Release notes
=============


1.4.0
-----

Minor fixes and features allowing for more fine-tuning of installations.

New features/improvements:

* ``ldap_server`` role

  * TLS versions and ciphers supported by server are now configurable.

* ``mail_server`` role

  * TLS versions and ciphers supported by SMTP and IMAP server are now
    configurable.
  * Number of allowed concurent IMAP connections for a single user from a single
    IP address is now configurable.

* ``web_server`` role

  * TLS versions and ciphers supported by server are now configurable.


1.3.0
-----

IPv6 support in firewall rules, small bug fixes and improvements.

New features/improvements:

* All roles that deploy firewall rules

  * Set-up IPv6 firewall rules in addition to IPv4.

* ``common`` role

  * Crontabs, operating system user passwords (``/etc/shadow``), and local user
    mails are now included in the backup.

Bug-fixes:

* ``wsgi_website`` role

  * Do not traverse static locations that have not been explicitly
    configured. Fixes issue where static location ends-up being served by Nginx
    instea of WSGI application.


1.2.0
-----

Minor fixes and features.

New features:

* ``wsgi_website`` role

  * Added support for providing custom proxy headers to pass on to Gunicorn
    server.

Bug-fixes:

* ``php_website`` role

  * Make sure the environment indicator is always shown on top by increasing its
    ``z-index`` value.

* ``wsgi_website`` role

  * Make sure the environment indicator is always shown on top by increasing its
    ``z-index`` value.


1.1.0
-----

Minor bug fixes, enchancements, and features.

New features/improvements:

* ``common`` role

  * Added support for having user-defined ``/etc/profile.d`` style scripts (in
    ``~/.profile.d/``.
  * Disables Emacs ``electric-indent-mode`` globally if Emacs is installed.
  * Deploys symbolic link for ``mysql_config`` if package
    ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
    `Debian Bug 766996
    <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
  * Updates CA cache immediatelly so that roles depending on cache being
    up-to-date do not throw validation errors.

* ``mail_server`` role

  * Added support for specifying local aliases.
  * Undeliverable bounces are now delivered to postmaster.

* ``php_website`` role

  * Added support for specifying custom ``php-fpm`` pool configuration options.
  * Added support for having ribon/strip at bottom to identify website
    environment. Useful for testing/staging environments.
  * Deploys symbolic link for ``mysql_config`` if package
    ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
    `Debian Bug 766996
    <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
  * Forwards mails delivered to application or application administrator users
    to local ``root`` account (can be configured to deliver mails elsewhere).
  * Sets ``HSTS`` policy if TLS is enforced.
  * *Umask* for the operating system which runs the website is set to ``0007``.
  * When administrator user is created for the first time, its home directory is
    populated from ``/etc/skel``. This makes prompts etc look more uniform
    across the system.

* ``wsgi_website`` role

  * Added support for having ribon/strip at bottom to identify website
    environment. Useful for testing/staging environments.
  * Added support for specifying environment variables that should be set when
    running the service, or when administering the installation (using
    application administrator operating system user).
  * Deploys symbolic link for ``mysql_config`` if package
    ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
    `Debian Bug 766996
    <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
  * Forwards mails delivered to application or application administrator users
    to local ``root`` account (can be configured to deliver mails elsewhere).
  * Sets ``HSTS`` policy if TLS is enforced.
  * *Umask* for the operating system which runs the website is set to ``0007``.
  * When administrator user is created for the first time, its home directory is
    populated from ``/etc/skel``. This makes prompts etc look more uniform
    across the system.

Bug-fixes:

* ``database_server`` role

  * Applies UTF-8 configuration immediatelly. This should fix issues during
    inital server set-up for roles that need to create database using UTF-8
    character set.

* ``wsgi_website`` role

  * Fixed virtualenv wrapper shell script to use proper escaping around
    arguments.
  * Website service is now restarted in case of package changes (system or
    virtual environment).

* ``mail_forwarder`` role

  * Allows incoming SMTP connections from the SMTP relay server (if
    configured). This way the SMTP relay can deliver bounces.


1.0.1
-----

Minimal bugfix update to improve interoperability.

Changes:

* ``xmpp_server`` role no longer restricts TLS to version 1.2 and ciphers to PFS
  ciphers. Should solve ``s2s`` communication issues with old XMPP servers.


1.0.0
-----

Initial release of Majic Ansible Roles.

New roles:

* ``backup``, reusable role for specifying files to back-up.
* ``backup_client``, base role for setting-up backup client on a server
  (Duplicity).
* ``backup_server``, sets-up a backup server.
* ``bootstrap``, sets-up server for Ansible management (bootstrapping it for
  subsequent Ansible runs).
* ``common``, basic set-up of server, some hardening, creation of admin accounts
  etc.
* ``database``, reusable role for creating MariaDB database and user for
  accessing the database.
* ``database_server``, sets-up database server (MariaDB).
* ``ldap_client``, sets-up LDAP client tools and configuration (OpenLDAP).
* ``ldap_server``, sets-up and manages basic entries in an LDAP server
  (OpenLDAP).
* ``mail_forwarder``, sets-up local SMTP server that forwards mail to the main
  mail server (Postfix).
* ``mail_server``, sets-up a mail server with SMTP and IMAP services (Postfix,
  Dovecot).
* ``php_website``, reusable role for creating PHP-based websites. Provides basic
  building block for PHP applications (Nginx).
* ``preseed``, small role for generating Debian preseed files for automated OS
  installation.
* ``web_server``, sets-up web server with basic welcome page (Nginx).
* ``wsgi_website``, reusable role for creating WSGI-based websites. Provides
  basic building block for WSGI applications (Nginx).
* ``xmpp_server``, sets-up an XMPP server for instant messaging services
  (Prosody).

New features:

* Usage (tutorial-like) instructions.
* Test site, serving as an example and used for basic regression testing.
* Role reference documentation.