From 13588e992beb377dfb55b0025e4224e1a5ea9f4b Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Wed, 3 Feb 2021 21:00:10 +0100 Subject: [PATCH] Update to 2021-02-03 21:00 --- roles/diagrams/defaults/main.yml | 4 ++-- roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 | 5 +++-- roles/postfix/defaults/main.yml | 10 ++-------- roles/postfix/tasks/main.yml | 2 +- roles/postfix/templates/main.cf.j2 | 2 +- 5 files changed, 9 insertions(+), 14 deletions(-) diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml index 0edabab..4d7f70e 100644 --- a/roles/diagrams/defaults/main.yml +++ b/roles/diagrams/defaults/main.yml @@ -1,11 +1,11 @@ --- # Veresion of diagrams to deploy -diagrams_version: 14.2.4 +diagrams_version: 14.2.9 # URL of the WAR file to deploy diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war # Expected sha1 of the WAR file -diagrams_war_sha1: 68bd9f564453a540c2a167f7d75ae1347a79c4ba +diagrams_war_sha1: 061b500ffc908fe603ecf8d43fb4259bd83315fe # root directory of the installation diagrams_root_dir: /opt/diagrams # Should ansible manage upgrades, or just initial install ? diff --git a/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 b/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 index 18ae457..e08a753 100644 --- a/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 +++ b/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 @@ -7,15 +7,16 @@ Type=simple PIDFile=/var/run/llng-fastcgi-server/llng-fastcgi-server.pid User=apache Group=apache +{% if ansible_os_family == 'RedHat' and ansible_distribution_major_version is version('8','<') %} Environment=PM_MAX_REQUESTS=5000 Environment=PM_SIZECHECK_NUM_REQUESTS=100 Environment=PM_MAX_SIZE=800000 +{% endif %} Environment=SOCKET=/var/run/llng-fastcgi-server/llng-fastcgi.sock Environment=PID=/var/run/llng-fastcgi-server/llng-fastcgi-server.pid Environment=PERL_LWP_ENV_PROXY={{ llng_reload_use_proxy | ternary('1','0') }} ExecStart=/usr/libexec/lemonldap-ng/sbin/llng-fastcgi-server \ - --foreground \ - --plackOptions=--manager=FCGI::ProcManager::Constrained + --foreground PrivateTmp=yes PrivateDevices=yes ProtectSystem=full diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml index 35f2efb..056821c 100644 --- a/roles/postfix/defaults/main.yml +++ b/roles/postfix/defaults/main.yml @@ -20,10 +20,6 @@ # - 'localhost' # # -# If set to true, postfix will bind on all interfaces -# If false, only on loopback -postfix_networking: False - # # List of IP/Network allowed to relay # 127.0.0.0/8 should always be in the list @@ -31,10 +27,8 @@ postfix_networking: False # - 127.0.0.0/8 # - 10.10.0.0/16 # - 192.168.7.0/24 -# -# List of IP addresses which will have access to port 25 -postfix_src_ip: - - 0.0.0.0/0 +# List of IP addresses which will have access to port 25 +postfix_src_ip: [] ... diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 8a1f8be..e3eff82 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -44,7 +44,7 @@ - name: Handle postfix port iptables_raw: name: postfix_ports - state: "{{ (postfix_src_ip is defined and postfix_src_ip | length > 0 and postfix_networking) | ternary('present','absent') }}" + state: "{{ (postfix_src_ip is defined and postfix_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ postfix_ports | default(['25']) | join(',') }} -s {{ postfix_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) tags: postfix diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 index f57fcf9..1e8874d 100644 --- a/roles/postfix/templates/main.cf.j2 +++ b/roles/postfix/templates/main.cf.j2 @@ -10,7 +10,7 @@ mydomain = {{ postfix_mydomain }} myorigin = $mydomain -inet_interfaces = {{ postfix_networking | default(False) | ternary('all','localhost') }} +inet_interfaces = all inet_protocols = ipv4 mydestination = {{ postfix_mydestination | default(['$myhostname', 'localhost.$mydomain', 'localhost']) | join(', ') }}