Merge remote-tracking branch 'origin/master' into builtin-password-hashing

requirements.txt

@@ -1,2 +1,2 @@
-ansible>=1.9.3,<2
+ansible==2.2.2.0
 passlib

roles/common/tasks/encfs.yml

@@ -21,7 +21,7 @@
   when: encfs_check.rc > 0
 
 - name: If /encrypted isn't empty, mount it (but only if /decrypted/test doesn't exist)
-  shell: printf "{{ encfs_password }}" | encfs /encrypted /decrypted --public --stdinpass creates="/decrypted/test"
+  shell: command="printf '{{ encfs_password }}' | encfs /encrypted /decrypted --public --stdinpass" creates="/decrypted/test"
   when: encfs_check.rc == 0
 
 - name: Set decrypted directory permissions

roles/git/defaults/main.yml

@@ -1,3 +1,3 @@
-cgit_version: 0.12
+cgit_version: 1.1
 cgit_domain: "git.{{ domain }}"
 gitolite_version: 3.6.4

roles/git/tasks/cgit.yml

@@ -4,15 +4,18 @@
   with_items:
     - groff
     - libssl-dev
-    - python-pip
+    - python3-pip
   tags:
     - dependencies
 
-- name: Install cgit pip dependencies
-  pip: name={{ item }}
+- name: Install cgit pip dependencies python 3
+  pip:
+    name: "{{ item }}"
+    executable: pip3
   with_items:
     - docutils
     - pygments
+    - markdown
 
 - name: Download cgit release
   get_url: url=http://git.zx2c4.com/cgit/snapshot/cgit-{{ cgit_version }}.tar.xz

roles/git/tasks/main.yml

@@ -1,2 +1,4 @@
-- include: gitolite.yml tags=gitolite
-- include: cgit.yml tags=cgit
+- include: gitolite.yml
+  tags: gitolite
+- include: cgit.yml
+  tags: cgit

roles/mailserver/tasks/opendmarc.yml

@@ -46,7 +46,7 @@
   when: db_created.changed
 
 - name: Copy nightly OpenDMARC report generation script into place
-  template: src=etc_opendmarc_report.sh.j2 dest=/etc/opendmarc/report.sh owner=root group=root mode="755"
+  template: src=etc_opendmarc_report.sh.j2 dest=/etc/opendmarc/report.sh owner=root group=root mode="0755"
 
 - name: Ensure initial report dat file exists with correct permissions
   copy: content="" dest=/var/run/opendmarc/opendmarc.dat owner=opendmarc group=opendmarc

roles/mailserver/templates/etc_opendmarc_report.sh.j2

@@ -8,7 +8,7 @@ DB_USER='{{ mail_db_opendmarc_username }}'
 DB_PASS='{{ mail_db_opendmarc_password }}'
 DB_NAME='{{ mail_db_opendmarc_database }}'
 WORK_DIR='/var/run/opendmarc'
-REPORT_EMAIL='{{ admin_email }}'
+REPORT_EMAIL='postmaster@{{ domain }}'
 
 mv ${WORK_DIR}/opendmarc.dat ${WORK_DIR}/opendmarc_import.dat -f
 touch ${WORK_DIR}/opendmarc.dat

roles/tarsnap/tasks/tarsnap.yml

@@ -70,16 +70,16 @@
   command: make all install clean chdir=/root/tarsnap-autoconf-{{ tarsnap_version }} creates=/usr/local/bin/tarsnap
 
 - name: Copy Tarsnap key file into place
-  copy: src=decrypted_tarsnap.key dest=/decrypted/tarsnap.key owner=root group=root mode="600" force=no
+  copy: src=decrypted_tarsnap.key dest=/decrypted/tarsnap.key owner=root group=root mode="0600" force=no
 
 - name: Create Tarsnap cache directory
   file: state=directory path=/usr/tarsnap-cache
 
 - name: Install Tarsnap configuration file
-  copy: src=tarsnaprc dest=/root/.tarsnaprc mode="644"
+  copy: src=tarsnaprc dest=/root/.tarsnaprc mode="0644"
 
 - name: Install Tarsnap backup handler script
-  copy: src=tarsnap.sh dest=/root/tarsnap.sh mode="755"
+  copy: src=tarsnap.sh dest=/root/tarsnap.sh mode="0755"
 
 - name: Install nightly Tarsnap-generations cronjob
   cron: name="Tarsnap backup" hour="3" minute="0" job="sh /root/tarsnap.sh >> /var/log/tarsnap.log"