From a1c2d0131aaa706e21c0358e94e459833461473e Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Wed, 6 Nov 2024 12:00:48 +0100
Subject: [PATCH] Update to 2024-11-06 12:00
---
roles/consul_bin/defaults/main.yml | 4 +-
roles/glpi/defaults/main.yml | 28 ++++++-------
.../templates/nginx_portal.conf.j2 | 42 ++++++++++++-------
roles/seafile/defaults/main.yml | 4 +-
...le-pro-server_11.0.15_x86-64_CentOS.tar.gz | 3 --
...le-pro-server_11.0.16_x86-64_CentOS.tar.gz | 3 ++
.../squid/files/acl/software_various.domains | 1 +
roles/squid/handlers/main.yml | 6 +--
roles/vault_bin/defaults/main.yml | 4 +-
9 files changed, 53 insertions(+), 42 deletions(-)
delete mode 100644 roles/seafile/files/seafile-pro-server_11.0.15_x86-64_CentOS.tar.gz
create mode 100644 roles/seafile/files/seafile-pro-server_11.0.16_x86-64_CentOS.tar.gz
diff --git a/roles/consul_bin/defaults/main.yml b/roles/consul_bin/defaults/main.yml
index 289a0f1..b3e210f 100644
--- a/roles/consul_bin/defaults/main.yml
+++ b/roles/consul_bin/defaults/main.yml
@@ -1,8 +1,8 @@
---
# Version of consul to deploy
-consul_version: 1.20.0
+consul_version: 1.20.1
# URL from where the consul archive will be downloaded
consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip
# Expected sha256 of the archive
-consul_archive_sha256: da7a71476f8a83f69853c95316518b888d5863ce3b326523bb8e3ad1a302ed64
+consul_archive_sha256: d38e7571177909d437a9cbcc62fb65083bc567266b74a62d02c6abe783951648
diff --git a/roles/glpi/defaults/main.yml b/roles/glpi/defaults/main.yml
index ddad531..c858445 100644
--- a/roles/glpi/defaults/main.yml
+++ b/roles/glpi/defaults/main.yml
@@ -2,9 +2,9 @@
glpi_id: 1
glpi_manage_upgrade: True
-glpi_version: '10.0.16'
+glpi_version: '10.0.17'
glpi_archive_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz
-glpi_archive_sha256: 2c49ea2104c6a107999b28160aa3283ed23b59fb0ba7f3899f1e388830365ce0
+glpi_archive_sha256: 4cfc485ad2b1ba16e38d2725a13375bda784abf1533a79971711feed0a7f5e11
glpi_root_dir: /opt/glpi_{{ glpi_id }}
glpi_php_user: php-glpi_{{ glpi_id }}
# If set, will use the following custom PHP FPM pool, which must be created
@@ -39,29 +39,29 @@ glpi_plugins:
sha256: c7a1702fa9c14337994d6c50ef4eebf3e0e10452975512fd0cc43386a5a5cbd8
url: https://github.com/yllen/behaviors/releases/download/v2.7.3/glpi-behaviors-2.7.3.tar.gz
manufacturersimports:
- version: 3.0.8
- sha256: 29823602285633b34682853964cff89b527ca60896eb1e1959af91a295423007
- url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/3.0.8/glpi-manufacturersimports-3.0.8.tar.bz2
+ version: 3.0.9
+ sha256: 6ec265211d4855b25454a9c7e1ac9e0bb4cfd33d4a0efeb5b6dad83a14a4bdaf
+ url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/3.0.9/glpi-manufacturersimports-3.0.9.tar.bz2
tag:
- version: 2.11.7
- sha256: c4324e34d6710be806882119220cc3a97d821c0bc513291d2e667c59df0f85e3
- url: https://github.com/pluginsGLPI/tag/releases/download/2.11.7/glpi-tag-2.11.7.tar.bz2
+ version: 2.12.1
+ sha256: ad94e895479dd9b303ce8c350d1e1d97cf4799b65e457563e655c5d9f3d943bb
+ url: https://github.com/pluginsGLPI/tag/releases/download/2.12.1/glpi-tag-2.12.1.tar.bz2
mreporting:
version: 1.8.6
sha256: e45568c2628c1e7bf65b8d5d62b1e54c03b2c870c4d424aa10e711bfa4b0b520
url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.6/glpi-mreporting-1.8.6.tar.bz2
fields:
- version: 1.21.10
- sha256: acef7d52cb3d7467c952833f2cd3f89b5846c39aea2b2efbf0fbe0d7f50a9615
- url: https://github.com/pluginsGLPI/fields/releases/download/1.21.10/glpi-fields-1.21.10.tar.bz2
+ version: 1.21.15
+ sha256: 81d361693f1fcef3d5712b7a637644d6cad279d857c4f42ee95171443fa0ac6a
+ url: https://github.com/pluginsGLPI/fields/releases/download/1.21.15/glpi-fields-1.21.15.tar.bz2
webapplications:
version: 4.0.1
sha256: bbd3a9a01c2bd708af83563ed162ebfa9f56fdd616aaf6f1892e9a36e970ec9d
url: https://github.com/InfotelGLPI/webapplications/releases/download/4.0.1/glpi-webapplications-4.0.1.tar.bz2
genericobject:
- version: 2.14.9
- sha256: 7c1242af8991f29be9eb19c937ff67edf9ba9ce04ba5a3ae70f0c77218958ab6
- url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.9/glpi-genericobject-2.14.9.tar.bz2
+ version: 2.14.10
+ sha256: 371ff7d6e4dba6776674e0f6fdc4f8c82190fef32d8503495fb18a3677294432
+ url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.10/glpi-genericobject-2.14.10.tar.bz2
mydashboard:
version: 2.1.5
sha256: 42e15102b16e034feff4edd130e11fc3aee29e1e75af2d41068ef6dca7ce4977
diff --git a/roles/lemonldap_ng/templates/nginx_portal.conf.j2 b/roles/lemonldap_ng/templates/nginx_portal.conf.j2
index 39ed972..53e03d2 100644
--- a/roles/lemonldap_ng/templates/nginx_portal.conf.j2
+++ b/roles/lemonldap_ng/templates/nginx_portal.conf.j2
@@ -22,6 +22,32 @@ server {
rewrite ^/(.*)$ /index.psgi/$1 break;
}
+ location ~ ^/(?<sc>/index\.psgi)/((adminS|s)essions|config|notification) {
+{% if llng_engine == 'fastcgi' %}
+ include /etc/nginx/fastcgi_params;
+ fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
+ fastcgi_param LLTYPE psgi;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+{% elif llng_engine == 'uwsgi' %}
+ include /etc/nginx/uwsgi_params;
+ uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock;
+ uwsgi_param LLTYPE psgi;
+ uwsgi_param SCRIPT_FILENAME $document_root$sc;
+ uwsgi_param SCRIPT_NAME $sc;
+{% endif %}
+{% for ip in llng_api_src_ip %}
+ allow {{ ip }};
+{% endfor %}
+ deny all;
+{% if llng_api_pass is defined %}
+ auth_basic "Lemonldap::NG API";
+ auth_basic_user_file /etc/lemonldap-ng/api.htpasswd;
+ satisfy all;
+{% endif %}
+ }
+
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
{% if llng_engine == 'fastcgi' %}
include /etc/nginx/fastcgi_params;
@@ -50,22 +76,6 @@ server {
location / {
try_files $uri $uri/ =404;
}
-
- location ~ ^/index.psgi/adminSessions {
- deny all;
- }
-
- location ~ ^/index.psgi/sessions {
- deny all;
- }
-
- location ~ ^/index.psgi/config {
- deny all;
- }
-
- location ~ ^/index.psgi/notification {
- deny all;
- }
}
{% if llng_api_src_ip | length > 0 or llng_api_pass is defined %}
diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml
index a88b1c0..a65ae69 100644
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@@ -11,11 +11,11 @@
# MaxUsers = "9"
# Mode = "subscription"
# etc...
-seafile_version: "{{ seafile_license is defined | ternary('11.0.15','11.0.11') }}"
+seafile_version: "{{ seafile_license is defined | ternary('11.0.16','11.0.13') }}"
# Archive URL and sha256 are only used for the community version
seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
-seafile_archive_sha256: 5576b11c1c265e98e2f6fc0385b798e41ad797520008c8c030bb337096877cb9
+seafile_archive_sha256: d18c72abba910e58082725530012bcc52e7faecbe56f0eac00663d77c7d73832
seafile_root_dir: /opt/seafile
seafile_data_dir: "{{ seafile_root_dir }}/data"
diff --git a/roles/seafile/files/seafile-pro-server_11.0.15_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_11.0.15_x86-64_CentOS.tar.gz
deleted file mode 100644
index fd8d69c..0000000
--- a/roles/seafile/files/seafile-pro-server_11.0.15_x86-64_CentOS.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b3da0a368e06352d87dd5a3656ae69d59096db28b4a7dd8780f9be6ee972b695
-size 203812819
diff --git a/roles/seafile/files/seafile-pro-server_11.0.16_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_11.0.16_x86-64_CentOS.tar.gz
new file mode 100644
index 0000000..c57b2e3
--- /dev/null
+++ b/roles/seafile/files/seafile-pro-server_11.0.16_x86-64_CentOS.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:942c8c7d7b5d4b35cfd063363024ccaeff064cf4cae63f1b074966774b76ed63
+size 203820436
diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains
index 84eccad..49b51fe 100644
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@@ -185,6 +185,7 @@ mirrors.xtom.de
mirror.netcologne.de
mirrors.xtom.nl
mirrors.ircam.fr
+mariadb.mirrors.ovh.net
# OpenMediaVault
packages.openmediavault.org
diff --git a/roles/squid/handlers/main.yml b/roles/squid/handlers/main.yml
index 710f45b..fb8889c 100644
--- a/roles/squid/handlers/main.yml
+++ b/roles/squid/handlers/main.yml
@@ -7,11 +7,11 @@
service: name=squid state=restarted
- name: restart ufdb
- service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('restarted', 'stopped') }}
+ service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard', squid_ufdbguard_unit.stat.exists | ternary('ufdbguard', 'ufdb')) }} state={{ squid_filter_url | ternary('restarted', 'stopped') }}
- name: update ufdb
command: /usr/local/bin/ufdb_update.sh
notify: restart ufdb
-- name: restart ufdb
- service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('reloaded', 'stopped') }}
+- name: reload ufdb
+ service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard', squid_ufdbguard_unit.stat.exists | ternary('ufdbguard', 'ufdb')) }} state={{ squid_filter_url | ternary('reloaded', 'stopped') }}
diff --git a/roles/vault_bin/defaults/main.yml b/roles/vault_bin/defaults/main.yml
index ea96802..a8177de 100644
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@@ -1,7 +1,7 @@
# Version of Vault to install
-vault_version: 1.18.0
+vault_version: 1.18.1
# URL of the archive
vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
# Expected sha256 of the archive
-vault_archive_sha256: a9d6b0891f8561db673b638c2d6bdbe9cbdabaecf5bcd8fe6ce09bb73f1fd7a2
+vault_archive_sha256: d6486e4644cbeefa841ff6a41e39b68a5129c329bd2e271b29368948ff9ddfc4