1.7.0

v1.7.0 - 2022-04-22

Upgrade procedure:

• xsrv self-upgrade to upgrade the xsrv script
• xsrv upgrade to upgrade roles/ansible environments to the latest release
• this upgrade will cause Nextcloud instances to go down for a few minutes, depending on the number of files in their data directory

Added:

• xsrv: add init-vm command (initialize a ready-to-deploy libvirt VM from a template)
• xsrv: add edit-group-vault command (edit encrypted group variables file)
• common: make cron jobs log level configurable (cron_log_level)
• common: apt: clean downloaded package archives every 7 days by default (apt_clean_days)
• netdata: allow configuring the fping plugin (ping hosts/measure loss/latency) (netdata_fping_*)
• netdata: make netdata filechecks configurable (netdata_file_checks)
• transmission/gotty/jellyfin/docker: monitoring/netdata: raise alarms when corresponding systemd services are in the failed state (and the monitoring_netdata role is deployed)
• homepage: add rss-bridge to the homepage when the rss_bridge role is deployed on the host
• add ansible tags: netdata-modules, netdata-needrestart, netdata-debsecan, netdata-logcount, netdata-config

Changed:

• common: sysctl/security: disable potentially exploitable unprivileged BPF and user namespaces
• gitea: limit systemd service automatic restart attempts to 4 in 10 seconds
• gitea: update to v1.16.5 [1] [2] [3] [4] [5]
• gotty: attempt to restart the systemd service every 2 seconds in case of failure, for a maximum of 4 times in 10 seconds
• netdata: disable more internal monitoring charts (plugin execution time, webserver threads CPU)
• netdata: re-add default netdata alarms for the systemdunits module
• nextcloud: update to v23.0.3 [1] [2]
• nextcloud: run nextcloud PHP processes under a dedicated nextcloud user, if an older installation owned by www-data is found, it will be migrated to the new user automatically
• openldap: update LDAP Account Manager to v7.9
• rocketchat: update to v3.18.4
• apache/fail2ban/nextcloud: remove obsolete workaround for nextcloud desktop client issue
• xsrv: store group_vars files under group_vars/$group_name/ (allows multiple vars files per group). If a group_vars/$group_name.yml file is found, it will be moved to the subdirectory automatically.
• xsrv: update ansible to v5.5.0
• cleanup: make netdata assembled configuration more readable (add blank line delimiters)
• cleanup: standardize file names
• all roles: check that variables are correctly defined before running roles
• tests: ansible-lint: ignore fqcn-bultins,truthy,braces,line-length rules
• tests: remove broken jinja2 syntax test
• tests: remove obsolete ansible-playbook --syntax-check and yamllint tests, replaced by ansible-lint
• tests: automate tests for init-vm, xsrv check, xsrv deploy
• doc: update documentation, default playbook README, Gitlab CI example

Fixed:

• all roles: ensure check mode doesn't fail when running it before before first deployment
• common: ssh/users: fix SFTP-only user accounts creation (set permissions after creating user accounts)
• all roles: firewall: fix 'reload firewall/fail2ban/apache' handlers failures when called from other roles
• openldap: fix ldap-ccount-manager installation on Debian 11 (php package name changes)
• graylog: fix graylog service not starting/incorrect permissions on configuration files
• graylog/mumble: monitoring/netdata: fix healthcheck/alarm not returning correct status when systemd services are in the failed state
• netdata: fix location for needrestart module configuration file
• netdata: fix/standardize indentation in configuration files produced by to_nice_yaml
• homepage: fix homepage templating when the homepage role is not part of the same play as related roles
• shaarli: explicitly use php 7.4 packages, fix possible installation problems on Debian 11
• tests: fix and speed up ansible-lint tests, fix ansible-lint warnings

Full changes since v1.6.0