release v1.17.0

nodiscc · Sep 21, 2023 · 9fae8f8 · 9fae8f8
1 parent 0e3507b
commit 9fae8f8
Show file tree

Hide file tree

Showing 10 changed files with 31 additions and 37 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,7 @@
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
-#### [v1.17.0](https://gitlab.com/nodiscc/xsrv/-/releases#1.17.0) - UNRELEASED
+#### [v1.17.0](https://gitlab.com/nodiscc/xsrv/-/releases#1.17.0) - 2023-09-21
 
 **Upgrade procedure:**
 - upgrade to [v1.16.0](https://gitlab.com/nodiscc/xsrv/-/releases#1.16.0) and deploy it first, if not already done

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@
 
 [![](https://gitlab.com/nodiscc/xsrv/badges/master/pipeline.svg)](https://gitlab.com/nodiscc/xsrv/-/pipelines)
 [![](https://bestpractices.coreinfrastructure.org/projects/3647/badge)](https://bestpractices.coreinfrastructure.org/projects/3647)
-[![](https://img.shields.io/badge/latest%20release-1.16.0-blue)](https://gitlab.com/nodiscc/xsrv/-/releases)
+[![](https://img.shields.io/badge/latest%20release-1.17.0-blue)](https://gitlab.com/nodiscc/xsrv/-/releases)
 [![](https://img.shields.io/badge/docs-readthedocs-%232980B9)](https://xsrv.readthedocs.io)
 
 **Install, manage and run self-hosted network services and applications on your own server(s).**

diff --git a/docs/TODO.md b/docs/TODO.md
@@ -2,33 +2,39 @@
 
 ### xsrv/xsrv
 
+- #1191 - rebase configuration files on their debian12 versions - **`1.18.0`** `configuration,maintenance`
+- #1190 - doc: jitsi: changing passwords through debconf no longer always returns changed - **`1.18.0`** `documentation,easy,maintenance`
+- #1178 - netdata-logcount/needrestart: switch to multi-bar display by default - **`1.18.0`** `configuration,easy,enhancement,monitoring`
+- #1174 - cleanup: limit use of `check_mode: no` to tasks that do not change anything - **`-`** `maintenance`
+- #1173 - WIP common: allow force-running unattended-upgrades immediately, without waiting for the daily scheduled task (utils-apt-upgrade) - **`-`** `enhancement`
+- #1172 - WIP use `diff: no` instead of `no_log: yes` to mask sensitive info/silence excessively verbose diffs when using diff mode - **`1.18.0`** `enhancement,maintenance`
+- #1168 - apache: remove ability to install/configure `mod-evasive` - **`-`** `maintenance`
+- #1167 - nextcloud: enable preview generator by default? - **`1.18.0`** `configuration,easy,feature`
 - #1162 - WIP: tools/gitlab CI: perform release tests automatically - **`-`** `tools`
-- #1161 - netdata: aggregate netdata logs to syslog - **`1.17.0`** `configuration,easy,enhancement,monitoring`
+- #1161 - netdata: aggregate netdata logs to syslog - **`1.18.0`** `configuration,easy,enhancement,monitoring`
 - #1160 - homepage: display the URI for non-clickable links - **`-`** `enhancement`
 - #1159 - homepage: optional dark theme? - **`-`** `enhancement,question`
-- #1158 - doc: netdata: update screenshots - **`1.17.0`** `documentation,easy,maintenance`
-- #1156 - nextcloud: enable forms app by default? - **`1.17.0`** `configuration,easy,enhancement`
 - #1155 - gamevault role? - **`-`** `question`
 - #1152 - nextcloud: before upgrade, abort if .old nextcloud installation directory is found (indicates incomplete upgrade) - **`-`** `easy,enhancement`
 - #1148 - nextcloud: update to v27.0.1 - **`1.18.0`** `enhancement,maintenance`
 - #1144 - automate roles uninstallation procedures? - **`-`** `enhancement,question`
 - #1143 - nextcloud: upload speed improvements? - **`-`** `configuration,enhancement,performance,question`
-- #1139 - WIP: allow installing/upgrading shaarli from an arbitrary zip file - **`-`** `question`
-- #1138 - gitea: allow setting up Gitea's built-in CI/CD system (Gitea Actions) - **`1.17.0`** `feature,upstream`
+- #1139 - WIP: allow installing/upgrading shaarli from an arbitratry zip file - **`-`** `question`
+- #1138 - gitea: allow setting up Gitea's built-in CI/CD system (Gitea Actions) - **`1.18.0`** `feature,upstream`
 - #1134 - Lemmy role? - **`-`** `feature,question`
 - #1127 - xsrv: help-tags: outputs duplicate tags when running on non-default playbook - **`-`** `bug`
 - #1122 - nextcloud: install memories app? - **`-`** `feature,question`
 - #1121 - graylog/mongodb: require authentication to connect to mongodb - **`1.18.0`** `configuration,enhancement,security`
 - #1119 - WIP: common/firewalld: allow defining a manual IP address/network blacklist (firewalld_bad_ips) - **`-`** `enhancement,security`
 - #1117 - baserow role? - **`-`** `feature,question`
-- #1113 - graylog: update to v5.1 - **`1.17.0`** `maintenance`
+- #1113 - graylog: update to v5.1 - **`1.18.0`** `maintenance`
 - #1111 - WIP: tests: add tests for deploying individual roles to a host - **`-`** `enhancement,tools`
-- #1109 - matrix/synapse/admin: restrict access to admin endpoint to user-defined IPs/subnets - **`1.17.0`** `enhancement,security`
+- #1109 - matrix/synapse/admin: restrict access to admin endpoint to user-defined IPs/subnets - **`1.18.0`** `enhancement,security`
 - #1108 - matrix/element: Cross-Origin Request Blocked: .well-known/matrix/client - **`-`** `question`
 - #1103 - xsrv: bash completion: auto-complete init-vm/init-vm-template options - **`1.18.0`** `enhancement`
 - #1099 - graylog: document backup restoration procedure - **`-`** `backups,documentation`
 - #1087 - openldap/netdata: setup netdata OpenLDAP monitoring? - **`-`** `monitoring,question`
-- #1074 - xsrv: init-vm: allow passing a path to a public SSH key file instead of the key contents - **`1.17.0`** `easy,enhancement`
+- #1074 - xsrv: init-vm: allow passing a path to a public SSH key file instead of the key contents - **`1.18.0`** `easy,enhancement`
 - #1067 - graylog: migrate to opensearch? - **`-`** `maintenance,question`
 - #1065 - enable kernel command-line haredning options? - **`-`** `configuration,enhancement,question,security`
 - #1062 - dovecot: add a local netdata port check - **`-`** `configuration,easy,enhancement,monitoring`
@@ -38,7 +44,6 @@
 - #1031 - apache: allow restricting access by IP address, per-application/virtualhost - **`1.18.0`** `easy,enhancement,security`
 - #1027 - shaarli: update ownership/mode of directories is not idempotent - **`-`** `enhancement,maintenance`
 - #1026 - libvirt: changing a libvirt network's settings does not work if the network already exists - **`-`** `bug,upstream`
-- #1025 - apache/fail2ban: ban IP addresses repeatingly hitting 403 errors/the default localhost vhost (and other vhosts?) - **`1.18.0`** `enhancement,question,security`
 - #1012 - dovecot: encrypt all incoming e-mail with the recipient's GPG key? - **`-`** `enhancement,question,security`
 - #1001 - libvirt: add support for EFI as an alternative to legacy BIOS - **`-`** `enhancement`
 - #997 - make publish_collection: no role readme found/empty roles list on galaxy.ansible.com - **`-`** `bug,tools,upstream`
@@ -98,7 +103,7 @@
 - #733 - monitoring_netdata: allow whitelisting debsecan bugs - **`-`** `enhancement,monitoring,security`
 - #723 - Automate DNS scans with dnsspy.io? - **`-`** `feature,question,security`
 - #722 - Allow hdparm/disk spindown time configuration? - **`-`** `feature,question`
-- #720 - podman role/replace docker with podman? - **`1.17.0`** `enhancement,feature,maintenance,question`
+- #720 - podman role/replace docker with podman? - **`1.18.0`** `enhancement,feature,maintenance,question`
 - #717 - transmission: configuration templating task always returns changed (cleartext/hashed password) - **`2.0.0`** `enhancement,maintenance,upstream`
 - #715 - dnsmasq: DNS-over-HTTPS support? - **`-`** `configuration,enhancement,question,security`
 - #714 - dnsmasq: DNS-based ad blocking/filtering? - **`-`** `feature,question`
@@ -150,8 +155,7 @@
 - #433 - docker: additional hardening/CIS guidelines - **`2.0.0`** `configuration,enhancement,security`
 - #426 - samba: add ability to delete a share by setting state: absent - **`-`** `enhancement`
 - #425 - openldap: self-service-password/ldap-account-manager: checksum/signature download verification? - **`-`** `enhancement,security`
-- #405 - xsrv: replace environment variable-based settings with options, arguments or configuration from file? - **`1.17.0`** `enhancement,maintenance`
-- #402 - jellyfin: frequent [ERR] Error sending socket message from 0.0.0.0 to 239.255.255.250:1900 - **`-`** `configuration,documentation,enhancement,upstream`
+- #405 - xsrv: replace environment variable-based settings with options, arguments or configuration from file? - **`1.18.0`** `enhancement,maintenance`
 - #393 - Samba: performance improvements (socket options)? - **`-`** `configuration,enhancement,performance,question,wontfix`
 - #379 - setup IPV6 support (sysctl, firewall, applications...)? - **`-`** `question`
 - #378 - netdata: add a "proxied" mode (proxy behind apache/mod_proxy) ? - **`-`** `monitoring`
@@ -170,7 +174,7 @@
 - #330 - netdata: monitor php-fpm - **`-`** `enhancement,monitoring`
 - #328 - apache: mpm_event performance tuning? - **`-`** `enhancement,performance,question`
 - #327 - nextcloud: verify gpg signatures - **`-`** `enhancement,security`
-- #317 - monitoring_utils: lynis: suggestion[]=BOOT-5264|Consider hardening system services - **`1.17.0`** `enhancement,security`
+- #317 - monitoring_utils: lynis: suggestion[]=BOOT-5264|Consider hardening system services - **`1.18.0`** `enhancement,security`
 - #310 - samba: ability to whitelist/blacklist files by extension? - **`-`** `enhancement,question,security`
 - #309 - apply postgresqltuner recommended settings? - **`-`** `enhancement,performance`
 - #307 - apache: mod_md: make certificate status endpoint enable/disable configurable - **`-`** `enhancement,monitoring`
@@ -193,9 +197,7 @@
 - #208 - netdata: graph/alert on logwatch warnings - **`-`** `feature,monitoring,security`
 - #205 - netdata: monitor debsums warnings/return status - **`2.0.0`** `easy,feature,monitoring,security`
 - #200 - roles for other monitoring software? - **`-`** `feature,monitoring,question`
-- #195 - monitoring: add apt-listchanges - **`1.17.0`** `easy,enhancement,monitoring`
 - #193 - netdata: graph tiger warnings - **`-`** `feature,monitoring,security`
-- #192 - monitoring/apache: add goaccess, generate reports for each virtualhost - **`-`** `feature,monitoring`
 - #191 - monitoring_utils: add inxi? - **`-`** `feature,monitoring,question`
 - #189 - netdata: graph VULS reports - **`-`** `feature,monitoring,security`
 - #187 - monitoring: setup PSAD (Port Scan Attack Detector) Edit - **`-`** `feature,security`
@@ -206,8 +208,7 @@
 - #174 - netdata: allow setting a repetition period for alarms - **`-`** `enhancement`
 - #172 - netdata: support long-term archiving - **`-`** `enhancement,monitoring`
 - #167 - monitoring: add spectre-meltdown-checker to lynis reports - **`-`** `feature,monitoring,security`
-- #164 - gitea: add CI/CD service - **`1.17.0`** `feature,upstream`
-- #157 - nextcloud: enable polls app by default - **`1.17.0`** `easy,feature`
+- #164 - gitea: add CI/CD service - **`1.18.0`** `feature,upstream`
 - #155 - nextcloud: add Fulltextsearch App + OCR? - **`-`** `feature,question`
 - #150 - nextcloud: add maintenance on/off switch - **`-`** `easy,enhancement`
 - #149 - nextcloud: add bookmarks app? - **`-`** `enhancement,question`
@@ -251,16 +252,15 @@
 - #59 - Collaborative pad - **`-`** `feature`
 - #57 - rundeck role? - **`-`** `feature,question`
 - #55 - Guacamole remote control gateway role? - **`-`** `feature,question`
-- #53 - web analytics/goaccess role? - **`-`** `feature,question`
 - #52 - blogging engine/static site generator role? - **`-`** `feature,question`
 - #49 - caching HTTP proxy/squid role? - **`-`** `feature,question`
 - #46 - Printer sharing server? - **`-`** `feature,question`
-- #45 - Video hosting/streaming platform - **`1.17.0`** `feature`
+- #45 - Video hosting/streaming platform - **`1.18.0`** `feature`
 - #44 - jellyfin: document DLNA/UPnP usage - **`-`** `configuration,documentation,feature,question`
 - #43 - OSM routing service role? - **`-`** `feature,question`
 - #42 - OpenStreetMap/maps tileserver role? - **`-`** `feature,question`
 - #41 - network scanner (SANE) server role? - **`-`** `feature,question`
-- #40 - Search engine role? - **`-`** `feature`
+- #40 - SearxNG role - **`1.18.0`** `feature`
 - #39 - wallabag role? - **`-`** `feature`
 - #37 - Replace `ntp` with `chrony`? - **`2.0.0`** `question`
 - #35 - simple git server role? - **`-`** `feature,question,wontfix`

diff --git a/docs/conf.py b/docs/conf.py
@@ -5,8 +5,8 @@
 
 project = 'xsrv'
 author = '[email protected]'
-version = '1.16.0'
-release = '1.16.0'
+version = '1.17.0'
+release = '1.17.0'
 html_show_copyright = True
 
 # -- General configuration ---------------------------------------------------

diff --git a/docs/configuration-variables.md b/docs/configuration-variables.md
@@ -300,6 +300,7 @@ apt_listbugs_ignore_list:
   - 1023748 # https://bugs.debian.org/1023748 - only affects java 20, debian 12 has java 17
   - 1039472 # https://bugs.debian.org/1039472 - fixed, patch pending upload
   - 1043415 # https://bugs.debian.org/1043415 - not applicable to upstream/packagecloud packages
+  - 1051003 # https://bugs.debian.org/1051003 - only affects pam_shield
 
 ### DATE/TIME ###
 # yes/no: setup ntp time service
@@ -796,8 +797,6 @@ jellyfin_users:
 #   letsencrypt: acquire a certificate from letsencrypt.org
 #   selfsigned: generate a self-signed certificate
 jellyfin_https_mode: selfsigned
-# enable automatic discovery of DLNA devices on the local network (no/yes)
-jellyfin_enable_dlna_discovery: no
 # start/stop the jellyfin webserver, enable/disable it on boot, redirect users to maintenance page if disabled (yes/no)
 jellyfin_enable_service: yes
 # yes/no: enable automatic backups of the default jellyfin media directory (when the nodiscc.xsrv.backup role is managed by ansible)
@@ -1083,7 +1082,7 @@ matrix_element_jitsi_preferred_domain: "meet.element.io"
 # when matrix_element_video_rooms_mode = 'element_call', domain of the Element Call instance to use for video calls
 matrix_element_call_domain: "call.element.io"
 # matrix element web client version (https://github.com/vector-im/element-web/releases)
-matrix_element_version: "1.11.42"
+matrix_element_version: "1.11.43"
 # element installation directory
 element_install_dir: "/var/www/{{ matrix_element_fqdn }}"
 # HTTPS and SSL/TLS certificate mode for the matrix-element webserver virtualhost
@@ -1495,6 +1494,7 @@ nextcloud_apps:
   - { state: "disable", app: "keeporsweep" } # https://apps.nextcloud.com/apps/keeporsweep
   - { state: "disable", app: "jitsi" } # https://apps.nextcloud.com/apps/jitsi
   - { state: "disable", app: "tables" } # https://apps.nextcloud.com/apps/tables
+  - { state: "disable", app: "survey_client" } # https://github.com/nextcloud/survey_client
 # nextcloud php-fpm pool settings (performance/resource usage)
 # php-fpm: Maximum amount of memory a script may consume (K, M, G)
 nextcloud_php_memory_limit: '512M'

diff --git a/docs/index.md b/docs/index.md
@@ -8,7 +8,7 @@
 
 [![](https://gitlab.com/nodiscc/xsrv/badges/master/pipeline.svg)](https://gitlab.com/nodiscc/xsrv/-/pipelines)
 [![](https://bestpractices.coreinfrastructure.org/projects/3647/badge)](https://bestpractices.coreinfrastructure.org/projects/3647)
-[![](https://img.shields.io/badge/latest%20release-1.16.0-blue)](https://gitlab.com/nodiscc/xsrv/-/releases)
+[![](https://img.shields.io/badge/latest%20release-1.17.0-blue)](https://gitlab.com/nodiscc/xsrv/-/releases)
 [![](https://img.shields.io/badge/docs-readthedocs-%232980B9)](https://xsrv.readthedocs.io)
 
 **Install, manage and run self-hosted network services and applications on your own server(s).**

diff --git a/docs/tags.md b/docs/tags.md
@@ -3,7 +3,7 @@
 ```
   ╻ ╻┏━┓┏━┓╻ ╻
 ░░╺╋╸┗━┓┣┳┛┃┏┛
-  ╹ ╹┗━┛╹┗╸┗┛ v1.16.0
+  ╹ ╹┗━┛╹┗╸┗┛ v1.17.0
 [xsrv] USAGE: TAGS=tag1,tag2,tag3 xsrv deploy
 TAGS:
 apache-mod-evasive - setup apache anti-DoS module
@@ -80,9 +80,6 @@ synapse-admin - setup synapse-admin matrix administration web interface
 synapse - setup synapse (matrix) chat server
 sysctl - setup sysctl kernel configuration
 transmission - setup transmission bittorrent client
-tt_rss-app - setup tt-rss appllication
-tt_rss-permissions - set/fix permissions/ownership on tt-rss directories
-tt_rss-postgresql - setup tt-rss postgresql database
 tt_rss - setup tt-rss feed reader
 users - setup users and groups
 utils-autorestart - (manual) reboot hosts if a Linux kernel upgrade is pending

diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: nodiscc
 name: xsrv
-version: 1.16.0
+version: 1.17.0
 readme: README.md
 authors:
   - nodiscc <[email protected]>

diff --git a/roles/tt_rss/README.md b/roles/tt_rss/README.md
@@ -81,9 +81,6 @@ _Note: due to TT-RSS "rolling" release model (always install the latest `master`
 <!--BEGIN TAGS LIST-->
 ```
 tt_rss - setup tt-rss feed reader
-tt_rss-postgresql - setup tt-rss postgresql database
-tt_rss-app - setup tt-rss appllication
-tt_rss-permissions - set/fix permissions/ownership on tt-rss directories
 ```
 <!--END TAGS LIST-->
 

diff --git a/xsrv b/xsrv
@@ -54,7 +54,7 @@ projects_dir="${XSRV_PROJECTS_DIR:=$HOME/playbooks}"
 editor="${EDITOR:=nano}"
 ansible_tags="${TAGS:-}"
 pager="${PAGER:=nano --syntax=YAML --view +1 -}"
-version="1.16.0"
+version="1.17.0"
 ansible_version="8.4.0"
 xsrv_git_url="https://gitlab.com/nodiscc/xsrv"
 xsrv_upgrade_channel="${XSRV_UPGRADE_CHANNEL:=release}"