summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* Fix detection of KVM guests.Guilhem Moulin2017-07-293
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-262
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-022
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-315
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* MSA: reject null sender address.Guilhem Moulin2017-05-141
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-182
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-104
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-092
* IPSec → IPsecGuilhem Moulin2016-06-295
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-226
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-227
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-2213
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-182
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-182
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-181
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-183
* bacula: Set heartbeat options.Guilhem Moulin2016-05-122
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-121
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-1211
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011