summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
...
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* MSA: reject null sender address.Guilhem Moulin2017-05-141
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-182
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-104
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-092
* IPSec → IPsecGuilhem Moulin2016-06-295
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-226
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-227
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-2213
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-182
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-182
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-183
* bacula: Set heartbeat options.Guilhem Moulin2016-05-122
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-121
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-1211
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
* Ansible: Using bare variables is deprecated, and will be removed in a future ...Guilhem Moulin2016-03-022
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-125
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-282
* Copy and install Let's Encrypt ACME client.Guilhem Moulin2015-12-201
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-202
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
* typoGuilhem Moulin2015-12-041
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...Guilhem Moulin2015-12-031