From 4b9469ef10e83c23693d8a5e605d77bc3c4946c0 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 26 Mar 2021 16:00:07 +0100 Subject: [PATCH] Update to 2021-03-26 16:00 --- roles/n8n/defaults/main.yml | 5 +++++ roles/n8n/templates/n8n.service.j2 | 2 ++ roles/unifi/defaults/main.yml | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/roles/n8n/defaults/main.yml b/roles/n8n/defaults/main.yml index 262a48e..207a0d2 100644 --- a/roles/n8n/defaults/main.yml +++ b/roles/n8n/defaults/main.yml @@ -44,3 +44,8 @@ n8n_public_url: http://{{ inventory_hostname }}:{{ n8n_port }}/ # A secret key used to encrypt data in the DB. A random one is created is not defined here # n8n_secret_key: p@ssW0rd + +# If enabled, the systemd unit will have ProtectSystem=yes +# This is recommended most of the time, but there are cases where you might want n8n to +# be able to write under /usr +n8n_protect_system: True diff --git a/roles/n8n/templates/n8n.service.j2 b/roles/n8n/templates/n8n.service.j2 index 62b4d1d..6405082 100644 --- a/roles/n8n/templates/n8n.service.j2 +++ b/roles/n8n/templates/n8n.service.j2 @@ -9,7 +9,9 @@ Group={{ n8n_user }} EnvironmentFile={{ n8n_root_dir }}/etc/env ExecStart={{ n8n_root_dir }}/app/node_modules/n8n/bin/n8n PrivateTmp=yes +{% if n8n_protect_system %} ProtectSystem=full +{% endif %} ProtectHome=yes NoNewPrivileges=yes MemoryLimit=2048M diff --git a/roles/unifi/defaults/main.yml b/roles/unifi/defaults/main.yml index dafaa44..0019454 100644 --- a/roles/unifi/defaults/main.yml +++ b/roles/unifi/defaults/main.yml @@ -1,9 +1,9 @@ --- unifi_root_dir: /opt/unifi -unifi_version: 6.0.45 +unifi_version: 6.1.71 unifi_archive_url: https://www.ubnt.com/downloads/unifi/{{ unifi_version }}/UniFi.unix.zip -unifi_archive_sha1: 9ced99ee6d7749f3dcba37221eb298ea7e35ec32 +unifi_archive_sha1: bf306596eba094c023d9730d205b64848e40a421 unifi_manage_upgrade: True unifi_http_port: 8080 unifi_https_port: 8443