sovereign

Author	SHA1	Message	Date
Justin Plock	1d7986fd96	Enable UFW and deny everything by default Removed unused status checks on UFW	10 years ago
Justin Plock	ea0b288818	Moved ufw firewall rules into individual roles	10 years ago
Thom Wiggers	6312286b64	Remove ahbl as it's being winded down http://ahbl.org/content/changes-ahbl Fixes #232	10 years ago
brandon	7c9084fcba	fixes "Warning: autocreate plugin is deprecated, use mailbox { auto } setting instead"	10 years ago
Alban Seurat	c22d179e83	cgit dependency missing	10 years ago
Justin Plock	d1073d042d	Added read-it-later functionality from Wallabag	10 years ago
Norman S.	53010bed89	fixes #156 fixes #156 by adding the -L flag, as suggested by @ventolin	10 years ago
Alex Dunae	b44972ab87	Only install Tarsnap when version is missing Checks if the exact version of Tarsnap is already installed and, if so, skips the download and build steps.	10 years ago
Justin Plock	79fd923668	Initial work to support wallabag	10 years ago
Mike Hostetler	8ec36ca875	add cgi module for cgit	10 years ago
Thom Wiggers	8578f49e21	Make sure that only ZNC can read its certificate To bring this certificate in line with how those in ssl.yml are managed.	10 years ago
Joshua Lund	64883159e9	* Update OpenVPN role to generate self-contained "unified" .ovpn profiles * The role now generates .ovpn profiles with embedded CA, certificate, key, and HMAC firewall key information. These .ovpn profiles are compatible with OpenVPN for iOS and Android, and only a single file needs to be transferred to your mobile device. * Added explicit route information to the .ovpn profile	10 years ago
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	10 years ago
Justin Plock	921ae6957e	Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)	10 years ago
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	10 years ago
Justin Plock	408d83341f	Add a 2FA plugin for Roundcube (fixes #201)	10 years ago
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	10 years ago
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	10 years ago
Justin Plock	22a8717f6d	Automatically generate the Google authenticator file for the default user	10 years ago
Justin Plock	84c9febec7	Added Google Authenticator 2FA logins	10 years ago
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 years ago
Norman S.	b1092e800b	changed from 52 to 5 versions.	10 years ago
Larry Fox	092cb287e0	add gitolite and some cgit settings	10 years ago
Larry Fox	158503b6ca	add cgit	10 years ago
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 years ago
Norman S.	d8153552b8	add logrotate task	10 years ago
Norman S.	a6889500b6	add logrotate task	10 years ago
Justin Plock	8928993772	The group and mode of debian-db.php need to be readable by apache	10 years ago
Justin Plock	00b263608e	Properly generate a PHP /etc/roundcube/debian-db.php file	10 years ago
Justin Plock	c3b1362e78	Ignore carddav database errors	10 years ago
Justin Plock	1bd900bfae	Properly set the roundcube database password	10 years ago
Justin Plock	057a8c8872	Properly reconfigure the roundcube database and import the carddav tables	10 years ago
Justin Plock	bd9b22f603	Import carddav database schema. I'm unable to run this against the vagrant VM as the webmail_db_password seems to be automatically generated.	10 years ago
Justin Plock	d19e9a7d73	Move tarsnap.key from /root to /decrypted and don't overwrite it if one already exists (fixes #15)	10 years ago
Justin Plock	d3499da52e	Safer symlink creation and downloaded file removal	10 years ago
Justin Plock	876b81a1a7	Install the carddav plugin so owncloud contacts can be used (fixes #154)	10 years ago
James Ravn	e3825cf6dd	Revert "Redirects naked domain to www" This reverts commit 703d356492.	10 years ago
Bryan Swift	9194c5fe55	Fix URL of z-push download	10 years ago
James Ravn	aa404cd642	Fixes z-push download	10 years ago
James Ravn	3f45b1bee4	Uses monit to stop/start postgres for tarsnap	10 years ago
James Ravn	146c587644	Stops postgresql for tarsnap backup Data loss will occur if backing up postgresql while it runs. A simple fix is to stop it during the backup. I've moved the backup to early morning to reduce possible downtime. A better approach would be to use pg_dump.	10 years ago
James Ravn	6ec6a6d03f	Uses global roundcube sieve configuration option The previous behaviour relied on managesieve copying over the .dovecot.sieve file into the user's directory. I found this to be particularly fragile. For instance, re-deploying roundcube without dovecot could overwrite the .dovecot.sieve symlink and break managesieve. A better approach is to use the global sieve configuration that roundcube provides and not mess with dovecot's files directly.	10 years ago
James Ravn	703d356492	Redirects naked domain to www Properly behaving websites should 301 redirect the naked domain.	10 years ago
James Ravn	46eabbedd7	Limits z-push sync to 3 months This prevents timeouts when trying to sync very large mailboxes. By default, z-push attempts to get headers for all messages in a folder.	10 years ago
Allen Riddell	9a6cbcd925	Quote password substitution (may contain spaces)	10 years ago
Allen Riddell	d1e9e2b4ff	Quote password variables (they may contain spaces) String-valued variables containing spaces can be substituted into an ansible tasks file but they will not be interpreted correctly.	10 years ago
Ben Morse	869e73fa4d	quote password environment variable in case it contains shell metacharacters	10 years ago
Benjamin Reitzammer	d957760697	Making main user's shell configurable	10 years ago
Cameron Rudnick	0493e9b57e	Allow # in mail_db_password I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.	10 years ago
Justin Plock	6e669fb2df	Following the instructions of using a Debian 7 image, PostgreSQL 9.1 is installed in /var/lib/postgresql not /opt/postgresql	11 years ago

First Previous 1 2 3 4 5 Next Last

220 Commits (111988f64e1278f2fa18f9e037b4599839ff1dde)