Do not apply tag `packages` to role `service`. Tags are already
applied inside the role. If we apply the tag `package` at the role
level handlers defined inside the role (restart, reload) are not
available in the play!
- Coherent quotation style
Single quotes for text variable (even if implicit), no quotes for
variable and conditional statements, if not required.
- Some useful tags added:
* ssh_certs
renewal of server SSH certificates and configuration of authorized
CA.
* tls_pub
renewal of public TLS certificates (let's encrypt) and certbot
configuration.
* tls_int
renewal of internal TLS certificates (service authorizations) and
configuration of authorized internal CA.
*(ToDo: deployment of Certificate Revokation Lists)*
* lxc
deployment of new containers (deployment of configuration file
excluded, for instance change in ip address are always applied and
trigger a container restart even if you skip this tag.
* packages
installation and upgrade of software packages (apt, opkg or
tarballs)
* service_password
create new random password for services-only password, for routine
rotation. Not meant to be skipped (some roles need to know the
service password, so they do a rotation).
- prepare_host
- ssh_server
- lxc_guest
- ldap
- gitlab
- x509_subject_prefix
- x509_ldap_suffix
*Replaces:* x509_suffix in ldap.yaml
- letsencrypt_email
Used in roles/certbot and roles/gitlab
- root_ca_cert
*Replaces:* ssl_ca_cert and files/lilik_x1.crt
New defaults:
- ldap_domain | default: `${domain}`
- server_fqdn | default: `${hostname}.dmz.${domain}`
*Replaces:* fqdn_domain
Removed:
- fqdn_dmain
- x509_suffix
*Replaced by:* x509_ldap_suffix in common
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
*Replaces*: fqdn
- ldap_domain | default: `${domain}`
- ldap_server | default: `ldap1.dmz.${domain}`
- ldap_basedn | default: `dn(${ldap_domain})`
- enable_https | default: `true`
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
- remove the handling of which template to use
- do not access parent role
- update riot-web nginx configuration
- update icinga role to use new nginx templating
- update synapse nginx configuration
- update matrix role to use new nginx templates
- update dokuwiki to use new nginx template
- extend nginx template in dokuwiki
- update login role to new nginx templates
- add protocol for default option
- add extra block to nginx template
- update riote-web version
- fix template extension for riot web nginx definition
- update login template for nginx endpoint