Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 1 |
| | ||||
* | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 |
| | ||||
* | nginx: add support for HTTP/2. | Guilhem Moulin | 2016-12-13 | 1 |
| | ||||
* | gitolite: allow hook.* git config keys. | Guilhem Moulin | 2016-12-08 | 1 |
| | ||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 3 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | To avoid new commits upon cert renewal. | |||
* | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
* | Set a HPKP on the webmail, website/wiki/git and list manager. | Guilhem Moulin | 2016-04-01 | 1 |
| | ||||
* | Set a CSP on the webmail, website/wiki and list manager. | Guilhem Moulin | 2016-04-01 | 1 |
| | ||||
* | Set HTTP security headers. | Guilhem Moulin | 2016-03-30 | 1 |
| | | | | See https://securityheaders.io . | |||
* | Let's Encrypt | Guilhem Moulin | 2016-03-02 | 1 |
| | ||||
* | cgit: Create cache directory /var/cache/cgit | Guilhem Moulin | 2016-03-02 | 1 |
| | ||||
* | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 3 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 2 |
| | ||||
* | nginx: Move include.d/* to snippets/. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | nginx: s/conf.d/include.d/ | Guilhem Moulin | 2015-12-15 | 1 |
| | ||||
* | ngnix: mv ssl/config conf.d/ssl | Guilhem Moulin | 2015-12-09 | 1 |
| | ||||
* | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 |
| | ||||
* | nginx: adjust expiration date for static content. | Guilhem Moulin | 2015-10-30 | 1 |
| | ||||
* | Cgit: Add gitolite@ for clone ssh:// URLs. | Guilhem Moulin | 2015-09-29 | 1 |
| | ||||
* | Replace gitweb with cgit. | Guilhem Moulin | 2015-09-21 | 14 |
| | ||||
* | systemd: Auto-restart the gitweb service. | Guilhem Moulin | 2015-09-15 | 2 |
| | ||||
* | gitweb: Explicitely install FCGI. | Guilhem Moulin | 2015-06-10 | 1 |
| | ||||
* | Restart services when updating systemd unit files. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | gitweb workaround encoding issues in FCGI mode. | Guilhem Moulin | 2015-06-07 | 3 |
| | ||||
* | Git (gitolite + git-http-backend + gitweb) configuration | Guilhem Moulin | 2015-06-07 | 9 |
By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details. |