| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Postfix: Install -lmdb in all roles using db=lmdb. | Guilhem Moulin | 2020-05-21 | 1 | 
| | | | | | | | And drop -ldap from all roles other than MX. -lmdb is included in roles/common but it can be helpful to have it individual roles as well as they can be run individually. | |||
| * | Upgrade 'lists' role to Debian Stretch. | Guilhem Moulin | 2018-12-09 | 2 | 
| | | ||||
| * | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 3 | 
| | | ||||
| * | Postfix: replace cdb & btree tables with lmdb ones. | Guilhem Moulin | 2018-12-03 | 1 | 
| | | | | | Cf. lmdb_table(5). | |||
| * | sympa: wibble | Guilhem Moulin | 2018-04-04 | 1 | 
| | | ||||
| * | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 | 
| | | ||||
| * | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 1 | 
| | | ||||
| * | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 1 | 
| | | ||||
| * | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 | 
| | | ||||
| * | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 2 | 
| | | ||||
| * | sympa: don't tweak /etc/logrotate.d/sympa. | Guilhem Moulin | 2017-05-14 | 1 | 
| | | ||||
| * | systemd: Ensure sympa service is enabled. | Guilhem Moulin | 2016-09-18 | 1 | 
| | | ||||
| * | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 1 | 
| | | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
| * | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 1 | 
| | | ||||
| * | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 1 | 
| | | ||||
| * | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 | 
| | | ||||
| * | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 | 
| | | | | | To avoid new commits upon cert renewal. | |||
| * | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 | 
| | | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
| * | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 2 | 
| | | ||||
| * | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 1 | 
| | | ||||
| * | Automatically fetch X.509 certificates, and add them to git. | Guilhem Moulin | 2015-12-03 | 1 | 
| | | ||||
| * | Rename 'mysql_user' plugin to 'mysql_user2' to avoid name collisions. | Guilhem Moulin | 2015-07-12 | 1 | 
| | | ||||
| * | Configure munin nodes & master. | Guilhem Moulin | 2015-06-10 | 1 | 
| | | | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI. | |||
| * | Add references to bug reports. | Guilhem Moulin | 2015-06-10 | 1 | 
| | | ||||
| * | Add a reserved domain 'discard.fripost.org' to discard messages. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’. | |||
| * | Restart services when updating systemd unit files. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | SQL: Set empty passwords for auth_socket authentication. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Don't restart sympa on logrotate. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | This is unnecessary since it uses syslog. | |||
| * | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 4 | 
| | | ||||
| * | Use $virtual_alias_domains not $virtual_mailbox_domains. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | | | | | | | | | | | | | | | | | | | | | Quoting postconf(5): smtpd_reject_unlisted_recipient (default: yes) Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages. An address is always considered "known" when it matches a virtual(5) alias or a canonical(5) mapping. […] * The recipient domain matches $virtual_alias_domains but the recipient is not listed in $virtual_alias_maps. * The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps is not null. Since we alias everything under special, "invalid", domains (mda.f.o and mailman.f.o), our $virtual_mailbox_maps was null, which led to reject_unlisted_recipient not being triggered for say, "noone@fripost.org". However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits into the second point above. | |||
| * | Reload Postfix upon configuration change, but don't restart it. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | | (Unless a new instance is created, or the master.cf change is modified.) Changing some variables, such as inet_protocols, require a full restart, but most of the time it's overkill. | |||
| * | Don't auto-create home directories when adding system users. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | | Unlike adduser(8), ansible's 'user' module copies skeletal configuration files even for system users (unless called with createhome=no). | |||
| * | Ansible automatically creates parent directories. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | ||||
| * | Use Debian's usual location for static web content. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | Hence put the CSS and fonts under /usr/share/. | |||
| * | Make the *_maps file names uniform. | Guilhem Moulin | 2015-06-07 | 1 | 
| | | | | | That is, don't put a leading virtual_ or a trailing _maps in file names. | |||
| * | Mailing lists (using mlmmj). | Guilhem Moulin | 2015-06-07 | 3 | 
| Right now the list server cannot be hosted with a MX, due to bug 51: http://mlmmj.org/bugs/bug.php?id=51 Web archive can be compiled with MHonArc, but the web server configuration is not there yet. | ||||
