summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFiles
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-099
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* Upgrade 'out' role to Debian Stretch.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-098
* MX: don't override 5XY reject codes to 554.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-066
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* Upgrade 'ikiwiki-pandoc' to v0.5.1.Guilhem Moulin2018-12-061
* Roundcube: improve serving of static resources.Guilhem Moulin2018-12-061
* Remove trailing spaces.Guilhem Moulin2018-12-053
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-057
* Upgrade DKIM keys to rsa2048, and allow for multiple keys.Guilhem Moulin2018-12-047
* Don't include hostname in ansible headers.Guilhem Moulin2018-12-031
* gencerts: Also show the algorithm for SSH host keys.Guilhem Moulin2018-12-031
* Install unbound on metal hosts.Guilhem Moulin2018-12-034
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-0319
* Upgrade wiki baseline to Debian Stretch.Guilhem Moulin2018-12-034
* Upgrade MX baseline to Debian Stretch.Guilhem Moulin2018-12-032
* Upgrade webmail baseline to Debian Stretch.Guilhem Moulin2018-12-037
* ssh_known_hosts: also list ed25519 host (pub)keys.Guilhem Moulin2018-12-031
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-0325
* certs/gencerts.sh: wibbleGuilhem Moulin2018-12-031
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-0315
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-032
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-0323
* Skip samhain installation.Guilhem Moulin2018-12-034
* Harden anti spam on the MX:es.Guilhem Moulin2018-06-096
* More logcheck-database tweaks.Guilhem Moulin2018-04-043
* lacme: explicitely bind to [::]:80.Guilhem Moulin2018-04-041
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* sympa: wibbleGuilhem Moulin2018-04-042
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Postscreen: improve DNSBL sites and scores.Guilhem Moulin2018-04-041
* Amavis: bind server to INADDR_LOOPBACKGuilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-044
* LDAP: Expose part of the database to Nextcloud.Guilhem Moulin2018-04-042
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-045
* Upgrade syntax to Ansible 2.4.Guilhem Moulin2017-11-237
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
* Fix detection of KVM guests.Guilhem Moulin2017-07-293
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-296
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-262
* MySQL: Use a single InnoDB file per table.Guilhem Moulin2017-06-151
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* postfix-sender-login: strip extension before lookup.Guilhem Moulin2017-06-131
* More logcheck-database tweaks.Guilhem Moulin2017-06-071