summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
Commit message (Collapse)AuthorAgeFiles
...
* Assume a DNS entry for each role.Guilhem Moulin2015-06-072
| | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though.
* Don't use IPSec to relay messages to localhost.Guilhem Moulin2015-06-071
|
* Excplicitely make local services run on localhost.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Configure Sieve and ManageSieve.Guilhem Moulin2015-06-071
| | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server.
* Configure the webmail.Guilhem Moulin2015-06-072
|
* Force expansion of escape sequences.Guilhem Moulin2015-06-072
| | | | | By using double quoted scalars, cf. https://groups.google.com/forum/#!topic/ansible-project/ZaB6o-eqDzw
* Configure NTP.Guilhem Moulin2015-06-072
| | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec.
* Configure the Mail Submission Agent.Guilhem Moulin2015-06-072
|
* wibbleGuilhem Moulin2015-06-071
|
* Configure the IMAP server.Guilhem Moulin2015-06-072
| | | | (For now, only LMTP and IMAP processes, without replication.)
* Configure the MX:es.Guilhem Moulin2015-06-073
|
* Share master.cf accross all Postfix instances.Guilhem Moulin2015-06-071
| | | | | | And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.)
* Use a dedicated SMTP port for samhain.Guilhem Moulin2015-06-071
| | | | | | | It's unfortunate that samhain cannot use the sendmail binary, and wants to use a inet socket instead. We use a custom port to avoid conflicts with the usual SMTP port the MX:es need to listen on. See also: /usr/share/doc/samhain/TODO.Debian
* Reorganization.Guilhem Moulin2015-06-071
|
* Reformulate the headers showing the license.Guilhem Moulin2015-06-071
| | | | | To be clearer, and to follow the recommendation of the FSF, we include a full header rather than a single sentence.
* Configure debsecan.Guilhem Moulin2015-06-071
|
* Common LDAP (slapd) configuration.Guilhem Moulin2015-06-071
|
* Postfix master (nullmailer) configurationGuilhem Moulin2015-06-071
| | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc.
* wibbleGuilhem Moulin2015-06-071
|
* Prefer maching on policy rather than marks.Guilhem Moulin2015-06-071
| | | | Also, use ESP tunnel mode instead of transport mode.
* Use a dedicated 'fail2ban' chain for fail2ban.Guilhem Moulin2015-06-071
| | | | So it doesn't mess with the high-priority rules regarding IPSec.
* Configure IPSec.Guilhem Moulin2015-06-072
|
* Configure fail2ban.Guilhem Moulin2015-06-071
|
* Configure v4 and v6 iptable rulesets.Guilhem Moulin2015-06-071
|
* Configure APT.Guilhem Moulin2015-06-072
|
* Configure /etc/{hosts,hostname,mailname}.Guilhem Moulin2015-06-072