summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-096
* Disable resume device.Guilhem Moulin2018-12-093
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-092
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-091
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-091
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-092
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-051
* Install unbound on metal hosts.Guilhem Moulin2018-12-034
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-031
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-039
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-034
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-032
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-0315
* Skip samhain installation.Guilhem Moulin2018-12-034
* Harden anti spam on the MX:es.Guilhem Moulin2018-06-091
* More logcheck-database tweaks.Guilhem Moulin2018-04-043
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* sympa: wibbleGuilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-042
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-043
* Upgrade syntax to Ansible 2.4.Guilhem Moulin2017-11-231
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
* Fix detection of KVM guests.Guilhem Moulin2017-07-293
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-262
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-022
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-315
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* MSA: reject null sender address.Guilhem Moulin2017-05-141
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* More logcheck-database tweaks.Guilhem Moulin2016-12-081