summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
Commit message (Expand)AuthorAgeFiles
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-182
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-091
* IPSec → IPsecGuilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-221
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-223
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-223
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-183
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-125
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
* Ansible: Using bare variables is deprecated, and will be removed in a future ...Guilhem Moulin2016-03-022
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-125
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-281
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-201
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
* Configure FreshClam.Guilhem Moulin2015-09-151
* Change match to "^(Genuine)?Intel.*" for Intel processors.Guilhem Moulin2015-07-121
* Configure munin nodes & master.Guilhem Moulin2015-06-102
* Configure Bacula File Daemon / Storage Daemon / Director.Guilhem Moulin2015-06-072
* Install CAcert.org root certificates.Guilhem Moulin2015-06-071
* logjam mitigation.Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Don't instal smartd on KVM guests.Guilhem Moulin2015-06-071
* Upgrade the common package list.Guilhem Moulin2015-06-072
* Add a 'root' alias to root@fripost.org.Guilhem Moulin2015-06-071
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-071
* Don't install intel-microcode on Xen guests.Guilhem Moulin2015-06-071
* Don't install smartd on Xen guests.Guilhem Moulin2015-06-072
* Install auditd.Guilhem Moulin2015-06-073
* wibbleGuilhem Moulin2015-06-071
* Fix NTP configuration.Guilhem Moulin2015-06-071
* Ensure have a TLS policy for each of our host we want to relay to.Guilhem Moulin2015-06-071
* Postfix needs to be restarted after rekeying.Guilhem Moulin2015-06-071
* Add a tag 'tls_policy' to facilitate rekeying.Guilhem Moulin2015-06-071
* Add ability to add custom OrganizationalUnits in genkeypair.Guilhem Moulin2015-06-071
* Don't install daemontools.Guilhem Moulin2015-06-071
* Reload Postfix upon configuration change, but don't restart it.Guilhem Moulin2015-06-071
* Don't restart/reload Postifx upon change of a file based database.Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-072
* Remove IPSec related files.Guilhem Moulin2015-06-071
* Tel logcheck which logs to monitor.Guilhem Moulin2015-06-071
* Replace IPSec tunnels by app-level ephemeral TLS sessions.Guilhem Moulin2015-06-073