On fresh installs of Debian 7.6, the current order of steps will lock you
out of SSH. This will enable UFW after creating rules for http, https, ssh,
and DNS. Fix comes from @Debugreality in issue #303:
https://github.com/al3x/sovereign/issues/303
- Added backports to apt configuration.
- Updated roundcube task to use the roundcube backport.
- Updated roundcube's main.inc.php configuration file to use the one included
in the backport distribution. Migrated configuration parameters from the
existing configuration file except in cases where it looked like the Roundcube
team was changing defaults that were not touched by Sovereign's configuration.
I may have gotten some wrong; needs review by Sovereign maintainer.
Vagrant provisioning currently fails without irc_timezone set in
vars/testing.yml. This is probably due to changes introduced in
al3x/sovereign#300 to permit the znc timezone to be configured. The
file vars/users.yml already has a TODO entry for irc_timezone.
The tomcat6 user doesn't have the right privileges to run the
/etc/init.d/tomcat6 script. Removing these lines allows monit to
restart tomcat if it stops for any reason, and makes the tomcat6 monit
config more consistent with other monit configs elsewhere.
Since 1.0, znc has allowed you to specify the user's timezone:
conveniently, in tzinfo format. This allows the user to configure and
specify that timezone.
This matters because it affects the timestamps that znc issues when
playing back the buffer after a disconnection.
for more info see:
- http://wiki.znc.in/ChangeLog/1.0#Timezones
- http://wiki.znc.in/Configuration
There is also a zpush_timezone configuration option, which could at some
point be unified with irc_timezone into a common configuration item.
Add instructions for making crypt salted hashes using Python and passlib
Quotes removed around salts and hashes in existing examples because, AFAIK,
base64-encoded strings contain no characters which must be escaped in YAML (the
following are not in base64: '!', ':', '|', '>').
Closes #293
ZNC module compilation can fail on memory-limited systems, causing ZNC
to not work properly. But even after the failure, make install still
creates /usr/local/bin/znc. Thus Ansible would skip the ZNC build and
install step on future runs, despite ZNC not being correctly installed,
causing the playbook to appear to complete successfully and requiring
manual troubleshooting.
This commit moves the monitoring role to the bottom of site.yml so that
it is executed after all other roles.
This is needed because the monitoring role conditionally installs Monit
configuration file based on whether some other packages have been
installed or not (such as ZNC).
This patch also adds a comment to the "monitoring" entry within the
"roles" list and a `roles/monitoring/README.md` file telling users why
the monitoring role has to come last.
Resolves #284