summaryrefslogtreecommitdiffstats
path: root/roles/git
Commit message (Collapse)AuthorAgeFiles
* nginx: Don't hard-code the HPKP headers.Guilhem Moulin2016-07-123
| | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out.
* Change the pubkey extension from .pem to .pub.Guilhem Moulin2016-07-101
|
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-151
| | | | To avoid new commits upon cert renewal.
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵Guilhem Moulin2016-05-181
| | | | | | locally. And use this to fetch all X.509 leaf certificates.
* Set a HPKP on the webmail, website/wiki/git and list manager.Guilhem Moulin2016-04-011
|
* Set a CSP on the webmail, website/wiki and list manager.Guilhem Moulin2016-04-011
|
* Set HTTP security headers.Guilhem Moulin2016-03-301
| | | | See https://securityheaders.io .
* Let's EncryptGuilhem Moulin2016-03-021
|
* cgit: Create cache directory /var/cache/cgitGuilhem Moulin2016-03-021
|
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-123
|
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-202
|
* nginx: Move include.d/* to snippets/.Guilhem Moulin2015-12-201
|
* nginx: s/conf.d/include.d/Guilhem Moulin2015-12-151
|
* ngnix: mv ssl/config conf.d/sslGuilhem Moulin2015-12-091
|
* Automatically fetch X.509 certificates, and add them to git.Guilhem Moulin2015-12-031
|
* nginx: adjust expiration date for static content.Guilhem Moulin2015-10-301
|
* Cgit: Add gitolite@ for clone ssh:// URLs.Guilhem Moulin2015-09-291
|
* Replace gitweb with cgit.Guilhem Moulin2015-09-2114
|
* systemd: Auto-restart the gitweb service.Guilhem Moulin2015-09-152
|
* gitweb: Explicitely install FCGI.Guilhem Moulin2015-06-101
|
* Restart services when updating systemd unit files.Guilhem Moulin2015-06-071
|
* gitweb workaround encoding issues in FCGI mode.Guilhem Moulin2015-06-073
|
* Git (gitolite + git-http-backend + gitweb) configurationGuilhem Moulin2015-06-079
By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details.