Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Assume a DNS entry for each role. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though. | |||
* | Don't use IPSec to relay messages to localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Excplicitely make local services run on localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure Sieve and ManageSieve. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, add the 'managesieve' RoundCube plugin to communicate with our server. | |||
* | Configure the webmail. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Force expansion of escape sequences. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | By using double quoted scalars, cf. https://groups.google.com/forum/#!topic/ansible-project/ZaB6o-eqDzw | |||
* | Configure NTP. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec. | |||
* | Configure the Mail Submission Agent. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure the IMAP server. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | (For now, only LMTP and IMAP processes, without replication.) | |||
* | Configure the MX:es. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | Share master.cf accross all Postfix instances. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | And use main.cf's 'master_service_disable' setting to deactivate each service that's useless for a given instance. (Hence solve conflict when trying to listen twice on the same port, for instance.) | |||
* | Use a dedicated SMTP port for samhain. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | It's unfortunate that samhain cannot use the sendmail binary, and wants to use a inet socket instead. We use a custom port to avoid conflicts with the usual SMTP port the MX:es need to listen on. See also: /usr/share/doc/samhain/TODO.Debian | |||
* | Reorganization. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Reformulate the headers showing the license. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | To be clearer, and to follow the recommendation of the FSF, we include a full header rather than a single sentence. | |||
* | Configure debsecan. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Common LDAP (slapd) configuration. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Postfix master (nullmailer) configuration | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc. | |||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Prefer maching on policy rather than marks. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Also, use ESP tunnel mode instead of transport mode. | |||
* | Use a dedicated 'fail2ban' chain for fail2ban. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | So it doesn't mess with the high-priority rules regarding IPSec. | |||
* | Configure IPSec. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Configure fail2ban. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure v4 and v6 iptable rulesets. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure APT. | Guilhem Moulin | 2015-06-07 | 2 |
| | ||||
* | Configure /etc/{hosts,hostname,mailname}. | Guilhem Moulin | 2015-06-07 | 2 |