summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFiles
...
* logcheck: Match only hexdigits in postfix queue ID.Guilhem Moulin2015-06-191
|
* Match IPv6 addresses in logcheck rules.Guilhem Moulin2015-06-191
|
* Use 'double-bounce@fripost.org' as envelope sender for verification probes.Guilhem Moulin2015-06-112
|
* Don't bounce unverified recipients upon 4xx errors.Guilhem Moulin2015-06-113
| | | | | | | We don't want to bounce messages for which the recipient(s)' MTA replies 451 due to some greylisting in place. We would like to accept 451 alone, but unfortunately it's not possible to bounce unverified recipients due to DNS or networking errors.
* Set a rootdn on cn=Monitor.Guilhem Moulin2015-06-111
|
* Use a single LDAP connection per Munin round to collect slapd statistics.Guilhem Moulin2015-06-114
| | | | Using multigraphs instead.
* More logcheck-database tweaks.Guilhem Moulin2015-06-103
|
* gitweb: Explicitely install FCGI.Guilhem Moulin2015-06-101
|
* slapd monitoring.Guilhem Moulin2015-06-106
| | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds.
* Configure munin nodes & master.Guilhem Moulin2015-06-1039
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Prefer 302 over 301 redirections.Guilhem Moulin2015-06-101
|
* Add references to bug reports.Guilhem Moulin2015-06-102
|
* Dovecot: Collect IMAP statistics.Guilhem Moulin2015-06-104
|
* Allow 'vmail' users with a UID lower than 500.Guilhem Moulin2015-06-102
| | | | Fix regression introduced in f7c8011.
* Provide Thunderbird autoconfiguration.Guilhem Moulin2015-06-073
| | | | | | | References: - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo - https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
* Remove ‘:’ from the list of valid chars in wiki filenames.Guilhem Moulin2015-06-071
| | | | | | | | | | Because it's interpreted weirdly by Image::Magick: $ identify 'Screenshot_from_2015-02-23_18:59:48-extract.png[0]' identify: no decode delegate for this image format `59\' @ error/constitute.c/ReadImage/501. $ mv 'Screenshot_from_2015-02-23_18:59:48-extract.png' screenshot.png $ identify 'screenshot.png[0]' screenshot.png[0]=>screenshot.png PNG 453x122 453x122+0+0 8-bit sRGB 11.2KB 0.000u 0:00.000
* Fix log filenames for lists.f.o.Guilhem Moulin2015-06-071
|
* wiki: enable comments in the tracker.Guilhem Moulin2015-06-072
|
* Change slapd dump filenames.Guilhem Moulin2015-06-071
| | | | E.g., ‘0.ldif’ → ‘slapd-0.ldif’.
* Fix bacula priorities.Guilhem Moulin2015-06-071
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-074
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-078
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-074
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* Rename imap.conf → roundcube.confGuilhem Moulin2015-06-072
|
* VERP management.Guilhem Moulin2015-06-071
|
* Configure Bacula File Daemon / Storage Daemon / Director.Guilhem Moulin2015-06-0720
| | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel.
* wibbleGuilhem Moulin2015-06-071
|
* Restart services when updating systemd unit files.Guilhem Moulin2015-06-073
|
* firewall: allow 127.0.0.1/8 on lo.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* genkeypair.sh: Merge privkey and pubkey for identical filekeys.Guilhem Moulin2015-06-071
| | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR.
* rkhunter: Allow hidden dir /etc/.javaGuilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-072
|
* SQL: Set empty passwords for auth_socket authentication.Guilhem Moulin2015-06-073
|
* stunnel.conf → imap.confGuilhem Moulin2015-06-072
|
* Add a redirection www.fripost.org → fripost.org.Guilhem Moulin2015-06-071
|
* Also distribute material and minutes.Guilhem Moulin2015-06-071
|
* gitweb workaround encoding issues in FCGI mode.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Prefer '/usr/sbin/nologin' over '/bin/false' for system users.Guilhem Moulin2015-06-073
|
* Configure ikiwiki (website + wiki).Guilhem Moulin2015-06-077
|
* Git (gitolite + git-http-backend + gitweb) configurationGuilhem Moulin2015-06-079
| | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details.
* Install CAcert.org root certificates.Guilhem Moulin2015-06-071
| | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package.
* typoGuilhem Moulin2015-06-072
|
* Enforce "strong" authentication and FPS in LDAP.Guilhem Moulin2015-06-071
| | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds.
* Upgrade the webmail configuration from Wheezy to Jessie.Guilhem Moulin2015-06-076
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-0711
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* logjam mitigation.Guilhem Moulin2015-06-0710
|