Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
8 лет назад
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
8 лет назад
Mike Ashley
65729d12f8
Update xmpp role for LE certificate
8 лет назад
Mike Ashley
ec7b5867d3
Update ircbouncer role for LE certificate
8 лет назад
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
8 лет назад
Mike Ashley
8ff2181585
Update tarsnap role to include LE files
8 лет назад
Mike Ashley
7bb523950e
Draft design description for Let's Encrypt support
8 лет назад
Mike Ashley
b1029aafb4
Update README.md for DNS config changes
Let's Encrypt uses DNS to verify domain ownership, so DNS records must
be set up before the paybook is run the first time.
8 лет назад
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
8 лет назад
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
8 лет назад
Allen Riddell
1963fa6f15
Merge pull request #498 from mikeashley/no-trusty
Remove references to Trusty and Wheezy (jessie)
8 лет назад
Allen Riddell
43ca10872f
Merge pull request #500 from mikeashley/vpn-fix
Fix systemd configuration of OpenVPN server
8 лет назад
Mike Ashley
1011d76866
Fix systemd configuration of OpenVPN server
The server was not starting. As a result, the dnsmasq service failed to
start, and the playbook thus failed to run when using the vpn role.
This patch corrects the configuration per instructions from
https://help.ubuntu.com/community/OpenVPN.
OpenVPN PAM configuration moved up to reduce server bouncing as the
playbook runs. The dependency on service (re)starts between openvpn and
dnsmasq works but feels brittle.
8 лет назад
Mike Ashley
05d125681f
Remove webmail role
Roundcube is not available on Jessie except in backports. This role is
also out of date and needs reviewed and updated for the release included
in backports. Roundcube could alternatively be installed from source as
recommended by the maintainers.
8 лет назад
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 лет назад
Allen Riddell
9e116d5428
Merge pull request #486 from carljm/rspamd-fixes
Update rspamd repository to the official one.
8 лет назад
Allen Riddell
182ffc5cb4
Merge pull request #490 from mikeashley/znc-fix
Fix znc configuration
8 лет назад
Mike Ashley
4afa3c97b0
Use systemd service unit configuration for ZNC
8 лет назад
Allen Riddell
3ef7f91423
Merge pull request #492 from mikeashley/ssh-monitor-fix
Correct typo
8 лет назад
Allen Riddell
2ccfcdd7d9
Merge pull request #494 from mikeashley/git-update
Upgrade to cgit 0.12 and gitolite 3.6.4
8 лет назад
Allen Riddell
fbc627e54d
Merge pull request #489 from mikeashley/stapling-fix
Clean up Apache SSL configuration
8 лет назад
Allen Riddell
1931eb03a4
Merge pull request #488 from mikeashley/solr-fix
Fix version of tomcat
8 лет назад
Mike Ashley
2b7256040a
Upgrade to cgit 0.12 and gitolite 3.6.4
8 лет назад
Mike Ashley
5647fe0d6d
Correct znc monitoring task list
8 лет назад
Mike Ashley
e29be39280
Correct typo
8 лет назад
Mike Ashley
b9eb9ef9bb
Fix znc configuration
The znc package installs the client but does not set it up as a
service. This patch restores the service configuration that
was done on wheezy/trusty.
8 лет назад
Mike Ashley
b8f030eb48
Merge tomcat changes to default configuration
Take changes to the tomcat6 default configuration and apply to tomcat7
configuration. This was done by review of the diff between sovereign's
tomcat6 configuration and the default tomcat7 configuration.
8 лет назад
Mike Ashley
ae6d97a4b6
Match tomcat version to solr
The package solr installs and uses tomcat7. Installing tomcat8 appears
to be a mistake for Debian Jessie.
8 лет назад
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 лет назад
Carl Meyer
3265e77865
Update rspamd repository to the official one.
8 лет назад
Sven Neuhaus
bd0176e003
Merge pull request #476 from ariddell/feature/jessie-catchup-3b4f93-to-56f3d7
Include commits to master which were missing in jessie
8 лет назад
Allen Riddell
4d55a21b6c
Merge pull request #481 from pawel-lewtak/jessie
Fix links to Ansible website in readme
8 лет назад
pawel
2a084cf6a1
Fix links to Ansible website in readme
8 лет назад
Sven Neuhaus
150fa2bf06
Merge pull request #472 from mikeashley/z-push-fix
Correct special-casing of z-push Apache configuration
8 лет назад
NickBusey
4d0a577c2b
Adding monit tunnel information to Readme
8 лет назад
Mike Ashley
e229e904b9
Run ansible-lint before submitting a pull request
8 лет назад
Mike Ashley
f16d0bf4d1
Ask for good commit practices
8 лет назад
Mike Ashley
bf3b3cf53d
Document the design
Writing clarifies thinking and leaves behind guidance for future
maintainers. Design descriptions shouldn't be required, though,
especially for trivial modules.
8 лет назад
Mike Ashley
e7817da0af
Consider README.md in the design checklist
8 лет назад
Mike Ashley
fc28baf6b8
Make decisions
Users expect role authors to make decisions. The role author is
supposed to be the expert who knows what choices to make on behalf of
the user.
8 лет назад
Mike Ashley
4609e82621
Consider testing in design
8 лет назад
Mike Ashley
d7e71b268a
Updated contribution guidelines
I probably got this wrong, but I'm putting a stake in the ground based
on work I've done on the Roundcube module and adding Let's Encrypt
support to the common module.
Conflicts:
CONTRIBUTING.md
8 лет назад
fengor
05cb26f239
reverting become change. become directive is only available in ansible 1.9.x and newer.
8 лет назад
fengor
fec3fb279e
sudo directive was deprecated in ansible 1.9.x. Changed the entry to become directive to fix deprecation warnings.
8 лет назад
fengor
e63661f982
Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
see: http://undeadly.org/cgi?action=article&sid= 2016011414
8 лет назад
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
8 лет назад
Dan Milon
829c8491c7
restart apache on SSL changes
8 лет назад
Dan Milon
a5c6f663ce
properly install changed SSL certificate
8 лет назад
Justin Plock
833cd92d02
Ensure the config.ini is readable by www-data
8 лет назад
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
8 лет назад