summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
Commit message (Expand)AuthorAgeFiles
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-103
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-091
* IPSec → IPsecGuilhem Moulin2016-06-292
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-223
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-225
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* bacula: Set heartbeat options.Guilhem Moulin2016-05-122
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-122
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...Guilhem Moulin2015-12-031
* Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.Guilhem Moulin2015-10-271
* stunnel: disable compression.Guilhem Moulin2015-10-272
* stunnel: use GCM ciphers only; use SSL options rather than ciphers to disable...Guilhem Moulin2015-10-272
* Change match to "^(Genuine)?Intel.*" for Intel processors.Guilhem Moulin2015-07-122
* Use a single LDAP connection per Munin round to collect slapd statistics.Guilhem Moulin2015-06-111
* slapd monitoring.Guilhem Moulin2015-06-101
* Configure munin nodes & master.Guilhem Moulin2015-06-104
* Configure Bacula File Daemon / Storage Daemon / Director.Guilhem Moulin2015-06-073
* wibbleGuilhem Moulin2015-06-071
* Configure ikiwiki (website + wiki).Guilhem Moulin2015-06-071
* typoGuilhem Moulin2015-06-071
* typoGuilhem Moulin2015-06-071
* Allow outgoing HKP and WHOIS traffic on the LDAP provider.Guilhem Moulin2015-06-071
* Allow outgoing SSH traffic.Guilhem Moulin2015-06-071
* Add wildcard Pin version in apt preferences.Guilhem Moulin2015-06-071
* Configure the list manager (Sympa).Guilhem Moulin2015-06-072
* Enable the use of git:// clients.Guilhem Moulin2015-06-071
* typoGuilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Don't install intel-microcode on Xen guests.Guilhem Moulin2015-06-072
* wibbleGuilhem Moulin2015-06-071
* Fix NTP configuration.Guilhem Moulin2015-06-072
* Ensure have a TLS policy for each of our host we want to relay to.Guilhem Moulin2015-06-071
* typoGuilhem Moulin2015-06-071
* Fix Dovecot's mail location.Guilhem Moulin2015-06-071