Skip to content

1.4.0
Compare
Choose a tag to compare
@nodiscc nodiscc released this 17 Dec 14:11
· 1833 commits to master since this release
1.4.0
a682036

v1.4.0 - 2021-12-17

Upgrade procedure:

  • xsrv self-upgrade to upgrade the xsrv script
  • xsrv upgrade to upgrade roles in your playbook to the latest release
  • xsrv deploy to apply changes
  • (optional) TAGS=debian10to11 xsrv deploy to upgrade your host's distribution from Debian 10 "Buster" to Debian 11 "Bullseye"
  • (optional) remove custom netdata_modtime_checks from your configuration, if any (the modtime module was removed, use the filecheck module instead)

Added:

  • add proxmox role (basic Proxmox VE hypervisor setup)
  • add valheim_server role (Valheim multiplayer game server)
  • gitea: make number of issues per page configurable (gitea_issue_paging_num , increase to 20 by default)
  • shaarli: make hide_timestamp,header_link,debug,formatter settings configurable
  • monitoring: add lynis security audit tool (optional, default disabled), schedule a daily report
  • monitoring/postgresql: allow netdata to monitor postgresql server
  • docker: allow enabling unattended upgrades of docker engine packages (docker_auto_upgrade: yes/no)
  • common: apt: allow enabling contrib and non-free software sections (apt_enable_nonfree)
  • common, monitoring: make roles compatible with Debian 11 "Bullseye"
  • homepage: add link to graylog instance (when graylog role is enabled)
  • monitoring: allow configuration of syslog retention duration, default to 186 days instead of 7
  • monitoring: allow defining a number of maximum expected running docker containers (netdata_max_running_docker_containers)
  • monitoring: add logwatch log analyzer, disable scheduled execution
  • monitoring: install requirements for postgresql monitoring
  • postgresql: add ability to enable/disable the service and enforce started/stopped/enabled/disabled state
  • backup: make rsnapshot verbosity configurable
  • backup: download rsnapshot's/root SSH public key to the controller (public_keys/ directory)
  • common: allow configuring the list of users allowed to use crontab (linux_users_crontab_allow)
  • common: add an procedure for Debian 10 -> 11 upgrades
  • common: add ability to add/remove entries from the hosts (/etc/hosts) file

Changed:

  • nextcloud: upgrade to 22.2.3
  • nextcloud: silence cron/background tasks output to prevent mail notification spam
  • nextcloud: allow installation of ONLYOFFICE realtime collaborative document edition tools
  • gitea: upgrade to 1.15.7
  • gitea update fail2ban login failure detection for gitea v1.15+
  • common: sysctl: disable IP source routing for IPv6 (was already disabled for IPv4)
  • common: msmtp: check that configuration variables have correct values/types when msmtp_setup: yes
  • monitoring: increate netdata charts retention duration to ~7 days
  • monitoring: allow disabling needrestart/logcount/debsecan modules installation
  • monitoring: decrease alarm sensitivity for logcount module (warning on 10 alarms/min, critical on 100 errors/min)
  • monitoring: disable lynis checks AUTH-9283 and FIRE-4512 by default (false positives)
  • monitoring: only enable "number of running docker container" checks when the nodiscc.xsrv.docker role is enabled
  • monitoring: update configuration for netdata > 1.30
  • backup, monitoring: replace custom modtime module with built-in netdata filecheck module
  • xsrv: rename top-level directory concept (playbook -> project)
  • xsrv: logs: don't ask for sudo password if syslog is readable without it
  • xsrv: switch to ansible "distribution" versioning, upgrade to 4.9.0 (ansible-core 2.11.6), update playbook for compatibility
  • xsrv: store virtualenv inside the project directory, improve startup time
  • homepage: update theme (use light theme), use web safe fonts
  • apache: make role compatible with Debian 11 "Bullseye"
  • backup: make dependency on monitoring role optional
  • backup: ensure only root can read the rsnapshot configuration file
  • backup: re-schedule monthly backups at 04:01 on the first day of the month
  • all roles/monitoring: apply role-specific netdata/rsyslog configuration immediately after installing it
  • default playbook: .gitignore data/ and cache/ directories
  • doc: update/refactor documentation and roles metadata
  • tools: improve automatic doc generation
  • refactor: refactor integration between roles (use ansible_local facts, fix intergation when roles are not part of the same play)

Removed:

  • nextcloud: disable deck app by default

Fixed:

  • homepage: really update page title from homepage_title variable
  • jellyfin: use samba_shares_path variable to determine samba shares path
  • nextcloud: fix upgrade procedure order (upgrade incompatible apps)
  • nextcloud: fix check mode on upgrades
  • graylog: respect elasticsearch_timeout_start_sec value
  • monitoring: netdata: enable gzip compression on web server responses, fix empty dashboard
  • monitoring: fix netdata modtime module installation, remove obsolete tasks file
  • monitoring: rsyslog: ensure that requirements for self-signed certificates generation are installed
  • monitoring: ensure requirements for self-signed certificate generation are installed
  • monitoring: also allow access to netdata.conf from netdata_allow_connections_from addresses
  • monitoring: fix APT package manager logs aggregation to syslog
  • tt_rss: fix permission denied errors when updating feeds
  • homepage: fix grid responsiveness on mobile devices
  • transmission: don't attempt to reload the service when it is disabled in host configuration
  • don't ignore expected errors when not running in check mode

Security:

  • nextcloud: fail2ban: fix log file location/login failures not detected by fail2ban
  • common: automatically apply security updates for packages installed from Debian Backports
Assets 2
Loading