summaryrefslogtreecommitdiffstats
path: root/roles/common
Commit message (Expand)AuthorAgeFiles
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-257
* Convert firewall to nftables.Guilhem Moulin2020-01-2311
* Postfix: disable DNS lookups on the internal SMTPds.Guilhem Moulin2020-01-231
* tr/-/_/ in group names.Guilhem Moulin2020-01-223
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-194
* firewall: gracefully close invalid connections.Guilhem Moulin2018-12-221
* fail2ban: Only install the roundcube/dovecot filters if needed.Guilhem Moulin2018-12-151
* submission: Prospective SPF checking.Guilhem Moulin2018-12-122
* IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.Guilhem Moulin2018-12-091
* MSA verification probes: enable opportunistic encryption.Guilhem Moulin2018-12-091
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-096
* Disable resume device.Guilhem Moulin2018-12-093
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-092
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-091
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-091
* Firewall: disable outgoing access to git:// remote servers.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-092
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* Don't install the haveged entropy daemon.Guilhem Moulin2018-12-092
* ntp.conf: reduce delta with the packaged version.Guilhem Moulin2018-12-091
* MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.Guilhem Moulin2018-12-091
* postfix: remove explicit default 'mail_owner = postfix'.Guilhem Moulin2018-12-061
* postfix ≥3.0: don't advertise SMTPUTF8 support.Guilhem Moulin2018-12-061
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-051
* Install unbound on metal hosts.Guilhem Moulin2018-12-034
* Define new host "calima" serving Nextcloud.Guilhem Moulin2018-12-031
* Upgrade syntax to Ansible 2.7 (apt module).Guilhem Moulin2018-12-039
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-034
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-032
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-0315
* Skip samhain installation.Guilhem Moulin2018-12-034
* Harden anti spam on the MX:es.Guilhem Moulin2018-06-091
* More logcheck-database tweaks.Guilhem Moulin2018-04-043
* Postfix: replace 'fifo' types with 'unix', as it's the new default.Guilhem Moulin2018-04-041
* sympa: wibbleGuilhem Moulin2018-04-041
* Firewall: Allow DNS queries over TCP.Guilhem Moulin2018-04-041
* APT: use deb.debian.org as archive source.Guilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-042
* Upgrade syntax to Ansible 2.5.Guilhem Moulin2018-04-043
* Upgrade syntax to Ansible 2.4.Guilhem Moulin2017-11-231
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
* Fix detection of KVM guests.Guilhem Moulin2017-07-293
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
* Don't install debsecan anymore by default.Guilhem Moulin2017-06-262
* Webmail: don't allow outgoing TCP/993 connections.Guilhem Moulin2017-06-151
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
* postfix: enable XFORWARD command from our internal relays.Guilhem Moulin2017-06-021