Publish docs pr devel 2.x (#2173)

gregharvey · matej5 · Matej Stajduhar · web-flow · commit 45bd34bd5f85 · 2025-01-08T11:16:31.000+01:00
* Changing priority flexibility pr 2.x (#1841)

* Changing-priority-flexibility

* Changing-priority-flexibility-2

* Adding-aws-acl-to-meta

* Adding-cast-to-int-for-priority

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Aws acl role changes for ip set pr 2.x (#1848)

* aws_acl-role-changes-for-ip-set

* aws_acl-role-changes-for-ip-set-docs-update

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* add_php_repo_before_apt_extra_packages_task_from_common_base (#1850)

* fix_opensearch_vars (#1852)

* wait_timeout_for_opensearch_domain_creation (#1854)

* wait_timeout_for_opensearch_domain_creation

* remove trailing space

* Updating-aws-acl-task (#1856)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#1859)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Bug fixes 2.x pr 2.x (#1860)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Small-changes-on-aws-acl-and-RDS-validation (#1863)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-user-ansible-vars (#1864)

* Updating user ansible vars pr 2.x (#1867)

* Updating-user-ansible-vars

* Fixing-syntax

* add_vars_to_user_deploy_user_provision (#1869)

* Disabling-general-log-mariadb (#1871)

* Updating-aws_acl-role (#1873)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* r70260-rkhunter-whitelist (#1877)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750)

* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish

* Fix variable naming and comment

* Implement keep_default_vhost setting

* Wazuh-var-update (#1903)

* Wazuh-agent-vars-more-readable (#1905)

* Filebeat-restart-task-wazuh (#1907)

* Filebeat restart task wazuh pr 2.x (#1909)

* Filebeat-restart-task-wazuh

* Fixing-wazuh-filebeat-restart

* Adding-gawk-to-extra-packages (#1910)

* Updating-filebeat-restart-task (#1913)

* Adding motd to exit role pr 2.x (#1915)

* Fixing-backup-validation-role-plicies

* Adding-parts-for-VPC-and-SG

* Adding-region-to-vpc-and-subnet-tasks

* Adding-region-to-vpc-and-subnet-tasks-2

* Updating-vars-for-vpc-and-subnet

* Updating-vars-for-vpc-and-subnet-2

* Updating-vars-for-vpc-and-subnet-3

* Adding-json-file-for-restore-testing

* Changing-user-where-json-file-is-generated

* Updating-json-file-location

* Updating-path-to-j2-file

* Changing-force-valkue

* Testing-file-creation

* Testing-file-creation-via-command-task

* Adding-motd-to-exit-role

* Commenting-out-task-that-will-fail

* Fixing-pipefail

* Fixing-syntax-issue

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing-motd-task (#1917)

* Motd-switch-egrep-with-awk (#1919)

* Motd-task-update (#1922)

* Motd-task-update

* Restoring-deleted-task

* Fixing motd task when running on localhost pr 2.x (#1924)

* Fixing-backup-validation-role-plicies

* Fixing-motd-task-when-running-on-localhost

* Updating-when-statement

* Adding-become-true-on-motd-update

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Apt bug workaround pr 2.x (#1935)

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* apt_bug_workaround

* fix_var_logic

* Pushing-aws-backup-validation-role (#1944)

* Pushing-aws-backup-validation-role

* Fixing-linting

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* fix(redis): Convert maxmemory setting to int before comparing (#1897)

* Reverting-nginx-username (#1945)

* Reverting nginx username pr 2.x (#1947)

* Reverting-nginx-username

* Minor-fix-nginx-username

* Updating-nginx-vars (#1950)

* Bug fixes 2.x pr 2.x (#1952)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* r70597 new system role for ipv6 disablement (#1954)

* r70597 new system role for ipv6 disablement

* fix linting problem

* add readme for system role

* Fixing-json-file-for-restore-testing (#1956)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing json file for restore testing pr 2.x (#1957)

* Fixing-json-file-for-restore-testing

* Missing-coma-in-json

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* updating asg role to support custom rule on http and https (#1959)

Co-authored-by: filip &lt;filip.rupic@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#1962)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Bug fixes 2.x pr 2.x (#1966)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* r70596 create swap directory (#1968)

* r70596 create swap directory

* remove stat check

* 70325 adding asg redirect pr 2.x (#1963)

* updating asg role to support custom rule on http and https

* updating readme properly

* updating docs for the asg role

---------

Co-authored-by: filip &lt;filip.rupic@codeenigma.com&gt;

* swapfile path and clamav exclusion (#1970)

* Galaxy role pr 2.x (#1974)

* Deleting obsolete Debian 10 requirements files.

* Adding first pass at generic and reusable Ansible Galaxy role.

* Docs update.

* Updating README files.

* Updating ce_provision and ce_deploy to use ansible_galaxy role.

* Ansible Galaxy docs enhancement.

* Cannot use _ansible in variable names, reserved.

* Removing blocks for Galaxy installation, not needed.

* Variables passed to Galaxy role were wrong.

* Bug fixes 2.x pr 2.x (#1975)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Bug fixes 2.x pr 2.x (#1978)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Bug fixes 2.x pr 2.x (#1980)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating defaults pr 2.x (#1982)

* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating defaults pr 2.x (#1984)

* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

* Removing-undefined-variable

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Removing-gawk-apt (#1985)

* Adding-gawk-removing-gawk-csh (#1987)

* Adding-when-statement-for-assigning-instance (#1990)

* Adding-when-statement-for-assigning-instance

* Adding-check-prior-to-assigning-resources

* Adding-check-prior-to-assigning-resources

* Adding-region-to-aws-cli-command

* Print-protected-resource

* Adding-resource-type-definition

* Resolved-conflicts

* Removing-empty-line

* Disabling-assigning-instance-to-restore-testing-plan

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Matching-2.x-and-devel-branches (#1999)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Adding-aws-ses-role (#2003)

* Adding-aws-ses-role

* Removing-python-script

* Changing-domain-name

* Using-variable-for-domain-name

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Resolving-conflicts (#2015)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Resolving-conflicts (#2018)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating nginx ssl le roles pr 2.x (#2021)

* Updating-nginx-SSL-LE-roles

* Updating-nginx-vars

* r70260 Option to ignore false-positive shared memory segment warnings (#2023)

* Adding-wazuh-ossec-from-enigma00a (#2027)

* Updating-gitlab-runner-env (#2031)

* r70987-decom-vpn-guest (#2034)

* r70797 nodhcp module in system role for hetzner cloud systems (#2036)

* r70797 nodhcp module in system role for hetzner cloud systems

* fix syntax

* r70797 set pipefail to resolve linting failure

* fix pipefail with bash (#2038)

* fix var in templ (#2040)

* R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042)

* r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains

* Changing-LE-cron

* Changing-script-from-sh-to-bash

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-local-ossec-rules (#2045)

* Updating-local-ossec-rules

* Fixing-syntax

* Updating-wazuh-vars (#2048)

* Updating-wazuh-vars

* Changing-var-defaults

* Removing-wrong-variables

* r70260-rkhunter-tested-good-tweaks (#2051)

* Fixing-LE-renew-timer (#2052)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055)

* r70260-rkhunter-tweak-portpathwhitelist TEST

* sanitise portpath items

* Updating-system-role-condition (#2056)

* Updating system role condition pr 2.x (#2059)

* Updating-system-role-condition

* Updating-system-role-condition-v2

* r71121-tweak-nohetznerdhcp-condition (#2061)

* Changing-aws-acl-when-statement (#2063)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* R71127 r71052 check pr 2.x (#2073)

* r71127-r71052-attemt-to-workaround-elb-module-change-or-bug

* debug alb issue

* revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376

* Newer aws collection test pr 2.x (#2077)

* newer_aws_collection_test

* 8.2.1 didnt work, back to 8.0.1

* r71171-efs-client-upgrade (#2079)

* Turning-off-ami-cleanup-task (#2083)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Changing subnet for rds pr 2.x (#2087)

* Changing-subnet-for-RDS

* Uncommenting-tasks

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* fix(debian/duplicity): Fix missing compilation dependencies (#2029)

* fix(php-fpm): Set a good process children default for bigger servers (#1895)

* fix(php-fpm): Set a good process children default for bigger servers

* Fix min max logic

* formatting

* Fixing-RDS-backup-validation (#2089)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-postfix-default-transport-maps (#2092)

* Updated lambda backup validation reporting pr 2.x (#2099)

* Updated-lambda-backup-validation-reporting

* Updating-docs

* Updating-lambda-handler

* Adding-region-to-cloudwatch-task

* Trimming-version-number-from-lambda

* Fixing-text-manipulation

* Updating-arn-for-cloudwatch-task

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Bug fixes 2.x pr 2.x (#2096)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Avoiding-backup-restoration-for-dev-env (#2108)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating-nodejs-to-nodistro (#2094)

* Updating-nodejs-to-nodistro

* Fixing-nodejs-unattended-upgrades

* r71344-Updating-aws-acl-role (#2111)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* r71344-Updating-aws-acl-role (#2112)

* r71344-Updating-aws-acl-role

* Adding-option-to-avoid-recreating-ACLs

* Updating-aws-acl-vars

* Updating-aws-acl-vars-2

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing-non-utf8-item (#2116)

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing non utf8 item pr 2.x (#2117)

* Fixing-non-utf8-item

* Changing-var-name-for-when-condition

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Fixing-utf8 (#2129)

* Fixing utf8-2.x (#2131)

* Fixing-utf8

* Adding-debug

* Changing-lambda-creation-from-tip-file-to-s3 (#2122)

* Changing-lambda-creation-from-tip-file-to-s3

* Fixing-syntax-error

* indentation-fix

* Finishing-backup-valdation-role

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Updating email notification title pr 2.x (#2140)

* Updating-email-notification-title

* Resolving-conflicts

* Resolving-conflicts-2

---------

Co-authored-by: Matej Stajduhar &lt;matej.stajduhar@codeenigma.com&gt;

* Adding-defaults-to-max-children (#2141)

* Adding defaults to max children pr 2.x (#2144)

* Adding-defaults-to-max-children

* Updating-max-children

* Updating-php-defaults (#2145)

* Updating php defaults pr 2.x (#2147)

* Updating-php-defaults

* Updating-php-defaults

* Updating-php-defaults

* efs_version_fix_for_old_debian_workaround (#2151)

* fix(duplicity): Fix file name of include/exclude list (#2152)

* Bug fixes 2.x pr 2.x (#2120)

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.

* Updating CI to 2.x.

* Defending against missing Ansible.

* Making the ce-provision-config branch in CI dynamic.

* We do not want a 'ce-dev provision' because it breaks our controller.

* Reverting 'ce-dev provision' change.

* Trying a different ansible_facts var.

* Testing using the source branch in ce-dev.

* Setting max_childen to an integer to avoid CI issues.

* Trying to change the python interpreter used.

* Adding platform and cgroup values to ce-dev compose template.

* Trying latest ubuntu containers in GitHub Actions.

* Fixing the test.sh script to work with venvs.

* Documentation for PHP in CI.

* Adding GitLab test back in.

* Fixing role namespaces.

* Minor bug fixes to ce-provision installer.

* Testing installing ce-provision in the GitHub Actions container directly.

* Using the submitted install script as well.

* Trying as runner user.

* Trying to use the ce-dev base container.

* Updating key name.

* Suppressing systemd actions in Docker.

* Seems Ansible flags have changed.

* Still trying to get --extra-vars right!

* Catching Ansible Galaxy upgrade timers for docker containers.

* Trying to force --roles-path for Galaxy.

* Trying different quotes.

* Missed a line.

* Trying a different approach to passing vars.

* Adding some debug.

* Running ce-python debug first.

* Trying moving to the ce-provision directory.

* Checking the specific path to galaxy roles in ce-provision.

* Trying as controller user again.

* Trying to make the roles dir.

* Being consistent about paths in bash.

* Removing debug lines for now.

* Allowing script to skip iptables.

* Misnamed flag.

* Adding user_provision role to configure controller user.

* Wrapping cleanup so it doesn't break GitHub Actions.

* Completing variables for user_provisin.

* Missed the sudoers var.

* Quoting vars.

* GitLab installer needs _domain_name.

* Logic error in clean-up script.

* Fixing paths to ce-provision in container.

* Trying to fix CI perms issues.

* Git dubious ownership error.

* Git dubious ownership error.

* Running the web server test as the controller user.

* Missed a controller var.

* Commenting out the CE container to test.

* Adding a separate step for Git actions.

* Need sudo for Ubuntu.

* Using a volume to persist data between steps.

* Adding debug commands to test volumes.

* Tweaking volumes.

* Adding the checkout command back in.

* Trying a different approach.

* ls command looks good, so putting web build back in.

* More Ansible Galaxy debug.

* Trying to make ansible-galaxy detect installed roles.

* Run galaxy command as controller.

* Trying galaxy command and cd wrapped in su.

* Specifically checking the contents of galaxy/roles.

* Trying a double-tap install process.

* Quick refactor and debug of SSH.

* Adding OpenSSH server package.

* Checking for a firewall.

* Checking listening packages.

* Starting SSHD especially.

* Starting SSHD without systemd.

* Pre-empting config a bit more.

* More galaxy path debug.

* Running a find to see if we can find the missing roles.

* More verbosity.

* Checking for missing requirements file.

* Removing eroneous when clause.

* Tidying up redundant debug lines.

* Creating a separate ci.yml play targeting localhost.

* Making sure sshd is running.

* Tidying up GitLab CI file and installing SSHD.

* Installing SSHD as a separate step.

* SSHD already installed, starting it instead.

* Don't create systemd timers in containers.

* Preparing a test GitLab build.

* Making builds nightly and fixing GitLab role bug.

* Ensuring is_local var exists and making lock behaviour optional.

* Fixing location and owner of Blackfire config so it is configurable.

* Documentation update.

* Removing all is defined checks for is_local since it is now always defined.

* Letting GitLab know it's on Docker earlier.

* Trying to run runsvdir-start to avoid container freezing.

* Temporarily skipping reconfigure of GitLab to test the rest.

* Trying to move GitLab reconfigure commands to CI.

* Fixing service namespace for runner and reinstating GitLab tasks.

* Trying to get config script working for GitLab in CI.

* No systemd, do not try to restart gitlab-runner.

* Removing firewall role from CI GitLab test, don't need it and it breaks CI.

* Outputting PostGreSQL logs to see if there are errors.

* Outputting PostGreSQL logs to see if there are errors.

* Trying the config script for GitLab again.

* Suppressing extra GitLab config for CI runs.

* Setting Blackfire CLI defaults to use ce-dev user.

* Update .wikis2pages.yml

* Nightly builds (#2153)

* Create ce-provision-test-nightly.yml

* Remove nightly check from GitLab test.

* Remove nightly check from web server test.

* Removing branch references.

* Updating installer config branch to 2.x

* Removing config branch, default is fine now

* Updating-wazuh-template (#2154)

* Updating le template (#2156)

* Updating-le-template

* Updating-le-template

* Reworking-nodejs-for-older-versions (#2157)

* Reworking nodejs for older versions pr 2.x (#2159)

* Reworking-nodejs-for-older-versions

* Reworking-nodejs-for-older-versions

* Reworking nodejs for older versions pr 2.x (#2160)

* Reworking-nodejs-for-older-versions

* Reworking-nodejs-for-older-versions

* Fixing-nodejs-syntax

* Tweaking-apt-types-nodejs

* Reworking nodejs for older versions pr 2.x (#2161)

* Reworking-nodejs-for-older-versions

* Reworking-nodejs-for-older-versions

* Fixing-nodejs-syntax

* Tweaking-apt-types-nodejs

* Separating-node-tasks-for-older-node

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Publish docs pr 2.x (#2164)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Adding more debug to try to find where 1.x is coming from.

* Moving the hugo script check.

* More debug.

* Moving the config.toml debug line.

* Checking the entire disk for 2.x.

* Trying a find instead of a grep.

* Trying to update ce-provision and ce-deploy.

* Getting more debug info.

* Adding --verbose to Ansible.

* Trying running Hugo directly.

* Changed the Hugo start script.

* Trying just running 'hugo' in the right directory.

* Adding ce-deploy back in with option to not run Hugo.

* Updating docs to make _Sidebar.md lose the starting slash.

* Publish docs pr 2.x (#2166)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Adding more debug to try to find where 1.x is coming from.

* Moving the hugo script check.

* More debug.

* Moving the config.toml debug line.

* Checking the entire disk for 2.x.

* Trying a find instead of a grep.

* Trying to update ce-provision and ce-deploy.

* Getting more debug info.

* Adding --verbose to Ansible.

* Trying running Hugo directly.

* Changed the Hugo start script.

* Trying just running 'hugo' in the right directory.

* Adding ce-deploy back in with option to not run Hugo.

* Updating docs to make _Sidebar.md lose the starting slash.

* Changing sidebar paths didn't fix Hugo.

* Re-removing opening slash to fix Hugo.

* Fixing Sidebar merge issues.

* Publish docs pr 2.x (#2168)

* Altering workflow in GitHub Actions for building wiki2pages files.

* Attempting to set a hosts file for Ansible in CI.

* Trying to force Ansible host.

* Trying to force Ansible host.

* Trying with an inventory file instead.

* Running Ansible as the 'ce-dev' user.

* Fixing path to playbook.

* Disabling host key checking.

* Disabling host checking in SSH.

* Trying to use ce-dev user instead of root.

* Fixing path to scripts.

* Adding some debug lines to check playbooks.

* Fixing workspace volume mount point.

* Trying a whole new /build location.

* Setting permissions on mounted disk.

* Checking ce-dev dir contents.

* Changing mount point to not destroy ce-dev files.

* Commenting permissions line.

* Fixing playbook paths.

* Outputting hosts and SSH config for debug.

* Checking SSH settings.

* Manually creating authorized_keys.

* Fixing path to set-current.

* Refactoring SSH set-up and looking at set-current script.

* Trying to fix mount point.

* Updating paths to generated docs.

* Trying to pass in path to wiki2pages.

* Removing obsolete debug line.

* Correcting path to script.

* Changing path we execute from.

* Adding first pass at docs publish step.

* Repairing working dir paths.

* Incorrect repo path.

* Removing most of the debug lines.

* Catching up devel. (#2163)

* Bug fixes 2.x pr 2.x (#1395)

* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Ansible install perms pr 2.x (#1398)

* 2.x (#1363)

* Devel 2.x (#1216)

* R62347 fix postfix mail delivery pr devel (#791)

* GitHub Actions - Rebuilt documentation.

* Need to check if is_local is defined in webserver meta dependencies. (#522)

* Ce dev refactor pr 1.x (#518)

* Making it easier to test with provision-target and ce-dev.

* Moving the provision forcing var back to plays so _init has it.

* Adding defaults vars and test script extra options.

* Adding a web server test to CI.

* examples string needs to be in quotes.

* Making sure is_local and _ce_provision_force_play are available to the _init role.

* Adding SSH keys to the provision user.

* Adding a --force to the test script.

* Explicitly adding vars to role.

* Fixing _init behaviour and adding SSH key for web role.

* Setting default PHP version to 7.4.

* Looking up the generated ce-dev SSH key instead of hard-coding one.

* We cannot run the ssh_server role locally, so excluding for tests of webserver role.

* Trying to remove user_root.yml in case it's breaking CI.

* Adding a verbose mode to the test script.

* Exposing the command in the test script.

* Trying hard-coded keys again.

* Changing location of data dir for test containers.

* Putting vars back and restricting CI to the 'web' example.

* Adding backup handling to ldap_server. (#525)

* Adding backup handling to ldap_server.

* Improving SSL docs and handling perms for openldap and letsencrypt.

* Cron user must be specified with file.

* Running as root, do not need a 'sudo' in this cron.

* Allowing 'gitLab' to disable Prometheus. (#530)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* GitHub Actions - Rebuilt documentation. (#526)

Co-authored-by: Code Enigma CI &lt;sysadm@codeenigma.com&gt;

* Prometheus pr 1.x (#533)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Add private files support for Drupal in Nginx. (#535)

* Prometheus pr 1.x (#539)

* Allowing 'gitLab' to disable Prometheus.

* Booleans to use in jinja2 as strings must be cast as strings.

* Tidying up CI and adding a GitLab test.

* Fixing CI job description.

* Adding a firewall config preset to open port 80 for LetsEncrypt.

* Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541)

* Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544)

This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd.

* Moving key servers to a variable so we can set them. (#555)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Adding a reboot option to the patching role. (#557)

* Add minimal support for Aurora RDS instances (#567)

* Attempt to create an RDS read replica.

* Use new task to create Aurora RDS instances.

* Try and fix linting issues.

* Don't pass max_storage variable for Aurora instances.

* Remove more storage related vars from Aurora RDS instance creation task.

* Add profile and region to read replica creation.

* Try creating the Aurora read replica another way.

* Add some debug info.

* Work around the silly registering of variables in Ansible.

* Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info.

* Add some Aurora info to aws_rds README file.

* Use reader instead of replica for Aurora readers.

* Remove db_cluster_identifier variable from non-Aurora RDS task.

* Gpg servers fix pr 1.x (#571)

* Moving key servers to a variable so we can set them.

* Allowing us to disable sending keys completely.

* Oops, doubled up on existing functionality.

* Fixing var name.

* Using a pipe to grep with 'command' cannot work, refactoring.

* Making CI use the meta deploy role to test gitlab.

* We mustn't assume AWS servers for deploy and controller.

* Support termination protection in EC2. (#573)

* Support termination protection in EC2.

* …
diff --git a/.github/workflows/ce-provision-publish-docs.yml b/.github/workflows/ce-provision-publish-docs.yml
@@ -25,6 +25,25 @@ jobs:
         - ${{ github.workspace }}:/home/controller
 
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
+
+      # First build and publish the markdown docs
+      - name: Build the table of contents
+        run: /bin/sh contribute/toc.sh
+
+      # Configures global Git variables for committing
+      - name: Configure Git
+        run: |
+          git config --global user.email "sysadm@codeenigma.com"
+          git config --global user.name "Code Enigma CI"
+          git config --global pull.rebase false
+
+      - name: Commit new table of contents back to the repo
+        run: git push
+
+      # Now build and publish the version of the docs
       - name: Install wiki2pages
         run: /usr/bin/su - ce-dev -c "/usr/bin/git clone https://github.com/codeenigma/wikis2pages.git /home/ce-dev/build/wiki2pages"
 
@@ -56,6 +75,7 @@ jobs:
           /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/provision.yml"
           /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /bin/sh set-current.sh --project ce-provision-${{ github.event.pull_request.base.ref }} --no-ce-dev"
           /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages && /home/ce-dev/ansible/bin/ansible-playbook -e 'wiki2pages_build_path=/home/ce-dev/build/wiki2pages launch_hugo_server=false' -i /home/ce-dev/ansible/bin/hosts /home/ce-dev/build/wiki2pages/ce-dev/ansible/deploy.yml"
+          /usr/bin/su - ce-dev -c "cd /home/ce-dev/build/wiki2pages/content/ce-provision-${{ github.event.pull_request.base.ref }} && /bin/sh contribute/toc_hugo.sh"
 
       - name: Run Hugo
         run: |
diff --git a/contribute/toc.sh b/contribute/toc.sh
@@ -114,7 +114,7 @@ parse_roles_toc(){
       "# "*)
         if [ "$WRITE" = "true" ]; then
           TITLE=$(echo "$LINE" | cut -c 3-)
-          echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR"
+          echo "$INDENT"" - [$TITLE](/$RELATIVE)" >> "$TMP_SIDEBAR"
           WRITE="false"
         fi
       ;;
diff --git a/contribute/toc_hugo.sh b/contribute/toc_hugo.sh
@@ -0,0 +1,140 @@
+#!/bin/sh
+# shellcheck disable=SC2094
+# shellcheck disable=SC2129
+IFS=$(printf '\n\t')
+set -e
+OWN_DIR=$(dirname "$0")
+cd "$OWN_DIR" || exit 1
+OWN_DIR=$(git rev-parse --show-toplevel)
+cd "$OWN_DIR" || exit 1
+OWN_DIR=$(pwd -P)
+
+# @param
+# $1 string filepath
+cp_role_page(){
+  RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$1")")
+  if [ ! -d "$OWN_DIR/docs/$RELATIVE" ]; then
+    mkdir -p "$OWN_DIR/docs/$RELATIVE"
+  fi
+  cp "$1" "$OWN_DIR/docs/$RELATIVE.md"
+}
+
+# @param
+# $1 string folder
+cp_single_page(){
+  if [ ! -d "$OWN_DIR/docs/$1" ]; then
+    mkdir "$OWN_DIR/docs/$1"
+  fi
+  cp "$OWN_DIR/$1/README.md" "$OWN_DIR/docs/$1.md"
+}
+
+# @param
+# $1 (string) filename
+parse_role_variables(){
+  TMP_MD=$(mktemp)
+  WRITE=1
+  # Ensure we have a trailing line.
+  echo "" >> "$1"
+  while read -r LINE; do
+    case $LINE in
+    '<!--ROLEVARS-->')
+      echo "$LINE" >> "$TMP_MD"
+      generate_role_variables "$1"
+      WRITE=0
+    ;;
+    '<!--ENDROLEVARS-->')
+      echo "$LINE" >> "$TMP_MD"
+      WRITE=1
+    ;;
+    '<!--TOC-->')
+      echo "$LINE" >> "$TMP_MD"
+      WRITE=0
+    ;;
+    '<!--ENDTOC-->')
+      echo "$LINE" >> "$TMP_MD"
+      WRITE=1
+    ;;
+    *)
+    if [ $WRITE = 1 ]; then
+      echo "$LINE" >> "$TMP_MD"
+    fi
+    ;;
+    esac
+  done < "$1"
+  printf '%s\n' "$(cat "$TMP_MD")" > "$1"
+  rm "$TMP_MD"
+}
+
+# @param
+# $1 (string) filename
+generate_role_variables(){
+  VAR_FILE="$(dirname "$1")/defaults/main.yml"
+  if [ -f "$VAR_FILE" ]; then
+    echo "## Default variables"  >> "$TMP_MD"
+    echo '```yaml' >> "$TMP_MD"
+    cat "$VAR_FILE" >> "$TMP_MD"
+    echo "" >> "$TMP_MD"
+    echo '```' >> "$TMP_MD"
+    echo "" >> "$TMP_MD"
+  fi
+}
+
+generate_roles_toc(){
+  TMP_SIDEBAR=$(mktemp)
+  WRITE="true"
+  while read -r LINE; do
+    case $LINE in
+    "  - [Roles](roles)")
+      echo "$LINE" >> "$TMP_SIDEBAR"
+      parse_roles_toc roles 2
+      WRITE="false"
+    ;;
+    "  -"*)
+      WRITE="true"
+      echo "$LINE" >> "$TMP_SIDEBAR"
+    ;;
+    *)
+    if [ "$WRITE" = "true" ]; then
+      echo "$LINE" >> "$TMP_SIDEBAR"
+    fi
+    ;;
+    esac
+  done < "$OWN_DIR/docs/_Sidebar.md"
+  mv "$TMP_SIDEBAR" "$OWN_DIR/docs/_Sidebar.md"
+}
+
+parse_roles_toc(){
+  ROLES=$(find "$OWN_DIR/$1" -mindepth 2 -maxdepth 2 -name "README.md" | sort)
+  for ROLE in $ROLES; do
+    WRITE="true"
+    INDENT=$(printf %$(($2 * 2))s)
+    RELATIVE=$(realpath --relative-to="$OWN_DIR" "$(dirname "$ROLE")")
+    while read -r LINE; do
+      case $LINE in
+      "# "*)
+        if [ "$WRITE" = "true" ]; then
+          TITLE=$(echo "$LINE" | cut -c 3-)
+          echo "$INDENT"" - [$TITLE]($RELATIVE)" >> "$TMP_SIDEBAR"
+          WRITE="false"
+        fi
+      ;;
+      esac
+    done < "$ROLE"
+  parse_roles_toc "$RELATIVE" $(($2 + 1))
+  done
+}
+
+rm -rf "$OWN_DIR/docs/roles"
+ROLE_PAGES=$(find "$OWN_DIR/roles" -name "README.md")
+for ROLE_PAGE in $ROLE_PAGES; do
+  parse_role_variables "$ROLE_PAGE"
+done
+for ROLE_PAGE in $ROLE_PAGES; do
+  cp_role_page "$ROLE_PAGE"
+done
+generate_roles_toc
+
+
+cp_single_page install
+cp_single_page contribute
+cp_single_page scripts
diff --git a/install.sh b/install.sh
@@ -79,7 +79,6 @@ FIREWALL="true"
 AWS_SUPPORT="false"
 IS_LOCAL="false"
 SERVER_HOSTNAME=$(hostname)
-ANSIBLE_COMMAND=""
 
 # Parse options.
 parse_options "$@"
@@ -254,14 +253,8 @@ firewall_config:
       - "443"
 EOL
 
-# Tell Ansible this is a Docker container
-if [ "$IS_LOCAL" = "true" ]; then
-  ANSIBLE_COMMAND="ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
-else
-  ANSIBLE_COMMAND="ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
-fi
 # Configure ce-provision
-/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/$ANSIBLE_COMMAND"
+/usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
 /usr/bin/rm "/home/$CONTROLLER_USER/ce-provision/provision.yml"
 
 # Install firewall
@@ -281,7 +274,7 @@ if [ "$FIREWALL" = "true" ]; then
       ansible.builtin.import_role:
         name: debian/firewall_config
 EOL
-  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
+  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
   /usr/bin/echo "-------------------------------------------------"
 else
   /usr/bin/echo "-------------------------------------------------"
@@ -399,7 +392,7 @@ EOT
 EOT
     /usr/bin/echo "-------------------------------------------------"
   fi
-  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook /home/$CONTROLLER_USER/ce-provision/provision.yml"
+  /usr/bin/su - "$CONTROLLER_USER" -c "cd /home/$CONTROLLER_USER/ce-provision && /home/$CONTROLLER_USER/ce-python/bin/ansible-playbook --extra-vars \"{is_local: $IS_LOCAL}\" /home/$CONTROLLER_USER/ce-provision/provision.yml"
   /usr/bin/echo "-------------------------------------------------"
 else
   /usr/bin/echo "GitLab not requested. Skipping."
