D8 bash histtimeformat option pr devel 2.x (#2375)

nfawbert · klausi · gregharvey · web-flow · commit 4210c3b35600 · 2025-03-19T11:47:09.000Z
* fix(scripts): Fix git checkout to fetch any new branches (#1655)

* Apt repo role pr 2.x (#1666)

* First pass at APT repo role.

* Adding APT autoremove task to the _exit role.

* Adding systemd timer for APT key renewal.

* Adding role documentation.

* Adding new role to MySQL role to test.

* Adding python-debian dependency for deb822 repo handling.

* Removing obsolete variable check.

* Defaulting the APT 'suites' value to the Ansible-detected release name.

* Adding APT suite to MySQL repo installation.

* Better docs and fixed a syntax error.

* Fixing shell script for refreshing APT keys.

* Ensuring APT clean-up in _exit always runs as root.

* Fixing up MySQL config for 8.0 and tidying vars.

* Adding MySQL repo to unattended upgrades.

* Adding README for Docker CE, Docker Compose support and switching to apt_repository role.

* Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role.

* Updating docs index.

* Adding Docker repo to unattended upgrades.

* Updating MySQL docs.

* Updating repo handling for GitLab and GitLab Runner.

* Ensuring wget is installed.

* wget seems more reliable than cURL for key fetching.

* Updating Jenkins repo handling.

* Fixing openjdk default version and updating nodejs APT repo handling.

* Removing OSSEC, replaced by Wazuh.

* Updating repo handling for the PAM LinOTP role.

* Updating repo handling for the LHCI role.

* Updating repo handling for PHP components.

* Trying out a different config for Jenkins.

* Updating docs.

* Forgot to remove old yarn repo code.

* Adding python3-debian package to python_common defaults to avoid first build failures.

* Adding list format support to APT role.

* Testing list format support with jenkins role.

* Downloading GPG public key.

* Ensuring the _apt_repository.key_filename var exists.

* Fixing SSL vars in Jenkins role.

* Updating repo handling for jitsi role.

* Updating docs.

* Bad SSL var name.

* Making timer name dynamic.

* Adding missing repo format var to all APT repo handling.

* Updating docs.

* Fixing bug where list is passed instead of dict for systemd timer.

* Bug fixes 2.x pr 2.x (#1667)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Bug fixes 2.x pr 2.x (#1670)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Updating-waf-acl-role (#1672)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Setting up proxy vhost pr 2.x (#1674)

* Setting-up-proxy-vhost

* Setting-up-proxy-vhost-2

* Fixing-typo (#1676)

* New-version-of-aws-acl-role (#1683)

* New-version-of-aws-acl-role

* Fixing-jinja-linting

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-nginx-template (#1688)

* Updating-aws_backup-to-register-iam-arn-2 (#1696)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-nginx-htpasswd-task-2 (#1698)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#1702)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* r69424-Adding-resource-group-task (#1706)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Adding lock file behaviour to ce-provision. (#1708)

* Adding lock file behaviour to ce-provision.

* Updating documentation.

* Adding extra lock file handling for ASG EC2 machines.

* Moving lock file paths to variables.

* Adding docs about connection management.

* Fixing placement of lock files on ASGs.

* Removing the 'Remove lock file' task for ASGs as it is doomed to fail (machine is gone).

* Adding in a lock file removal if we do not replace the ASG.

* Bug fixes 2.x pr 2.x (#1715)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Bug fixes 2.x pr 2.x (#1717)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Creating a ce-provision installer script. (#1724)

* Installer pr 2.x (#1726)

* Creating a ce-provision installer script.

* Updating installation docs.

* Bug fixes 2.x pr 2.x (#1730)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Installer pr 2.x (#1732)

* Creating a ce-provision installer script.

* Updating installation docs.

* Adding pip upgrade line and python-debian.

* Installing certbot in a python venv. (#1659)

* Installing certbot in a python venv.

* Changing default location for Python packages.

* Allowing the ansible role to override venv settings.

* Preventing ce_deploy from installing in an entirely separate venv by default.

* Updating certbot installation to use _init venv variables.

* Updating duplicity role to use _init venv variables by default.

* Ordering pip docs.

* Update documentation.

* Fixing Ansible path in installer.

* Fixing occurrences of path to venv.

* Installer pr 2.x (#1735)

* Creating a ce-provision installer script.

* Updating installation docs.

* Adding pip upgrade line and python-debian.

* Updating docs.

* Some minor installer bug fixes.

* Bug fixes 2.x pr 2.x (#1737)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Bug fixes 2.x pr 2.x (#1738)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Fixing-ACM-SAN-behaviour (#1739)

* Bug fixes 2.x pr 2.x (#1742)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Bug fixes 2.x pr 2.x (#1749)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Bug fixes 2.x pr 2.x (#1752)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Bug fixes 2.x pr 2.x (#1754)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Bug fixes 2.x pr 2.x (#1756)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Redoing-changes-for-aws-acl-role (#1728)

* Redoing-changes-for-aws-acl-role

* retrigger checks

* Fixing-conflicts-4

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Remvoing-scp-extra-args-temporary (#1761)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#1765)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Bug fixes 2.x pr 2.x (#1767)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Bug fixes 2.x pr 2.x (#1769)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Bug fixes 2.x pr 2.x (#1771)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Managing-mime-types-nginx (#1773)

* Whitelisting ce vpn ip wazuh pr 2.x (#1775)

* Whitelisting-CE-VPN-IP-wazuh

* Fixing-wazuh-whitelist-variable

* Updating-wazuh-vars (#1777)

* add community.postgresql collection and remove varnish master release (#1779)

* Updating wazuh vars pr 2.x (#1781)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating wazuh vars pr 2.x (#1783)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Updating wazuh vars pr 2.x (#1785)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Fixing-wazuh-broken-pipeline

* Updating wazuh vars pr 2.x (#1787)

* Updating-wazuh-vars

* Updating-manager-vars

* Updating-wazuh-manager-active-response

* Updating-wazuh-manager-active-response-2x

* Fixing-wazuh-broken-pipeline

* Tweaking-wazuh-vars

* r68065 mattermost role first commit (#1789)

* r68065 mattermost role first commit

* fixing linting/syntax

* reload systemd with ansible.builtin.systemd_service

* handler for postgresql reloads

* default systemd unit file for mattermost role

* r68065 install python psycopg2 (#1791)

* r68065 use psycopg binary package as compiling creates depsolve issues (#1793)

* permissions for postgres setup (#1795)

* r68065 add mattermost group before user (#1797)

* Updating-duplicity (#1804)

* enable mattermost systemd unit (#1810)

* nginx include for mattermost (#1812)

* nginx include for mattermost

* add mattermost project type

* ssl on handled by nginx role (#1814)

* fix mattermost nginx include (#1822)

* remove unsupported nginx option (#1824)

* Restore testing update pr 2.x (#1832)

* Restore-testing-update

* Restore-testing-update-2

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Resolving conflicts pr 2.x (#1834)

* Fixing-conflicts-and-updating-docs

* Fixed-conflicts

* Fixed-conflicts-2

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* initial commit - mattermost local backups (#1838)

* r69995-Updating-vhost-for-LE-validation (#1843)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Changing priority flexibility pr 2.x (#1841)

* Changing-priority-flexibility

* Changing-priority-flexibility-2

* Adding-aws-acl-to-meta

* Adding-cast-to-int-for-priority

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Aws acl role changes for ip set pr 2.x (#1848)

* aws_acl-role-changes-for-ip-set

* aws_acl-role-changes-for-ip-set-docs-update

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* add_php_repo_before_apt_extra_packages_task_from_common_base (#1850)

* fix_opensearch_vars (#1852)

* wait_timeout_for_opensearch_domain_creation (#1854)

* wait_timeout_for_opensearch_domain_creation

* remove trailing space

* Updating-aws-acl-task (#1856)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#1859)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Bug fixes 2.x pr 2.x (#1860)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Small-changes-on-aws-acl-and-RDS-validation (#1863)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-user-ansible-vars (#1864)

* Updating user ansible vars pr 2.x (#1867)

* Updating-user-ansible-vars

* Fixing-syntax

* add_vars_to_user_deploy_user_provision (#1869)

* Disabling-general-log-mariadb (#1871)

* Updating-aws_acl-role (#1873)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* r70260-rkhunter-whitelist (#1877)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish

* Fix variable naming and comment

* Implement keep_default_vhost setting

* Wazuh-var-update (#1903)

* Wazuh-agent-vars-more-readable (#1905)

* Filebeat-restart-task-wazuh (#1907)

* Filebeat restart task wazuh pr 2.x (#1909)

* Filebeat-restart-task-wazuh

* Fixing-wazuh-filebeat-restart

* Adding-gawk-to-extra-packages (#1910)

* Updating-filebeat-restart-task (#1913)

* Adding motd to exit role pr 2.x (#1915)

* Fixing-backup-validation-role-plicies

* Adding-parts-for-VPC-and-SG

* Adding-region-to-vpc-and-subnet-tasks

* Adding-region-to-vpc-and-subnet-tasks-2

* Updating-vars-for-vpc-and-subnet

* Updating-vars-for-vpc-and-subnet-2

* Updating-vars-for-vpc-and-subnet-3

* Adding-json-file-for-restore-testing

* Changing-user-where-json-file-is-generated

* Updating-json-file-location

* Updating-path-to-j2-file

* Changing-force-valkue

* Testing-file-creation

* Testing-file-creation-via-command-task

* Adding-motd-to-exit-role

* Commenting-out-task-that-will-fail

* Fixing-pipefail

* Fixing-syntax-issue

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing-motd-task (#1917)

* Motd-switch-egrep-with-awk (#1919)

* Motd-task-update (#1922)

* Motd-task-update

* Restoring-deleted-task

* Fixing motd task when running on localhost pr 2.x (#1924)

* Fixing-backup-validation-role-plicies

* Fixing-motd-task-when-running-on-localhost

* Updating-when-statement

* Adding-become-true-on-motd-update

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Apt bug workaround pr 2.x (#1935)

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* fix_var_logic

* Pushing-aws-backup-validation-role (#1944)

* Pushing-aws-backup-validation-role

* Fixing-linting

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* fix(redis): Convert maxmemory setting to int before comparing (#1897)

* Reverting-nginx-username (#1945)

* Reverting nginx username pr 2.x (#1947)

* Reverting-nginx-username

* Minor-fix-nginx-username

* Updating-nginx-vars (#1950)

* Bug fixes 2.x pr 2.x (#1952)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* r70597 new system role for ipv6 disablement (#1954)

* r70597 new system role for ipv6 disablement
…
diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml
@@ -47,3 +47,5 @@ dependencies:
     when: is_local is not defined or not is_local
   - role: debian/vim
     when: is_local is not defined or not is_local
+  - role: debian/bash
+    when: is_local is not defined or not is_local
diff --git a/roles/debian/bash/README.md b/roles/debian/bash/README.md
@@ -0,0 +1,9 @@
+# BASH options
+
+Set system options for the Bourne Again shell.
+
+<!--TOC-->
+<!--ENDTOC-->
+
+<!--ROLEVARS-->
+<!--ENDROLEVARS-->
diff --git a/roles/debian/bash/tasks/main.yml b/roles/debian/bash/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Copy bash histformat startup option.
+  ansible.builtin.lineinfile:
+    path: /etc/bash.bashrc
+    line: "export HISTTIMEFORMAT='%Y-%m-%d %T  '"
+    create: true
diff --git a/roles/debian/pam_ldap/templates/ldap.conf.j2 b/roles/debian/pam_ldap/templates/ldap.conf.j2
@@ -1,5 +1,4 @@
 BASE {{ pam_ldap.lookup_base }}
-URI {{ pam_ldap.endpoints | join(' ') }}
 
 URI {{ pam_ldap.endpoints | join(' ') }}
 {% if pam_ldap.ssl_use_system_ca %}
@@ -15,4 +14,4 @@ pam_lookup_policy yes
 
 {% if pam_ldap.ssl_certificate_check is defined and not pam_ldap.ssl_certificate_check %}
 TLS_REQCERT never
-{% endif %}
+{% endif %}
