}LNpo^qaJmNrKYdts@JWrcX~ZcJ)2yxc&fD!%u~C8t zQIscJvb%rpo^fpP8?;PLMZY)j%qm}WC(Gbg%Sx+pOu~q}*&Y(5s-<9GtE+6-RqXaM zr#}StZCJ%((+UdtrTHAj8=Zx2lN;8~p0lxA9U^_(s1cP?^y>uoNm-{!>O6FEq`QkF zC1SAM7@a-B6Vi(6-5{owe?4Ji7w{K>O8n!G&mrKY9}!-k@5VRG&e2ko$uZrHanY@1 zA-|I9`k88yAEzufXc-*^9p%YQ!O5gos2{Fwtsb+mB0ic0wozK7#7u|ka!n*8*n_1p zzZniJxh0(EiWKM3o8FA#iZe)O$ZEQ%DXmLdl^=z{m2a_r#EfhH@pmTS{Du5AEGv`t zca0Ao{LA{7%Mr;XX*lw2L`#dvXJKcF{}x(&+a~cQ`0`GVz^Zgz;o;)!GM{ zff{Q&!TM1Rv!;PK`uZ{)4(gVc9OSFNei++YmdZ<#^TKmq{95h}Su#%GbA?qO9H~M# z(_n-_tPB&i|BSXrQ7VU(OU^hIw0U%oW?L}OlE`aY8;7E}b3OOcsBY%$VYFU*Vr1ql zABKzgH76C)?+!GPx0-6drt2#kXf=oAe@|%-_A^Ym(O8L#UC~*8s$>do?O@qZqc63g z=&Ubns|>zB4@iG8Bc_K^Q(301m-l%@l;(jgp}ga~BGqX6JpIxc=3*~3=n|1|VI);nA_8$UUMcpNRGsP7L!y_Hzc9-&5VbHd!4<%B=7nj#nCi%S@-Q7~ZmD_p) z{TEk6`}_SWcc>iDPIWNSs$2DQ;qFXml}>gfG|rRIbs8~)c|wBTzC4IcIa`u}LXnYS z?vi?_`4KPJouePD6y@pZLr<7~UV%?9i;r0V+S1b6AF61Wnim(fPilBCCz{&O2+p_@ zi+TBrn(N01U2ER~Ct-F`9{kL^+INegfiJaroAB=yxt=OiPjd9a-NxX!G*;o&jYNyO zfh{uwnVEZja0e!HE+5~TQT9~mf?eknX@HT+>M`rJ^P^jH4}H0A-jsN>HBO&rAj}%0 zC#OE`?c|FFq+3yhSHo#=^d1j}xHI*pY8gEj=JJMx4^9Z@*P}A#bL8D33T-3&GDidK ztrdosy^q=pL8>!%G!IxyUeI%hy9koPs@?-yTs3g`+uUxf)iXE`8c<6(iUkhxxxv*T zrXi6Jc9+`;zQ}`#@GD>6#Ez#@{$_olvZGO&^-+X6L0VLfVGq`onyI@WL5-L{bQs!6 zJ1jJdEL7}<&qX=|QZJl<-$?h0^ZB30R1M`@1P1Jk_ zn(LOtu(e)7>}BI)D?vzB;fGUGZS^&QKE6dNTkdG`X8KmdDqC7LBX8`cQ43zjnTZr= z6>(LMI4J)a%9__4t=Df^GoWRmGJK7k4KLr3+VpkT`j>_D8Yp3}o_C^a7v;dPl-0(B zagoziyJt`+6elJ)G3Moy`gdl|x}Q~L)#`jbYT0N(wyl~fHcpa=!9Oo@H|aEHr)US1 zzo5GW`YU71cVDqskxe`(MxGs*#IM*CeJvg%g`YuSOZBC);A?%7vL(LLREmr89k76Q zpO29jt+Ln$ zqZ>W>6mkE{>R4xYs#T~zq#N!;gKUb1<7ChqKeCuT8ebz*yx>0gG)qw9aXp_l6HyS1 z>HT4iXdr0q2=Ql(qhs2;$+?qO2VQ8{Ll3@hO{{E+hE1{pQ+sujmgR z@T#4Np{gI zc)o%uGdj!y9dK7&<x`Q7j}NyRO~nq4{KM`0ShCAdwUvB!iC@425S|jmn)R3MYC(P^(FQ(cQ==tH+}k1TW`UB*o2Ly zN?eU?ewA&)F=?}>4nEQ3?`&6^v2+W{Swr`O*rskG&~U)CX%3;iY^A3oD~$#5z4Yw- zkIbH}{AasIZ+=QHZQjN1emxMcu179`ZNL!sB8BF7(CJvokQr$x|O1 z>m8ag2UT(Qh{>P=P?%(+!YO<^1ncoGs}mw)VmRJ#A^*u>0$1b}li;E0q-bEs>&%gl zTG23$^z%E1<_AKNF;;e%bLSL_ElTTHsvBsTVz2a^DPbmi)(FxQS^Rc6nW3Y&`;^{> z6x6!;+BAjlr-i4ZjNk_p|Ms4K3#h%Ti;6kGcyynymi7tw^ZsmueTdEZJ+Hf~mc_ z6zo1GM63xtXa9|)=7_eufvf7H)cjq7HSPurWfPLm9nDMxCo?r^-S6P*6G7xU6ede? z7CtyC;LD7fXTOoiEW&k2^}=!7hc!u3;ety{=()se?E0oHlPE;=ZS;3pD&q?pDnDTq zsRDV5!Uuk>@|Fm|ak*?wo7nB2h>#uc*KEaQ%yJe(t)a3iI#UvxeR4asZ(L{N&dqgG zg+b7m#qC8N-nRB2$-&P%(ZmfjSPC+xExe1;EE%_am-{o~a&R`}`+767`PL|AkHeoF zR=*!<&W(9;!J8=*9u4&Tuw{ay7E)qgHN_WGWHv$*t+)ffo5k)NrX6&D>9>d-a9!Aw z$Wsk-nE}ar@@=Y~#ILkviYNFFN#@O}eh?rWkcFC!lk0mBiavAZj##+}N@a!Slf1k^ zmtIX52LAapsIuL=CypB}q~PV9P?0%E*hZWxmhkr*C6QjIcJ}0Y6TTRIo@%)2E`kF$ z^?CEaUIi_=NPgqQUCy94>5T_e1I@?5Rv&b@<3_0zys@a1M`t6p>>OPa#=#0vM}w~A zM8P=4Jv;h4i%}*Nr1f9yqdDk)=LGGgS-SmBBeXF-cP#(O_q$6aMQV>hQCRw#XDAUh zQ#-`t)9YrY)ffuCA9V|cjE$QrD_=>xix8FBe7Sy4+nP7JU*t6)G{13tnx(Xh_NBIo zR1vRvl^Zw^hr-C>?5~u{&YXEwV%xlV{0NqzJ1OVuSO{?+Wo@HbJCwOhKfYF&?#PA(Ur zEV&>{A9LmF(YR=q@Y$(e-h=(wkaow)%5PpR@h*m-A4Gnv7$^|U zaoJzucCz);3+((oO&hnZzJ4i6^_2eiix0sLn;xOCbWbva>T>j9M|QUT|>4FNlu~O2Kky(PpbSh;n?!A zi5Y$eVoLgQ%VEePVEO_UR?Y{ZoE_z`J&ay1WT4cab#C&C`DC^b8 zI(q@`5aUWiB^ZVsF5p|@)sKu>_B8ZfsiD`>(Gtx3d>^SAbaRy`UA})~vmhV9j-obF zr|)Iitwo2)s@oPzZ-I-xw4xsJt#F?}Ud&n~)}6V(wm!N&-bwa3I~|B*EvSrXej=8c6vK zNv`4*H}t+3i}^H{Rld-81wBGR+3toLVd_TFlxB1lHWP!l^y9R5Wk-LBgA$AE>R^q2 zfclr&yBC=RCRg2oT*N2mXo$bxeD&hq@_G!+=^%_$;Sru~c}Yg);m0kVhJDkPvu0KQ zQpn`3VMTC${nBdBH==7}uaVmFcWLRQ`Dyo&?FF-Jd4*M>_T!&h$xLI(-+t5`y?(nI z54W6V;vvH!Hgas0&L{Xsx5qY4jPCsj z$uu|7RmG|lDGMt_9|`mlLs5`r9k*DF(?ib%36yhQr|nWiN1Yn!3}LrrQl$8!lT92& zIA5o{2plXc=xeUZtFdL*gCE5qlR~>nZ8FU4EX(^7AyMGYwQ!Qi^eQEq=U_#8@y^Jy z#1uvz;mGb}e(4eJtM<#FrJ$hAm%DQ>K(#-<5$F5T`btD44R+KQb<5C%Zf=DIfq(Yo zXw-G#3j^=Q^w=~9e>jZHA9)xe$?A!brfj^}5lBa#5jAgKnDomZRbgy^@*?32f6uJ7 z^Pjh!RyZ(H7HKuSHP6;wzB6~-AIiWY-AzFAo}lyAR>p1}LgeUxJyK7LH1gfPB6#Yk z%ec(;nsG-q#=TP#_Fv{PUS7Se320cqOD@~2{U{{>u(DUaQ`S3J4mHm7-%h1_?lCeD>rqq`Ctr)$h8>|t#(fZV05b=b1?h- z&K7%v4`ZS1wH#Ug>QMUncNT|bK#Ux=N&Bm?dRav+>-)RzrS6ux(c8uwnZ zScg}s51$v$d~91rINu+q&e^?(a}73fN1nIrHZCxqhwlv_x+oQfMj%~|o~^3OJjs9! zZ`9~gPi<57xS`-_LQ2T+J1>Si|PCL-!^ZXrCn_3QkSPE5Oe9yzt( z{9{2nza{!QeO^Oiiwe$8lBh#*YZ2AyUR!_kH+##K?T4D^ID&b&_JF%N>sKb;?zscl zYAls8s);}U6lC~#G$|&gUL*UGEQimNuo8YmIL71Nsy$P(VTqVJyVdJ+%1<$1je6q- zJw)`~k?WkUjL`n(ds+V2S3vGqe~I5WH8eW=HH}@}yX9AdPeQ(esf1*TGK=vk>fqBi zbMURVe<4vk{>MQKM*M_k`~&k3Qi45FhhaN@8WgWm=V>IbFOi}3O4LRljIdoXj?|@^ za!(S%$BiV`KmXi1HCr2X9PigC(-xs!_LsK5{b_mI?vt|o zdO%421JZ|e|6T{`j;;ZZ-s{nTjiE0 zCZqFof1q*aZw)tMFQP6}{CwS3lJ$|kbeB#wI8@7q?!c%jX6nr4^Y4-?tE2=D| zA2s!YzT$ycWsdUE5($*YZsDgLE1p-zXD-DX5#0HdJ-!iHl&1FBaY5Yk8o!OeF~_PE zMY4)V-i%`LwBeLgm$(A^1)nMXXIW}{b5T_`V80ed=)R$Svk|uVkur~vXM0W-H(j%+ zd_XU|Ai~Ep^dsf&9}%hePB%3*YC2WZLnPJs9BJ|Rd$|xd;e%Yes};6|a|iWO2JA%l z+$5%2GICiSZsZ78r1W1roYWMfyhtyQobF+Zr*Xpvxs(v-u|?^=;STOHoHgJ?L>x3K zm}+}aip2*D7DfnNBrC?ByCX*gnNMBVv8Zm`Rl#Ute2-BSc7Km+kg&0SdN{oAE~miA zVluZ``u<@`Yo4B!!HXP!TI=x5I*%wUOq4k02+CKH;ym_W# zbl*HYj|7)B8Hd7@hmXw%A{jSB>ybmTY1y|mMxG97a1JpzOT+88?t-$A|J7X#(l&N% zZ*Rn!nLj}xhXM`zCZJwWw$~@32%NO5)NY}BzZY(CYAPl)`uF_SI~C)*HjzaA%^#IB8p{tcyZXzuhLkwj1Nfi?;D^qy$!VnpNH zUC}Z^G+H`x6!r|{@Sh}BQ%+t>{9i1&egObnX+lYNz;Li)z<>orBSot~$DazZI4Owap{G4tka zl$es$*uhM{q;YB{%%^0L`&>-Uar_elhB0c)e&riEG+)JzKmAY_=QKN2GnsN(%S@jg zW*KV>{Hh{4))g4;bVL&KL^l;W1>l!1&(T9=2whN@R;w*u7pLMRRhZvboj5wsbl`gs zPoB7wM|`BT}!Ep-;Nj-9IyI# z^8K(TqK#S{8{3Q6!Wl5KySFqR)op~Z9v^f%2R?-&4 zeme>EctL=RF)ZkmvX>zu{H0)7vV=htI6`M8W_ki1*jMtOx9AKIOKU9p_`F zU!I`+Wwji4*$b8v5oX824Rv4U$*e)E3X|FfMSm5=0j)Pe(`vLLdU6WXEp7!Zz+uu6 zJp!pha+!2YzEC-jrL|c(7MMO+8#hgv&qJH5 z`f3<9dLl^sZ8O%_gk8U*V(6{a@^FIe>OJo9@&wa)`X+MA4QBaNQl!Ny_{1s_M=oAb z_z{N3t~S%K3|DvrezhWl4#nhGJt%BbvkB4J)~em>HYV*kEu+;Nsz5`?^Z#u9WL`z} zDiJr|@T~WKb!lO$h<=}fS}FNuBkj42(b0R>8kDbnuY2Y?Nem^Gu>l*96Z=UGSg!{ zHpn^YrF%8K&N(H?fbtFl7fEMOzk}{@g@m-)dW_UjZEAoq6zSr?QkY)V12kYw)JOKn zTYXwfu}p8tQamCHh2o8X<$z*6I%{t#Z$7h^Vas{oNbBWXPL`XN_c2K-y!S31sb~ar zOdad4CY+Z-9RB?*`sj^Rz=Irq;AHv5_qE((FY}s54ebw$&3G?+^;~h!l&rs{O3GFs z5uM=Hu?Y3KYO_pjU=#Z&>k&JCJGHqyi-}7jkAdSTscsurN4$f#i;pC58%6oHA!><< zQz-dT6eZ?*br3(W9pj$057zd|dtp+}vYvP`+&FZ&5O`2)^7w_CjF;)1#?4LG{G5YM zmCV|j^$J}}1*KaCb-~DWdCa-~x==PRd=rH>=sh2=VHo9H!8Z2X8dnIz0U_+@ zqQhr%I6GnM%wKmac<-&)`oM)2$t4~4LWcwyVtT4{qBKyM1HHci6^RD+oCybW7%f3aTI{+JrDFzv^|QVF?&O$8F^=T-zAjqIcYx&oD19sfo$IoU@Y`+i3?(E1?RAG2j4f^ z;88PH6q%+}#(v^pI+o{@ps_?!%ODL(5D(}@u~nuzV0;cB_X!q&L7P(XX}&8G=U+#! zQ&I4`dcc^nhczS{3OA6UGC}J|GQ!Q>X~db^!9rsroNLzNkJgk?C?Pg$FmNFH$*r#55ib-6xs&@Wu+v(^ zqHiDM#XS}uXL5Y*^IEp3Duee^*iOZuKCTJBUlhf@Rd_XAwA&-oV_5s1sy3?r9p}sN znsHlGD9;6!pe9Bk)JhtTFezBGzNQWlOw?}7mlIVK-9EZ%m(Wla?SQM9Cs=pw66v_ZOu^2%T$AJNyz;vincoT8^oCt?7~6^Ik&yiT zRu|@J_3J^Te?erPQ^umqPiZ9B!`}f8N!%Yu73w^g*-^%P)$5P#$T{hKmTxHbS&zl= zFG2%iFsr5y-b#B2AS&m%)DE0XLvN+DxP-Y0PBwTkI<5JgL_}+fNG3$su8jnDQv2fP2gxB#( zAejL52p?bkUaN}zyGqB4zWRLBJSNOWWtEXP>0Gw z)?sVg4LqqHI@Z;1?!WPDOg@hG5(@YYm0i4O7s1?K=y*svktc2wCD|oe&f(^cfTL#3 zfb0IMi(@&qEeH8)y4r}c*vy?U>S@4Rbag@@l@L1Vl?7*h1BM@j6?rdSQz5(3zhVd+ z(|Yfm?l|~bi3-y7Uv>U+$>CfWKw9o_(RPQAL7PZN#K?8-R%G#ec-0GkggqLDfb~AQ zLAIlBbJ$Zm1%4a{EhyGP;O+wqGC54PFcrxgToK~As@EmyqBnSZuf(lsWZP4T>0dyr z*{Bz42C7RbeVQtqkz#zMVa*~dT*Iug$1RJdnal`NI;j9#coi_!hi0utEVdUz6QGv+ zVMLqg1T)m)I9E4Qnb{H&0HLJ*&7@1C1|m1v&a8^gM_Km8!{eaB7__s7V>9 zYDbsWYK34PPw`Jv(clJc4QnP@Un7j9J!mxrjlvx$k`?A>Q?W*rZO>=aKvEN&fGJ#pE$!DRL=RN&?1w4T zhbvY6q9!A@*EbuWru;#@E`8QpPwhY95t6^f)gKjW0w6S2T$7 zXwaqFU(|$T(b8YgPs0}=e3762IAy~HTNnj)%aeWm1-&4O3#QPI3#at(i`pfaXM0tw zR1&=w5^Xs^9RDVQshfAw+7`+8uD zE$-!2NQOGD>?`Vltt#NhkSrRdmT_Kdth4vEvI%09QOd}JTHr^_mf0!xrSr=aC@w=t ziPt}1YT0JGKss;=zX=ll?wtlBS%FvYFmUhuMLrs_bdzszs|rtQPhX=H3HbfkdfP{s zQu{AzIO2OEe_&kU{rlW{98CC61Wglsk<%|u`+g0=sM(gT@5l)YL)PTvC ziZ4^rfXQEVIW^OGLfNiDhvYm{DsR_)Th3ySxW10Im=Dou!=qB40>sM7IwkN|sijE1@CHFTTu?#H7Y z-Cu{+YZyeg2G+3BQa4UP=Zj|^>hFj>g)+o$Cu=>pOGtp*?a?z2?yKQp)6?H>jRWg7 zROY}S9gLLzb@1v~O5b|id5jPlVzu^}2MPMu;dLiR;YM}5SjkH!Kyh=N+`rC^O&i-U zXZ3`wEu`c$KD6%CO+pvjzxykbCbECQXXb zG)zUY5Lv1>U2am}`kGTTaR2!lh+;G^4p?s-=fw4`f1am_?Wei7JM(Y_No<_%==-#5 z;l+*(B?1ax`?&sms>@%L+Cr^nSNuk~0!@X#lV%|vzwm_>dr6e8mjdjHb&wAr^7V42C0zj4~!;L^n!*&qE` zdGoaSklO%IYdrwBG*>o7%w&AOX8@L8S>*t=zaF4YzA*{$xevVo>fAi)*#tOzJwLGS zgwlBLbbEtwDsbkpK-QrRSdXSoZmx^=I>h&{OM4Uvku^;t0-h3=gbhR8V`f zM!3SdxFN?q>%|jAq>7N~x8vrnUV(~a0qtbW&0dT=A4GDA+ZbP^8@bb5-r00dWhJ|) zbJVtGK6Hana*KfRp{T%P6v6&iYk^7ftFR2qG?-5BJ$P*u2+7a|4p3LQPLf;FVD{ak zv;LUTr}=UhCj8ZqU-2VRKD<@wWfSxwUA;cTyE>4$`I3*(B0%z3_RiFb>yurHwhuP$ z`nB)0Wfj%Xe%M8K@y&pctU!=*`Mch#lph2pN-6N7HTIv4yWg^O`o)Np4@X$HREx^7 z1fMfJRH!1Ih~Jc8e!o0AzrfOGTE&T{9ek_$dy>w_^p!GIT9)9BONpfQvT~tj9P2yr z9!G2V}!I-cbkI-RzA_R3fthqVaZ8mX64hnG+X_&9@7_|5_Z5RVniG0CXKz0NVE8 z#*FDG33W^lJ6WA%36$VJZbn_j@8q$jI%xgT3ljBho5dPCl*Q`U`iRhNp!-9zSxw4g zvu_3S$Wt-IagmTT=ueJ=aga$2k6?GF>t~SvLlZ*xoAG@LT^h=^HCM;{-m84hpxoIi zF8QQid>q{dq;~Iv=%iGGihtRFeLD0pR$pQnJsz&u^6!SBt{!Z=+VXE!(Mo&F#hc6A zw2$Gg4sUZ~>fff4b!RPxI+|HIf(&lOLmVUd+%VAve)WP3?($}_8eI!Pop+*WL7`cb zlKi?-ziavVgMRt2Nj6)zqId7_We}`RFY^g@pMPfP=9{tt>uMK=I!1+^ph`M|VuhF` zZ&Vt@iB~h9Y>k7eL>CS~Z{O#G{GUP*y3Ze{B>9!3JT6OCFdt9jP*>ONU-J5_UDHb6 zoaC9yc*wd(IBp#ifpi{!Nb>7*qAz2SbjJj82Blv762BRoqm|}gH>{&-;|!r(=+J~+ zy|%u@RKmoHA;%=?CS^1ORaxc-I$F5nP?6}*9)NN?Ln!ZmIuL=B9rr1OB&GOU^&CO| z_Z2=Ys%2d04y9JcL8AAKvsgKEiIhU6(y*%r))$yc_*gkt?v^T`<%ek0)xE$h-tKT8 z94evHOrU;|`nX2dRYaiev(`U7l-<)`1M60ouZJ=1+m$SmZuV1wG@2epV;nCUaE-Rv zh(Omj8t(pDQXai0@5Lz&=IA7w^YobPf(-cQdqLaBHt&JF@<7)DWdV+}+KUfHSilc2 zx(*dC7MYfHzA9T77(2S*Q287#naeaYrck#1i9+bcc)Ndu5eZ6toS~!-8Xh(SrP}{W z-|Y}s>;)Y&I=m0+zsd)VzpMyw?6LaGVR&SqB)?fK>Z-xfg!oO(o7Yh%RNfh+t7s1l z-63y?K%MX9|6PGlB@9a%u*vSQ@Fwi|?h^o>_dY%XgBIF6o^&@~a=1vgMo8ze3 zAHKo$Vh+09M@WaBVy5L|_+Qx&_STi^SyH#3lmZz&IX@P6;UdY76hd&f#n@TwAC3awKlT$RKjt84y!AL($~LjyrnV1-_kUcJ^)BAht^!G zm#%Xj48zxuH%`YI_>io_*QZb67yY?{+^fI(6k{A$_kkFeV&ZJ>quWrBJa_zqG`Dm_ z=u%;le2DlU*p^=N0*b=)uWnexG<=stC4A9EgmC^?^Tv2Fyw*c0?D^H#VXP|T;zAOb zxug}DZ5S;Qn0$)pl)Q-e0y z7XL33ghG4+J8C=HL}}#> z-$(Sh&0(3W^K$mGiULKZC5y4w!LKOjLUH}*EeFYUh_g|75nDOTYh{ zi6(5U{Gk)R43hkJ;TROympt1vROI-B!df3KVE+M0F3?1481q&uj=9tEB60l_>vAR_=vUC z_&$$g3Sk#*pf2350(GGe5oZ%whzEmhrQ|Jy!rt~kS@o3-zi2lUMDX!=$Jx8TZsi`@ zcb<<>vs4gtk)QJ~S?@|iBp*^i<_PiR1tAy5%YcEY4nSEY^iT_pu%Cbb(Cz+D?KUEi z2rsOJy;93d2=PodrlAq-vnL4TxpJ7I4~=lWF2k;GtAzfAY=t`xT%ArSTq3tmI5=4Y zth?b`z>!-I)zJNblAzj08vt-fuh7Dg7iAq8%~$EZ1FaVs#KQ?x=IIlJn$9e$756N- zUI&NiRr0ijiv(aFvCTo*?41^z$P}`-GYw@u2G;Qhz~B3>nfIPAS^!=YY6MKg1-!#B z#`uF2{HAgjutwH>egcJ+H-pOe8J`Ft?^WV$;=Vl>DFTJ{G5jUx504n0$z+{)fk z%h4}u!}ej3hbxrN53fAdvBv^PnX^m)@bHL@$iN*M7i`WNXEUp zqA;8Ad4+n}$BPj>JdL0?W6%HXIr9!kXq#~pBkSAE+VGpz=Rne6P5{|@8?O>7=C2LC zDYOP84IXCPGO!!x;r-5=UM&o{*#8BDT3-AowXYGE^uw7cYUrcszexW++3;=k(fW_bRVFH(7g%>AIY9cW^F}+aqXLC>A^$Cc?WXFE zMN(j2!rn%YqZq9Ds<(dY8YoP4UC;)(s5*cgo=xg~x6fx%xogNWTyCZ(#W%ga{lfiuNWs zfQ@VV6wTg&^__OOV;8)uJNt6`Vm|`0OBSigv~cuAE8jbe&P&CAp;3$ok@WmK4fs(8 z?6S|^*wmkHT!Bmw%%k$XJ|;pS_cHkBFNY|w%j(jBwPwY0{%$VM0hOAM73eCMrx<(b z=PW7OjjR5x5>GI&%eH8|+P~rhyR2VT6sBk=u;HAgi(~p<@t}rM&mWwjvtxBZgC!k( zY;-@EA+RgYEq080H3B(kDi1VVRLN8;kD5Sf_4?P)Jai-XP_FQN2zMNv6+|%l*&2lz zHw-k?;9B)iP5`OLs2%d+Q#`uUrWZmOL`7t19L}@%-9=H1(cd!O#dLa+d`hdY^;CXv59JP z?IiSkECE*DO5qn-erHbUhp_Z_7-t~0x9ISjXaW0dgG#5^OV)V0w2@yOu#`V7oFK4! z22%+?NTY@_8)}FX2oQFcz%f(}f7AcsFt{TVf7m_bxt;3Om+HBl;#DEbd@;aqoyK$- z&U{_1vbCGyWx;USTc{c2@eRu%m8(WK3Z#~C|G)sd#$~>SMZ1P&zV?ZBjmmtjOrbq& zxE(sh^Jl7;0PUKq`C1G`+C0q^-SPmIn4yy>X&zgIyCH?xvqiuRoAe9V0#V9`g z3_imsK7$NCwJ48pF7|+sHz<3}tyt|nR*kJ#^*u$ctytAP(t>{C>QNijH$N(>wd;){ zsLttV*O<)Ld}-Gd%-5_G+RcaCofO(>hueX1zzyoY)D!Itk0LCGCN762EQeOEa~#?= z!r}Hhg?7Z@cGSKUfDBT5bHgL#&5d&^+BHY>wJ3%5Y%YfwEOuWF%^;Bfk2ia?7%sJ# zuB$b-SOI&qw^#vtYTn!+2AugZsxKrpZQ$e352SV@sf_=Iu0;hdk}M)fQEnJ?ERijUWOmR_?`_)Kb>z;wH(JUYt( z$yeTRR?iMA2=i^Y)VsAZ+*_$)`B)O?Y)d`Hkbt{q!5W`qMwN7yREaKm|2#991V3Z^C>x zvu_+XW~*3$@0-=|Vj(dec==^G{dF{6Asb{~m<@Jxu;R46hsCOuYAW_-DYB{u}V# z-P}JXeBRt#gY0-ShkgDZiR`T84fv}M;Gh5Tx*;IE{sc;I0`GxdPXW?nRe%qm3?SwH zM=Je~RQCUnBK{*4{6_+u0HnzNllniTn#7B>EOndG_@i;`x?0w`Ys7ADAoVU(QbqBh zAA5d|>Wz>fgQ-#@;4>Qc1SlVBhTQu0)6OhQZv$p^T?DUVzgC|eW`7Ei_C~TB$c9gk5<9C5XU**v-oUYkphHJs5tJ0dF z-qEvh2@|@=SYz91^ybo*O8uNU0}8Tn?Lm%9waVFQf$jD zf+EwQB3}y@^FoNG2cOY(ZN0YJed9SwkZ$CjrK>SB-=aUBp4aqjL+ZtWC$-%!K|$s( z;Py^U(Km<4L{R-Va*8>QA#+xDy$_bm#BJP{s0+hb`m#{X^L0Vs&WQE`;)kEBC8(eo@YF&}y5Va`BS%TE&V*toM7~klMkLa^119p&(2`@@r_g`=!H=#;iXo9>o|Qq_Hmd z2@6db;OqAc+x?NyFX0$9_~eB)H|616w}w1V*19!2(l^VCt{T=Udgp-|)f zXkB7>>pmYaQ}KGja;`Zj$b4I_eGhk2-o_6$1a5aybsS;IHz}fQ@{6YEer?QkZ}?DL zG<*G(*mB|!a?t7fyvdi_mprJAcZG2^*Sy{abKXOX>2gbiVnHnA-|u-9sd|GAcMX z_6@aP0jfk)6^giGg0;M#Yk3_<6@pnH4MUr{y$cd6GPY>LKi_T?RO;oyK5CT}Gjk@l zr3DYo$!E`iW7YK5qmvqaij$^DuPj_?#4eL>mcfx%Mp>9XpdEd7bvgEJnyFlnn z(Sht7w+xm)PE3?@){vbcnuxwQV?(Jr=Oi}n=umf_+~1<}V6z_A7ZBO=V99MPZ;+bg zi+h24tB>9h?Yv^nrgozecGZ^^V|PrSq0ZZxnvZ;ObaJ93+!)g6DueNv(+=EzC3oYD zk7q|&?Pi~PWg7xlU-`8Qz22_G^3E8McNgT}`sKX1(vNX#@lELL3gf$~)xyg^sv$Q^ zMrd1GXn*iJr$$1u_=*-v-y=1PFX$}0Fg@W^tHHq@k3Po84cwsl-ug()vKt>)$v0Qm z6Kdu6c8QC9$_J@XAiZdu2N8`DPs+Jkf3%D(nRC{PNYA+H*7;1KH}B`~(Z%KIpq?!I zy$_bT93ixG0@$N7X0I~IQRZ~XmS13Tb@=DalFDv{hZ;npY-yYrb0f&m{#3B-sgcBz z;yT7?4qQga3B(0KRA0egK*3%>5#0~SxxqYB273`O7s?&#kHW~2$35dXHb^sVdO|v# z&<`el5h6r0dKF7}r~ZsqDd`5^L{YE~-4d)`G4+^-h7?(`qkE9PkB>Sf{Pzwl$Z$6x z9~eB3F0;A9NTOiw%}rZ7bp^J+QIOT-CLR2Z;GE$Uw~}b$s&CRjwT<^Ri(^=?t5~d8 zpZ)!Fe#Vs4Ddp#}eymT~(=#pIddfH2kePT?S6b-8Q^Wy>&KN=&O1D9@vuW5XwL6+6g9q=b*+8Ftx6)olV4jP8 zw2A_HaYZ%|9}v8DWW0RBVd_ib;}D3c&R9sBLHOxd72F=h2X{P^J%w3(Ak=piKDC?W zDw3D}{=pVA%vN43KW9Qxp9k_ou%@3azk$VmEWPU581~yi>%6|hE75#!x-^nu7^~a* z9%oK;i#4e(kLE(558t)p8{#BEC2+^)*kKg~F*tlf?>lm@%y5ca z<9G@4d2Qt2LE-fB5fTV@irhpX51&BFK*!(+Z4kij$f69+TQWqI{HSD&AGisD7+!SC z;X6z9%hACGv#$h?7M+V7?@u)DpQpmuNUa$3s)?m~IB9AnPT(w|ubvQ31IJ@YlUjo_ zMwO*hMLK#FeCTKqOasN(9nm4_+8D;*J)$-=N-}&SDg=uHlujj?aTBjvw-yKsvaKSP z$~aM_?HHyzyGpv7MYQ{hrBd-r=x}hC<3zl51snmLm}w&P7n$x}zrbHe8Cfvh6k|q~_Is?od*8UYReH4zbPH(SG(x8tgB$anyiUjqv13YMC~?KcfMCQc+F-l2GNrns{Q_~DjO~^JRdCP}mqIP(}z`N%3hQjuPf){%q6x_e%Y%>`xqSAue;4Ce%yA?W&D^%65y^J6q-yamQ-0+qJ*_5{xoQS2tDzBRkB;TQYicOvI|PUTY{<%l7Pyoa`AZCItla zDME>O@FX_9^H^%%ez-}(tKHD*v;b7$* z&zY0bKImH%eZSCAr#j;Ek%zbH{vm=-qQ~cDEPqb~kC3Nh&^e^@UdQ;)4H-EvAi)?O zur1OVHKut*c5OKf9`y08;RM)yv(&H2N(tX}43a3V`?Tjw-;lM1T6)LNJAwy%e1C9C z{PJlJ`)=tIuWS&dazTc#Dx`5i2Je))_L&NM=8CKhDWk$Wo(E3xysnya%g8hSZ?)79 z&-hJks+*2MAz~_=_Q7SH)Sb0$ToQ4OjzPm%%+|GS2W=|X_CYnJX`h!Th5oJ!GIql_ zl}j>Z!?-{9WNn|~06jv8c1d3G@YV0Ez2XCSqz=5}^SH^}&M$Qxiqh^MK1sewF|$bn zs>lta0Vx|c83xaI3wBvx#D<8dv3-y1j7IU{j>i`OT-% zR)T_aku>i&0~OP$G};FR(un~nd^Tx7*FEx^R~1S$Cr4&u&)S6X3Qz>i1FUUxxF&7Thmv#ReRR_=8(>?>&br_eI=| zYJitM4XU>GO!SreXq7Wz~1<=JAyEMsnQn4vcDjOK)--^@Wp z{`(Vf@)LQAIOy{7MdvBxADA@+)9?De*1K3uzl@jo8PbTQyHjs6fV}zHHawTI1{cz+ z7cLt(1EgU{lwG1x(@2z$Cmwv^d*MhXg>&8eI4{5InFu&AlPT+;Yo{~3Zo6Q1Zd;}K z_-VnQ*MiKHaU6O;9|P5`=W9^Jp>M?6()`%+%SZfC&Q6w4qb=qSK)-u052B(-p$a5z z#BtAf5vc9r)#av=fp<10uMXZXK?|n^Guf4r9!qVK9Ft_UaxD3TDf;Mv&|96!q~5}# zc`wWC`)$6yp3W8YF`?7Up)>rMNBsmfMZp1^@RsM0R>%X)AY-t6m-815*aqVt#jqpw zXki4W2C!@FO7()L!L9Q*rFilcqR=+_ji}p5@K` zqUVxq)?&_l6soYam&X)bv_ zBX&9ai(>v6h@W_DyyOWH!RzIL^FaxE- zRjCoiUGJcvbh3wE&t0$moRg@yVaLMU0bQ?50EPDZPK+UU9#<(soDr$CuXRR7PATHo zWHwIs%68m^P}s*V1gk4Ss>`AT5!6@muwsk;LK=FPze-AbPkGt4#ftVHH%RSyC%lKN zZv6-8j?<<3S}l_XYjbkZkO^%J$9IVj%4(^R6x%ZP!r*B|Izy6TBf%A~@U-;bJ|$ni z6qWIaP?ovQftpp$E7=_xzJagSsa}+h#f`!pthV;K?DV?|$VXlsG`E?N8 z`SWsOn~-FLbR&NZvK$Qs7Y+l*tYFWglrs-FPr45x~GsreJ&~a>-$CS2%Wa2!gdpV;ow4oev)l7Nm3{b_U6q{z)ycGif z=&vx{j7gVYoBiSans`5fJ6I}Pi0)yuM(*WE4kvLyTi`r#lTu_G)aO&wCac^fMXY<)~NIiq13e``;bkHug6yVZE&L~Aj z4Qdbo`S3}?fGuJjl&SM!K8k|B7Q-w|%cY-KnLVFdJ#0$PH(Hcf8ld5)N9T+)*+Z3V z#(fQ(6PewjQ>jOIX719~da9c`dxZOLn3wZ*oCD>T0@(DX<%7gc;e5>D*Z zj0ofOqTLQOUG2}d5XRFqfhC8Kdm_}ZwnpC&78bdq0~N!Tq>%%EWn)5qxPZiCZLp$} zNDTz~RdT_%e$}Wl4Vo7dGHVO^#AYCwPaJ5gY?Y~iUJd`H93afADo(Nvt^~-!JFXDM zoLJpkHxM5xlAzo}b`l?Vn54T43*0}$bR#K62TDIdxa6AJA<6!rdb@d*rTk`US?Nw- z7`3sgXg3@}hW=Z}?oO{q(0`de{sW+ft3w9r(gaE$L-HOKqR>BC3YaAc2Cr_ia-f(^X zX-%bvh6vGt2HoN79LO|O^-(!&^ceb+wkf63ch%_mPv@b9VGx{{fq=?|= zeb!#W`6r`XZnj3l+-xU)zw8qr-e$vGUmNM#u44&~P5tYkt;ab-{@o#v z7UsH*W$gf{3EZ&&;vHjL_qCC%+dsbhq#Le6do(fQ*xnwds_x3CO@IS)MhIDS-@9o? zZ46<;-|hnA8Xne{HR6#b{cime-lT7UuGCM2`bZTdBNk~f>1cCSN-T;|Rt92%EK@TQ^HxJ>#gdpi@w# z-n;#VtWWK$Po*XXA^DXbehg|ngqn7ZTa$TDNyJLhuv{U(v*HTl{Zl>qcWf;a6rkx4qa+8xFQU^ z?>V5sNrf{HfrhH@nS@xZOt5XzX(H2U8vKd7h*e-q!O+tPkzgm5#u}8sx~!V0h{hJA z%EjR?9j6~1xJl<6r~wn>DSoN0(nKuRBqYbnk3&IB5e8h7;9M=d<}ep=FTAUsbOj+YSz7`*X;5UJDzsB zjV7hiV`qKon%$`7CD*V)yQ(&(t)?e~>D{I;hCF*sf`+rZO~Z!syG=|+W5}RgC+U8> z#!gd65Uyj!pq=82Zol1Z2LJ{1tlyTI?tfx}ZkKrs?3uR}44bR;(xq3l5=ZbH^~Vo| z?JN3l0qR{e8|d~B_p|-+ra85}&4ebveCZ4@cll#E>GS#52QD)`W5+KuxdG5QEtMm7 zA|Lqnn(n?6JL!vy0j6G0U-#POw9{-gHGKk@pH8Xbms{_XBbTF<04w8O%|`9U9)}{A zkKBOU#7AIt0Q$#QDtnt@Y2@ZA5i4PPn|)eL(C*)4z>dGPpY2EfCSig!Z|m7Wn$Kzg zbAc6={Rr(Cls)qSRQz(LmukPApSyheGLh%xx8-v8$;joWZF&RyV>dm3c>rH(MXLoF z@UX*w$4P&6T52WjR@%URgmLWKvbTRvWTqo7^WxcD<0CIx{Ca95b7RvrO-bEOQCm^eLU&ID-yKCnJ z;d-qBX7DNkR=JC^ugo2}01l1|NZKFkhWTza!70AmX$ofA!3N!y=23z)t0hF8^n3hU zwwg>w0$}W!ErJ7=uNc7O&id2zJJHK}YG-0QO=ocvxS-pnlYrlLej=jUD{~-oFaQ|g z1c=3@Kccr(QEfZ_vYTbO2IRJVU4Ge({R9J}BcHD`mYD<+N9;(KB^>p$eG>xJ+kF$X zCp?FUC6zgchz<2&9w}yj8}54ddo*3OvW&ayntp92bJF$~*%Fx8s#MX7NP2Qw{wntu zAtZ`a+jeLsetUap2K_MxMgUQa0aFwfTuyPf+*eumpz~q6sNmbds8^FQVe%+d+XtcV zxKIwL{9ZU34r;3<2G2ORbhE3znQgAZ@g zKVImj8&muo3Kcw)bzNb{WZ-QQfQ;`Jd6El>8|Dfh*Z4B+QZW6e{V3^xO_!Xx$asqU zMgZ-O&_R^#p3%qxbs~=Mo=oyS*G=lsk4Thxz+fpO^r^w?DNI-IxKy$G;gduP?Fm6j zcNY#x`r`}v-H2+<@Db6~jk>D>yzB6%N1R4#v4zQxh15U)gs95;TgzTCqW)p5N{M5_ zj?6Oo(LzpHjdRaS&Rmu~ES&A}e9?CaQY9aUesokZu1yV~hS;Tfq`lM$HWk>ET=$Og zws`uT=kG{`@J)6Ie{Xtks+6Y|@= z!?I<;{WMS1NpnG+K@K5?bsf-GKt(4j#7^s+>AzGNhmOnQlvGX5EQ!l9B*3Agbja?8 zp%l$=!vi^*DgfV}Vg`nRsP#os3K2x0SK763;H6ezbDsK5JW8n8a|TPmwqPt6zWy!A zc@_KTcexI&z4^NXRbMp^SKATQS)6FCq*5vus6wZ!nJL=}l!P;)O~P1}yqG6M=tHar zw7s;T2QlXb6>t8euJ{nUWsTa!?BFXglqpF^lH@|leRE}S6>A^R`+SL>lmAo|QuBT* zc^Ptn@=`Ss%y}I2aENDiXuG7aT1v|tz)1sEp(3aM!c5zR)XKx!xUMBq_H1ijyarOD zZlq{CjrTkfbpdgy-3wLA86^I;d1lS^)#Pd_x3b71)vi`XNBamu>fZjCU+wus`jJCk z(;byC1BS?MwFJqh+s5IQ)7z9%fSD>)UeMb)2Ft@(_?hjyl;`&i{uWQzG#oE#3`X~= zu=A~3))_nBZ9!Yf|{WN{vSFpM;J&}X!7zdmWM3P|{AK14el zGH>CW!TahsD`~W9?9^V_kuD-?iXE(>iOb6l?@J#r5saPi_c(JrA@DRAZQY3W^z-jw zS2pM+-|rKU=&UG=4Oi2iZ93JqMqNbenOX>xW_0P=AVsZ){+~ zbsk^2{o%sq032-nVJ->2bN;HEVTTr=iO$g8UE&!xJN;aOcI!i&>wgs#>n8Yv_e{-K zqikDi?yyHq9fOV{&sA!TrFagKhj@8zP$7!klfuqYCGDq)9H-XkRz*xwbzOq=rXM$v z)l`jJSCLxQ4+~sSloxs_9n*OM@g?b^JyxasHdfi%neEK8cbtP+XRb9f>tAm;`{J`} zUux>xAxY~g?pHi-`{K^9{iFGxcNpN~G6|!^&}zB#?kUDUAe-d{q=OdyHks)U44&5+tkF{?3|L$ATVoPV~@8l%4~;6FFJyj>zp7U{cW=~ zVgZ)UtJ`D@!>bv1k!7qxBoM1iul(C5tz3`K>+8D@AO5o7oSXJFsKPJs)fP_-`7*!dw zlNnf3QIWePPvS3D(1YYt$e8H8&n6C#GK%{n{pGU_aIim8r!gqa)!OmDt2JsrG0EvF zim4YjR(dbI09AWEZrgC0>&xBDxq-9$ZsM;o{x5!WpWdk?=2l;k6zd4(`0T)2wXxMj z%L$Q{LGMHEMs)aV@MNwJV*g(7@I`(tchlx&ETy|DNnPx|qI(pNqD0Y3Gj3Z_5C|>C zxzAmC^hb7}Wi2>w9_^H&sQAaJPH(}VQv&LEXZ}`UtT-;2#ZMe+){P&8{>YUbyF2G6 zTISaU2eBm4d?IV?NXo*@s9bSHSepf*5dG5Yx*WwTIu$^pQUIuZUH%;)awRKoCgIDiXhkZao z=Nlc%e?faktA?PkXZr{{PH)hJ{apL9#a4!gkQwv&>Kge(0BHXg@|xYmX}gEdC*SI| z(~zu|^Sjou@N;*!WnXVlY1{SMY5L!99zHI`%}PZ1NVF5IpSlP<^2XWp3Fy;oio4mh zJiiXGr`0FS?;ekROn0E__pc*MJDv8L`(>OrUggKSQ0nq1(TbsWJ!VVUkRR4AVadbC z9d2KRuqt60i=Pzs=i%A4y3njHc`JZH@@#q$nqWbD#p~Hs2HY+8^W?exWSX(5iI1h^ zWRAUvu&wd8Ryt!WzCoH^X#*v4mPw7nH0i5J^^lWFHXb z)a7$Dd&PK>?X%RYem}K*Jghe~FzegdExnd8|BEn$hybnhBRK2gih6w%kL0g}z!*0X zOFgAy3*?BhiK`bz3e!}nw$l5A8ygZsA4hWWsS(s>^y?+;(79X&)6*!KIPL^+9a+2s zJ*I)SjR+qJ=0mii?Bx51O7%X>zfN`64t)8-_y_8@5y1P+vKtw%KbjgryW#HTqw2Wp z?_9r)6tM>j-bnKZiDy~8i$Q`LEI!UMqxl_Y(pPlbyj^}piQ~ne%rHInUd@9v+)Puv z@by`cjiwvXRxpaiiN_Z}=cqJKW~9R>JwT|( zofT2ug=B|bGO6=>Olt*fD9l+H<=|QGDf3+QJfO9yhLX}s;r*02%Fy*JL6V7-{K0WW zOG2O@%f~~6B(4fgITB79+DU{R5jv7fe{8j3qBm2_SrDU0jt@d91@J!D8bDG85gY!# zTz8C*j&#$LGnV|wf+&v*l@x9&XJ6Bsa6@DJEk!fb8r;sN+~}ajq+IUDUb$4`Mi-pE zorB~QoUWWcs(x{0Nh0%{!L2*3>lwt?*}YVcEVF?;B{UR1JWpWZmIJm+uk`wsrvhn; z2}(Y4(>x(~eBa>ez}ump@V@4uJ*V36a$YIcaI;0BNc-hyOsTf3eyUB!)&wq5$JV2Q zOwB?|bgA}=!O%Rjd(F-v?q;2Ehw1L{r$gMXs*NLDd@Y@PZ5+LxX=Yok=$q*NRH%+E zr*nr|I?`PxzgzJZ39)6Ug~iOnkjb(SmFu%I22q+=_BAjr_kJPcrV4@)%M zY*WbB{%CXw=`B6Q1sK)Gg?tkYKPlX?HSU~fSZ5aYzJ|Zk~S-Gc}1qTssqB}=K-`D7Lrc?k_ zYk=7d5nv`@onrP)N4$wno%Htp_1luVW9u3hs-sZy2L1rI=R>o1*g2MD$Ch`2FMtB# znPDEl8>a8r(#raDgsZ>2qgL~6PNq`Zw@Wu)`_ozX0q*s8q7&*#d&GG1oToV1FLMUH z2^mW2urCMaUwK|ES6mI#weh(P46~^AWPNl8;_dCrH)U5D{ol2Bq>D$ zq_%IVm2-hDOSrm#qq6}pn27Bh2}T)UX^QFnLt2^C#|f5#Vr#M=d=E%LqZ_44cp7`@ zv52P8Wo?*Uvr>&uQFa;Dw{CRX*0+C`q7U}O@DZ$cY|dIOpwFwpO(tiV9Ej_;{=}G? zBCA_%O`B^xDIGR8x7DAQA}!CL+S~SW5AQ4~xK|g6-M*b26BB-a{yh-i<65M*sr|@n z^|iHJaml$%O}UI!$*u*vpxD1bES2O?+!&Cf;Q%`YqvMefi?>a{@Ga@~T5i6lLZZ#svY};o?IP z!ktzCO({wG9G_cb7jY@Dj!~lt7smo71gKWmnDCjLo-b_4(zz@qxLLYz< zyBOc|5|mn@t@0OZ10G7T@O1l!wMB4^i#h9R%}>8?8^`TXDVaN0$HFuH7sn`!8OlZ$_jD~!f?v~L5RCR)27o{N6kZ~XEJ6mno&=3z zFavVbtzEjtu|#`)PZ^9oau7Ec4aSx`YW#RW*6+Qpu_6{O4<6L*Z1PkM)r^&^>Pg}9`9kb6aPFmgQ@gs*bKKbp z6{dyzbUdb&ECb%qOW7yRi5(Xx_2&$SbEDB0Xh*u&J7waH8sbcevCDv}p?K0JlfIKN zm|6+6BeL)w0UH23OI|yfi@ju44 za3sRd5JsgytY`QXo3v9Cpz`qpy#yrf#h)RQ$4QU_hvD@XQ3Bajb0Tr?fL}=Z;do8K zie-Orh$YIAdJgP20@(Mi`0PoP*XvXu+nqi$nUW?^J<-ylReBy=wXOF~D=W};PahPJ zJl^gkWAT@v4zykSXZsoxzkcpekD8UpyGs*dL@@m9LVpq2k{oPHzXzTbBD9~IN*c>s zR1T}E{PH<5{z;AM9ySE+Bctf@_{+R?+L*fU7S>b$lcS;%qt006*EB)P*#TOC+Jr}} zEQsr{p_wq~Lu4bpKA{B|U;DYvQC<(r`mV>`9p%40VR_?pY?Vqz2r;e%FL_J9=Y>Nr zS~h}up&6?;UH(o6B=zk-VJf#)u-|4bJXsqi_kAu~zM<1`fH&IX@ggerQry$StQpD^ z-?4EPm1_~^*bFsghUnC)TGERrH>LZk?7s}Yf8bK8Zf{bvCB`^Jsj)w`ggMG`oEA>|b&H~q3I5}VkJQ<7jahCzSb{XSen=v` zl;!8e=c|IJ;%)QgGZBSLR`9>jL?uT zDw>4XlUM3au(|cWdbDxyCfSp)-(j0w86v%OB|UarY6pKQzA&HG0H5P%9FThZmu^O4 z4S6u#frt5;G>NpB(mlh4bAIS_aM(&;f|V$P)pxee_Q*v$Qs1Yrmww)7Kf~p9RrC2P zB?|n&OEAI&yY2+t3i)Rhq|_T8^4y(?nr*c9KcWaRImx&d&BbtjDalQ6`GRK{;h6ks zQbdB%$Z)oiDBY&Yv4QgidI}IRkdRV3NY!~}L~xRH#yAQ&R(it5ef!pfnohG+EoMTe zDD;#WT!fNWosmdGe}-NZPT%8+!3>qlGtrz8B<;TbP!odbBOOeVvxfwFuRhlREG)jl zJ?g;zUwH^05-WZ}bB0UG0l150Z>^adK-Pvzf;5$Dr#F$~I?<3@p}VxHgVu$@pt+_m zPiXj+0HZ9^xIjr@=fn~kCd4RtwP;4gB3<2u)=z*)8B`oMi^EF8 zwag8W1t6n-5@6j&5hNKQRU|ZI{;p|4Gs_60xV%@Vbm~obP?VURqa;uQB5*g&na~~H znJg!_bCiY3Ni$1_X~O6n=0-8V(9$c|{E8m%)?wyF(a_8y%4J4VTJ1+r3K+kbzoiFaE=E_ajaiuDfy4Z;xj+dtc0zvTnwXym?^pc0oe z+~~ao6UQIrQ_H>2!b*gTlYgeSrVK)*A52aVrlRo5VGZqfCkfwqhGL=#c(|&_h1NC2 zq*3Z*qT%D9iL->!rX=9oFuKrh