TODO.md

April 2, 2026 ยท View on GitHub

####### gitea issues: xsrv/xsrv

  • #1416 - backup: rsnapshot-monthy.service fails whern there are no weekly backups yet - 2.1.0 backups,bug
  • #1413 - podman: switch to overlay storage driver, reduces disk space usage - - easy,enhancement,performance
  • #1412 - llamacpp: performance improvements and additional models - - enhancement,performance
  • #1410 - kiwix: add project gutenberg ZIM URLs - - easy,enhancement
  • #1409 - llama.cpp: add qwen3.5:9b - - easy,enhancement
  • #1408 - grafana: database backups - 2.1.0 backups,monitoring
  • #1407 - victoriametrics: metrics downsampling? - - monitoring,performance,question
  • #1406 - monitoring/victoriametrics: add PostgresqlTooManyConnections alert - 2.1.0 enhancement,monitoring
  • #1405 - victoriametrics: get remote_write password from file - - enhancement,security
  • #1403 - common: provide a way to configure crypttab - - feature
  • #1399 - victoriametrics: tune exporter poll intervals (5s is too frequent) - - enhancement,monitoring,performance
  • #1398 - victoriametrics/alertmanager: add a utils-* tag to test sending mail notifications - - enhancement,monitoring
  • #1397 - victoriametrics/alertmanager: add alert on high postgresql connection usage - - enhancement,performance
  • #1396 - victoriametrics/alertmanager: add alert on OOM kills - - enhancement,monitoring,performance
  • #1395 - victoriametrics/alertmanager: add alert on high packet drop rate - - enhancement,monitoring,performance
  • #1394 - victoriametrics/alertmanager: add alert on high swap usage - - enhancement,monitoring,performance
  • #1392 - victoriametrics/alertmanager/vmalert: allow silencing alerts - - enhancement,monitoring
  • #1391 - llama.cpp: toggle siwtch to backup models - - backups,enhancement
  • #1387 - cleanup: use hyphens in all tags - - enhancement,maintenance
  • #1381 - victoriametrics: protect metrics endpoint with basic auth/key - - easy,enhancement,monitoring,security
  • #1380 - monitor podman with victoriametrics - - enhancement,monitoring
  • #1379 - postgresql: create prometheus postgresql user always returns changed - - enhancement
  • #1378 - Support/rebase on debian 13 - - maintenance
  • #1375 - nextcloud: One or more mimetype migrations are available - - enhancement,performance
  • #1374 - monitor libvirt with victoriametrics - - enhancement,monitoring
  • #1371 - backup/rsnapshot: use systemd service/timer - 2.1.0 backups,monitoring
  • #1370 - WIP: jitsi: fix initial installation - - ``
  • #1369 - ROMM role? - - feature,question
  • #1368 - monitor nextcloud with victoriametrics - - enhancement,monitoring
  • #1367 - monitor wireguard with victoriametrics - - enhancement,monitoring
  • #1366 - monitor transmission with victoriametrics - - enhancement,monitoring
  • #1365 - monitor mumble with victoriametrics - - enhancement,monitoring
  • #1364 - monitor jellyfin with victoriametrics - - enhancement,monitoring
  • #1363 - monitor jitsi with victoriametrics - - enhancement,monitoring
  • #1362 - monitor dnsmasq with victoriametrics - - enhancement,monitoring
  • #1361 - monitor gitea with victoriametrics - - enhancement,monitoring
  • #1359 - prevent firewall logs from flooding the console - - configuration,easy,enhancement
  • #1348 - XMPP-based instant messaging server? - 3.0.0 feature,maintenance,question
  • #1344 - WIP: add it-tools role - 2.1.0 feature
  • #1343 - firewalld: geoip-based or threat intel lists-based IP blocklists - - feature,security
  • #1342 - xsrv: allow passing a relative path as playbook name? - - enhancement,question
  • #1340 - nextcloud: upgrade to v31 - 2.1.0 maintenance
  • #1338 - xsrv init-vm/init-vm-template: mount filesystems with noatime,nodiratime options - - easy,enhancement,performance
  • #1335 - searxng: enable container autoupdates? - - maintenance,question
  • #1334 - owncast: upgrade to v0.2.0 - 2.1.0 maintenance
  • #1328 - searxng: make hostnames plugin configurable through host_vars - 2.1.0 enhancement
  • #1325 - Searxng: add new engines - - feature
  • #1324 - it-tools role - - easy,feature
  • #1323 - xsrv init-vm: allow specifying disk size - 2.1.0 enhancement
  • #1307 - Webmail client - - feature
  • #1298 - IRC web client + bouncer - - feature
  • #1297 - shaarli: backup/restore thumbnails cache during upgrades (or store data outside webroot) - 2.1.0 enhancement
  • #1291 - debsecan: per-host dashboard? - - enhancement,monitoring,question,security
  • #1290 - monitoring_rsyslog: use common name based authentication to authenticate peers - - enhancement,security
  • #1288 - samba: ldapsam: better documentation of samba LDAP attributes - - documentation
  • #1285 - gotty: check sha256sums after download - - enhancement,security
  • #1282 - xsrv nmpa: allow output to SVG graph - - feature
  • #1275 - WIP: rsnapshot: allow automatic discovery of paths to backup from/commands to run on remote hosts - 3.0.0 backups,enhancement
  • #1269 - document getting ansible-vault-password from keepassxc - 3.0.0 documentation,enhancement,security,upstream
  • #1268 - backup: allow automatic discovery of paths to backup/commands to run for each host - - backups,enhancement
  • #1256 - wireguard: web interface? - - enhancement,question
  • #1251 - WIP: xsrv: don't require sudo during xsrv init-vm-template - 3.0.0 difficult,enhancement
  • #1245 - gitea: use unix socket instead of HTTP socket? - - enhancement,question,security
  • #1235 - gitea_act_runner: do not log job output to syslog by default - - enhancement,monitoring,upstream
  • #1230 - podman: add docker-compose? - - enhancement,question
  • #1226 - postgresql: allow enabling pg_stat_statements extension - - enhancement,monitoring,performance
  • #1215 - WIP: tests: add tests for deploying individual roles to a host - 3.0.0 tools
  • #1214 - nextcloud: enable machine learning (AI) related features? - - feature,question
  • #1212 - nextcloud: allow enabling/disabling file locking? - - enhancement,question
  • #1211 - nextcloud: warning about opcache incorrect configuration - - enhancement,performance
  • #1209 - gitea_act_runner: allow limiting the scope of runners to instance/owner/user/repo - - enhancement,security
  • #1202 - kexec? - - enhancement,question
  • #1201 - WIP: xsrv: init-vm-template: add a video output and spice display device to newly created VM templates - 3.0.0 difficult,enhancement
  • #1144 - automate roles uninstallation procedures? - - enhancement,question
  • #1143 - nextcloud: upload speed improvements? - - configuration,enhancement,performance,question
  • #1134 - Lemmy role? - - feature,question
  • #1127 - xsrv: help-tags: outputs duplicate tags when running on non-default playbook - - bug
  • #1122 - nextcloud: install memories app? - - feature,question
  • #1117 - airtable-like application (nocodb/baserow) role? - - feature,question
  • #1108 - matrix/element: Cross-Origin Request Blocked: .well-known/matrix/client - - question
  • #1103 - xsrv: bash completion: auto-complete init-vm/init-vm-template options? - - enhancement,question
  • #1057 - jellyfin: task mount jellyfin samba share to jellyfin directory is not idempotent/always returns changed - - bug,upstream
  • #1040 - jitsi: /var/log/jitsi/jicofo.log and /var/log/jitsi/jvb.log do not append to syslog properly - - bug,monitoring
  • #1026 - libvirt: changing a libvirt network's settings does not work if the network already exists - - bug,upstream
  • #1012 - dovecot: encrypt all incoming e-mail with the recipient's GPG key? - - enhancement,question,security
  • #1001 - libvirt: add support for EFI as an alternative to legacy BIOS? - - enhancement,question
  • #986 - matrix: allow self-hosting Element Call? - - enhancement,feature,question
  • #983 - readme-gen: show netmasks in IP address/host summary? - - difficult,enhancement,question
  • #977 - Soulseek client? (slskd) - - feature,question
  • #949 - loki role? - - feature,question
  • #937 - DDoS mitigation mode? - - question,security
  • #931 - jitsi: noise cancellation/suppression doesn't work for clients using Pulseaudio microphone input - - bug,question,upstream
  • #927 - jitsi: permanently disable RECENT_LIST_ENABLED - - enhancement,security,upstream
  • #925 - jitsi: setup TURN server for P2P one-to-one calls? - - enhancement,question
  • #915 - Snipe-IT role - - feature
  • #912 - mount /tmp noexec? - - question,security
  • #890 - apache: implement modpagespeed? - - performance,question
  • #881 - Keycloak role? - - feature,question
  • #870 - xsrv: allow using xsrv show-defaults | grep some_search_term to search/filter available configuration variables - 3.0.0 enhancement
  • #868 - dovecot: document how to open a local copy of a maildir with a mail client - - backups,documentation
  • #867 - dovecot: document/test LDAPS setup - - documentation,enhancement,question,security
  • #862 - dovecot: enable other mail plugins? - - question
  • #861 - dovecot: performance tweaks? - - performance,question
  • #860 - dovecot: harden SSL configuration/ciphers? - - question,security
  • #859 - dovecot: allow generating and using Let's Encrypt SSL/TLS certificates - 3.0.0 enhancement,question,security
  • #858 - dovecot: setup dovecot-submissiond? - - question
  • #857 - dovecot: setup server-side full text search? - - question
  • #856 - dovecot: setup antispam? - - question
  • #855 - dovecot: add autoconfig TXT record or A record + webserver vhost? - - question,wontfix
  • #835 - monitoring_utils: lynis: suggestion[]=HOME-9306|Double check the ownership of home directories as some might be incorrect. - - enhancement,question,security
  • #833 - monitoring_utils: lynis: suggestion[]=FILE-7524|Consider restricting file permissions - - easy,enhancement,question,security
  • #831 - monitoring_utils: lynis: suggestion[]=TIME-3128|Check ntpq peers output for time source candidates - - enhancement,question,security
  • #829 - monitoring_utils: lynis: suggestion[]=ACCT-9622|Enable process accounting - - configuration,easy,enhancement,monitoring,question,security
  • #817 - monitoring_utils: lynis: suggestion[]=HTTP-6643|Install Apache modsecurity to guard webserver against web application attacks - - enhancement,question,security
  • #816 - monitoring_utils: lynis: suggestion[]=FIRE-4513|Check iptables rules to see which rules are currently not used - - enhancement,question,security
  • #811 - monitoring_utils: lynis: suggestion[]=FILE-6430|Consider disabling unused kernel modules - - enhancement,question,security
  • #798 - tt_rss: document LDAP over SSL/TLS + self-signed certificate setup? - - documentation,enhancement,question,security
  • #796 - shaarli: document LDAP over SSL/TLS + self-signed certificate setup? - - documentation,enhancement,question,security
  • #794 - openldap: self-service-password: allow trusting self-signed certificates? - - enhancement,question,security
  • #782 - xsrv init-vm: don't require sudo to fix cloned disk image permissions - 3.0.0 enhancement,question
  • #778 - systemd-nspawn/systemd-machined role? - - feature,question
  • #768 - add ldap-client role (LDAP PAM/SSH authentication)? - - feature,question
  • #751 - monitoring_utils: add scripts to measure disk usage by type/extension/path? - - easy,enhancement,monitoring,question
  • #734 - nextcloud: add whiteboard app? - 2.1.0 easy
  • #723 - Automate DNS scans with dnsspy.io? - - feature,question,security
  • #722 - Allow hdparm/disk spindown time configuration? - - feature,question
  • #717 - transmission: configuration templating task always returns changed (cleartext/hashed password) - 3.0.0 enhancement,maintenance,upstream
  • #715 - dnsmasq: DNS-over-HTTPS support? - - configuration,enhancement,question,security
  • #686 - samba: announce shares over MDNS? - - enhancement,question
  • #685 - apache: automate running Qualys SSLLabs scans against all virtualhosts? - - feature,monitoring,question,security
  • #684 - yt-dlp web interface? - - feature,question
  • #642 - mumble: LDAP user backend? - - question
  • #640 - common: apt: enable purging data/configuration files by default - - configuration,enhancement
  • #637 - firewalld: implement DNAT/SNAT - - enhancement
  • #635 - firewalld: implement outbound traffic filtering - 3.0.0 enhancement,security
  • #604 - use j2cli or yq for init-playbook/init-host templating? - - maintenance,question,tools
  • #598 - CI/CD: automate checks for newer upstream versions of software? - - enhancement,question,tools
  • #546 - nextcloud: allow optional configuration of server-side encryption? - - configuration,enhancement,question,security
  • #535 - Add hardening measures from ANSSI guidelines? - - enhancement,question,security
  • #522 - openldap: performance optimizations? - - enhancement,performance,question
  • #517 - allow configuration of a custom MOTD? - - feature,question
  • #497 - nextcloud: allow enabling 2-factor authentication? - - configuration,enhancement,question,security
  • #475 - ACME certificate authority role/PKI? - - feature,question,security
  • #451 - Document management system? - - feature,question
  • #445 - bookstack role? - 3.0.0 feature,question
  • #441 - openldap: allow restricting application access to groups/setup MemberOf overlay - - enhancement,security
  • #405 - xsrv: replace environment variable-based settings with options, arguments or configuration from file? - - enhancement,maintenance,question
  • #379 - setup IPV6 support (sysctl, firewall, applications...)? - - question
  • #366 - nextcloud: setup redis memcache backend? - - configuration,performance,question
  • #356 - nextcloud: add nextcloud talk app? - 2.1.0 enhancement,question
  • #348 - ldap-account-manager: Unable to set locale - - bug
  • #344 - nextcloud: replace onlyoffice integration with collabora/nextcloud office? - - feature,question
  • #322 - Frontail role? - - feature,monitoring,question
  • #317 - monitoring_utils: lynis: suggestion[]=BOOT-5264|Consider hardening system services - 3.0.0 enhancement,security
  • #310 - samba: ability to whitelist/blacklist files by extension? - - enhancement,question,security
  • #309 - apply postgresqltuner recommended settings? - - enhancement,performance,question
  • #280 - Samba Directory Controller or other Identity Management solution? - - feature,question
  • #274 - Samba: advertise samba server over avahi/zeroconf? - - enhancement,question
  • #267 - apache: make disabled modules list configurable, disable more modules by default? - - enhancement,performance,question,security
  • #265 - apache: provide custom error pages? - - enhancement,question
  • #256 - CAS, SAML or Oauth Single Sign On (SSO)? - - feature,question
  • #202 - netdata: monitoring network bandwidth per application with ebpf - - enhancement,monitoring,upstream
  • #200 - roles for other monitoring software? - - feature,monitoring,question
  • #193 - netdata: graph tiger warnings? - - feature,monitoring,question,security
  • #184 - monitoring_utils: add Mozilla observatory module? - - feature,monitoring,question,security
  • #180 - netdata: graph SCAP workbench warnings? - - feature,monitoring,question,security
  • #178 - netdata: graph/alert on deborphan matches - - feature,monitoring
  • #155 - nextcloud: add Fulltextsearch App + OCR? - - feature,question
  • #146 - nextcloud: add Collabora Online integration - - feature
  • #144 - nextcloud: task set nextcloud config.php values is not idempotent/always returns changed - - enhancement,upstream
  • #137 - apache: allow setting up HTTP Basic auth and autoindex for specific directories/URLs/virtualhosts? - - feature,question,security
  • #127 - xsrv: add commands to check firewall/fail2ban status/active TCP/UDP connections? - - feature,monitoring,question
  • #125 - common: enforce AppArmor on all services/executables? - - enhancement,question,security
  • #119 - monitoring_utils: lynis: suggestion[]=AUTH-9262|Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc - - configuration,enhancement,question,security
  • #117 - common: prevent forkbombs through ulimit/limits.conf? - - enhancement,performance,question,security
  • #115 - monitoring_utils: lynis: suggestion[]=ACCT-9628|Enable auditd to collect audit information - - feature,question,security
  • #108 - common: minimize write access to a list of files/directories? - - question,security
  • #105 - xsrv: add a global download cache dir variable? (instead of /root) - - maintenance,question,tools,wontfix
  • #98 - Maps and routing services - - feature
  • #97 - openshift/openstack role? - - question
  • #93 - VNC/other remote desktop server role? - - feature,question
  • #86 - Peertube role? - - feature,question
  • #78 - Adminer role - 2.1.0 feature
  • #70 - common: ssh: allow setting up endlessh? - - feature,question,security
  • #69 - IDS/IPS role? - 2.1.0 question,security
  • #64 - RAID role? - - feature,question
  • #63 - pfSense role? - - feature,question,wontfix
  • #61 - GDPR compliance? - - feature,question
  • #59 - Collaborative pad? - - feature,question
  • #58 - HTTP downloader? - - feature,question
  • #57 - rundeck role? - - feature,question
  • #55 - Guacamole remote control gateway role? - - feature,question
  • #52 - blogging engine/static site generator role? - - feature,question
  • #49 - caching HTTP proxy/squid role? - - feature,question
  • #46 - Printer sharing server? - - feature,question
  • #44 - jellyfin: document DLNA/UPnP usage - - configuration,documentation,feature,question
  • #43 - OSM routing service role? - - feature,question
  • #42 - OpenStreetMap/maps tileserver role? - - feature,question
  • #41 - network scanner (SANE) server role? - - feature,question
  • #39 - wallabag role? - - feature,question
  • #37 - Replace ntp with chrony? - 3.0.0 question
  • #35 - simple git server role? - - feature,question,wontfix
  • #34 - CentOS compatibility? - - feature,question,wontfix
  • #33 - Minecraft/Luanti/Minetest server role? - 3.0.0 feature,question
  • #30 - Gitlab role? - - feature,question
  • #26 - dynamic DNS updater role? - 3.0.0 feature
  • #24 - DHCP/TFTP/PXE server role? - - feature,question
  • #22 - Add molecule tests? - - difficult,enhancement,question,tools
  • #10 - xsrv init-vm: use cloud-init images - - enhancement
  • #3 - Mail server role? - - feature,question