From f3bf3ee05acfb39b7b3066abf7f57f1430584eef Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Mon, 29 Nov 2021 16:00:08 +0100
Subject: [PATCH] Update to 2021-11-29 16:00

---
 roles/ampache/tasks/main.yml                |  1 +
 roles/samba/defaults/main.yml               |  3 ---
 roles/samba/tasks/facts.yml                 | 18 +++++++++---------
 roles/samba/templates/smb.conf.j2           |  5 -----
 roles/seafile/templates/seafile-gc.timer.j2 |  2 +-
 5 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/roles/ampache/tasks/main.yml b/roles/ampache/tasks/main.yml
index d2bd472..289950b 100644
--- a/roles/ampache/tasks/main.yml
+++ b/roles/ampache/tasks/main.yml
@@ -48,6 +48,7 @@
     - "{{ ampache_root_dir }}/data/music"
     - "{{ ampache_root_dir }}/data/video"
     - "{{ ampache_root_dir }}/backup"
+  failed_when: False # Don't fail when a fuse FS is mount on /music for example
   tags: ampache
 
 - when: ampache_install_mode != 'none'
diff --git a/roles/samba/defaults/main.yml b/roles/samba/defaults/main.yml
index 24d6927..42de201 100644
--- a/roles/samba/defaults/main.yml
+++ b/roles/samba/defaults/main.yml
@@ -38,9 +38,6 @@ samba_serve_homes: False
 # Password used for rsyncd. Used to fetch sysvol from the primary DC
 samba_sysvol_rsync_pass: "{{ samba_dc_admin_pass | password_hash('sha512', 65534 | random(seed=samba_realm) | string) }}"
 
-# Wether to allow simple binds over unencrypted connections
-samba_allow_insecure_ldap: False
-
 # The following are for the password policy to apply to the domain
 samba_base_pwd_policy:
   complexity: 'off'
diff --git a/roles/samba/tasks/facts.yml b/roles/samba/tasks/facts.yml
index 343c0c3..106996f 100644
--- a/roles/samba/tasks/facts.yml
+++ b/roles/samba/tasks/facts.yml
@@ -38,12 +38,12 @@
   when: samba_i_am_primary_dc == True
   tags: samba
 
-  # No sssd compiled against TIS samba4 yet for el8
-  # so disable ad_auth for samba DC in this case
-- name: Disable ad_auth for samba DC
-  set_fact: ad_auth=False
-  when:
-    - samba_role in [ 'dc', 'rodc' ]
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_major_version is version('8','>=')
-  tags: samba
+# sssd-ad can now be installed on EL8 with samba4 build from Tranquil IT
+# so don't turn ad_auth off anymore
+#- name: Disable ad_auth for samba DC
+#  set_fact: ad_auth=False
+#  when:
+#    - samba_role in [ 'dc', 'rodc' ]
+#    - ansible_os_family == 'RedHat'
+#    - ansible_distribution_major_version is version('8','>=')
+#  tags: samba
diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
index 59bdcb9..028094f 100644
--- a/roles/samba/templates/smb.conf.j2
+++ b/roles/samba/templates/smb.conf.j2
@@ -14,11 +14,6 @@
 {% if samba_dns_forwarder is defined %}
   dns forwarder = {{ samba_dns_forwarder }}
 {% endif %}
-{% if samba_allow_insecure_ldap %}
-  ldap server require strong auth = no
-{% else %}
-  ldap server require strong auth = allow_sasl_over_tls
-{% endif %}
 {% elif samba_role == 'member' %}
   server role = member server
 {% elif samba_role == 'standalone' %}
diff --git a/roles/seafile/templates/seafile-gc.timer.j2 b/roles/seafile/templates/seafile-gc.timer.j2
index 85d2fab..6a4bae6 100644
--- a/roles/seafile/templates/seafile-gc.timer.j2
+++ b/roles/seafile/templates/seafile-gc.timer.j2
@@ -2,7 +2,7 @@
 Description=Seafile Garbage Collect service
 
 [Timer]
-OnCalendar=Sun *-*-* 02:10:00
+OnCalendar=Sun *-*-* 03:10:00
 Persistent=true
 
 [Install]