summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
Commit message (Expand)AuthorAgeFiles
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-092
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* Install unbound on metal hosts.Guilhem Moulin2018-12-031
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-031
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-031
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-031
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-035
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-042
* Fix detection of KVM guests.Guilhem Moulin2017-07-292
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-261
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-103
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-091
* IPSec → IPsecGuilhem Moulin2016-06-292
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-225
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* bacula: Set heartbeat options.Guilhem Moulin2016-05-122
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-122
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...Guilhem Moulin2015-12-031
* Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.Guilhem Moulin2015-10-271
* stunnel: disable compression.Guilhem Moulin2015-10-272
* stunnel: use GCM ciphers only; use SSL options rather than ciphers to disable...Guilhem Moulin2015-10-272
* Change match to "^(Genuine)?Intel.*" for Intel processors.Guilhem Moulin2015-07-122
* Use a single LDAP connection per Munin round to collect slapd statistics.Guilhem Moulin2015-06-111