summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFiles
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
|
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
|
* Set HTTP security headers.Guilhem Moulin2016-03-309
| | | | See https://securityheaders.io .
* gencerts.sh: typoGuilhem Moulin2016-03-281
|
* gencerts.sh: improve formatting.Guilhem Moulin2016-03-281
|
* Replace LE's X1 intermediate CA with X3 since the latter has better support ↵Guilhem Moulin2016-03-282
| | | | for XP.
* Reissue certs on civett and elefant since LE's X3 intermediate CA has better ↵Guilhem Moulin2016-03-275
| | | | support for XP.
* munin-master CGI: add application-level ACLs to keep non-local users at bay.Guilhem Moulin2016-03-211
|
* Remove SMTP message size limit on non public MTAs.Guilhem Moulin2016-03-213
|
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
|
* Let's Encrypt: Only reload (as opposed to restart) postfix/nginx after ↵Guilhem Moulin2016-03-054
| | | | renewing the cert
* Amavis: use the LMTP protocol in the policy banks.Guilhem Moulin2016-03-031
|
* Let's EncryptGuilhem Moulin2016-03-0221
|
* cgit: Create cache directory /var/cache/cgitGuilhem Moulin2016-03-021
|
* Ansible: Using bare variables is deprecated, and will be removed in a future ↵Guilhem Moulin2016-03-024
| | | | release.
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
|
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
|
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-1225
|
* Update all Fripost links from http:// to https://.Guilhem Moulin2015-12-283
|
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-283
|
* Fix Let's Encrypt CAfile.Guilhem Moulin2015-12-281
|
* Copy and install Let's Encrypt ACME client.Guilhem Moulin2015-12-202
|
* Improve gencert.shGuilhem Moulin2015-12-201
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-2030
|
* nginx: Move include.d/* to snippets/.Guilhem Moulin2015-12-2012
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
|
* dovecot: remove !SSLv2 from ssl_cipher_list.Guilhem Moulin2015-12-151
|
* nginx: s/conf.d/include.d/Guilhem Moulin2015-12-157
|
* wibbleGuilhem Moulin2015-12-092
|
* ngnix: mv ssl/config conf.d/sslGuilhem Moulin2015-12-097
|
* typoGuilhem Moulin2015-12-041
|
* Change Postfix certs from ECDSA to RSA 4096.Guilhem Moulin2015-12-034
|
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ↵Guilhem Moulin2015-12-034
| | | | cert itself.
* wibbleGuilhem Moulin2015-12-031
|
* Add script to automatically generate the fingerprint list.Guilhem Moulin2015-12-031
|
* Add 'git.fripost.org' to the SSH known_hosts file.Guilhem Moulin2015-12-031
|
* Use a dedicated subdomain for ManageSieve.Guilhem Moulin2015-12-031
|
* Automatically fetch X.509 certificates, and add them to git.Guilhem Moulin2015-12-0316
|
* Add SSH host keys to git.Guilhem Moulin2015-12-022
|
* More logcheck-database tweaks.Guilhem Moulin2015-12-011
|
* dovecot-sieve: Enable the 'editheader' extension (5293).Guilhem Moulin2015-11-261
| | | | | Which is disabled by default, as per http://wiki.dovecot.org/Pigeonhole/Sieve
* More logcheck-database tweaks.Guilhem Moulin2015-11-121
|
* ‘benjamin.marxist.se’ → ‘benjamin.skangas.se’Guilhem Moulin2015-11-093
|
* nginx: adjust expiration date for static content.Guilhem Moulin2015-10-303
|
* ikiwiki: Also install Authen::Passphrase.Guilhem Moulin2015-10-281
|
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
|
* genkeypair: use install(1) for atomic file creation with permission mode.Guilhem Moulin2015-10-283
|
* Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.Guilhem Moulin2015-10-271
|
* Roundcube managesieve SSL options: use AESGCM and disable compression.Guilhem Moulin2015-10-271
|
* stunnel: disable compression.Guilhem Moulin2015-10-277
|