Mike Ashley
17bb355dfd
Add default sieve filter to roundcube
8 years ago
Mike Ashley
ed5b451c39
Add a few plugins to roundcube install
- managesieve :: this allows sieve filters to be edited through a
brower
- twofactor_gauthenticator :: allow optional two-factor authentication
when logging into webmail
- carddav :: sync ownCloud contacts with roundcube
8 years ago
Mike Ashley
959e893862
Create webmail role that installs Roundcube
8 years ago
Mike Ashley
a8807afb04
Copy Roundcube configuration file
Baseline the configuration file distributed Roundcube 1.4.1 before
modification for sovereign.
8 years ago
Mike Ashley
0eb4cda07a
Update mailserver role for rmilter change
The rmilter package changed the name of its listener service similar to
what was done for rspamd (see commit 2dbc976b ).
8 years ago
Tomas Bedrich
2dbc976b99
Updated rspamd service name
8 years ago
Allen Riddell
c1511c057f
Remove unnecessary defaults from openvpn certificate
8 years ago
Dosenpfand
9697cbe6b3
Silence letsencrypt cron output unless there is an error
8 years ago
Tomas Bedrich
7a399d45ca
Fix SSH connections to Github
8 years ago
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8 years ago
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8 years ago
Mike Ashley
97b11e3953
Eliminate need for access_compat module in Apache
The directives provided by `mod_access_compat` are deprecated. This
patch eliminates references to them.
8 years ago
Mike Ashley
166c57f045
Use submission port for client outgoing email
Currently client email is submitted via ssmtp (port 465). This has been
deprecated for years. The correct way to submit email is via
submission (port 587).
This patch adds port 587 as a second and the default way of submitting
email for delivery. Port 465 remains open for backwards compatibility
with existing clients.
8 years ago
Mike Ashley
b00b93a85b
Add missing configuration variable for ircbouncer
8 years ago
Sharif Nassar
73c30c313b
VPN - enforce TLS min version on the client
8 years ago
Allen Riddell
19ff4c5958
Add readlater/wallabag default vars to role
8 years ago
Allen Riddell
712ea7aee2
news role: add missing restart apache handler
8 years ago
Allen Riddell
4339192052
Add news/selfoss default vars to role
8 years ago
Allen Riddell
9067f4cc27
Add git role default vars to role
8 years ago
Allen Riddell
86bc3ab073
Add tarsnap default vars to role
8 years ago
Allen Riddell
ab9ebd6e5c
Add owncloud default vars to role
8 years ago
Allen Riddell
9e71d9067f
Add openvpn default vars to role
8 years ago
Allen Riddell
98cb6dd610
Add prosody/xmpp default vars to role
8 years ago
Allen Riddell
f31ac23001
Add monitoring default vars to role
8 years ago
Allen Riddell
ca6eb2d85b
Add mailserver default vars to role
8 years ago
Allen Riddell
9f34027d8b
Add common default vars to role
8 years ago
Allen Riddell
e95caea06c
common: use password lookup to generate passwords
See https://docs.ansible.com/ansible/playbooks_lookups.html
8 years ago
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 years ago
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 years ago
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 years ago
Tomas Bedrich
e08acd2deb
Simplified LE renew script
8 years ago
Carl Meyer
60855eda70
Fix typo in fail2ban config for dovecot.
8 years ago
Mike Ashley
2243dd73a4
Remove unnecessary ownCloud configuration
The ownCloud configuration file does not get touched. The virtual host
configuration is modified by sovereign but can be updated in place and
Apache restarted.
8 years ago
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 years ago
Mike Ashley
4a33ebecdc
Add non-interactive to LE client options
Depending on when the client is run, there are no certificates to
update. By default, the client runs in interactive mode and wants to
notify the user of this. This causes Ansible to hang waiting for an
acknowledgement that will never come. Adding the non-interactive flag
fixes this.
8 years ago
Carl Meyer
2737b16477
Use postgresql_user module for configuring PG admin user in owncloud role.
8 years ago
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 years ago
Carl Meyer
579afa68d3
Add comment into letsencrypt-gencert script clarifying why we stop Apache.
8 years ago
John Giannelos
0b62ed998b
Add directories to allow persistent znc user/modules configuration.
8 years ago
John Giannelos
66cc560281
Fix monitoring config for apache/postgresql.
8 years ago
Carl Meyer
0abf92734e
Don't stop Apache until we have to; start it again right after.
8 years ago
Carl Meyer
a636a43948
Don't try to execute any non-executable file in LE postrenew dir.
8 years ago
Carl Meyer
619eac6534
Adjust comment for clarity.
8 years ago
Carl Meyer
15cff22f14
Workaround bug with enabling SysV init scripts in Jessie, for collectd.
8 years ago
Carl Meyer
d46a9c47ef
Idempotency/changed-reporting fixes for OpenDMARC tasks.
8 years ago
Carl Meyer
7e817bfae6
Encrypt Postgres passwords, and fix change-reporting.
8 years ago
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 years ago
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 years ago
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 years ago
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 years ago