fripost-ansible/roles/common/files/usr, branch master Fripost ansible scripts Send internal system mails to root@f.o. 2025-09-10T13:14:45+00:00 Guilhem Moulin guilhem@fripost.org 2025-09-10T13:14:45+00:00 4b48f1b6dd799d1a69f0c9e2a157a007fcdcbe25 Instead of admin@f.o. Per msgid=<ad724342-b3bb-48d9-9984-6d277714910d@fripost.org>. 
Instead of admin@f.o. Per msgid=<ad724342-b3bb-48d9-9984-6d277714910d@fripost.org>.
LDAP: Rotate soon-to-be expired key material. 2024-09-08T18:54:00+00:00 Guilhem Moulin guilhem@fripost.org 2024-09-08T18:30:20+00:00 6b7ad809bbefc32216bac22547241ed402a570c8 Also, switch from rsa4096 to ed25519 and use a separate key for each syncrepl. 
Also, switch from rsa4096 to ed25519 and use a separate key for each
syncrepl.
Port baseline to Debian 11 (codename Bullseye). 2022-10-13T20:12:05+00:00 Guilhem Moulin guilhem@fripost.org 2022-10-11T23:43:23+00:00 85347041a04d17f6803100dd2cec9b489c9db47d 






Upgrade baseline to Debian 10.
2020-05-16T03:45:59+00:00

Guilhem Moulin
guilhem@fripost.org

2020-05-16T00:52:55+00:00

bac7811d2b35252b7a83a45d75bb344b4b1776a9












Convert firewall to nftables.
2020-01-23T04:57:01+00:00

Guilhem Moulin
guilhem@fripost.org

2020-01-23T03:29:12+00:00

7641a5d5d152db349082b1d0ec93a40888b2ef8e

Debian Buster uses the nftables framework by default.





Debian Buster uses the nftables framework by default.







firewall: gracefully close invalid connections.
2018-12-22T12:22:43+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-20T01:04:25+00:00

fc337924c7e66258319c6b6d538660240cfeda5e

This is useful when an ESTABLISHED connection is seen as NEW because the
client was offline for some time.  For instance, clients now gracefully
close existing SSH connections immediately after resuming from a suspend
state, rather that waiting for the TCP timeout.





This is useful when an ESTABLISHED connection is seen as NEW because the
client was offline for some time.  For instance, clients now gracefully
close existing SSH connections immediately after resuming from a suspend
state, rather that waiting for the TCP timeout.







Firewall: REJECT outgoing connections instead of DROPing them.
2018-12-09T19:25:39+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-08T00:05:28+00:00

bccbd0d4c0faf46e911284e599cc22da2c9b04d9












DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.
2018-12-05T15:24:12+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-05T14:47:34+00:00

9722d50b9b6c5ccd81892a00bdd3023399b004fb

While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.





While the combination of "s=" tag (selector) & "d=" tag signing domain
maps to a unique key, the selector alone doesn't necessarily.







Upgrade baseline to Debian Stretch.
2018-12-03T02:43:36+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:04:22+00:00

2495327985da791891b579bd05b3cda1f41dfda7












Firewall: allow duplicates rules.
2016-09-18T15:51:28+00:00

Guilhem Moulin
guilhem@fripost.org

2016-09-18T15:51:28+00:00

e0274134445a99c2fab01928b180e2a3d4f9be69