index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
/
common
Commit message (
Expand
)
Author
Age
Files
*
Fix detection of KVM guests.
Guilhem Moulin
2017-07-29
3
*
rkhunter: Disable remote updates to fix CVE-2017-7480.
Guilhem Moulin
2017-07-29
1
*
Use MariaDB as default MySQL flavor.
Guilhem Moulin
2017-07-29
1
*
Don't install debsecan anymore by default.
Guilhem Moulin
2017-06-26
2
*
Webmail: don't allow outgoing TCP/993 connections.
Guilhem Moulin
2017-06-15
1
*
More logcheck-database tweaks.
Guilhem Moulin
2017-06-07
1
*
postfix-sender-login: wibble
Guilhem Moulin
2017-06-05
1
*
dovecot: enable user iteration and add a cronjob for `doveadm purge -A`
Guilhem Moulin
2017-06-05
1
*
postfix: enable XFORWARD command from our internal relays.
Guilhem Moulin
2017-06-02
1
*
postfix: don't rate-limit our IPsec subnet.
Guilhem Moulin
2017-06-02
2
*
Don't let authenticated client use arbitrary sender addresses.
Guilhem Moulin
2017-06-01
1
*
/lib/systemd/system → /etc/systemd/system
Guilhem Moulin
2017-05-31
5
*
Also install non-free firmwares on civett.
Guilhem Moulin
2017-05-30
2
*
Change group of executables in /usr/local/{bin,sbin} from root to staff.
Guilhem Moulin
2017-05-14
2
*
MSA: reject null sender address.
Guilhem Moulin
2017-05-14
1
*
Fix Ansible 2.2.0 compatibility of a Jinja2 template.
Guilhem Moulin
2017-01-14
1
*
More logcheck-database tweaks.
Guilhem Moulin
2016-12-08
1
*
Postfix: ensure common aliases are present.
Guilhem Moulin
2016-09-18
2
*
FreshClam: change ownership of /etc/clamav/freshclam.conf.
Guilhem Moulin
2016-09-18
1
*
Firewall: allow duplicates rules.
Guilhem Moulin
2016-09-18
1
*
More logcheck-database tweaks.
Guilhem Moulin
2016-08-22
2
*
postfix: Remove obsolete templates tls_policy/relay_clientcerts.
Guilhem Moulin
2016-07-12
1
*
Route all internal SMTP traffic through IPsec.
Guilhem Moulin
2016-07-10
4
*
Postfix: avoid hardcoding the instance names.
Guilhem Moulin
2016-07-10
1
*
Postfix: don't share the master.cf between the instances.
Guilhem Moulin
2016-07-10
2
*
Route SMTP traffic from the webmail through IPsec.
Guilhem Moulin
2016-07-10
1
*
More logcheck-database tweaks.
Guilhem Moulin
2016-07-09
2
*
Localize the NTP pool hostnames.
Guilhem Moulin
2016-07-09
1
*
Localize the debian archive hostnames.
Guilhem Moulin
2016-07-09
1
*
ClamAV (FreshClam): use a localized Database Mirror.
Guilhem Moulin
2016-07-09
2
*
IPSec → IPsec
Guilhem Moulin
2016-06-29
5
*
More logcheck-database tweaks.
Guilhem Moulin
2016-06-29
3
*
update-firewall.sh: COMMIT empty iptables rule files.
Guilhem Moulin
2016-06-29
1
*
Use stunnel to secure the connection from the webmail to ldap.fripost.org.
Guilhem Moulin
2016-06-05
1
*
typo
Guilhem Moulin
2016-05-24
1
*
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
Guilhem Moulin
2016-05-24
3
*
genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...
Guilhem Moulin
2016-05-22
2
*
Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.
Guilhem Moulin
2016-05-22
6
*
Tunnel munin-update traffic through IPSec.
Guilhem Moulin
2016-05-22
7
*
Tunnel internal NTP traffic through IPSec.
Guilhem Moulin
2016-05-22
2
*
Set up IPSec tunnels between each pair of hosts.
Guilhem Moulin
2016-05-22
13
*
postfix: master.cf wibble
Guilhem Moulin
2016-05-18
1
*
postfix: Update to recommended TLS settings.
Guilhem Moulin
2016-05-18
2
*
Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.
Guilhem Moulin
2016-05-18
2
*
postfix: disable weak ciphers for the 'encrypt' TLS security level.
Guilhem Moulin
2016-05-18
1
*
Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...
Guilhem Moulin
2016-05-18
3
*
bacula: Set heartbeat options.
Guilhem Moulin
2016-05-12
2
*
Add hardening options to our systemd unit files.
Guilhem Moulin
2016-05-12
1
*
Use systemd unit files for stunnel4.
Guilhem Moulin
2016-05-12
11
*
sysctl: don't set IPv6 privacy extensions globaly.
Guilhem Moulin
2016-04-01
1
[next]