summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-104
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-092
* IPSec → IPsecGuilhem Moulin2016-06-295
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-226
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-227
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-2213
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-182
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-182
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-183
* bacula: Set heartbeat options.Guilhem Moulin2016-05-122
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-121
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-1211
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
* Ansible: Using bare variables is deprecated, and will be removed in a future ...Guilhem Moulin2016-03-022
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-125
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-282
* Copy and install Let's Encrypt ACME client.Guilhem Moulin2015-12-201
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-202
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
* typoGuilhem Moulin2015-12-041
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...Guilhem Moulin2015-12-031
* More logcheck-database tweaks.Guilhem Moulin2015-12-011
* More logcheck-database tweaks.Guilhem Moulin2015-11-121
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
* genkeypair: use install(1) for atomic file creation with permission mode.Guilhem Moulin2015-10-282
* Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.Guilhem Moulin2015-10-271
* stunnel: disable compression.Guilhem Moulin2015-10-272
* stunnel: use GCM ciphers only; use SSL options rather than ciphers to disable...Guilhem Moulin2015-10-272
* More logcheck-database tweaks.Guilhem Moulin2015-10-142
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 21:37:46 +0000