ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality. Ideas cribbed from [1]. It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.
Open question: does collectd support apache-status? Might it also be
interested in this vhost?
Fixes #299.
[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus
On fresh installs of Debian 7.6, the current order of steps will lock you
out of SSH. This will enable UFW after creating rules for http, https, ssh,
and DNS. Fix comes from @Debugreality in issue #303:
https://github.com/al3x/sovereign/issues/303
- Added backports to apt configuration.
- Updated roundcube task to use the roundcube backport.
- Updated roundcube's main.inc.php configuration file to use the one included
in the backport distribution. Migrated configuration parameters from the
existing configuration file except in cases where it looked like the Roundcube
team was changing defaults that were not touched by Sovereign's configuration.
I may have gotten some wrong; needs review by Sovereign maintainer.
The tomcat6 user doesn't have the right privileges to run the
/etc/init.d/tomcat6 script. Removing these lines allows monit to
restart tomcat if it stops for any reason, and makes the tomcat6 monit
config more consistent with other monit configs elsewhere.
Since 1.0, znc has allowed you to specify the user's timezone:
conveniently, in tzinfo format. This allows the user to configure and
specify that timezone.
This matters because it affects the timestamps that znc issues when
playing back the buffer after a disconnection.
for more info see:
- http://wiki.znc.in/ChangeLog/1.0#Timezones
- http://wiki.znc.in/Configuration
There is also a zpush_timezone configuration option, which could at some
point be unified with irc_timezone into a common configuration item.
ZNC module compilation can fail on memory-limited systems, causing ZNC
to not work properly. But even after the failure, make install still
creates /usr/local/bin/znc. Thus Ansible would skip the ZNC build and
install step on future runs, despite ZNC not being correctly installed,
causing the playbook to appear to complete successfully and requiring
manual troubleshooting.
This commit moves the monitoring role to the bottom of site.yml so that
it is executed after all other roles.
This is needed because the monitoring role conditionally installs Monit
configuration file based on whether some other packages have been
installed or not (such as ZNC).
This patch also adds a comment to the "monitoring" entry within the
"roles" list and a `roles/monitoring/README.md` file telling users why
the monitoring role has to come last.
Resolves #284
Newebe: improve playbook and don't fail on first installation
- Add test
- Fixed Newebe's playbook failing on first run on a fresh Debian 7 VM
- Restart supervisord on changes
- Security: Use /usr/sbin/nologin as login shell for newebe user
- Speed: Consolidate all 'apt' entries into one
- Strip trailing whitespaces
- Update to take advantage of apache2_module from Ansible 1.6
- Use file path=... state=absent instead of "rm" command to delete files
ZNC 1.4 uses a new section within the configuration file to specify
password hash and salt. This requires adding a new Ansible variable
'irc_password_salt'.
Also update the README file to reflect above changes.
Make sure to remove 'install' directory if wallabag is already installed
Subsequent runs of wallabag's playbook result in the 'install' directory being
recreated, (after the "Clone wallabag" step) kicking wallabag's first time
setup procedure.
With this patch we automatically remove the 'install' directory if wallabag's
configuration file appears to be in place before cloning the repository.
The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a
transitional package on both Debian 7 and Ubuntu 12.04 that installs the
'fuse' package.
Since Debian 7 is the officially supported distribution we can safely
switch to install 'fuse' instead of 'fuse-utils' and we also gain
compatibility with Ubuntu 14.04.
Changed tarsnap.sh to not shut down postgresql, instead use the pg_dumpall command to create a .sql backup file in /decrypted/. Much better than shutting down the entire db server.
This change set builds collectd from source and configures it in one of
the following ways:
- If Librato credentials are present, collectd will be configured to
send data points to Librato using the collectd-librato plugin.
- If no Librato credentials are present, collectd will be configured to
write RRD files locally (/opt/collectd/var/lib/collectd/rrd by default).