index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
/
common
/
templates
Commit message (
Expand
)
Author
Age
Files
*
IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.
Guilhem Moulin
2018-12-09
1
*
MSA verification probes: enable opportunistic encryption.
Guilhem Moulin
2018-12-09
1
*
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Guilhem Moulin
2018-12-09
2
*
Firewall: disable outgoing access to git:// remote servers.
Guilhem Moulin
2018-12-09
1
*
ntp.conf: reduce delta with the packaged version.
Guilhem Moulin
2018-12-09
1
*
MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.
Guilhem Moulin
2018-12-09
1
*
postfix: remove explicit default 'mail_owner = postfix'.
Guilhem Moulin
2018-12-06
1
*
postfix ≥3.0: don't advertise SMTPUTF8 support.
Guilhem Moulin
2018-12-06
1
*
Install unbound on metal hosts.
Guilhem Moulin
2018-12-03
1
*
Define new host "calima" serving Nextcloud.
Guilhem Moulin
2018-12-03
1
*
Postfix: replace cdb & btree tables with lmdb ones.
Guilhem Moulin
2018-12-03
1
*
IPsec: allow ISAKMP over IPv6.
Guilhem Moulin
2018-12-03
1
*
Upgrade baseline to Debian Stretch.
Guilhem Moulin
2018-12-03
5
*
Postfix: replace 'fifo' types with 'unix', as it's the new default.
Guilhem Moulin
2018-04-04
1
*
Firewall: Allow DNS queries over TCP.
Guilhem Moulin
2018-04-04
1
*
APT: use deb.debian.org as archive source.
Guilhem Moulin
2018-04-04
1
*
Perform recipient address verification on the MSA itself.
Guilhem Moulin
2018-04-04
1
*
Upgrade syntax to Ansible 2.5.
Guilhem Moulin
2018-04-04
2
*
Fix detection of KVM guests.
Guilhem Moulin
2017-07-29
2
*
Don't install debsecan anymore by default.
Guilhem Moulin
2017-06-26
1
*
Webmail: don't allow outgoing TCP/993 connections.
Guilhem Moulin
2017-06-15
1
*
postfix: enable XFORWARD command from our internal relays.
Guilhem Moulin
2017-06-02
1
*
postfix: don't rate-limit our IPsec subnet.
Guilhem Moulin
2017-06-02
1
*
Don't let authenticated client use arbitrary sender addresses.
Guilhem Moulin
2017-06-01
1
*
Also install non-free firmwares on civett.
Guilhem Moulin
2017-05-30
2
*
Fix Ansible 2.2.0 compatibility of a Jinja2 template.
Guilhem Moulin
2017-01-14
1
*
postfix: Remove obsolete templates tls_policy/relay_clientcerts.
Guilhem Moulin
2016-07-12
1
*
Route all internal SMTP traffic through IPsec.
Guilhem Moulin
2016-07-10
3
*
Postfix: avoid hardcoding the instance names.
Guilhem Moulin
2016-07-10
1
*
Postfix: don't share the master.cf between the instances.
Guilhem Moulin
2016-07-10
1
*
Localize the NTP pool hostnames.
Guilhem Moulin
2016-07-09
1
*
Localize the debian archive hostnames.
Guilhem Moulin
2016-07-09
1
*
ClamAV (FreshClam): use a localized Database Mirror.
Guilhem Moulin
2016-07-09
1
*
IPSec → IPsec
Guilhem Moulin
2016-06-29
2
*
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
Guilhem Moulin
2016-05-24
1
*
Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.
Guilhem Moulin
2016-05-22
3
*
Tunnel munin-update traffic through IPSec.
Guilhem Moulin
2016-05-22
3
*
Tunnel internal NTP traffic through IPSec.
Guilhem Moulin
2016-05-22
2
*
Set up IPSec tunnels between each pair of hosts.
Guilhem Moulin
2016-05-22
5
*
postfix: Update to recommended TLS settings.
Guilhem Moulin
2016-05-18
1
*
postfix: disable weak ciphers for the 'encrypt' TLS security level.
Guilhem Moulin
2016-05-18
1
*
bacula: Set heartbeat options.
Guilhem Moulin
2016-05-12
2
*
Use systemd unit files for stunnel4.
Guilhem Moulin
2016-05-12
2
*
s/ansible_ssh_/ansible_/
Guilhem Moulin
2016-02-12
2
*
Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...
Guilhem Moulin
2015-12-03
1
*
Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.
Guilhem Moulin
2015-10-27
1
*
stunnel: disable compression.
Guilhem Moulin
2015-10-27
2
*
stunnel: use GCM ciphers only; use SSL options rather than ciphers to disable...
Guilhem Moulin
2015-10-27
2
*
Change match to "^(Genuine)?Intel.*" for Intel processors.
Guilhem Moulin
2015-07-12
2
*
Use a single LDAP connection per Munin round to collect slapd statistics.
Guilhem Moulin
2015-06-11
1
[next]