Release notes ============= 1.4.0 ----- Minor fixes and features allowing for more fine-tuning of installations. New features/improvements: * ``ldap_server`` role * TLS versions and ciphers supported by server are now configurable. * ``mail_server`` role * TLS versions and ciphers supported by SMTP and IMAP server are now configurable. * Number of allowed concurent IMAP connections for a single user from a single IP address is now configurable. * ``web_server`` role * TLS versions and ciphers supported by server are now configurable. 1.3.0 ----- IPv6 support in firewall rules, small bug fixes and improvements. New features/improvements: * All roles that deploy firewall rules * Set-up IPv6 firewall rules in addition to IPv4. * ``common`` role * Crontabs, operating system user passwords (``/etc/shadow``), and local user mails are now included in the backup. Bug-fixes: * ``wsgi_website`` role * Do not traverse static locations that have not been explicitly configured. Fixes issue where static location ends-up being served by Nginx instea of WSGI application. 1.2.0 ----- Minor fixes and features. New features: * ``wsgi_website`` role * Added support for providing custom proxy headers to pass on to Gunicorn server. Bug-fixes: * ``php_website`` role * Make sure the environment indicator is always shown on top by increasing its ``z-index`` value. * ``wsgi_website`` role * Make sure the environment indicator is always shown on top by increasing its ``z-index`` value. 1.1.0 ----- Minor bug fixes, enchancements, and features. New features/improvements: * ``common`` role * Added support for having user-defined ``/etc/profile.d`` style scripts (in ``~/.profile.d/``. * Disables Emacs ``electric-indent-mode`` globally if Emacs is installed. * Deploys symbolic link for ``mysql_config`` if package ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for `Debian Bug 766996 `_) * Updates CA cache immediatelly so that roles depending on cache being up-to-date do not throw validation errors. * ``mail_server`` role * Added support for specifying local aliases. * Undeliverable bounces are now delivered to postmaster. * ``php_website`` role * Added support for specifying custom ``php-fpm`` pool configuration options. * Added support for having ribon/strip at bottom to identify website environment. Useful for testing/staging environments. * Deploys symbolic link for ``mysql_config`` if package ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for `Debian Bug 766996 `_) * Forwards mails delivered to application or application administrator users to local ``root`` account (can be configured to deliver mails elsewhere). * Sets ``HSTS`` policy if TLS is enforced. * *Umask* for the operating system which runs the website is set to ``0007``. * When administrator user is created for the first time, its home directory is populated from ``/etc/skel``. This makes prompts etc look more uniform across the system. * ``wsgi_website`` role * Added support for having ribon/strip at bottom to identify website environment. Useful for testing/staging environments. * Added support for specifying environment variables that should be set when running the service, or when administering the installation (using application administrator operating system user). * Deploys symbolic link for ``mysql_config`` if package ``libmariadb-client-lgpl-dev-compat`` is installed (workaround for `Debian Bug 766996 `_) * Forwards mails delivered to application or application administrator users to local ``root`` account (can be configured to deliver mails elsewhere). * Sets ``HSTS`` policy if TLS is enforced. * *Umask* for the operating system which runs the website is set to ``0007``. * When administrator user is created for the first time, its home directory is populated from ``/etc/skel``. This makes prompts etc look more uniform across the system. Bug-fixes: * ``database_server`` role * Applies UTF-8 configuration immediatelly. This should fix issues during inital server set-up for roles that need to create database using UTF-8 character set. * ``wsgi_website`` role * Fixed virtualenv wrapper shell script to use proper escaping around arguments. * Website service is now restarted in case of package changes (system or virtual environment). * ``mail_forwarder`` role * Allows incoming SMTP connections from the SMTP relay server (if configured). This way the SMTP relay can deliver bounces. 1.0.1 ----- Minimal bugfix update to improve interoperability. Changes: * ``xmpp_server`` role no longer restricts TLS to version 1.2 and ciphers to PFS ciphers. Should solve ``s2s`` communication issues with old XMPP servers. 1.0.0 ----- Initial release of Majic Ansible Roles. New roles: * ``backup``, reusable role for specifying files to back-up. * ``backup_client``, base role for setting-up backup client on a server (Duplicity). * ``backup_server``, sets-up a backup server. * ``bootstrap``, sets-up server for Ansible management (bootstrapping it for subsequent Ansible runs). * ``common``, basic set-up of server, some hardening, creation of admin accounts etc. * ``database``, reusable role for creating MariaDB database and user for accessing the database. * ``database_server``, sets-up database server (MariaDB). * ``ldap_client``, sets-up LDAP client tools and configuration (OpenLDAP). * ``ldap_server``, sets-up and manages basic entries in an LDAP server (OpenLDAP). * ``mail_forwarder``, sets-up local SMTP server that forwards mail to the main mail server (Postfix). * ``mail_server``, sets-up a mail server with SMTP and IMAP services (Postfix, Dovecot). * ``php_website``, reusable role for creating PHP-based websites. Provides basic building block for PHP applications (Nginx). * ``preseed``, small role for generating Debian preseed files for automated OS installation. * ``web_server``, sets-up web server with basic welcome page (Nginx). * ``wsgi_website``, reusable role for creating WSGI-based websites. Provides basic building block for WSGI applications (Nginx). * ``xmpp_server``, sets-up an XMPP server for instant messaging services (Prosody). New features: * Usage (tutorial-like) instructions. * Test site, serving as an example and used for basic regression testing. * Role reference documentation.