Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
9 years ago
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
9 years ago
Mike Ashley
65729d12f8
Update xmpp role for LE certificate
9 years ago
Mike Ashley
ec7b5867d3
Update ircbouncer role for LE certificate
9 years ago
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
9 years ago
Mike Ashley
8ff2181585
Update tarsnap role to include LE files
9 years ago
Mike Ashley
7bb523950e
Draft design description for Let's Encrypt support
9 years ago
Mike Ashley
b1029aafb4
Update README.md for DNS config changes
Let's Encrypt uses DNS to verify domain ownership, so DNS records must
be set up before the paybook is run the first time.
9 years ago
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
9 years ago
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
9 years ago
Allen Riddell
1963fa6f15
Merge pull request #498 from mikeashley/no-trusty
Remove references to Trusty and Wheezy (jessie)
8 years ago
Allen Riddell
43ca10872f
Merge pull request #500 from mikeashley/vpn-fix
Fix systemd configuration of OpenVPN server
8 years ago
Mike Ashley
1011d76866
Fix systemd configuration of OpenVPN server
The server was not starting. As a result, the dnsmasq service failed to
start, and the playbook thus failed to run when using the vpn role.
This patch corrects the configuration per instructions from
https://help.ubuntu.com/community/OpenVPN.
OpenVPN PAM configuration moved up to reduce server bouncing as the
playbook runs. The dependency on service (re)starts between openvpn and
dnsmasq works but feels brittle.
8 years ago
Mike Ashley
05d125681f
Remove webmail role
Roundcube is not available on Jessie except in backports. This role is
also out of date and needs reviewed and updated for the release included
in backports. Roundcube could alternatively be installed from source as
recommended by the maintainers.
8 years ago
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 years ago
Allen Riddell
9e116d5428
Merge pull request #486 from carljm/rspamd-fixes
Update rspamd repository to the official one.
8 years ago
Allen Riddell
182ffc5cb4
Merge pull request #490 from mikeashley/znc-fix
Fix znc configuration
8 years ago
Mike Ashley
4afa3c97b0
Use systemd service unit configuration for ZNC
8 years ago
Allen Riddell
3ef7f91423
Merge pull request #492 from mikeashley/ssh-monitor-fix
Correct typo
8 years ago
Allen Riddell
2ccfcdd7d9
Merge pull request #494 from mikeashley/git-update
Upgrade to cgit 0.12 and gitolite 3.6.4
8 years ago
Allen Riddell
fbc627e54d
Merge pull request #489 from mikeashley/stapling-fix
Clean up Apache SSL configuration
8 years ago
Allen Riddell
1931eb03a4
Merge pull request #488 from mikeashley/solr-fix
Fix version of tomcat
8 years ago
Mike Ashley
2b7256040a
Upgrade to cgit 0.12 and gitolite 3.6.4
8 years ago
Mike Ashley
5647fe0d6d
Correct znc monitoring task list
8 years ago
Mike Ashley
e29be39280
Correct typo
8 years ago
Mike Ashley
b9eb9ef9bb
Fix znc configuration
The znc package installs the client but does not set it up as a
service. This patch restores the service configuration that
was done on wheezy/trusty.
8 years ago
Mike Ashley
b8f030eb48
Merge tomcat changes to default configuration
Take changes to the tomcat6 default configuration and apply to tomcat7
configuration. This was done by review of the diff between sovereign's
tomcat6 configuration and the default tomcat7 configuration.
8 years ago
Mike Ashley
ae6d97a4b6
Match tomcat version to solr
The package solr installs and uses tomcat7. Installing tomcat8 appears
to be a mistake for Debian Jessie.
8 years ago
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
9 years ago
Carl Meyer
3265e77865
Update rspamd repository to the official one.
8 years ago
Sven Neuhaus
bd0176e003
Merge pull request #476 from ariddell/feature/jessie-catchup-3b4f93-to-56f3d7
Include commits to master which were missing in jessie
8 years ago
Allen Riddell
4d55a21b6c
Merge pull request #481 from pawel-lewtak/jessie
Fix links to Ansible website in readme
9 years ago
pawel
2a084cf6a1
Fix links to Ansible website in readme
9 years ago
Sven Neuhaus
150fa2bf06
Merge pull request #472 from mikeashley/z-push-fix
Correct special-casing of z-push Apache configuration
9 years ago
NickBusey
4d0a577c2b
Adding monit tunnel information to Readme
9 years ago
Mike Ashley
e229e904b9
Run ansible-lint before submitting a pull request
9 years ago
Mike Ashley
f16d0bf4d1
Ask for good commit practices
9 years ago
Mike Ashley
bf3b3cf53d
Document the design
Writing clarifies thinking and leaves behind guidance for future
maintainers. Design descriptions shouldn't be required, though,
especially for trivial modules.
9 years ago
Mike Ashley
e7817da0af
Consider README.md in the design checklist
9 years ago
Mike Ashley
fc28baf6b8
Make decisions
Users expect role authors to make decisions. The role author is
supposed to be the expert who knows what choices to make on behalf of
the user.
9 years ago
Mike Ashley
4609e82621
Consider testing in design
9 years ago
Mike Ashley
d7e71b268a
Updated contribution guidelines
I probably got this wrong, but I'm putting a stake in the ground based
on work I've done on the Roundcube module and adding Let's Encrypt
support to the common module.
Conflicts:
CONTRIBUTING.md
9 years ago
fengor
05cb26f239
reverting become change. become directive is only available in ansible 1.9.x and newer.
9 years ago
fengor
fec3fb279e
sudo directive was deprecated in ansible 1.9.x. Changed the entry to become directive to fix deprecation warnings.
9 years ago
fengor
e63661f982
Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
see: http://undeadly.org/cgi?action=article&sid= 2016011414
9 years ago
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
9 years ago
Dan Milon
829c8491c7
restart apache on SSL changes
9 years ago
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 years ago
Justin Plock
833cd92d02
Ensure the config.ini is readable by www-data
9 years ago
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9 years ago