summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
Commit message (Expand)AuthorAgeFiles
* Improve Debian 11's fail2ban rules.Guilhem Moulin2022-12-181
* Port baseline to Debian 11 (codename Bullseye).Guilhem Moulin2022-10-136
* munin: Skip ntp_* plugins when ntpq(1) is missing.Guilhem Moulin2021-02-061
* Change NTP client to systemd-timesyncd.Guilhem Moulin2020-11-151
* Bacula: refactor systemd service files.Guilhem Moulin2020-11-031
* kernel parameters: Disable SYN cookies and improve SYN backlog handling.Guilhem Moulin2020-11-021
* s/LDAP-provider/LDAP_provider/Guilhem Moulin2020-05-191
* stunnel4: Harden and socket-activate.Guilhem Moulin2020-05-181
* Remove 'meta: flush_handlers' directives under conditionals.Guilhem Moulin2020-05-171
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-165
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-251
* Convert firewall to nftables.Guilhem Moulin2020-01-233
* fail2ban: Only install the roundcube/dovecot filters if needed.Guilhem Moulin2018-12-151
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-091
* Disable resume device.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* Install unbound on metal hosts.Guilhem Moulin2018-12-032
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-039
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-032
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-031
* Skip samhain installation.Guilhem Moulin2018-12-032
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-041
* Upgrade syntax to Ansible 2.4.Guilhem Moulin2017-11-231
* Fix detection of KVM guests.Guilhem Moulin2017-07-291
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-261
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-312
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-182
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-091
* IPSec → IPsecGuilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-221
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-223
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-223
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-183
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-125
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
* Ansible: Using bare variables is deprecated, and will be removed in a future ...Guilhem Moulin2016-03-022
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-125
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-281
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
* Configure FreshClam.Guilhem Moulin2015-09-151