We've hit this problem at least twice in the past, last time with the new
Vector skin update. With this change it should not be necessary to do
anything manually after an update.
yaml: truthy value should be one of [false, true] (truthy)
yaml: wrong indentation: expected 4 but found 2 (indentation)
yaml: too few spaces before comment (comments)
yaml: missing starting space in comment (comments)
yaml: too many blank lines (1 > 0) (empty-lines)
yaml: too many spaces after colon (colons)
yaml: comment not indented like content (comments-indentation)
yaml: no new line character at the end of file (new-line-at-end-of-file)
load-failure: Failed to load or parse file
parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
It should make it easier to change how the certificates is issued.
Ex: If we want to switch to ECDSA certificates in the future or replace
certbot with something else.
- home directory needs 751 - nginx accesses it to serve static files
- cache and sessions directories are used only by PHP -> 750
- uploads is public -> 755
Note that the "fix home permissions" task was duplicated. Other tasks
fixing permissions were moved above.
fail2ban role now protects postfix, dovecot and sshd. other roles can drop
configuration files into /etc/fail2ban/jail.d/*.local to enable fail2ban to
monitor it's service.
Switch from apcu caching to memcached with 512 MiB so that we have a
sustained cached instead of a php-fpm worker based cache which has a
shorter lifetime of 2000 requests before the worker get's killed and
respawned.
Added the certbot command to create the certificate on the first run of the role.
Also install the archwiki-runjobs, archwiki-prune-cache service and timers and the
archwiki-runjobs-wait service. Enable the timers and start them as well as the runjobs-wait
service.