summaryrefslogtreecommitdiffstats
path: root/roles/common/templates
Commit message (Expand)AuthorAgeFiles
* Port baseline to Debian 11 (codename Bullseye).Guilhem Moulin2022-10-133
* clamav-freshclam: Remove ‘SafeBrowsing’ option.Guilhem Moulin2022-10-111
* Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’.Guilhem Moulin2022-10-114
* Postfix: pin key material to our MX:es for fripost.org and its subdomains.Guilhem Moulin2021-01-261
* Firewall: Always include 172.16.0.0/12 to the bogon list.Guilhem Moulin2020-11-151
* Firewall: Add counter to dropped ICMP packets.Guilhem Moulin2020-11-151
* Firewall: ICMPv6: accept link-local multicast receiver notification messages.Guilhem Moulin2020-11-151
* Change NTP client to systemd-timesyncd.Guilhem Moulin2020-11-153
* Firewall: allow ICMP type 11 (time time-exceeded).Guilhem Moulin2020-11-031
* Firewall: Move IPsec/ICMP/ICMPv6 rules to ingress chain.Guilhem Moulin2020-11-031
* Firewall: Move martian and bogus TCP filters early in the packet flow.Guilhem Moulin2020-11-021
* MSA: Update role to Debian Buster.Guilhem Moulin2020-05-191
* s/LDAP-provider/LDAP_provider/Guilhem Moulin2020-05-191
* Firewall: note on reqid matching.Guilhem Moulin2020-05-181
* AEAD ciphers: Add EECDH+CHACHA20 macro.Guilhem Moulin2020-05-181
* Firewall: Use `meta secpath exists` to match xfrm associations.Guilhem Moulin2020-05-181
* Roundcube: Port to Debian 10.Guilhem Moulin2020-05-171
* typofixGuilhem Moulin2020-05-161
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-166
* /etc/apt/sources.list: Use https:// URIs.Guilhem Moulin2020-01-251
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-251
* Convert firewall to nftables.Guilhem Moulin2020-01-234
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
* tr/-/_/ in group names.Guilhem Moulin2020-01-223
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-193
* submission: Prospective SPF checking.Guilhem Moulin2018-12-122
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-092
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* Install unbound on metal hosts.Guilhem Moulin2018-12-031
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-031
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-031
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-031
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-035
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-042
* Fix detection of KVM guests.Guilhem Moulin2017-07-292
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-261
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011