summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
* Resolver: Use systemd-resolved.Guilhem Moulin3 days5
|
* Use dedicated DKIM key for kodafritt.se.Guilhem Moulin4 days2
|
* Set dmarc_protection_mode=all from dmarc_any.Guilhem Moulin2024-10-181
| | | | | Cf. https://www.sympa.community/gpldoc/man/sympa_config.5.html#dmarc_protection and https://sympa-community.github.io/manual/customize/dmarc-protection.html .
* LDAP: Rotate soon-to-be expired key material.Guilhem Moulin2024-09-087
| | | | | Also, switch from rsa4096 to ed25519 and use a separate key for each syncrepl.
* Fail2ban: Remove obsolete filter dovecot.conf.Guilhem Moulin2024-09-081
|
* Nextcloud: Tweak opcache settings.Guilhem Moulin2024-09-081
|
* Nextcloud: Upgrade backend to PHP7.4.Guilhem Moulin2024-09-084
|
* wibbleGuilhem Moulin2024-09-081
|
* Firewall: Harden IPsec configuration by pining the reqids.Guilhem Moulin2024-09-082
|
* OpenDMARC: Adjust configuration to bullseye.Guilhem Moulin2024-09-081
|
* Sympa: Default to dmarc_protection_mode=dmarc_reject.Guilhem Moulin2024-09-081
|
* Sympa: Update Content-Security-Policy.Guilhem Moulin2024-09-081
|
* APT: Prepare config bump to Debian 12.Guilhem Moulin2024-09-082
|
* logcheck-database update.Guilhem Moulin2024-09-082
|
* typofixGuilhem Moulin2024-09-081
|
* DKIM key generation: Adjust ownership.Guilhem Moulin2024-09-081
| | | | | As of bullseye amavis needs the private key material to be reabled by the 'amavis' user.
* MSA: Set smtpd_forbid_bare_newline to defeat SMTP smuggling attacks.Guilhem Moulin2024-09-081
|
* IMAP: Adjust dovecot configuration to bullseye.Guilhem Moulin2024-09-0812
| | | | | | | Provisioning /etc/dovecot/conf.d/*.conf is a pain on upgrade so we consolidate that by reverting these files to the distro-provided ones and shipping a single /etc/dovecot/conf.d/99-local.conf override instead.
* levante: Adjust pinned key material and modules due to new hardware.Guilhem Moulin2024-09-083
|
* Roundcube: Set $config['max_recipients'] = 15 to avoid timeout.Guilhem Moulin2024-09-081
| | | | Cf. msgid=<ZFe5tjHTGbVemNTD@fripost.org>
* Don't take roundcube from backports.Guilhem Moulin2024-09-082
|
* Webmail: Upgrade backend to PHP7.4.Guilhem Moulin2024-09-084
|
* Sympa: Enable French support.Guilhem Moulin2024-06-121
| | | | Cf. msgid=<c368f04c-b8d1-4623-98f0-b6a3b724f90d@dubre.me>.
* Use dedicated DKIM key for himmelkanten.se, vimmelkanten.se and ↵Guilhem Moulin2023-10-224
| | | | hemskaklubben.se.
* Use dedicated DKIM key for dubre.me.Guilhem Moulin2023-08-202
|
* Use dedicated DKIM key for ljhms.se.Guilhem Moulin2023-07-202
|
* Nextcloud: Set ‘X-Robots-Tag: noindex, nofollow’.Guilhem Moulin2023-03-261
| | | | Per upstream recommendation at https://cloud.fripost.org/settings/admin/overview .
* Sympa: Update robot.conf to fix HTTP 421 on virtual hosts.Guilhem Moulin2023-01-133
| | | | | | See https://github.com/sympa-community/sympa/issues/879 , https://www.sympa.community/manual/upgrade/notes.html#from-version-prior-to-6256 and https://www.sympa.community/gpldoc/man/sympa_config.5.html#wwsympa_url_local .
* Improve Debian 11's fail2ban rules.Guilhem Moulin2022-12-187
|
* Use dedicated DKIM key for r0x.se.Guilhem Moulin2022-12-132
|
* Port baseline to Debian 11 (codename Bullseye).Guilhem Moulin2022-10-1323
|
* openldap module: Fix python3's bytes vs str mismatch.Guilhem Moulin2022-10-112
|
* Remove module ‘mysql_user2’.Guilhem Moulin2022-10-115
| | | | These days upstream's ‘mysql_user’ is good enough.
* Roundcube: managesieve: Disable ‘reject’ and ‘ereject’ extensions.Guilhem Moulin2022-10-111
|
* clamav-freshclam: Remove ‘SafeBrowsing’ option.Guilhem Moulin2022-10-111
|
* fetch_cmd: Replace deprecated ‘_remote_checksum()’ with ↵Guilhem Moulin2022-10-111
| | | | | | | | | | ‘_execute_remote_stat()’. This silences the following deprecation warning: The '_remote_checksum()' method is deprecated. The plugin author should update the code to use '_execute_remote_stat()' instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
* Use dedicated DKIM key for guilhem.se.Guilhem Moulin2022-10-112
|
* postmulti: Fix encoding issue.Guilhem Moulin2022-10-111
|
* logcheck-database update.Guilhem Moulin2022-10-113
|
* postfix: Adjust anonymize_sender.pcre.Guilhem Moulin2022-10-111
|
* dovecot: Bump VSZ to 1G.Guilhem Moulin2022-10-111
|
* mysql_user2: Remove load_mycnf().Guilhem Moulin2022-10-111
| | | | | | We're not using this, and it makes ansible croak with An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: No module named 'ConfigParser'
* Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’.Guilhem Moulin2022-10-1112
| | | | | | | This silences the following deprecation warning: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
* Nextcloud: Adapt configuration to v21.Guilhem Moulin2021-05-232
|
* Rename '_lacme' user to '_lacme-client'.Guilhem Moulin2021-02-242
| | | | For a smooth upgrade to Bullseye's lacme 0.8-1.
* logcheck-database update.Guilhem Moulin2021-02-131
| | | | ansible 2.10.7 uses "ansible-ansible.legacy.stat: Invoked with […]".
* Use dedicated DKIM key for gbg.cmsmarx.org.Guilhem Moulin2021-02-132
|
* Don't restart amavis on DKIM key generation.Guilhem Moulin2021-02-131
| | | | | We want to give people the time add the key to DNS before we update the signing policy.
* munin: Skip ntp_* plugins when ntpq(1) is missing.Guilhem Moulin2021-02-061
|
* Roundcube: Fix favicon path.Guilhem Moulin2021-01-271
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-31 13:04:47 +0000