Laurent Arnoud
d56f0bd7ef
Use https for rpsamd key and repository
8 years ago
Allen Riddell
78b3d5825e
Merge pull request #530 from mikeashley/openvpn-update
Only add iptables rules if they don't already exist
8 years ago
Yannik Sembritzki
66cb39bb46
Only add iptables rules if they don't already exist
8 years ago
Mike Ashley
e2678088f1
Merge pull request #528 from Yannik/fix-openvpn-iptables
Only add iptables rules if they don't already exist
8 years ago
Mike Ashley
9725cdd9d8
Merge pull request #521 from carljm/rmilter
Complete rmilter/rspamd setup.
8 years ago
Yannik Sembritzki
fd9dd1b21e
Only add iptables rules if they don't already exist
8 years ago
Mike Ashley
37b3a11829
Merge pull request #519 from ariddell/feature/unused-var
Remove unused variables in jessie
8 years ago
Allen Riddell
68cafc79ae
Remove unused variables
- google_auth_version
- znc_version
8 years ago
Allen Riddell
f21edc8ee4
Merge pull request #518 from nodiscc/patch-1
bash syntax cleanup
8 years ago
Carl Meyer
1a3d01f311
Complete rmilter/rspamd setup.
8 years ago
Sven Neuhaus
d1df544634
Merge pull request #516 from carljm/opendmarc-silent-cron
Make OpenDMARC cron job log everything instead of mailing some output to root.
8 years ago
nodiscc
d876c87e21
bash syntax cleanup
as per discussion in https://github.com/sovereign/sovereign/pull/504
8 years ago
Carl Meyer
d46fb1521b
Make OpenDMARC cron job email root only on error.
8 years ago
Sven Neuhaus
9bf9803578
Merge pull request #517 from carljm/fix-opendkim-signing
Pass {auth_type} to milters, fixing OpenDKIM signing of authenticated SMTP messages.
8 years ago
Carl Meyer
57982401a9
Pass {auth_type} to milters, fixing OpenDKIM signing of authenticated SMTP messages.
8 years ago
Mike Ashley
59da1a8618
Merge pull request #512 from ariddell/feature/dry-openvpn
DRY in openvpn role and allow other rc.local tasks
8 years ago
Mike Ashley
e995580577
Merge pull request #514 from carljm/le-doc-update
Remove obsolete documentation note.
8 years ago
Carl Meyer
05724aed5f
Remove obsolete documentation note.
8 years ago
Justin Plock
1406ab8ac3
Merge pull request #513 from carljm/fix-sudoers
Remove stray + prefix in sudoers file.
8 years ago
Carl Meyer
b93deb9411
Remove stray + prefix in sudoers file.
8 years ago
Allen Riddell
6904d4727d
Merge pull request #505 from mikeashley/oc-fix
Update ownCloud role for ownCloud 8.2
8 years ago
Yannik Sembritzki
d2821753a7
DRY in openvpn role and allow other rc.local tasks
8 years ago
Mike Ashley
9c9c4ff367
Merge pull request #511 from Yannik/master
DRY in openvpn role and allow other rc.local tasks
8 years ago
Yannik Sembritzki
9ffe86b36d
DRY in openvpn role and allow other rc.local tasks
8 years ago
Mike Ashley
a38dd89adf
Merge pull request #508 from ariddell/feature/ansible-lint
Update ansible in jessie
8 years ago
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 years ago
Allen Riddell
2062225709
Fix ansible version and ansible-lint version
Ansible 1.9 or greater is required.
8 years ago
Allen Riddell
b92b8841ea
Merge pull request #504 from mikeashley/letsencrypt
Let's Encrypt support
8 years ago
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 years ago
Allen Riddell
c70a2fa774
Merge pull request #487 from spk/travis-fix-sudo
Fix travis build by fixing ansible-lint version
8 years ago
Laurent Arnoud
bfe6fe8479
Use ansible-lint==2.3.6
Before sudo rule merge
https://github.com/willthames/ansible-lint/pull/96
* Add test-requirements.txt
* travis: enable cache for pip packages
8 years ago
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 years ago
Mike Ashley
a17b576e78
Update ownCloud role for ownCloud 8.2
- Remove unnecessary dependencies
- Clean up postgresql server setup
- Install from official package repository
- Expect package installer to enable modules that are needed
- Update virtual host config with owncloud 8.2 configuration
- Update post-deploy instructions
8 years ago
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 years ago
Allen Riddell
f213d2b70e
Merge pull request #503 from mikeashley/opendmarc-repair
Fix opendmarc installation
8 years ago
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 years ago
Mike Ashley
2ad6f78e45
Address incomplete chain error
Fix Apache's configuration for version 2.4.8 and above. See
https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903
8 years ago
Mike Ashley
58e9e7a445
Add a short introduction to Let's Encrypt
8 years ago
Mike Ashley
a8aa1ac42e
Explain where certificates will come from
8 years ago
Mike Ashley
0302a8fa0a
Correct certificate paths for ZNC
8 years ago
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 years ago
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 years ago
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
9 years ago
Mike Ashley
65729d12f8
Update xmpp role for LE certificate
9 years ago
Mike Ashley
ec7b5867d3
Update ircbouncer role for LE certificate
9 years ago
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
9 years ago
Mike Ashley
8ff2181585
Update tarsnap role to include LE files
9 years ago
Mike Ashley
7bb523950e
Draft design description for Let's Encrypt support
9 years ago
Mike Ashley
b1029aafb4
Update README.md for DNS config changes
Let's Encrypt uses DNS to verify domain ownership, so DNS records must
be set up before the paybook is run the first time.
9 years ago
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 years ago