Update to 2023-07-11 18:00

roles/postfix/templates/main.cf.j2

@@ -29,6 +29,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/relay_auth
 smtp_use_tls = yes
 {% elif postfix_relay_transport | default('starttls') == 'tls' %}
 smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
 {% endif %}
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous

roles/repo_zabbix/vars/RedHat-8.yml

@@ -1,4 +1,4 @@
 ---
 
-zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4
+zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591
 zabbix_plugin_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591

roles/unifi/defaults/main.yml

@@ -3,11 +3,11 @@
 # Where unifi will be installed
 unifi_root_dir: /opt/unifi
 # Version to deploy
-unifi_version: 7.4.156
+unifi_version: 7.4.162
 # URL to get the installation tarball
 unifi_archive_url: https://www.ubnt.com/downloads/unifi/{{ unifi_version }}/UniFi.unix.zip
 # Expected sha256
-unifi_archive_sha256: 5f108afc95a4263e3fc393b884ac498cf2fa7782591fa0447263180ce5bd506d
+unifi_archive_sha256: 5cd0f62b10d069b75817b37be4780e83d90fc2d37eaa6dbd6db842d637ac3d28
 # Should ansible handle upgrades (if False, only initial install will be done)
 unifi_manage_upgrade: True
 # List of ports used by UniFi controler

roles/vaultwarden/defaults/main.yml

@@ -1,8 +1,8 @@
 ---
 
-vaultwarden_version: 1.28.1
+vaultwarden_version: 1.29.0
 vaultwarden_archive_url: https://github.com/dani-garcia/vaultwarden/archive/{{ vaultwarden_version }}.tar.gz
-vaultwarden_archive_sha256: d6991cba20d8aaf7559eb4b8a7d82b68476c12d4913142490839addc2562d12a
+vaultwarden_archive_sha256: 2f6c517663506d8aa3b4911e54ddf63ed844da0c730ba7466ae191d2414d0431
 
 vaultwarden_web_version: 2023.5.0
 vaultwarden_web_archive_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
@@ -22,7 +22,6 @@ vaultwarden_db_user: vaultwarden
 
 # Port on which vaultwarden will bind
 vaultwarden_http_port: 8000
-vaultwarden_ws_port: 8001
 # List of IP addresses (can be CIDR notation) which will be able to
 # access vaultwarden ports
 vaultwarden_src_ip: []

roles/vaultwarden/tasks/iptables.yml

@@ -4,5 +4,5 @@
   iptables_raw:
     name: vaultwarden
     state: "{{ (vaultwarden_src_ip | length > 0) | ternary('present','absent') }}"
-    rules: "-A INPUT -m state --state NEW -m multiport -p tcp --dports {{ vaultwarden_http_port }},{{ vaultwarden_ws_port }} -s {{ vaultwarden_src_ip | join(',') }} -j ACCEPT"
+    rules: "-A INPUT -m state --state NEW -m multiport -p tcp --dports {{ vaultwarden_http_port }} -s {{ vaultwarden_src_ip | join(',') }} -j ACCEPT"
   tags: firewall,vaultwarden

roles/vaultwarden/templates/nginx.conf.j2

@@ -24,7 +24,7 @@ server {
   }
 
   location /notifications/hub {
-    proxy_pass http://localhost:{{ vaultwarden_ws_port }};
+    proxy_pass http://localhost:{{ vaultwarden_http_port }};
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
   }

roles/vaultwarden/templates/vaultwarden.conf.j2

@@ -10,8 +10,6 @@ DOMAIN={{ vaultwarden_public_url }}
 ROCKET_ENV=prod
 ROCKET_ADDRESS=0.0.0.0
 ROCKET_PORT={{ vaultwarden_http_port }}
-WEBSOCKET_ENABLED=true
-WEBSOCKET_PORT={{ vaultwarden_ws_port }}
 SMTP_HOST=localhost
 SMTP_PORT=25
 SMTP_SECURITY=off

roles/wordpress/defaults/main.yml

@@ -15,6 +15,9 @@ wp_php_version: 82
 # Unix account which will run PHP scripts
 wp_php_user: php-wp_{{ wp_id }}
 
+# Max memory for PHP
+wp_php_memory_limit: 256M
+
 # Default language to install
 wp_locale: fr_FR
 

roles/wordpress/templates/php.conf.j2

@@ -19,7 +19,7 @@ request_terminate_timeout = 5m
 php_flag[display_errors] = off
 php_admin_flag[log_errors] = on
 php_admin_value[error_log] = syslog
-php_admin_value[memory_limit] = 256M
+php_admin_value[memory_limit] = {{ wp_php_memory_limit }}M
 php_admin_value[session.save_path] = {{ wp_root_dir }}/sessions
 php_admin_value[upload_tmp_dir] = {{ wp_root_dir }}/tmp
 php_admin_value[sys_temp_dir] = {{ wp_root_dir }}/tmp