Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Prefix ‘ipaddr’ and ‘ipv4’ with ‘ansible.utils.’. | Guilhem Moulin | 2022-10-11 | 1 |
| | | | | | | | This silences the following deprecation warning: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. | |||
* | stunnel4: Harden and socket-activate. | Guilhem Moulin | 2020-05-18 | 1 |
| | ||||
* | nginx: Don't hard-code the HPKP headers. | Guilhem Moulin | 2016-07-12 | 1 |
| | | | | | Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. | |||
* | Route SMTP traffic from the webmail through IPsec. | Guilhem Moulin | 2016-07-10 | 2 |
| | ||||
* | Roundcube: route IMAP and managesieve traffic through IPSec. | Guilhem Moulin | 2016-05-28 | 1 |
| | ||||
* | roundube: Pin X.509 certificate for sieve.fripost.org:4190. | Guilhem Moulin | 2016-05-17 | 1 |
| | ||||
* | Use systemd unit files for stunnel4. | Guilhem Moulin | 2016-05-12 | 1 |
| | ||||
* | stunnel: disable compression. | Guilhem Moulin | 2015-10-27 | 1 |
| | ||||
* | stunnel: use GCM ciphers only; use SSL options rather than ciphers to ↵ | Guilhem Moulin | 2015-10-27 | 1 |
| | | | | disable protocols. | |||
* | Make roundcube plugin configuration static files. | Guilhem Moulin | 2015-09-29 | 3 |
| | ||||
* | Upgrade Roundcube to 1.1.2. | Guilhem Moulin | 2015-09-24 | 3 |
| | ||||
* | Make the webmail connect directly to the outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes. | |||
* | Use recipient address verification probes. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command. | |||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Tell vim the underlying filetype of templates for syntax highlighting. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Replace IPSec tunnels by app-level ephemeral TLS sessions. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. | |||
* | Outgoing SMTP proxy. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Support boken SMTP clients and LOGIN SASL mechanism. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Assume a DNS entry for each role. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | E.g., ldap.fripost.org, ntp.fripost.org, etc. (Ideally the DNS zone would be provisioned by ansible, too.) It's a bit unclear how to index the subdomains (mx{1,2,3}, etc), though. | |||
* | Don't pass the client information unless necessary. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Don't use IPSec to relay messages to localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Excplicitely make local services run on localhost. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure the webmail. | Guilhem Moulin | 2015-06-07 | 1 |