index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
/
common
/
tasks
Commit message (
Expand
)
Author
Age
Files
*
Improve Debian 11's fail2ban rules.
Guilhem Moulin
2022-12-18
1
*
Port baseline to Debian 11 (codename Bullseye).
Guilhem Moulin
2022-10-13
6
*
munin: Skip ntp_* plugins when ntpq(1) is missing.
Guilhem Moulin
2021-02-06
1
*
Change NTP client to systemd-timesyncd.
Guilhem Moulin
2020-11-15
1
*
Bacula: refactor systemd service files.
Guilhem Moulin
2020-11-03
1
*
kernel parameters: Disable SYN cookies and improve SYN backlog handling.
Guilhem Moulin
2020-11-02
1
*
s/LDAP-provider/LDAP_provider/
Guilhem Moulin
2020-05-19
1
*
stunnel4: Harden and socket-activate.
Guilhem Moulin
2020-05-18
1
*
Remove 'meta: flush_handlers' directives under conditionals.
Guilhem Moulin
2020-05-17
1
*
Upgrade baseline to Debian 10.
Guilhem Moulin
2020-05-16
5
*
Improve/harden fail2ban configuration.
Guilhem Moulin
2020-01-25
1
*
Convert firewall to nftables.
Guilhem Moulin
2020-01-23
3
*
fail2ban: Only install the roundcube/dovecot filters if needed.
Guilhem Moulin
2018-12-15
1
*
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Guilhem Moulin
2018-12-09
1
*
Disable resume device.
Guilhem Moulin
2018-12-09
1
*
Don't install the haveged entropy daemon.
Guilhem Moulin
2018-12-09
2
*
Install unbound on metal hosts.
Guilhem Moulin
2018-12-03
2
*
Upgrade syntax to Ansible 2.7 (apt module).
Guilhem Moulin
2018-12-03
9
*
Postfix: replace cdb & btree tables with lmdb ones.
Guilhem Moulin
2018-12-03
2
*
Upgrade baseline to Debian Stretch.
Guilhem Moulin
2018-12-03
1
*
Skip samhain installation.
Guilhem Moulin
2018-12-03
2
*
Upgrade syntax to Ansible 2.5.
Guilhem Moulin
2018-04-04
1
*
Upgrade syntax to Ansible 2.4.
Guilhem Moulin
2017-11-23
1
*
Fix detection of KVM guests.
Guilhem Moulin
2017-07-29
1
*
Don't install debsecan anymore by default.
Guilhem Moulin
2017-06-26
1
*
/lib/systemd/system → /etc/systemd/system
Guilhem Moulin
2017-05-31
2
*
Change group of executables in /usr/local/{bin,sbin} from root to staff.
Guilhem Moulin
2017-05-14
2
*
Postfix: ensure common aliases are present.
Guilhem Moulin
2016-09-18
2
*
FreshClam: change ownership of /etc/clamav/freshclam.conf.
Guilhem Moulin
2016-09-18
1
*
Route all internal SMTP traffic through IPsec.
Guilhem Moulin
2016-07-10
1
*
Postfix: don't share the master.cf between the instances.
Guilhem Moulin
2016-07-10
1
*
Route SMTP traffic from the webmail through IPsec.
Guilhem Moulin
2016-07-10
1
*
ClamAV (FreshClam): use a localized Database Mirror.
Guilhem Moulin
2016-07-09
1
*
IPSec → IPsec
Guilhem Moulin
2016-06-29
1
*
Use stunnel to secure the connection from the webmail to ldap.fripost.org.
Guilhem Moulin
2016-06-05
1
*
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
Guilhem Moulin
2016-05-24
1
*
Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.
Guilhem Moulin
2016-05-22
1
*
Tunnel munin-update traffic through IPSec.
Guilhem Moulin
2016-05-22
3
*
Set up IPSec tunnels between each pair of hosts.
Guilhem Moulin
2016-05-22
3
*
Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.
Guilhem Moulin
2016-05-18
1
*
Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...
Guilhem Moulin
2016-05-18
3
*
Use systemd unit files for stunnel4.
Guilhem Moulin
2016-05-12
5
*
sysctl: don't set IPv6 privacy extensions globaly.
Guilhem Moulin
2016-04-01
1
*
sysctl: set net.ipv6.conf.all.accept_ra = 0.
Guilhem Moulin
2016-03-30
1
*
Ansible: Using bare variables is deprecated, and will be removed in a future ...
Guilhem Moulin
2016-03-02
2
*
Upgrade playbooks to Ansible 2.0.
Guilhem Moulin
2016-02-12
5
*
Only install letsencrypt-tiny to the relevant hosts.
Guilhem Moulin
2015-12-28
1
*
Use the Let's Encrypt CA for our public certs.
Guilhem Moulin
2015-12-20
1
*
Internal Postfix config: Generate RSA 4096 keys by default.
Guilhem Moulin
2015-10-28
1
*
Configure FreshClam.
Guilhem Moulin
2015-09-15
1
[next]