summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Expand)AuthorAgeFiles
...
* bacula-dir: Fix Reschedule Interval from 17 months to 17 mins.Guilhem Moulin2016-05-121
* MySQL: set flush InnoDB flush method to 'O_DIRECT'Guilhem Moulin2016-05-121
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-126
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-1226
* Roundcube's CSP: remove 'upgrade-insecure-requests' and 'block-all-mixed-cont...Guilhem Moulin2016-04-081
* Roundcube's CSP: allow loading images from data: URIs and arbitrary URLs.Guilhem Moulin2016-04-071
* nginx: update ssl_ciphers to follow Mozilla's TLS server recommendation.Guilhem Moulin2016-04-021
* Set frame-ancestors from 'none' to 'self' in roundcube's CSP.Guilhem Moulin2016-04-021
* wibbleGuilhem Moulin2016-04-023
* Set a HPKP on the webmail, website/wiki/git and list manager.Guilhem Moulin2016-04-015
* Set a CSP on the webmail, website/wiki and list manager.Guilhem Moulin2016-04-015
* sysctl: don't set IPv6 privacy extensions globaly.Guilhem Moulin2016-04-011
* sysctl: set net.ipv6.conf.all.accept_ra = 0.Guilhem Moulin2016-03-301
* Set HTTP security headers.Guilhem Moulin2016-03-309
* Replace LE's X1 intermediate CA with X3 since the latter has better support f...Guilhem Moulin2016-03-281
* munin-master CGI: add application-level ACLs to keep non-local users at bay.Guilhem Moulin2016-03-211
* Remove SMTP message size limit on non public MTAs.Guilhem Moulin2016-03-213
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
* Let's Encrypt: Only reload (as opposed to restart) postfix/nginx after renewi...Guilhem Moulin2016-03-051
* Amavis: use the LMTP protocol in the policy banks.Guilhem Moulin2016-03-031
* Let's EncryptGuilhem Moulin2016-03-0212
* cgit: Create cache directory /var/cache/cgitGuilhem Moulin2016-03-021
* Ansible: Using bare variables is deprecated, and will be removed in a future ...Guilhem Moulin2016-03-024
* More logcheck-database tweaks.Guilhem Moulin2016-02-171
* s/ansible_ssh_/ansible_/Guilhem Moulin2016-02-122
* Upgrade playbooks to Ansible 2.0.Guilhem Moulin2016-02-1223
* Update all Fripost links from http:// to https://.Guilhem Moulin2015-12-283
* Only install letsencrypt-tiny to the relevant hosts.Guilhem Moulin2015-12-282
* Fix Let's Encrypt CAfile.Guilhem Moulin2015-12-281
* Copy and install Let's Encrypt ACME client.Guilhem Moulin2015-12-201
* Use the Let's Encrypt CA for our public certs.Guilhem Moulin2015-12-2019
* nginx: Move include.d/* to snippets/.Guilhem Moulin2015-12-2012
* More logcheck-database tweaks.Guilhem Moulin2015-12-152
* dovecot: remove !SSLv2 from ssl_cipher_list.Guilhem Moulin2015-12-151
* nginx: s/conf.d/include.d/Guilhem Moulin2015-12-157
* wibbleGuilhem Moulin2015-12-092
* ngnix: mv ssl/config conf.d/sslGuilhem Moulin2015-12-097
* typoGuilhem Moulin2015-12-041
* Postfix TLS policy: Store the fingerprint of the cert's pubkey, not of the ce...Guilhem Moulin2015-12-034
* Use a dedicated subdomain for ManageSieve.Guilhem Moulin2015-12-031
* Automatically fetch X.509 certificates, and add them to git.Guilhem Moulin2015-12-037
* More logcheck-database tweaks.Guilhem Moulin2015-12-011
* dovecot-sieve: Enable the 'editheader' extension (5293).Guilhem Moulin2015-11-261
* More logcheck-database tweaks.Guilhem Moulin2015-11-121
* nginx: adjust expiration date for static content.Guilhem Moulin2015-10-303
* ikiwiki: Also install Authen::Passphrase.Guilhem Moulin2015-10-281
* Internal Postfix config: Generate RSA 4096 keys by default.Guilhem Moulin2015-10-281
* genkeypair: use install(1) for atomic file creation with permission mode.Guilhem Moulin2015-10-283
* Internal Postfix config: Disable TLS protocols <1.2 rather than enable 1.2 only.Guilhem Moulin2015-10-271
* Roundcube managesieve SSL options: use AESGCM and disable compression.Guilhem Moulin2015-10-271