From 7ffa32d5adfb585721d1679f542133a984ee26ef Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Fri, 28 Apr 2023 14:00:20 +0200
Subject: [PATCH] Update to 2023-04-28 14:00

---
 roles/babashka/defaults/main.yml            |   4 +-
 roles/bookstack/defaults/main.yml           |   4 +-
 roles/diagrams/defaults/main.yml            |   4 +-
 roles/gitea/defaults/main.yml               |   4 +-
 roles/letsencrypt/templates/config.j2       |   2 +-
 roles/linstor_controller/vars/RedHat-8.yml  |   1 +
 roles/matrix_element/defaults/main.yml      |   4 +-
 roles/matrix_synapse/defaults/main.yml      |   2 +-
 roles/n8n/defaults/main.yml                 |   2 +-
 roles/odoo/tasks/main.yml                   |   4 +-
 roles/repo_samba4/defaults/main.yml         |   2 +-
 roles/squid/files/acl/software_epel.domains | 102 ++++++++++++--------
 roles/vault/templates/update_nomad_cert.j2  |   2 +-
 roles/wordpress/tasks/archive_pre.yml       |   1 +
 14 files changed, 80 insertions(+), 58 deletions(-)

diff --git a/roles/babashka/defaults/main.yml b/roles/babashka/defaults/main.yml
index cb132f8..8a17702 100644
--- a/roles/babashka/defaults/main.yml
+++ b/roles/babashka/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
 
 # Babashka version to deploy
-bb_version: 1.3.176
+bb_version: 1.3.179
 # URL of the archive
 bb_archive_url: https://github.com/babashka/babashka/releases/download/v{{ bb_version }}/babashka-{{ bb_version }}-linux-amd64-static.tar.gz
 # Expected sha256sum of the archive
-bb_archive_sha256: b1772d2b04399ed981803b380307888a58068803ecf2c0cd22c43e83b811a9f8
+bb_archive_sha256: d7d39e1a1ecd7e764c8fd542329c00bfd2924344cae3dc66ef2ea7276a644900
diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml
index 77f96f5..0d201f5 100644
--- a/roles/bookstack/defaults/main.yml
+++ b/roles/bookstack/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-bookstack_version: '23.02.2'
+bookstack_version: '23.02.3'
 # URL of the arhive
 bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz
 # Expected sha256 of the archive
-bookstack_archive_sha256: 7f5dc7643480fd0f0584e1ed8436ad8fc67350f8dae7a3ef59fa442c05f5be4c
+bookstack_archive_sha256: cee038fa07be867019a342de4a36ed6c8cc84bfa8683b19680b64e89a0c689bc
 
 # Should ansible handle bookstack upgrades or just the inintial install
 bookstack_manage_upgrade: True
diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml
index 83d24b8..d9d252d 100644
--- a/roles/diagrams/defaults/main.yml
+++ b/roles/diagrams/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Veresion of diagrams to deploy
-diagrams_version: 21.1.1
+diagrams_version: 21.1.4
 # URL of the WAR file to deploy
 diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war
 # Expected sha256 of the WAR file
-diagrams_war_sha256: d817a66fee6b630481b4d86888cd39fac43f68d5a3a960362d45e227c03b66ab
+diagrams_war_sha256: e664d9b9656b497f5c746724ff4dfab8d9170951a92d68a663878c8c1c05bdfc
 # root directory of the installation
 diagrams_root_dir: /opt/diagrams
 # Should ansible manage upgrades, or just initial install ?
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 1201820..6611566 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-gitea_version: 1.19.0
+gitea_version: 1.19.2
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: 51e8d46a2634e5b5f4266eee8ca4689b5932caf692f23d06cbe5d2eaffe56079
+gitea_bin_sha256: c170562621ee548cfe183dcf1879da0738a987c8fe261fe14c0921f152aebd93
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
diff --git a/roles/letsencrypt/templates/config.j2 b/roles/letsencrypt/templates/config.j2
index afaf8cc..155d417 100644
--- a/roles/letsencrypt/templates/config.j2
+++ b/roles/letsencrypt/templates/config.j2
@@ -11,7 +11,7 @@ HOOK=/usr/{{ (ansible_os_family == 'Debian') | ternary('local/','') }}bin/dehydr
 RENEW_DAYS="{{ letsencrypt_renew_days | default('30') }}"
 PRIVATE_KEY_RENEW="yes"
 {% if letsencrypt_preferred_chain is not defined %}
-PREFERRED_CHAIN="{{ letsencrypt_openssl_version.stdout is version('1.1', '>=') | ternary('ISRG Root X1','issuer= /C=US/O=Internet Security Research Group/CN=ISRG Root X1') }}"
+PREFERRED_CHAIN="{{ letsencrypt_openssl_version.stdout is version('1.0.2k', '>=') | ternary('ISRG Root X1','issuer= /C=US/O=Internet Security Research Group/CN=ISRG Root X1') }}"
 {% elif letsencrypt_preferred_chain != 'default' %}
 PREFERRED_CHAIN={{ letsencrypt_preferred_chain | quote }}
 {% endif %}
diff --git a/roles/linstor_controller/vars/RedHat-8.yml b/roles/linstor_controller/vars/RedHat-8.yml
index 53941f5..659d901 100644
--- a/roles/linstor_controller/vars/RedHat-8.yml
+++ b/roles/linstor_controller/vars/RedHat-8.yml
@@ -3,3 +3,4 @@
 linctl_packages:
   - linstor-controller
   - linstor-client
+  - tmpwatch
diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml
index 1e2143d..54a9819 100644
--- a/roles/matrix_element/defaults/main.yml
+++ b/roles/matrix_element/defaults/main.yml
@@ -5,8 +5,8 @@
 element_id: element
 
 # Version to deploy, and expected sha256
-element_version: 1.11.27
-element_archive_sha256: 6d02e197017e1fa7e4f9418a55ed2435baeffd1d3f670f4706dcc62336913ea2
+element_version: 1.11.30
+element_archive_sha256: 35f718ff31967b9b90b7b3075d6844d5dbdcba9b5c1cc29d0cc50f0dc2bb7102
 
 # Where to install element
 element_root_dir: /opt/matrix/element
diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml
index 41cefc0..9ef8621 100644
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Synapse version to deploy
-synapse_version: '1.80.0'
+synapse_version: '1.82.0'
 
 # Should ansible handle Synapse upgrades ? If false, only initial install will be done
 synapse_manage_upgrade: True
diff --git a/roles/n8n/defaults/main.yml b/roles/n8n/defaults/main.yml
index 7b7bda7..558c020 100644
--- a/roles/n8n/defaults/main.yml
+++ b/roles/n8n/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Version to deploy
-n8n_version: 0.220.0
+n8n_version: 0.224.0
 # Root directory where n8n will be installed
 n8n_root_dir: /opt/n8n
 # User account under which n8n will run
diff --git a/roles/odoo/tasks/main.yml b/roles/odoo/tasks/main.yml
index 281dda8..01d61ee 100644
--- a/roles/odoo/tasks/main.yml
+++ b/roles/odoo/tasks/main.yml
@@ -10,7 +10,7 @@
   tags: always
 
 - include_tasks: archive_pre.yml
-  when: odoo_install_mode == 'upgrade'
+  when: odoo_install_mode | default('none') == 'upgrade'
   tags: always
 
 - include_tasks: install.yml
@@ -30,7 +30,7 @@
   tags: always
 
 - include_tasks: archive_post.yml
-  when: odoo_install_mode == 'upgrade'
+  when: odoo_install_mode | default('none') == 'upgrade'
   tags: always
 
 - include_tasks: cleanup.yml
diff --git a/roles/repo_samba4/defaults/main.yml b/roles/repo_samba4/defaults/main.yml
index dea4e71..52ecc4a 100644
--- a/roles/repo_samba4/defaults/main.yml
+++ b/roles/repo_samba4/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
 # Select a branch from https://samba.tranquil.it/centos7/ or https://samba.tranquil.it/centos7/
-samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.18.1') }}
+samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.18.2') }}
diff --git a/roles/squid/files/acl/software_epel.domains b/roles/squid/files/acl/software_epel.domains
index 97fb00a..0c7f725 100644
--- a/roles/squid/files/acl/software_epel.domains
+++ b/roles/squid/files/acl/software_epel.domains
@@ -1,43 +1,63 @@
-mirrors.fedoraproject.org
-download.fedoraproject.org
-dl.fedoraproject.org
-download.fedora.redhat.com
-src.fedoraproject.org
+fr2.rpmfind.net
+mirror.in2p3.fr
+mirror.accum.se
+mirror.de.leaseweb.net
+mirrors.ptisp.pt
+ftp.arnes.si
+mirrors.xtom.de
+mirror.23m.com
+linuxsoft.cern.ch
+mirrors.netix.net
+ftp.lysator.liu.se
+mirrors.n-ix.net
+epel.ip-connect.info
+epel.ip-connect.vn.ua
+mirrors.ukfast.co.uk
+mirror.netcologne.de
+creeperhost.mm.fcix.net
+mirror.netsite.dk
+ftp.fi.muni.cz
+mirror.telepoint.bg
+mirrors.mivocloud.com
+mirror.datacenter.by
+ftp.nluug.nl
+mirrors.nic.cz
+ftp.uni-bayreuth.de
+centos.mirror.alwyzon.net
+mirror.karneval.cz
+lon.mirror.rackspace.com
+fedora.ipacct.com
+ftp.plusline.net
+mirror.nsc.liu.se
+mirrors.nav.ro
+centos.anexia.at
+mirror.ihost.md
+www.nic.funet.fi
+mirror.slu.cz
+mirror.dogado.de
+ftp.fau.de
+mirror.imt-systems.com
+mirrors.uni-ruse.bg
+ftp.halifax.rwth-aachen.de
+ftp.uni-stuttgart.de
+mirror.linux-ia64.org
+ftp.nsc.ru
+mirrors.neterra.net
+mirror.wd6.net
+mirror.nl.leaseweb.net
+mirror.centos.no
+level66.mm.fcix.net
+mirror.t-home.mk
+fedora-epel.koyanet.lv
+mirror.uv.es
+ftp.upjs.sk
+ftp.bme.hu
+repo.fedora.md
+mirror.cspacehostings.com
+mirrors.nxthost.com
+mirrors.glesys.net
+www.fedora.is
+mirror.netzwerge.de
 mir01.syntis.net
 mirrors.ircam.fr
-mirror.in2p3.fr
-mirror.speedpartner.de
-ftp.uma.es
-mirror.bytemark.co.uk
-mirror.imt-systems.com
-mirror.niif.hu
-epel.mirror.serveriai.lt
-epel.mirror.wearetriple.com
-epel.silknet.com
-epel.uni-sofia.bg
-fastmirror.pp.ua
-fedora.cu.be
-fedora-epel.koyanet.lv
-fedora.ipacct.com
-fedora.mirrorservice.org
-fedora.nyherji.is
-ftp.acc.umu.se
-ftp.lysator.liu.se
-ftp-stud.hs-esslingen.de
-ge.mirror.cloud9.ge
-mirror.alwyzon.net
-mirror.cherryservers.com
-mirror.cloudhosting.lv
-mirror.digitalnova.at
-mirror.efect.ro
-mirror.etf.bg.ac.rs
-mirror.lanet.network
-mirror.logol.ru
-mirror.nl.leaseweb.net
-mirror.slu.cz
-mirrors.uni-ruse.bg
-mirror.vpsnet.com
-pkg.adfinis.com
-repos.silknet.com
-www.nic.funet.fi
-codecs.fedoraproject.org
+mirrors.fedoraproject.org
diff --git a/roles/vault/templates/update_nomad_cert.j2 b/roles/vault/templates/update_nomad_cert.j2
index 5146632..89a0419 100644
--- a/roles/vault/templates/update_nomad_cert.j2
+++ b/roles/vault/templates/update_nomad_cert.j2
@@ -7,7 +7,7 @@ VAULT_TOKEN=$2
 
 VAULT_ADDR={{ vault_conf.api_addr }}
 
-if [ "$(vault status -format=json| jq .is_self)" != "true" ]; then
+if [ "$(vault status -format=json | jq .is_self)" != "true" ]; then
   echo "We're not the active vault, exiting"
 elif [ "$(vault status -format=json | jq .sealed)" != "false" ]; then
   echo "Vault is sealed, exiting"
diff --git a/roles/wordpress/tasks/archive_pre.yml b/roles/wordpress/tasks/archive_pre.yml
index b3a9271..5b5a88b 100644
--- a/roles/wordpress/tasks/archive_pre.yml
+++ b/roles/wordpress/tasks/archive_pre.yml
@@ -5,5 +5,6 @@
     - root_dir: "{{ wp_root_dir }}"
     - version: "{{ wp_current_version }}"
     - db_name: "{{ wp_db_name }}"
+    - db_server: "{{ wp_db_server }}"
   tags: wp