sovereign

Tekijä	SHA1	Viesti	Päivämäärä
Thomas Buck	37dd16fb67	add sslletsencrypt and sslselfsigned roles for internal servers	3 vuotta sitten
Thomas Buck	8b83bd66b1	Properly setup hostname	5 vuotta sitten
Thomas Buck	4ab56bdf6e	Added gitea	5 vuotta sitten
Thomas Buck	bad2e4f9a1	Add tmux to common programs. Generate german locale. Remove unneeded empty lines.	5 vuotta sitten
Brett Haines	eddcdd7993	Updating fail2ban jail list	6 vuotta sitten
Tomas Bedrich	3efc7ae54e	Allowed SSH agent forwarding when using sudo	7 vuotta sitten
Tomas Bedrich	7a399d45ca	Fix SSH connections to Github	8 vuotta sitten
Dosenpfand	f2c14dd911	Remove unneeded/deprecated apache configuration	8 vuotta sitten
Carl Meyer	60855eda70	Fix typo in fail2ban config for dovecot.	8 vuotta sitten
Mike Ashley	4a33ebecdc	Add non-interactive to LE client options Depending on when the client is run, there are no certificates to update. By default, the client runs in interactive mode and wants to notify the user of this. This causes Ansible to hang waiting for an acknowledgement that will never come. Adding the non-interactive flag fixes this.	8 vuotta sitten
Carl Meyer	b93deb9411	Remove stray + prefix in sudoers file.	8 vuotta sitten
Mike Ashley	2ad6f78e45	Address incomplete chain error Fix Apache's configuration for version 2.4.8 and above. See https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903	8 vuotta sitten
Mike Ashley	7bb523950e	Draft design description for Let's Encrypt support	8 vuotta sitten
Mike Ashley	8e1d473027	Use Let's Encrypt for generating site certificates This method uses Subjective Alternative Names (SANs) to get one certificate for all the subdomains that Sovereign employs, whether or not the user configured their site with the roles.	8 vuotta sitten
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	8 vuotta sitten
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	8 vuotta sitten
fengor	e63661f982	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	8 vuotta sitten
fengor	b368984641	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	8 vuotta sitten
Alex Payne	290a3b4312	Remove wheezy-specific Apache SSL config omission	8 vuotta sitten
Will McCutchen	1be1afe1ff	Disable SSL stapling on wheezy	9 vuotta sitten
Will McCutchen	16b66cc849	Define apache SSL config in one place	9 vuotta sitten
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	9 vuotta sitten
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	9 vuotta sitten
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	9 vuotta sitten
Marius Voila	ec69fef60c	removed old template	9 vuotta sitten
Marius Voila	2ae2c3683c	removed template and implemented logic	9 vuotta sitten
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	9 vuotta sitten
Marius Voila	67e1bf0fc3	fail2ban support for Trusty	9 vuotta sitten
Marius Voila	e62bd7c71a	fail2ban support for Trusty	9 vuotta sitten
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 vuotta sitten
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 vuotta sitten
Joost Baaij	ae2e74bb79	make NTP pool configurable use the world-wide pool by default, but specify north-america in user.yml. Also, documentation. This way Sovereign will still behave the same, but the NTP servers can be changed when desired.	10 vuotta sitten
Joost Baaij	715399a2f1	added pop3s and imaps ports to fail2ban. Otherwise only pop and imap (un-secured) are blocked. Which we don't use.	10 vuotta sitten
Mark Paschal	10aff54015	Only ban in response to fail2ban results Don't mail them individually to the destemail. The destemail setting is thus no longer used, but let's set it anyway to be clear where it will mail if you change the action back.	10 vuotta sitten
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	10 vuotta sitten
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	10 vuotta sitten
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	10 vuotta sitten
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	10 vuotta sitten
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	10 vuotta sitten
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	10 vuotta sitten
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	10 vuotta sitten
Alex Payne	080d38986c	first commit	10 vuotta sitten

45 Commitit (master)