Thomas Buck
029bbca332
various fixes. noreply mail account, commento, fathom, postgres.
il y a 3 ans
Thomas Buck
e6bd74153d
creating domain list for letsencrypt dynamically. some other small fixes.
il y a 3 ans
Thomas Buck
37dd16fb67
add sslletsencrypt and sslselfsigned roles for internal servers
il y a 3 ans
Thomas Buck
df70d73549
Rename fathom subdomain to stats and make it a variable.
il y a 5 ans
Thomas Buck
17ae1906ee
Add iot role with grafana task
il y a 5 ans
Thomas Buck
30832be156
Add Commento to blog task and add example index page for webhosting.
il y a 5 ans
Thomas Buck
14dd6202ef
Added Mastodon role
il y a 5 ans
Thomas Buck
d72da6b11b
Add Matrix: Synapse Homeserver and Riot webclient
il y a 5 ans
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
il y a 5 ans
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
il y a 5 ans
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
il y a 5 ans
Thomas Buck
03f37267df
Remove cgit/gitolite git repo hosting
il y a 5 ans
Mike Ashley
fc023dfc31
Clean up merge
Clean up some artifacts from the merge to match the `jessie` branch.
Keep the changes on master made with commits bfe6fe84 and e229c551 .
il y a 8 ans
Dosenpfand
9697cbe6b3
Silence letsencrypt cron output unless there is an error
il y a 8 ans
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
il y a 8 ans
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
il y a 8 ans
Tomas Bedrich
e08acd2deb
Simplified LE renew script
il y a 8 ans
Carl Meyer
579afa68d3
Add comment into letsencrypt-gencert script clarifying why we stop Apache.
il y a 8 ans
Carl Meyer
0abf92734e
Don't stop Apache until we have to; start it again right after.
il y a 8 ans
Carl Meyer
a636a43948
Don't try to execute any non-executable file in LE postrenew dir.
il y a 8 ans
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
il y a 8 ans
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
il y a 8 ans
nodiscc
d876c87e21
bash syntax cleanup
as per discussion in https://github.com/sovereign/sovereign/pull/504
il y a 8 ans
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
il y a 8 ans
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
il y a 8 ans
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
il y a 8 ans
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
il y a 9 ans
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
il y a 9 ans
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
il y a 9 ans
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
il y a 9 ans
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
il y a 8 ans
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
il y a 9 ans
Dan Milon
34f3a483aa
Add SSL stapling cache for apache
Fixes #406
il y a 9 ans
Luke Cyca
08d6827755
New vagrant-based development environment
il y a 11 ans
Allen Riddell
88705bb7fa
Replace ferm with ufw
il y a 11 ans
Alex Payne
a9cabad947
Update etc_ferm_ferm.conf
il y a 11 ans
Allen Riddell
580e3ef5c1
Don't open unused ports
Sovereign does not currently use jabber/xmpp or insecure smtp.
il y a 11 ans
Alex Payne
f27442b678
move tarsnap to its own role
il y a 11 ans
Alex Payne
080d38986c
first commit
il y a 11 ans