summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFiles
...
* Add a redirection www.fripost.org → fripost.org.Guilhem Moulin2015-06-071
|
* Also distribute material and minutes.Guilhem Moulin2015-06-071
|
* gitweb workaround encoding issues in FCGI mode.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Prefer '/usr/sbin/nologin' over '/bin/false' for system users.Guilhem Moulin2015-06-073
|
* Configure ikiwiki (website + wiki).Guilhem Moulin2015-06-077
|
* Git (gitolite + git-http-backend + gitweb) configurationGuilhem Moulin2015-06-079
| | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details.
* Install CAcert.org root certificates.Guilhem Moulin2015-06-071
| | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package.
* typoGuilhem Moulin2015-06-072
|
* Enforce "strong" authentication and FPS in LDAP.Guilhem Moulin2015-06-071
| | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds.
* Upgrade the webmail configuration from Wheezy to Jessie.Guilhem Moulin2015-06-076
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-0711
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* logjam mitigation.Guilhem Moulin2015-06-0710
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Don't restart sympa on logrotate.Guilhem Moulin2015-06-071
| | | | This is unnecessary since it uses syslog.
* typoGuilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Allow outgoing HKP and WHOIS traffic on the LDAP provider.Guilhem Moulin2015-06-071
|
* Allow outgoing SSH traffic.Guilhem Moulin2015-06-071
|
* Add wildcard Pin version in apt preferences.Guilhem Moulin2015-06-071
|
* Don't instal smartd on KVM guests.Guilhem Moulin2015-06-071
|
* Upgrade the common package list.Guilhem Moulin2015-06-072
|
* Add a 'root' alias to root@fripost.org.Guilhem Moulin2015-06-071
|
* Upgrade samhain config to Jessie.Guilhem Moulin2015-06-071
|
* Upgrade custom logcheck-database to Jessie.Guilhem Moulin2015-06-071
|
* Fix tab damage.Guilhem Moulin2015-06-071
|
* Upgrade rkhunter config to Jessie.Guilhem Moulin2015-06-072
|
* Upgrade amavis config to Jessie.Guilhem Moulin2015-06-074
|
* Upgrade Postfix config to Jessie (MSA & outgoing proxy).Guilhem Moulin2015-06-073
|
* Upgrade Dovecot config to Jessie.Guilhem Moulin2015-06-0713
|
* Configure the list manager (Sympa).Guilhem Moulin2015-06-0725
|
* Upgrade the LDAP config to Jessie.Guilhem Moulin2015-06-075
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Enable the use of git:// clients.Guilhem Moulin2015-06-071
|
* Disable rsyslog's rate-limiting.Guilhem Moulin2015-06-071
| | | | The default for rsyslog v7, but not for rsyslog v5.
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Don't make Roundcube add a 'X-Sender' header with the sender's identity.Guilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-073
|
* Roundcube's 'password' plugin.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* Key usage 'keyCertSign' is required for self-signed certificates.Guilhem Moulin2015-06-072
|
* Add a keyring and alternative contact to the LDAP DIT.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* wibbleGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Remove reject_unknown_sender_domain from the MDA and outgoing SMTP.Guilhem Moulin2015-06-072
| | | | | | | | | | We already removed it from the MX:es (see 32e605d4); we need to remove it from the MDA and outgoing SMTP as well, otherwise mails could bounce or get stuck in the middle (the're rejected with 450: deferred by default). However we can keep the restriction on the entry points (MSA and webmail).
* More logcheck-database tweaks.Guilhem Moulin2015-06-072
|
* Amavis is logging to syslog with severity 'notice'.Guilhem Moulin2015-06-071
|