Vagrant provisioning currently fails without irc_timezone set in
vars/testing.yml. This is probably due to changes introduced in
al3x/sovereign#300 to permit the znc timezone to be configured. The
file vars/users.yml already has a TODO entry for irc_timezone.
Since 1.0, znc has allowed you to specify the user's timezone:
conveniently, in tzinfo format. This allows the user to configure and
specify that timezone.
This matters because it affects the timestamps that znc issues when
playing back the buffer after a disconnection.
for more info see:
- http://wiki.znc.in/ChangeLog/1.0#Timezones
- http://wiki.znc.in/Configuration
There is also a zpush_timezone configuration option, which could at some
point be unified with irc_timezone into a common configuration item.
ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.
Also update the README file to reflect above changes.
This change set builds collectd from source and configures it in one of
the following ways:
- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.
- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).
Fixes issue #8. Adds new variable mail_header_privacy, on by default.
Installs postfix-pcre unconditionally, and then copies the pcre file
over and adds the header check to main.cf based on the variable value.
“this header replacement works great, but it logs that the replacement
has been done, which means that you are storing this information,
unless you are anonymizing your logs”
use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.
Remove all configuration for MySQL and configure PostgreSQL as the main
database.
All *_mysql_* options have been changed to *_db_* options.
Postgres requires the database user to have a password in order to
connect via localhost. The db_admin_password option is used to set the
password of the admin user (usually postgres).
Updated the OpenVPN role so certificate expiration is handled
correctly. The number of days that a certificate will be considered
valid is now a user-controlled variable and is set to five years by
default. (Fixes Issue #87)
* Add an openvpn_server variable
* Move ${openvpn_client}.{key,csr,crt} to
${openvpn_client}/client.{key,csr,crt}
* Generate ${openvpn_client}/${openvpn_server}.ovpn config file
* Copy over a self contained directory of file per client that can be
imported by networkmanager in ubuntu or run directly with `sudo
openvpn ${openvpn_server}.ovpn
* OpenVPN setup is now fully automated. No configuration changes
are necessary (though the defaults can easily be modified) and
all manual command line steps have been eliminated.
* Removed the dependency on easy-rsa in favor of pure OpenSSL and
OpenVPN commands that are executed by Ansible
* Improved the security of the OpenVPN configuration
* Increased the default key size to 2048
* RSA keys are only readable by root
* The cipher and authentication digest are now configurable. If
your client supports it, you can use AES-256-CBC and SHA256
instead of BF-CBC (Blowfish) and SHA1 which are the defaults.
Or you can be a really cool, paranoid, crypto hipster and
use CAMELLIA-256-CBC and SHA512 with an RSA key size of 4096.
* Enabled "HMAC firewall" functionality using the tls-auth option
and automated the generation of the 'ta' key that it depends on
* The OpenVPN daemon becomes an unprivileged user after it starts
* Automated the retrieval of the files that clients will need in
order to connect to OpenVPN
* A pause prompt outputs basic configuration information after the
role has finished running
* Variables are referenced using the new Ansible variable format
(e.g. {{ var }} instead of $var)
* Added a flush_handlers command to the role that ensures OpenVPN
will restart prior to dnsmasq (fixes issue #63)
* Fixed two bugs that were preventing packet forwarding for IPv4
from being enabled correctly