| Commit message (Collapse) | Author | Age | Files |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This avoids
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set
to allow bad characters in group names by default, this will change, but
still be user configurable on deprecation. This feature will be removed
in version 2.10. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not
replaced, use -vvvv to see details
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Interhost communications are protected by stunnel4. The graphs are only
visible on the master itself, and content is generated by Fast CGI.
|
| |
|
|
|
| |
Using client-side data signing/encryption and wrapping inter-host
communication into stunnel.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
By default repos are be readable by gitweb and the web server ('gitweb' and
'www-data' are both in the 'gitolite' group). Private repo owners will have
'chmod -R og-rwx' manually.
To automatically add new repos to gitweb's 'project.list' file, make it
readable to the special 'gitweb' user.
See /usr/share/doc/gitolite3/README.txt.gz for details.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The clients are identified using their certificate, and connect securely
to the SyncProv.
There are a few workarounds (XXX) in the ACLs due to Postfix not
supporting SASL binds in Wheezy.
Overview:
- Authentication (XXX: strong authentication) is required prior to any DIT
operation (see 'olcRequires').
- We force a Security Strength Factor of 128 or above for all operations (see
'olcSecurity'), meaning one must use either a local connection (eg,
ldapi://, possible since we set the 'olcLocalSSF' to 128), or TLS with at
least 128 bits of security.
- XXX: Services may not simple bind other than locally on a ldapi:// socket.
If no remote access is needed, they should use SASL/EXTERNAL on a ldapi://
socket whenever possible (if the service itself supports SASL binds).
If remote access is needed, they should use SASL/EXTERNAL on a ldaps://
socket, and their identity should be derived from the CN of the client
certificate only (hence services may not simple bind).
- Admins have restrictions similar to that of the services.
- User access is only restricted by our global 'olcSecurity' attribute.
|
| |
|
|
| |
For DKIM signing and virus checking.
|
| |
|
|
|
|
|
|
|
| |
Right now the list server cannot be hosted with a MX, due to bug 51:
http://mlmmj.org/bugs/bug.php?id=51
Web archive can be compiled with MHonArc, but the web server
configuration is not there yet.
|
| | |
|
| |
|
|
| |
(Hence the SyncProv overlay.)
|
| | |
|
| | |
|
| |
|
|
| |
I.e., put 'sudo=True' in ansible.cfg.
|
|
|
We use a dedicated instance for each role: MDA, MTA out, MX, etc.
|
