Data-safe-haven

Bug fixes
- Allow Tier 0/1 SREs to access the internet as expected
- Correct NSG rule to allow connection to webapps from dashboard
- Ensure that CoCalc VM can connect to the package repositories

Documentation
- Fixed a broken link in the code of conduct

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.3.1)

New features
- Added support for Guacamole remote desktop
- Added single-script SRE deployment (for Guacamole only)
- Added CoCalc webapp
- Added support for more Mustache features when expanding templates
- Added syslog collection for Linux hosts
- Added instructions for migrating users from one SHM to another

Bug fixes
- Allow VMs that were stopped due to lack of credit to be restarted
- Ensure that parameters are passed to remote scripts in a consistent way
- Work-around when using "allow" in the AzurePlatformDNS NSG rule
- Better method of identifying resource groups when tearing down SHM/SRE

Documentation
- Improved style and clarity of deployment documentation
- Improved documentation around image building
- First draft of DSPT documentation
- Better documentation for ingress/egress
- Changed some names to be more inclusive
- Updated security checklist
- Switched to GitFlow and added some explanatory text
- Added automated documentation building

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.3.0)

New features
- Added diagnostic script for DSVM drive mounts
- Added new packages to DSVM
- Added Nexus option for tier-2 mirrors
- Added Powershell code style tests to CI
- Added scripts for deploying a standalone tier1 with CUDA support
- Added support for NFS blob storage for local data
- Added support for SMB blob storage for data ingress
- Dropped support for Python 2.7
- Ensured consistent NTP server across VMs
- Stopped serialising full config files to disk
- Switched to pyenv for installing python

Security
- Blocked DNS tunnelling for DSVMs
- Disabled legacy TLS on RDS Gateway
- Stopped using FQDN tags in firewall rules

Bug fixes
- Added missing <SHM ID> tags to resource group names
- Added missing logging resource group creation
- Allowed VM deployment after network lockdown
- Ensured firewall is started when updated and when SHM VMs are started
- Fixed SHM certificate generation
- Fixed SHM networking deployment
- Fixed SRE naming convention
- Pinned version of bandersnatch as newer versions are not working
- Refactored networking functions
- Refactored VM startup, shutdown and resize scripts
- Removed hard-coded rule on which IP addresses can connect to the SHM
- Removed multiple references to RDS
- Simplified AzureAD disconnect
- Simplified webapp deployment
- Updated Disconnect_AD to work with firewall

Documentation
- Added design decision documents
- Added documentation of database option
- Added initial draft of DSPT certification answers
- Added issue templates and improve GitHub labels
- Improved the Safe Haven deployment documentation
- Updated release and versioning table

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.2.0)

New features
- Added Azure Firewall with rules to support Windows updates and Azure logging.
- Gather initial set of logs from VMs to centralised Azure Log Analytics workspace.

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.1.0)

New features
- Added postgis support to Postgres DB.
- Added clamav.
- Fixed localadsync permissions.
- Removed unused files.

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.0.1-beta)

New features
- Removed SRE DC.
- Support for tier-3 package mirrors.
- Improvements to DSVM build workflow.
- Added support for PostgreSQL and MS-SQL database servers in SRE.
- Additional Powershell migration.

[View and clone the repository at this version](https://github.com/alan-turing-institute/data-safe-haven/tree/v3.0.0-beta)