Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 1 |
| | ||||
* | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 |
| | ||||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 2 |
| | ||||
* | sympa: don't tweak /etc/logrotate.d/sympa. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | systemd: Ensure sympa service is enabled. | Guilhem Moulin | 2016-09-18 | 1 |
| | ||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | To avoid new commits upon cert renewal. | |||
* | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
* | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 2 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 |
| | ||||
* | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 |
| | ||||
* | Rename 'mysql_user' plugin to 'mysql_user2' to avoid name collisions. | Guilhem Moulin | 2015-07-12 | 1 |
| | ||||
* | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 1 |
| | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | |||
* | Add references to bug reports. | Guilhem Moulin | 2015-06-10 | 1 |
| | ||||
* | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | |||
* | Restart services when updating systemd unit files. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | SQL: Set empty passwords for auth_socket authentication. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't restart sympa on logrotate. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | This is unnecessary since it uses syslog. | |||
* | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 4 |
| | ||||
* | Use $virtual_alias_domains not $virtual_mailbox_domains. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Quoting postconf(5): smtpd_reject_unlisted_recipient (default: yes) Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. An address is always considered "known" when it matches a virtual(5) alias or a canonical(5) mapping. […] * The recipient domain matches $virtual_alias_domains but the recipient is not listed in $virtual_alias_maps. * The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps is not null. Since we alias everything under special, "invalid", domains (mda.f.o and mailman.f.o), our $virtual_mailbox_maps was null, which led to reject_unlisted_recipient not being triggered for say, "noone@fripost.org". However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits into the second point above. | |||
* | Reload Postfix upon configuration change, but don't restart it. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | (Unless a new instance is created, or the master.cf change is modified.) Changing some variables, such as inet_protocols, require a full restart, but most of the time it's overkill. | |||
* | Don't auto-create home directories when adding system users. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Unlike adduser(8), ansible's 'user' module copies skeletal configuration files even for system users (unless called with createhome=no). | |||
* | Ansible automatically creates parent directories. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Use Debian's usual location for static web content. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | Hence put the CSS and fonts under /usr/share/. | |||
* | Make the *_maps file names uniform. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | That is, don't put a leading virtual_ or a trailing _maps in file names. | |||
* | Mailing lists (using mlmmj). | Guilhem Moulin | 2015-06-07 | 3 |
Right now the list server cannot be hosted with a MX, due to bug 51: http://mlmmj.org/bugs/bug.php?id=51 Web archive can be compiled with MHonArc, but the web server configuration is not there yet. |