- Added backports to apt configuration.
- Updated roundcube task to use the roundcube backport.
- Updated roundcube's main.inc.php configuration file to use the one included
in the backport distribution. Migrated configuration parameters from the
existing configuration file except in cases where it looked like the Roundcube
team was changing defaults that were not touched by Sovereign's configuration.
I may have gotten some wrong; needs review by Sovereign maintainer.
The tomcat6 user doesn't have the right privileges to run the
/etc/init.d/tomcat6 script. Removing these lines allows monit to
restart tomcat if it stops for any reason, and makes the tomcat6 monit
config more consistent with other monit configs elsewhere.
Since 1.0, znc has allowed you to specify the user's timezone:
conveniently, in tzinfo format. This allows the user to configure and
specify that timezone.
This matters because it affects the timestamps that znc issues when
playing back the buffer after a disconnection.
for more info see:
- http://wiki.znc.in/ChangeLog/1.0#Timezones
- http://wiki.znc.in/Configuration
There is also a zpush_timezone configuration option, which could at some
point be unified with irc_timezone into a common configuration item.
ZNC module compilation can fail on memory-limited systems, causing ZNC
to not work properly. But even after the failure, make install still
creates /usr/local/bin/znc. Thus Ansible would skip the ZNC build and
install step on future runs, despite ZNC not being correctly installed,
causing the playbook to appear to complete successfully and requiring
manual troubleshooting.
This commit moves the monitoring role to the bottom of site.yml so that
it is executed after all other roles.
This is needed because the monitoring role conditionally installs Monit
configuration file based on whether some other packages have been
installed or not (such as ZNC).
This patch also adds a comment to the "monitoring" entry within the
"roles" list and a `roles/monitoring/README.md` file telling users why
the monitoring role has to come last.
Resolves #284
Newebe: improve playbook and don't fail on first installation
- Add test
- Fixed Newebe's playbook failing on first run on a fresh Debian 7 VM
- Restart supervisord on changes
- Security: Use /usr/sbin/nologin as login shell for newebe user
- Speed: Consolidate all 'apt' entries into one
- Strip trailing whitespaces
- Update to take advantage of apache2_module from Ansible 1.6
- Use file path=... state=absent instead of "rm" command to delete files
ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.
Also update the README file to reflect above changes.
Make sure to remove 'install' directory if wallabag is already installed
Subsequent runs of wallabag's playbook result in the 'install' directory being
recreated, (after the "Clone wallabag" step) kicking wallabag's first time
setup procedure.
With this patch we automatically remove the 'install' directory if wallabag's
configuration file appears to be in place before cloning the repository.
The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a
transitional package on both Debian 7 and Ubuntu 12.04 that installs the
'fuse' package.
Since Debian 7 is the officially supported distribution we can safely
switch to install 'fuse' instead of 'fuse-utils' and we also gain
compatibility with Ubuntu 14.04.
Changed tarsnap.sh to not shut down postgresql, instead use the pg_dumpall command to create a .sql backup file in /decrypted/. Much better than shutting down the entire db server.
This change set builds collectd from source and configures it in one of
the following ways:
- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.
- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).
Added rules for dealing with old virtualhost files in
/etc/apache2/sites-available and old (dangling) symlinks in
/etc/apaches/sites-enabled.
Also, remove unnecessary apache2 restart after creating a new
virtualhost but not yet enabling it.
* Postfix: Trusty comes with postgresql 9.3, not 9.1
* owncloud 6.0.1 is part of the distribution, doesn't require opensuse repository
* owncloud requires libapache2-mod-php5
* uses prosody repository that matches the ansible_distribution_release (trusty, wheezy, etc)
The virtual site files must be owned by root (serious security issue)
and they must have the .conf filename suffix for a2ensite on
Ubuntu 14.04LTS (apache 2.4.7).
On Ubuntu 14.04 LTS, a2ensite automatically appends ".conf" to the filename it looks for in /etc/apache2/sites-available/
Therefore, the file "/etc/apache2/sites-available/roundcube" must be renamed to
"/etc/apache2/sites-available/roundcube.conf".
Security issue:
This file must be owned by root, otherwise it is a huge security issue (User www-data could modify the file and get root at next restart of apache).