summaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFiles
* Nextcloud: use dedicated user and PHP FPM pool.Guilhem Moulin2020-05-165
* Add nextcloud's logrotate file.Guilhem Moulin2020-05-161
* role/common-web: Upgrade baseline to Debian 10.Guilhem Moulin2020-05-164
* Nextcloud: Better separation between code/data/logs/cache.Guilhem Moulin2020-05-124
* Use dedicated DKIM key for guilhem.org.Guilhem Moulin2020-04-222
* Add dedicated DKIM key for lists.fripost.org.Guilhem Moulin2020-04-222
* Add own DKIM key for debian.org address.Guilhem Moulin2020-04-133
* /etc/apt/sources.list: Use https:// URIs.Guilhem Moulin2020-01-251
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-257
* Convert firewall to nftables.Guilhem Moulin2020-01-2312
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
* tr/-/_/ in group names.Guilhem Moulin2020-01-229
* mysql_user2: Explicitly set type to Bool.Guilhem Moulin2020-01-221
* dovecot: raise default_vsz_limit from 256MB to 512MB.Guilhem Moulin2019-05-231
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-196
* Port custom modules to python3.Guilhem Moulin2019-02-055
* firewall: gracefully close invalid connections.Guilhem Moulin2018-12-221
* fail2ban: Only install the roundcube/dovecot filters if needed.Guilhem Moulin2018-12-151
* submission: Prospective SPF checking.Guilhem Moulin2018-12-125
* Outgoing SMTP: masquerade internal hostnames.Guilhem Moulin2018-12-123
* IMAP: raise per user maximum number of inotify instances from 128 to 512.Guilhem Moulin2018-12-121
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-092
* Use mariadb.service not mysql.service.Guilhem Moulin2018-12-092
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-0925
* Disable resume device.Guilhem Moulin2018-12-093
* IMAP: Ensure /home/mail is mounted before creating sub-directories.Guilhem Moulin2018-12-091
* bacula-sd: Ensure /mnt/backup is mounted before creating sub-directories.Guilhem Moulin2018-12-091
* bacula: Backup MySQL database for the nextcloud host.Guilhem Moulin2018-12-092
* Add ssh-ed25519 hostkey for benjamin.Guilhem Moulin2018-12-091
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-099
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-093
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-098
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-099
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* Upgrade 'out' role to Debian Stretch.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-098
* MX: don't override 5XY reject codes to 554.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-066
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* Upgrade 'ikiwiki-pandoc' to v0.5.1.Guilhem Moulin2018-12-061
* Roundcube: improve serving of static resources.Guilhem Moulin2018-12-061
* Remove trailing spaces.Guilhem Moulin2018-12-053
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-057
* Upgrade DKIM keys to rsa2048, and allow for multiple keys.Guilhem Moulin2018-12-047
* Don't include hostname in ansible headers.Guilhem Moulin2018-12-031
* gencerts: Also show the algorithm for SSH host keys.Guilhem Moulin2018-12-031