Tomas Bedrich
e08acd2deb
Simplified LE renew script
8 years ago
Carl Meyer
60855eda70
Fix typo in fail2ban config for dovecot.
8 years ago
Mike Ashley
2243dd73a4
Remove unnecessary ownCloud configuration
The ownCloud configuration file does not get touched. The virtual host
configuration is modified by sovereign but can be updated in place and
Apache restarted.
8 years ago
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 years ago
Mike Ashley
4a33ebecdc
Add non-interactive to LE client options
Depending on when the client is run, there are no certificates to
update. By default, the client runs in interactive mode and wants to
notify the user of this. This causes Ansible to hang waiting for an
acknowledgement that will never come. Adding the non-interactive flag
fixes this.
8 years ago
Carl Meyer
2737b16477
Use postgresql_user module for configuring PG admin user in owncloud role.
8 years ago
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 years ago
Carl Meyer
579afa68d3
Add comment into letsencrypt-gencert script clarifying why we stop Apache.
8 years ago
John Giannelos
0b62ed998b
Add directories to allow persistent znc user/modules configuration.
8 years ago
John Giannelos
66cc560281
Fix monitoring config for apache/postgresql.
8 years ago
Carl Meyer
0abf92734e
Don't stop Apache until we have to; start it again right after.
8 years ago
Carl Meyer
a636a43948
Don't try to execute any non-executable file in LE postrenew dir.
8 years ago
Carl Meyer
619eac6534
Adjust comment for clarity.
8 years ago
Carl Meyer
15cff22f14
Workaround bug with enabling SysV init scripts in Jessie, for collectd.
8 years ago
Carl Meyer
d46a9c47ef
Idempotency/changed-reporting fixes for OpenDMARC tasks.
8 years ago
Carl Meyer
7e817bfae6
Encrypt Postgres passwords, and fix change-reporting.
8 years ago
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 years ago
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 years ago
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 years ago
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 years ago
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 years ago
Laurent Arnoud
d56f0bd7ef
Use https for rpsamd key and repository
8 years ago
Yannik Sembritzki
66cb39bb46
Only add iptables rules if they don't already exist
8 years ago
Yannik Sembritzki
fd9dd1b21e
Only add iptables rules if they don't already exist
8 years ago
Carl Meyer
1a3d01f311
Complete rmilter/rspamd setup.
8 years ago
nodiscc
d876c87e21
bash syntax cleanup
as per discussion in https://github.com/sovereign/sovereign/pull/504
8 years ago
Carl Meyer
d46fb1521b
Make OpenDMARC cron job email root only on error.
8 years ago
Carl Meyer
57982401a9
Pass {auth_type} to milters, fixing OpenDKIM signing of authenticated SMTP messages.
8 years ago
Carl Meyer
b93deb9411
Remove stray + prefix in sudoers file.
8 years ago
Yannik Sembritzki
d2821753a7
DRY in openvpn role and allow other rc.local tasks
8 years ago
Yannik Sembritzki
9ffe86b36d
DRY in openvpn role and allow other rc.local tasks
8 years ago
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 years ago
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 years ago
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 years ago
Mike Ashley
a17b576e78
Update ownCloud role for ownCloud 8.2
- Remove unnecessary dependencies
- Clean up postgresql server setup
- Install from official package repository
- Expect package installer to enable modules that are needed
- Update virtual host config with owncloud 8.2 configuration
- Update post-deploy instructions
8 years ago
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 years ago
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 years ago
Mike Ashley
2ad6f78e45
Address incomplete chain error
Fix Apache's configuration for version 2.4.8 and above. See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903
8 years ago
Mike Ashley
58e9e7a445
Add a short introduction to Let's Encrypt
8 years ago
Mike Ashley
0302a8fa0a
Correct certificate paths for ZNC
8 years ago
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 years ago
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 years ago
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
8 years ago
Mike Ashley
65729d12f8
Update xmpp role for LE certificate
9 years ago
Mike Ashley
ec7b5867d3
Update ircbouncer role for LE certificate
9 years ago
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
9 years ago
Mike Ashley
8ff2181585
Update tarsnap role to include LE files
9 years ago
Mike Ashley
7bb523950e
Draft design description for Let's Encrypt support
9 years ago
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 years ago
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 years ago