Update to 2022-09-16 10:00

2025-04-12 00:03:17 +02:00 · 2022-09-16 10:00:09 +02:00 · 2022-09-16 10:00:09 +02:00 · 0af60855cc
commit 0af60855cc
parent 5f63198ca7
13 changed files with 32 additions and 24 deletions
--- a/roles/consul/tasks/conf.yml
+++ b/roles/consul/tasks/conf.yml
@ -8,7 +8,7 @@
    cert_path: "{{ consul_conf.tls.defaults.cert_file }}"
    cert_key_path: "{{ consul_conf.tls.defaults.key_file }}"
    cert_key_group: "{{ consul_user }}"
-    cert_key_mode: 640
+    cert_key_mode: 0640
  tags: consul

 - name: Check if CA exists
--- a/roles/documize/defaults/main.yml
+++ b/roles/documize/defaults/main.yml
@ -1,11 +1,11 @@
 ---

 # Version of cocumize to deploy
-documize_version: 5.2.1
+documize_version: 5.2.2
 # URL of the binary to install
 documize_bin_url: https://github.com/documize/community/releases/download/v{{ documize_version }}/documize-community-linux-amd64
 # Expected sha1 of the binary
-documize_bin_sha256: 154fd2c23f8991482b42d2d15e4cb5c8b5c965c1283c0e114b7943276de1be07
+documize_bin_sha256: 86d635d804853f10bbe190ba40253293b692869ad0efff707005ec6a08f23163

 # Should documize handle upgrades or only initial install ?
 documize_manage_upgrade: True
--- a/roles/jitsi/tasks/install.yml
+++ b/roles/jitsi/tasks/install.yml
@ -174,7 +174,7 @@
      args:
        chdir: "{{ jitsi_root_dir }}/src/meet"
      environment:
-        NODE_OPTIONS: "--max_old_space_size=3072"
+        NODE_OPTIONS: "--max_old_space_size=4096"
      become_user: "{{ jitsi_user }}"

    #- name: Reset git (so next run won't detect a change)
--- a/roles/linstor_gateway/tasks/iptables.yml
+++ b/roles/linstor_gateway/tasks/iptables.yml
@ -5,15 +5,15 @@
    name: lingw_nfs_port
    state: "{{ (lingw_nfs_src_ip | length > 0) | ternary('present','absent') }}"
    rules: |
-      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
-      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
-      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
  tags: firewall,drbd

 - name: Handle iSCSI port
  iptables_raw:
    name: lingw_iscsi_port
    state: "{{ (lingw_iscsi_src_ip | length > 0) | ternary('present','absent') }}"
-    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | join(',') }} -j ACCEPT"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | flatten | join(',') }} -j ACCEPT"
  tags: firewall,drbd

--- a/roles/linstor_satellite/defaults/main.yml
+++ b/roles/linstor_satellite/defaults/main.yml
@ -10,10 +10,5 @@ linsat_controllers_url:
 # List of IP/CIDR which can reach the API of the satellite (only Linstor controller should reach it)
 linsat_api_src_ip: []

-# HA NFS Service
-linsat_nfs_src_ip: []
-# HA iSCSI Service
-linsat_iscsi_src_ip: []
-
 # List of resources to keep (and not delete/regenerate) on start. Usefull for the HA controller
 linsat_keep_res: [ "{{ linctl_ha_res | default('linstor_db') }}" ]
--- a/roles/matrix_element/defaults/main.yml
+++ b/roles/matrix_element/defaults/main.yml
@ -5,8 +5,8 @@
 element_id: element

 # Version to deploy, and expected sha256
-element_version: 1.11.4
-element_archive_sha256: 6a102e92f002db41d036071aac06d4f81d75636f6326e4874b1480012db59b46
+element_version: 1.11.5
+element_archive_sha256: 7d4575edaf7b28a8f0f16900a1287e44751ba26aeab3647e3d826e5f7e929a90

 # Where to install element
 element_root_dir: /opt/matrix/element
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@ -1,7 +1,7 @@
 ---

 # Synapse version to deploy
-synapse_version: '1.66.0'
+synapse_version: '1.67.0'

 # Should ansible handle Synapse upgrades ? If false, only initial install will be done
 synapse_manage_upgrade: True
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -21,13 +21,21 @@ nginx_log_format: combined_virtual
 # Some special vhost names can be derived from it. Eg downtime.{{ nginx_primary_domain }}
 nginx_primary_domain: "{{ ansible_domain }}"

+
 nginx_cert_path: /etc/nginx/ssl/cert.pem
 nginx_key_path: /etc/nginx/ssl/key.pem
 # OR
 #
 # nginx_letsencrypt_cert:

-# Default nginx vhost
+# The root of the default_server vhost
+nginx_root: /usr/share/nginx/html
+# If autoindex should be enabled for the default_server vhost
+nginx_autoindex: False
+
+
+# Default nginx vhost. This is not the settings of the default_server
+# but settings which will be inherited by all the vhosts (unless overriden at the vhost level)
 # You can override it if you want to use a custom _ vhost
 nginx_default_vhost_name: _
 nginx_vhosts: []
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@ -84,7 +84,7 @@ http {
    listen 443{% if nginx_default_vhost_name == '_' %} default_server{% endif %} ssl http2;

    server_name {{ nginx_default_vhost_name }};
-    root /usr/share/nginx/html;
+    root {{ nginx_root }};

    # Load location fragments in the default vhost
    include /etc/nginx/ansible_location.d/*.conf;
@ -99,6 +99,9 @@ http {
    include /etc/nginx/ansible_conf.d/acme.inc;

    location / {
+{% if nginx_autoindex %}
+      autoindex on;
+{% endif %}
    }

    location ~ \.ht {
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@ -11,7 +11,7 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('9.0.7','9.0.8') }}"
+seafile_version: "{{ seafile_license is defined | ternary('9.0.8','9.0.8') }}"

 # Archive URL and sha256 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
--- a/roles/seafile/files/seafile-pro-server_9.0.7_x86-64_CentOS.tar.gz
+++ b/roles/seafile/files/seafile-pro-server_9.0.7_x86-64_CentOS.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b8aa32d54300c7d920bff19110f1b0bba79c8ebc9c3e7628ada0ca05240c4cdf
-size 96811511
--- a/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
+++ b/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bc555a48a4f0ad47daf6b53a742b1e1e57b591f2bd3d97a602fb521bb920283
+size 97113976
--- a/roles/sftpgo/tasks/directories.yml
+++ b/roles/sftpgo/tasks/directories.yml
@ -5,7 +5,8 @@
  loop:
    - dir: /
      owner: "{{ sftpgo_user }}"
-      mode: 700
+      group: "{{ sftpgo_user }}"
+      mode: 770
    - dir: meta
      mode: 700
    - dir: archives
@ -22,7 +23,8 @@
    - dir: bin
    - dir: data
      owner: "{{ sftpgo_user }}"
-      mode: 700
+      group: "{{ sftpgo_user }}"
+      mode: 770
    - dir: data/home
      owner: "{{ sftpgo_user }}"
      mode: 700