110 Commits (1011d7686617225d7f1e0977c9d56bd9e7d6d207)

Author SHA1 Message Date
  Mike Ashley d3abc02f84 Clean up Apache SSL configuration 9 years ago
  fengor e63661f982 Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 9 years ago
  Sebastian Kriems fe536873b7 ufw tasks shall have the ufw tag 9 years ago
  Dan Milon 829c8491c7 restart apache on SSL changes 9 years ago
  Dan Milon a5c6f663ce properly install changed SSL certificate 9 years ago
  Sven Neuhaus d59c5eff05 Generate 2048 DH group and add it to Postfix 9 years ago
  Dan Milon 2fb7cfa7c9 Add SSL stapling cache for apache 9 years ago
  Laurent Arnoud 1419c4e26e Use common_timezone and fix idempotence 9 years ago
  Alex Payne 0579cf1ba9 Use same Apache server name configuration across distros 9 years ago
  Alex Payne 290a3b4312 Remove wheezy-specific Apache SSL config omission 9 years ago
  Alex Payne 474c1d5f92 No longer need `fuse` group in Jessie. 9 years ago
  Alex Payne 6906412f63 Remove wheezy-specific ufw task. 9 years ago
  Alex Payne 6d1eebb9d2 Use Ansible task names, not comments. 9 years ago
  Alex Payne c9b32cd2e2 Same Google auth install should work for both Jessie and Trusty. 9 years ago
  Alex Payne 006f8e9b82 Just plain Ruby 9 years ago
  Laurent Arnoud a09e2e71c1 tar used in place of unarchive module 9 years ago
  Laurent Arnoud 311fae7e11 Trailing whitespace 9 years ago
  Laurent Arnoud 3b8f15b745 Added whois for fail2ban report 9 years ago
  Will McCutchen 1be1afe1ff Disable SSL stapling on wheezy 9 years ago
  Will McCutchen 16b66cc849 Define apache SSL config in one place 9 years ago
  Manfred Touron 16c93ea486
Using more verbose 'dependencies' tag (#393) 9 years ago
  Manfred Touron b49f3a6586 Tagged 'deps' aptitude tasks 9 years ago
  Laurent Arnoud 353e69d299 Remove duplication with items unattended upgrades 9 years ago
  Laurent Arnoud 89d47731ff Add molly-guard and unattended-upgrades as common pkgs 9 years ago
  Alex Payne b11fb68559 Automatically set up passwordless sudo for deploy user. 9 years ago
  Aleksandr Bogdanov a849948e8d Choosing the closest ubuntu mirror before anything else 10 years ago
  Sven Neuhaus ae58053653 Create /decrypted directory even if encfs is not used. 9 years ago
  Sven Neuhaus d5217ea1cd Create main user without "fuse" group, instead add it later as part 9 years ago
  Marius Voila b13ab39f11 cleaning security.yml 10 years ago
  fengor 7ed46f590c renamed templates to be consistent with coding standard. 10 years ago
  Marius Voila ec69fef60c removed old template 10 years ago
  Marius Voila 2ae2c3683c removed template and implemented logic 10 years ago
  fengor 2fd1e1b722 readded google authenticator lines 10 years ago
  fengor 224e8cb339 Setting timezone to UTC 10 years ago
  fengor 39566abb6c More secure defaults for ssh. 10 years ago
  Marius Voila 67e1bf0fc3 fail2ban support for Trusty 10 years ago
  Marius Voila e62bd7c71a fail2ban support for Trusty 10 years ago
  Anthony Perez-sanz cdf9ed07bb Enable UFW after setting firewall rules 10 years ago
  Lorenzo Villani 5d1090d488 Make sure fail2ban is started 10 years ago
  Lorenzo Villani d5ecf673d3 Calm OCD by sorting almost every with_items block in alphabetical order 10 years ago
  Lorenzo Villani e7703d0d9c Add support for Apache 2.4 on Ubuntu 14.04 10 years ago
  Lorenzo Villani e2e61a2f76 Install 'fuse' instead of 'fuse-utils' 10 years ago
  Sven Neuhaus 63ba754eb7 libpam-google-authenticator uses distribution package on Ubuntu 14.04 10 years ago
  Gelnior 7995bac36c put back enc.fs (removed by mistake) 10 years ago
  Gelnior bd57edd5a5 newebe config: fix Newebe config file task 10 years ago
  Justin Plock 1d7986fd96 Enable UFW and deny everything by default 10 years ago
  Justin Plock ea0b288818
Moved ufw firewall rules into individual roles 10 years ago
  Justin Plock ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead 10 years ago
  Justin Plock e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work. 10 years ago
  Justin Plock 2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token 10 years ago