summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Expand)AuthorAgeFiles
* certs/public: fetch each cert's pubkey (SPKI), not the cert itself.Guilhem Moulin2016-06-157
* Rename letsencrypt-tiny to lacme.Guilhem Moulin2016-06-157
* wwsympa systemd service file: Set PrivateTmp=yes.Guilhem Moulin2016-06-071
* clamav: Don't set obsolete option 'AllowSupplementaryGroups'.Guilhem Moulin2016-06-051
* Use stunnel to secure the connection from the webmail to ldap.fripost.org.Guilhem Moulin2016-06-055
* postfix: rotate the sender address for verify probes.Guilhem Moulin2016-06-022
* Remove the IMAP caching proxy.Guilhem Moulin2016-05-2810
* Roundcube: route IMAP and managesieve traffic through IPSec.Guilhem Moulin2016-05-282
* Roundcube: add a link to our webpage as support URL.Guilhem Moulin2016-05-241
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-243
* dovecot: don't listen on the IP dedicated for IPSec when there is a single host.Guilhem Moulin2016-05-231
* Roundcube: add a warning regarding IMAP hostname change.Guilhem Moulin2016-05-231
* Dovecot imapc: use the version from jessie-backports.Guilhem Moulin2016-05-237
* Dovecot imapc: don't hardcode the master IMAP server's IP.Guilhem Moulin2016-05-233
* Dovecot imapc: change imapproxy's homedir from /home/imapproxy to /var/lib/im...Guilhem Moulin2016-05-222
* dovecot: also listen on the virtual IP dedicated to IPSec.Guilhem Moulin2016-05-222
* spamassassin: list our IPSec subnet in trusted_networks.Guilhem Moulin2016-05-223
* IMAP proxy: copy only the leaf cert, not the whole chain.Guilhem Moulin2016-05-221
* wiki.fripost.org CSP: allow inline styles/scripts, and form actions to Paypal.Guilhem Moulin2016-05-221
* wiki: replace the formatting engine from Markdown.pl to pandocGuilhem Moulin2016-05-223
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-2215
* Fix munin-cgi-graph systemd service file.Guilhem Moulin2016-05-222
* Tunnel munin-update traffic through IPSec.Guilhem Moulin2016-05-2211
* Tunnel internal NTP traffic through IPSec.Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-2213
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-187
* postfix: unset 'smtpd_tls_session_cache_database'.Guilhem Moulin2016-05-185
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-188
* postfix: disable weak ciphers for the 'encrypt' TLS security level.Guilhem Moulin2016-05-183
* Add an ansible module 'fetch_cmd' to fetch the output of a remote command loc...Guilhem Moulin2016-05-1813
* dovecot imapc: wibbleGuilhem Moulin2016-05-172
* roundube: Pin X.509 certificate for sieve.fripost.org:4190.Guilhem Moulin2016-05-172
* bacula: Set heartbeat options.Guilhem Moulin2016-05-126
* bacula-sd: wibbleGuilhem Moulin2016-05-121
* bacula-dir: Fix Reschedule Interval from 17 months to 17 mins.Guilhem Moulin2016-05-121
* MySQL: set flush InnoDB flush method to 'O_DIRECT'Guilhem Moulin2016-05-121
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-126
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-1226
* Roundcube's CSP: remove 'upgrade-insecure-requests' and 'block-all-mixed-cont...Guilhem Moulin2016-04-081
* Roundcube's CSP: allow loading images from data: URIs and arbitrary URLs.Guilhem Moulin2016-04-071
* nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation.Guilhem Moulin2016-04-021
* Set frame-ancestors from 'none' to 'self' in roundcube's CSP.Guilhem Moulin2016-04-021
* wibbleGuilhem Moulin2016-04-023
* Set a HPKP on the webmail, website/wiki/git and list manager.Guilhem Moulin2016-04-015
* Set a CSP on the webmail, website/wiki and list manager.Guilhem Moulin2016-04-015
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301