Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Sympa: Update Content-Security-Policy. | Guilhem Moulin | 2024-09-08 | 1 |
| | ||||
* | Sympa: Enable French support. | Guilhem Moulin | 2024-06-12 | 1 |
| | | | | Cf. msgid=<c368f04c-b8d1-4623-98f0-b6a3b724f90d@dubre.me>. | |||
* | Sympa: Update robot.conf to fix HTTP 421 on virtual hosts. | Guilhem Moulin | 2023-01-13 | 3 |
| | | | | | | See https://github.com/sympa-community/sympa/issues/879 , https://www.sympa.community/manual/upgrade/notes.html#from-version-prior-to-6256 and https://www.sympa.community/gpldoc/man/sympa_config.5.html#wwsympa_url_local . | |||
* | Remove module ‘mysql_user2’. | Guilhem Moulin | 2022-10-11 | 1 |
| | | | | These days upstream's ‘mysql_user’ is good enough. | |||
* | Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’. | Guilhem Moulin | 2022-10-11 | 1 |
| | | | | | | | This silences the following deprecation warning: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. | |||
* | Postfix: Install -lmdb in all roles using db=lmdb. | Guilhem Moulin | 2020-05-21 | 1 |
| | | | | | | And drop -ldap from all roles other than MX. -lmdb is included in roles/common but it can be helpful to have it individual roles as well as they can be run individually. | |||
* | nginx: Add Expires: HTTP headers. | Guilhem Moulin | 2020-05-17 | 1 |
| | ||||
* | lists.fripost.org: Improve gzip support. | Guilhem Moulin | 2020-05-17 | 1 |
| | ||||
* | wwsympa.service: Use existing directory /run/sympa. | Guilhem Moulin | 2020-05-16 | 1 |
| | | | | | We shouldn't use RuntimeDirectory to create it anew because is belongs to the Sympa daemon and WWSympa looks up for PID files in there. | |||
* | sympa.conf: remove deprecated options. | Guilhem Moulin | 2020-05-16 | 1 |
| | ||||
* | antilop: Upgrade baseline to Debian 10. | Guilhem Moulin | 2020-05-16 | 3 |
| | ||||
* | systemd.service: Tighten hardening options. | Guilhem Moulin | 2018-12-09 | 1 |
| | ||||
* | Upgrade 'lists' role to Debian Stretch. | Guilhem Moulin | 2018-12-09 | 7 |
| | ||||
* | systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’. | Guilhem Moulin | 2018-12-09 | 1 |
| | | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’. | |||
* | postfix: remove explicit default 'mail_owner = postfix'. | Guilhem Moulin | 2018-12-06 | 1 |
| | ||||
* | Upgrade syntax to Ansible 2.7 (apt module). | Guilhem Moulin | 2018-12-03 | 3 |
| | ||||
* | Postfix: replace cdb & btree tables with lmdb ones. | Guilhem Moulin | 2018-12-03 | 2 |
| | | | | Cf. lmdb_table(5). | |||
* | sympa: wibble | Guilhem Moulin | 2018-04-04 | 1 |
| | ||||
* | Upgrade syntax to Ansible 2.4. | Guilhem Moulin | 2017-11-23 | 1 |
| | ||||
* | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 1 |
| | ||||
* | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 3 |
| | ||||
* | Install more sympa dependencies. | Guilhem Moulin | 2017-05-29 | 1 |
| | ||||
* | Change group of executables in /usr/local/{bin,sbin} from root to staff. | Guilhem Moulin | 2017-05-14 | 2 |
| | ||||
* | sympa: don't tweak /etc/logrotate.d/sympa. | Guilhem Moulin | 2017-05-14 | 1 |
| | ||||
* | wwsympa: allow write access to /var/spool/sympa. | Guilhem Moulin | 2017-05-14 | 1 |
| | | | | Request to post and moderate messages using the web interface. | |||
* | nginx: add support for HTTP/2. | Guilhem Moulin | 2016-12-13 | 1 |
| | ||||
* | systemd: Ensure sympa service is enabled. | Guilhem Moulin | 2016-09-18 | 1 |
| | ||||
* | postfix: Remove obsolete templates tls_policy/relay_clientcerts. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | postfix: commit the master.cf symlinks. | Guilhem Moulin | 2016-07-12 | 1 |
| | ||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 3 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Postfix lists/MDA instances: only include the MX:es' IPs in $mynetworks. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Route all internal SMTP traffic through IPsec. | Guilhem Moulin | 2016-07-10 | 2 |
| | ||||
* | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 2 |
| | ||||
* | postfix: Don't explicitly set inet_interfaces=all as it's the default. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | Change the pubkey extension from .pem to .pub. | Guilhem Moulin | 2016-07-10 | 1 |
| | ||||
* | certs/public: fetch each cert's pubkey (SPKI), not the cert itself. | Guilhem Moulin | 2016-06-15 | 1 |
| | | | | To avoid new commits upon cert renewal. | |||
* | wwsympa systemd service file: Set PrivateTmp=yes. | Guilhem Moulin | 2016-06-07 | 1 |
| | | | | The CGI wants to create a temp file during bulk subcription. | |||
* | postfix: Update to recommended TLS settings. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | | Following Viktor Dukhovni's 2015-08-06 recommendation http://article.gmane.org/gmane.mail.postfix.user/251935 (We're using stronger ciphers and protocols in our own infrastructure.) | |||
* | postfix: unset 'smtpd_tls_session_cache_database'. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | Following Viktor Dukhovni's 2015-08-06 recommendation for Postfix >= 2.11 http://article.gmane.org/gmane.mail.postfix.user/251935 | |||
* | Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public. | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | | | | | Ideally we we should also increase the Diffie-Hellman group size from 2048-bit to 3072-bit, as per ENISA 2014 report. https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014 But we postpone that for now until we are reasonably certain that older client won't be left out. | |||
* | Add an ansible module 'fetch_cmd' to fetch the output of a remote command ↵ | Guilhem Moulin | 2016-05-18 | 1 |
| | | | | | | locally. And use this to fetch all X.509 leaf certificates. | |||
* | Add hardening options to our systemd unit files. | Guilhem Moulin | 2016-05-12 | 1 |
| | ||||
* | Set a HPKP on the webmail, website/wiki/git and list manager. | Guilhem Moulin | 2016-04-01 | 1 |
| | ||||
* | Set a CSP on the webmail, website/wiki and list manager. | Guilhem Moulin | 2016-04-01 | 1 |
| | ||||
* | Set HTTP security headers. | Guilhem Moulin | 2016-03-30 | 1 |
| | | | | See https://securityheaders.io . | |||
* | Remove SMTP message size limit on non public MTAs. | Guilhem Moulin | 2016-03-21 | 1 |
| | ||||
* | Let's Encrypt | Guilhem Moulin | 2016-03-02 | 1 |
| | ||||
* | Upgrade playbooks to Ansible 2.0. | Guilhem Moulin | 2016-02-12 | 2 |
| | ||||
* | Update all Fripost links from http:// to https://. | Guilhem Moulin | 2015-12-28 | 1 |
| | ||||
* | Use the Let's Encrypt CA for our public certs. | Guilhem Moulin | 2015-12-20 | 2 |
| |