summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFiles
* slapd monitoring.Guilhem Moulin2015-06-106
| | | | | We don't use the provided 'slapd_' Munin plugin because it doesn't support SASL binds.
* Configure munin nodes & master.Guilhem Moulin2015-06-1039
| | | | | Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
* Don't assume that Postfix queue ID are always 10-digits long.Guilhem Moulin2015-06-101
|
* Prefer 302 over 301 redirections.Guilhem Moulin2015-06-101
|
* Add references to bug reports.Guilhem Moulin2015-06-102
|
* Dovecot: Collect IMAP statistics.Guilhem Moulin2015-06-104
|
* Allow 'vmail' users with a UID lower than 500.Guilhem Moulin2015-06-102
| | | | Fix regression introduced in f7c8011.
* Provide Thunderbird autoconfiguration.Guilhem Moulin2015-06-073
| | | | | | | References: - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration - https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration/FileFormat/HowTo - https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
* Remove ‘:’ from the list of valid chars in wiki filenames.Guilhem Moulin2015-06-071
| | | | | | | | | | Because it's interpreted weirdly by Image::Magick: $ identify 'Screenshot_from_2015-02-23_18:59:48-extract.png[0]' identify: no decode delegate for this image format `59\' @ error/constitute.c/ReadImage/501. $ mv 'Screenshot_from_2015-02-23_18:59:48-extract.png' screenshot.png $ identify 'screenshot.png[0]' screenshot.png[0]=>screenshot.png PNG 453x122 453x122+0+0 8-bit sRGB 11.2KB 0.000u 0:00.000
* Fix log filenames for lists.f.o.Guilhem Moulin2015-06-071
|
* wiki: enable comments in the tracker.Guilhem Moulin2015-06-072
|
* Change slapd dump filenames.Guilhem Moulin2015-06-071
| | | | E.g., ‘0.ldif’ → ‘slapd-0.ldif’.
* Fix bacula priorities.Guilhem Moulin2015-06-071
|
* Add a reserved domain 'discard.fripost.org' to discard messages.Guilhem Moulin2015-06-074
| | | | | ‘noreply@’ aliases can be added by routing them to ‘@discard.fripost.org’.
* Make the webmail connect directly to the outgoing SMTP proxy.Guilhem Moulin2015-06-078
| | | | | (Hence delete the 'webmail' Postfix instance.) This shortens the delay caused by the recipient verification probes.
* Use recipient address verification probes.Guilhem Moulin2015-06-074
| | | | | | | This is specially useful for mailing lists and the webmail, since it prevents our outgoing gateway from accepting mails known to be bouncing. However the downside is that it adds a delay of up to 6s after the RCPT TO command.
* Rename imap.conf → roundcube.confGuilhem Moulin2015-06-072
|
* VERP management.Guilhem Moulin2015-06-071
|
* Configure Bacula File Daemon / Storage Daemon / Director.Guilhem Moulin2015-06-0720
| | | | | Using client-side data signing/encryption and wrapping inter-host communication into stunnel.
* wibbleGuilhem Moulin2015-06-071
|
* Restart services when updating systemd unit files.Guilhem Moulin2015-06-073
|
* firewall: allow 127.0.0.1/8 on lo.Guilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-071
|
* genkeypair.sh: Merge privkey and pubkey for identical filekeys.Guilhem Moulin2015-06-071
| | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR.
* rkhunter: Allow hidden dir /etc/.javaGuilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-072
|
* SQL: Set empty passwords for auth_socket authentication.Guilhem Moulin2015-06-073
|
* stunnel.conf → imap.confGuilhem Moulin2015-06-072
|
* Add a redirection www.fripost.org → fripost.org.Guilhem Moulin2015-06-071
|
* Also distribute material and minutes.Guilhem Moulin2015-06-071
|
* gitweb workaround encoding issues in FCGI mode.Guilhem Moulin2015-06-073
|
* typoGuilhem Moulin2015-06-071
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Prefer '/usr/sbin/nologin' over '/bin/false' for system users.Guilhem Moulin2015-06-073
|
* Configure ikiwiki (website + wiki).Guilhem Moulin2015-06-077
|
* Git (gitolite + git-http-backend + gitweb) configurationGuilhem Moulin2015-06-079
| | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details.
* Install CAcert.org root certificates.Guilhem Moulin2015-06-071
| | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package.
* typoGuilhem Moulin2015-06-072
|
* Enforce "strong" authentication and FPS in LDAP.Guilhem Moulin2015-06-071
| | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds.
* Upgrade the webmail configuration from Wheezy to Jessie.Guilhem Moulin2015-06-076
|
* Upgrade the MX configuration from Wheezy to Jessie.Guilhem Moulin2015-06-0711
| | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed.
* logjam mitigation.Guilhem Moulin2015-06-0710
|
* More logcheck-database tweaks.Guilhem Moulin2015-06-073
|
* Don't restart sympa on logrotate.Guilhem Moulin2015-06-071
| | | | This is unnecessary since it uses syslog.
* typoGuilhem Moulin2015-06-071
|
* wibbleGuilhem Moulin2015-06-071
|
* typoGuilhem Moulin2015-06-071
|
* Allow outgoing HKP and WHOIS traffic on the LDAP provider.Guilhem Moulin2015-06-071
|
* Allow outgoing SSH traffic.Guilhem Moulin2015-06-071
|
* Add wildcard Pin version in apt preferences.Guilhem Moulin2015-06-071
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 08:11:26 +0000