summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Expand)AuthorAgeFiles
...
* Postfix MX/MSA instances: put certs in the the instance's $config_directory.Guilhem Moulin2016-07-105
* Postfix MX/MSA instances: don't ask the remote SMTP client for a client certi...Guilhem Moulin2016-07-102
* Postfix: avoid hardcoding the instance names.Guilhem Moulin2016-07-102
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-1012
* postfix: Don't explicitly set inet_interfaces=all as it's the default.Guilhem Moulin2016-07-105
* Change the pubkey extension from .pem to .pub.Guilhem Moulin2016-07-107
* Route SMTP traffic from the webmail through IPsec.Guilhem Moulin2016-07-108
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* Localize the NTP pool hostnames.Guilhem Moulin2016-07-091
* Localize the debian archive hostnames.Guilhem Moulin2016-07-091
* ClamAV (FreshClam): use a localized Database Mirror.Guilhem Moulin2016-07-092
* IMAP: don't include mailbox under the virtual namespace in LIST responses.Guilhem Moulin2016-07-062
* dovecot: use the MSA postfix instance for sieve redirection.Guilhem Moulin2016-07-012
* IPSec → IPsecGuilhem Moulin2016-06-295
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* Postfix MSA: don't allow unauthenticated clients from $mynetworks.Guilhem Moulin2016-06-291
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-157
* Rename letsencrypt-tiny to lacme.Guilhem Moulin2016-06-157
* wwsympa systemd service file: Set PrivateTmp=yes.Guilhem Moulin2016-06-071
* clamav: Don't set obsolete option 'AllowSupplementaryGroups'.Guilhem Moulin2016-06-051
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-055
* postfix: rotate the sender address for verify probes.Guilhem Moulin2016-06-022
* Remove the IMAP caching proxy.Guilhem Moulin2016-05-2810
* Roundcube: route IMAP and managesieve traffic through IPSec.Guilhem Moulin2016-05-282
* Roundcube: add a link to our webpage as support URL.Guilhem Moulin2016-05-241
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243
* dovecot: don't listen on the IP dedicated for IPSec when there is a single host.Guilhem Moulin2016-05-231
* Roundcube: add a warning regarding IMAP hostname change.Guilhem Moulin2016-05-231
* Dovecot imapc: use the version from jessie-backports.Guilhem Moulin2016-05-237
* Dovecot imapc: don't hardcode the master IMAP server's IP.Guilhem Moulin2016-05-233
* Dovecot imapc: change imapproxy's homedir from /home/imapproxy to /var/lib/im...Guilhem Moulin2016-05-222
* dovecot: also listen on the virtual IP dedicated to IPSec.Guilhem Moulin2016-05-222
* spamassassin: list our IPSec subnet in trusted_networks.Guilhem Moulin2016-05-223
* IMAP proxy: copy only the leaf cert, not the whole chain.Guilhem Moulin2016-05-221
* wiki.fripost.org CSP: allow inline styles/scripts, and form actions to Paypal.Guilhem Moulin2016-05-221
* wiki: replace the formatting engine from Markdown.pl to pandocGuilhem Moulin2016-05-223
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-2215
* Fix munin-cgi-graph systemd service file.Guilhem Moulin2016-05-222
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-2211
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-2213
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-187
* postfix: unset 'smtpd_tls_session_cache_database'.Guilhem Moulin2016-05-185
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-188
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-183
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-1813