summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-034
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-032
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-0315
* Skip samhain installation.Guilhem Moulin2018-12-034
* Harden anti spam on the MX:es.Guilhem Moulin2018-06-091
* More logcheck-database tweaks.Guilhem Moulin2018-04-043
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* sympa: wibbleGuilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-042
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-043
* Upgrade syntax to Ansible 2.4.Guilhem Moulin2017-11-231
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
* Fix detection of KVM guests.Guilhem Moulin2017-07-293
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-262
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-022
* Don't let authenticated client use arbitrary sender addresses.Guilhem Moulin2017-06-011
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-315
* Also install non-free firmwares on civett.Guilhem Moulin2017-05-302
* Change group of executables in /usr/local/{bin,sbin} from root to staff.Guilhem Moulin2017-05-142
* MSA: reject null sender address.Guilhem Moulin2017-05-141
* Fix Ansible 2.2.0 compatibility of a Jinja2 template.Guilhem Moulin2017-01-141
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
* Postfix: ensure common aliases are present.Guilhem Moulin2016-09-182
* FreshClam: change ownership of /etc/clamav/freshclam.conf.Guilhem Moulin2016-09-181
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* postfix: Remove obsolete templates tls_policy/relay_clientcerts.Guilhem Moulin2016-07-121
* Route all internal SMTP traffic through IPsec.Guilhem Moulin2016-07-104
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-101
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-102
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-101
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-092
* IPSec → IPsecGuilhem Moulin2016-06-295
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-051
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243