Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | Use a single LDAP connection per Munin round to collect slapd statistics. | Guilhem Moulin | 2015-06-11 | 4 | |
| | | | | Using multigraphs instead. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-10 | 3 | |
| | |||||
* | gitweb: Explicitely install FCGI. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | slapd monitoring. | Guilhem Moulin | 2015-06-10 | 7 | |
| | | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds. | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 49 | |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | ||||
* | Don't assume that Postfix queue ID are always 10-digits long. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | Prefer 302 over 301 redirections. | Guilhem Moulin | 2015-06-10 | 1 | |
| | |||||
* | Add references to bug reports. | Guilhem Moulin | 2015-06-10 | 2 | |
| | |||||
* | Dovecot: Collect IMAP statistics. | Guilhem Moulin | 2015-06-10 | 4 | |
| | |||||
* | Allow 'vmail' users with a UID lower than 500. | Guilhem Moulin | 2015-06-10 | 2 | |
| | | | | Fix regression introduced in f7c8011. | ||||
* | Add X.509 certificates. | Guilhem Moulin | 2015-06-07 | 22 | |
| | |||||
* | Add ansible inventory file. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | .gitignore | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Provide Thunderbird autoconfiguration. | Guilhem Moulin | 2015-06-07 | 3 | |
| | | | | | | | References: - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo - https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat | ||||
* | Remove ‘:’ from the list of valid chars in wiki filenames. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | | | | | | Because it's interpreted weirdly by Image::Magick: $ identify 'Screenshot_from_2015-02-23_18:59:48-extract.png[0]' identify: no decode delegate for this image format `59\' @ error/constitute.c/ReadImage/501. $ mv 'Screenshot_from_2015-02-23_18:59:48-extract.png' screenshot.png $ identify 'screenshot.png[0]' screenshot.png[0]=>screenshot.png PNG 453x122 453x122+0+0 8-bit sRGB 11.2KB 0.000u 0:00.000 | ||||
* | Fix log filenames for lists.f.o. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | wiki: enable comments in the tracker. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Change slapd dump filenames. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | E.g., ‘0.ldif’ → ‘slapd-0.ldif’. | ||||
* | Fix bacula priorities. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 4 | |
| | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 10 | |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | ||||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 4 | |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | ||||
* | Rename imap.conf → roundcube.conf | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | VERP management. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Add missing file. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Configure Bacula File Daemon / Storage Daemon / Director. | Guilhem Moulin | 2015-06-07 | 23 | |
| | | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel. | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Restart services when updating systemd unit files. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | firewall: allow 127.0.0.1/8 on lo. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | genkeypair.sh: Merge privkey and pubkey for identical filekeys. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR. | ||||
* | rkhunter: Allow hidden dir /etc/.java | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | wibble | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | SQL: Set empty passwords for auth_socket authentication. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | stunnel.conf → imap.conf | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Add a redirection www.fripost.org → fripost.org. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Also distribute material and minutes. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | gitweb workaround encoding issues in FCGI mode. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Configure ikiwiki (website + wiki). | Guilhem Moulin | 2015-06-07 | 9 | |
| | |||||
* | Git (gitolite + git-http-backend + gitweb) configuration | Guilhem Moulin | 2015-06-07 | 12 | |
| | | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details. | ||||
* | Install CAcert.org root certificates. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package. | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Enforce "strong" authentication and FPS in LDAP. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds. | ||||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 6 | |
| | |||||
* | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 11 | |
| | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | ||||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 10 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| |