index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
Commit message (
Expand
)
Author
Age
Files
*
certs/public: fetch each cert's pubkey (SPKI), not the cert itself.
Guilhem Moulin
2016-06-15
7
*
Rename letsencrypt-tiny to lacme.
Guilhem Moulin
2016-06-15
7
*
wwsympa systemd service file: Set PrivateTmp=yes.
Guilhem Moulin
2016-06-07
1
*
clamav: Don't set obsolete option 'AllowSupplementaryGroups'.
Guilhem Moulin
2016-06-05
1
*
Use stunnel to secure the connection from the webmail to ldap.fripost.org.
Guilhem Moulin
2016-06-05
5
*
postfix: rotate the sender address for verify probes.
Guilhem Moulin
2016-06-02
2
*
Remove the IMAP caching proxy.
Guilhem Moulin
2016-05-28
10
*
Roundcube: route IMAP and managesieve traffic through IPSec.
Guilhem Moulin
2016-05-28
2
*
Roundcube: add a link to our webpage as support URL.
Guilhem Moulin
2016-05-24
1
*
typo
Guilhem Moulin
2016-05-24
1
*
IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.
Guilhem Moulin
2016-05-24
3
*
dovecot: don't listen on the IP dedicated for IPSec when there is a single host.
Guilhem Moulin
2016-05-23
1
*
Roundcube: add a warning regarding IMAP hostname change.
Guilhem Moulin
2016-05-23
1
*
Dovecot imapc: use the version from jessie-backports.
Guilhem Moulin
2016-05-23
7
*
Dovecot imapc: don't hardcode the master IMAP server's IP.
Guilhem Moulin
2016-05-23
3
*
Dovecot imapc: change imapproxy's homedir from /home/imapproxy to /var/lib/im...
Guilhem Moulin
2016-05-22
2
*
dovecot: also listen on the virtual IP dedicated to IPSec.
Guilhem Moulin
2016-05-22
2
*
spamassassin: list our IPSec subnet in trusted_networks.
Guilhem Moulin
2016-05-22
3
*
IMAP proxy: copy only the leaf cert, not the whole chain.
Guilhem Moulin
2016-05-22
1
*
wiki.fripost.org CSP: allow inline styles/scripts, and form actions to Paypal.
Guilhem Moulin
2016-05-22
1
*
wiki: replace the formatting engine from Markdown.pl to pandoc
Guilhem Moulin
2016-05-22
3
*
genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...
Guilhem Moulin
2016-05-22
2
*
Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.
Guilhem Moulin
2016-05-22
15
*
Fix munin-cgi-graph systemd service file.
Guilhem Moulin
2016-05-22
2
*
Tunnel munin-update traffic through IPSec.
Guilhem Moulin
2016-05-22
11
*
Tunnel internal NTP traffic through IPSec.
Guilhem Moulin
2016-05-22
2
*
Set up IPSec tunnels between each pair of hosts.
Guilhem Moulin
2016-05-22
13
*
postfix: master.cf wibble
Guilhem Moulin
2016-05-18
1
*
postfix: Update to recommended TLS settings.
Guilhem Moulin
2016-05-18
7
*
postfix: unset 'smtpd_tls_session_cache_database'.
Guilhem Moulin
2016-05-18
5
*
Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.
Guilhem Moulin
2016-05-18
8
*
postfix: disable weak ciphers for the 'encrypt' TLS security level.
Guilhem Moulin
2016-05-18
3
*
Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...
Guilhem Moulin
2016-05-18
13
*
dovecot imapc: wibble
Guilhem Moulin
2016-05-17
2
*
roundube: Pin X.509 certificate for sieve.fripost.org:4190.
Guilhem Moulin
2016-05-17
2
*
bacula: Set heartbeat options.
Guilhem Moulin
2016-05-12
6
*
bacula-sd: wibble
Guilhem Moulin
2016-05-12
1
*
bacula-dir: Fix Reschedule Interval from 17 months to 17 mins.
Guilhem Moulin
2016-05-12
1
*
MySQL: set flush InnoDB flush method to 'O_DIRECT'
Guilhem Moulin
2016-05-12
1
*
Add hardening options to our systemd unit files.
Guilhem Moulin
2016-05-12
6
*
Use systemd unit files for stunnel4.
Guilhem Moulin
2016-05-12
26
*
Roundcube's CSP: remove 'upgrade-insecure-requests' and 'block-all-mixed-cont...
Guilhem Moulin
2016-04-08
1
*
Roundcube's CSP: allow loading images from data: URIs and arbitrary URLs.
Guilhem Moulin
2016-04-07
1
*
nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation.
Guilhem Moulin
2016-04-02
1
*
Set frame-ancestors from 'none' to 'self' in roundcube's CSP.
Guilhem Moulin
2016-04-02
1
*
wibble
Guilhem Moulin
2016-04-02
3
*
Set a HPKP on the webmail, website/wiki/git and list manager.
Guilhem Moulin
2016-04-01
5
*
Set a CSP on the webmail, website/wiki and list manager.
Guilhem Moulin
2016-04-01
5
*
sysctl: don't set IPv6 privacy extensions globaly.
Guilhem Moulin
2016-04-01
1
*
sysctl: set net.ipv6.conf.all.accept_ra = 0.
Guilhem Moulin
2016-03-30
1
[next]