From b654733854f330614552df54a66514b2187246ab Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 11 Jul 2023 18:00:13 +0200 Subject: [PATCH] Update to 2023-07-11 18:00 --- roles/postfix/templates/main.cf.j2 | 1 + roles/repo_zabbix/vars/RedHat-8.yml | 2 +- roles/unifi/defaults/main.yml | 4 ++-- roles/vaultwarden/defaults/main.yml | 5 ++--- roles/vaultwarden/tasks/iptables.yml | 2 +- roles/vaultwarden/templates/nginx.conf.j2 | 2 +- roles/vaultwarden/templates/vaultwarden.conf.j2 | 2 -- roles/wordpress/defaults/main.yml | 3 +++ roles/wordpress/templates/php.conf.j2 | 2 +- 9 files changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index aa4fcdc..5ed1fa3 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -29,6 +29,7 @@ smtp_sasl_password_maps = hash:/etc/postfix/relay_auth smtp_use_tls = yes {% elif postfix_relay_transport | default('starttls') == 'tls' %} smtp_tls_wrappermode = yes +smtp_tls_security_level = encrypt {% endif %} smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous diff --git a/roles/repo_zabbix/vars/RedHat-8.yml b/roles/repo_zabbix/vars/RedHat-8.yml index 16b1c7b..7917072 100644 --- a/roles/repo_zabbix/vars/RedHat-8.yml +++ b/roles/repo_zabbix/vars/RedHat-8.yml @@ -1,4 +1,4 @@ --- -zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4 +zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 zabbix_plugin_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 diff --git a/roles/unifi/defaults/main.yml b/roles/unifi/defaults/main.yml index e17bcad..511b6a5 100644 --- a/roles/unifi/defaults/main.yml +++ b/roles/unifi/defaults/main.yml @@ -3,11 +3,11 @@ # Where unifi will be installed unifi_root_dir: /opt/unifi # Version to deploy -unifi_version: 7.4.156 +unifi_version: 7.4.162 # URL to get the installation tarball unifi_archive_url: https://www.ubnt.com/downloads/unifi/{{ unifi_version }}/UniFi.unix.zip # Expected sha256 -unifi_archive_sha256: 5f108afc95a4263e3fc393b884ac498cf2fa7782591fa0447263180ce5bd506d +unifi_archive_sha256: 5cd0f62b10d069b75817b37be4780e83d90fc2d37eaa6dbd6db842d637ac3d28 # Should ansible handle upgrades (if False, only initial install will be done) unifi_manage_upgrade: True # List of ports used by UniFi controler diff --git a/roles/vaultwarden/defaults/main.yml b/roles/vaultwarden/defaults/main.yml index f48ed78..f4d8516 100644 --- a/roles/vaultwarden/defaults/main.yml +++ b/roles/vaultwarden/defaults/main.yml @@ -1,8 +1,8 @@ --- -vaultwarden_version: 1.28.1 +vaultwarden_version: 1.29.0 vaultwarden_archive_url: https://github.com/dani-garcia/vaultwarden/archive/{{ vaultwarden_version }}.tar.gz -vaultwarden_archive_sha256: d6991cba20d8aaf7559eb4b8a7d82b68476c12d4913142490839addc2562d12a +vaultwarden_archive_sha256: 2f6c517663506d8aa3b4911e54ddf63ed844da0c730ba7466ae191d2414d0431 vaultwarden_web_version: 2023.5.0 vaultwarden_web_archive_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz @@ -22,7 +22,6 @@ vaultwarden_db_user: vaultwarden # Port on which vaultwarden will bind vaultwarden_http_port: 8000 -vaultwarden_ws_port: 8001 # List of IP addresses (can be CIDR notation) which will be able to # access vaultwarden ports vaultwarden_src_ip: [] diff --git a/roles/vaultwarden/tasks/iptables.yml b/roles/vaultwarden/tasks/iptables.yml index a1c43ec..32712ca 100644 --- a/roles/vaultwarden/tasks/iptables.yml +++ b/roles/vaultwarden/tasks/iptables.yml @@ -4,5 +4,5 @@ iptables_raw: name: vaultwarden state: "{{ (vaultwarden_src_ip | length > 0) | ternary('present','absent') }}" - rules: "-A INPUT -m state --state NEW -m multiport -p tcp --dports {{ vaultwarden_http_port }},{{ vaultwarden_ws_port }} -s {{ vaultwarden_src_ip | join(',') }} -j ACCEPT" + rules: "-A INPUT -m state --state NEW -m multiport -p tcp --dports {{ vaultwarden_http_port }} -s {{ vaultwarden_src_ip | join(',') }} -j ACCEPT" tags: firewall,vaultwarden diff --git a/roles/vaultwarden/templates/nginx.conf.j2 b/roles/vaultwarden/templates/nginx.conf.j2 index 248a2ad..24f93cb 100644 --- a/roles/vaultwarden/templates/nginx.conf.j2 +++ b/roles/vaultwarden/templates/nginx.conf.j2 @@ -24,7 +24,7 @@ server { } location /notifications/hub { - proxy_pass http://localhost:{{ vaultwarden_ws_port }}; + proxy_pass http://localhost:{{ vaultwarden_http_port }}; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } diff --git a/roles/vaultwarden/templates/vaultwarden.conf.j2 b/roles/vaultwarden/templates/vaultwarden.conf.j2 index 36daa9f..9ccb7ca 100644 --- a/roles/vaultwarden/templates/vaultwarden.conf.j2 +++ b/roles/vaultwarden/templates/vaultwarden.conf.j2 @@ -10,8 +10,6 @@ DOMAIN={{ vaultwarden_public_url }} ROCKET_ENV=prod ROCKET_ADDRESS=0.0.0.0 ROCKET_PORT={{ vaultwarden_http_port }} -WEBSOCKET_ENABLED=true -WEBSOCKET_PORT={{ vaultwarden_ws_port }} SMTP_HOST=localhost SMTP_PORT=25 SMTP_SECURITY=off diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml index 90489a8..ec53aa1 100644 --- a/roles/wordpress/defaults/main.yml +++ b/roles/wordpress/defaults/main.yml @@ -15,6 +15,9 @@ wp_php_version: 82 # Unix account which will run PHP scripts wp_php_user: php-wp_{{ wp_id }} +# Max memory for PHP +wp_php_memory_limit: 256M + # Default language to install wp_locale: fr_FR diff --git a/roles/wordpress/templates/php.conf.j2 b/roles/wordpress/templates/php.conf.j2 index d200ddf..27ffadb 100644 --- a/roles/wordpress/templates/php.conf.j2 +++ b/roles/wordpress/templates/php.conf.j2 @@ -19,7 +19,7 @@ request_terminate_timeout = 5m php_flag[display_errors] = off php_admin_flag[log_errors] = on php_admin_value[error_log] = syslog -php_admin_value[memory_limit] = 256M +php_admin_value[memory_limit] = {{ wp_php_memory_limit }}M php_admin_value[session.save_path] = {{ wp_root_dir }}/sessions php_admin_value[upload_tmp_dir] = {{ wp_root_dir }}/tmp php_admin_value[sys_temp_dir] = {{ wp_root_dir }}/tmp