Justin Plock
1d7986fd96
Enable UFW and deny everything by default
Removed unused status checks on UFW
10 years ago
Justin Plock
ea0b288818
Moved ufw firewall rules into individual roles
10 years ago
Luke Cyca
805e428124
Merge pull request #237 from thomwiggers/remove_ahbl
Remove ahbl as it's being winded down
10 years ago
Thom Wiggers
6312286b64
Remove ahbl as it's being winded down
http://ahbl.org/content/changes-ahbl
Fixes #232
10 years ago
Luke Cyca
4f2321051d
Merge pull request #230 from Alkpone/master
cgit dependency missing
10 years ago
Alban Seurat
c22d179e83
cgit dependency missing
10 years ago
Luke Cyca
9b8e017533
Merge pull request #224 from nstanke/patch-2
fixes #156
10 years ago
Norman S.
53010bed89
fixes #156
fixes #156 by adding the -L flag, as suggested by @ventolin
10 years ago
Luke Cyca
cb0ad7e3b7
Merge pull request #223 from alexdunae/conditional-tarsnap-install
Only install Tarsnap when requested version is missing
10 years ago
Luke Cyca
dee5c9321f
Merge pull request #222 from yourcelf/patch-1
Fix README to reflect changes in #176
10 years ago
Luke Cyca
0b516d484f
Merge pull request #215 from squarepegsys/master
add cgi module for cgit
10 years ago
Alex Dunae
b44972ab87
Only install Tarsnap when version is missing
Checks if the exact version of Tarsnap is already installed and, if so,
skips the download and build steps.
10 years ago
Charlie DeTar
73ca531f74
Fix README to reflect changes in #176
Change instructions for creating the tarsnap key to generate it at "decrypted_tarsnap.key".
10 years ago
Mike Hostetler
8ec36ca875
add cgi module for cgit
10 years ago
Luke Cyca
4349e03dfc
Merge pull request #213 from thomwiggers/patch-1
Make sure that only ZNC can read its certificate
10 years ago
Thom Wiggers
8578f49e21
Make sure that only ZNC can read its certificate
To bring this certificate in line with how those in ssl.yml are managed.
10 years ago
Luke Cyca
18ea566cee
Merge pull request #210 from jlund/ovpn-enhancements
Update OpenVPN role to generate self-contained "unified" .ovpn profiles
10 years ago
Joshua Lund
64883159e9
* Update OpenVPN role to generate self-contained "unified" .ovpn
profiles
* The role now generates .ovpn profiles with embedded CA, certificate,
key, and HMAC firewall key information. These .ovpn profiles are
compatible with OpenVPN for iOS and Android, and only a single file
needs to be transferred to your mobile device.
* Added explicit route information to the .ovpn profile
10 years ago
Luke Cyca
8a271d748d
Merge pull request #192 from larryfox/cgit
Add git hosting
10 years ago
Larry Fox
22a71efc24
add short blurb about git hosting
10 years ago
Luke Cyca
a88b465aff
Merge pull request #207 from jplock/jp-fix-libpam-dev
Use libpam0g-dev instead of libpam-dev
10 years ago
Luke Cyca
5cca325d83
Merge pull request #206 from jplock/jp-2fa-openvpn
OpenVPN 2FA support
10 years ago
Luke Cyca
bd9e2e4122
Merge pull request #209 from chid/patch-1
Update README.textile
10 years ago
Charley Peng
9f34d8c9d5
Update README.textile
fix broken link to getting ansible
10 years ago
Luke Cyca
c9bb3dc2c4
Merge pull request #205 from jplock/jp-fix-2fa-vagrant
Skip the google authenticator generation if we're running as vagrant
10 years ago
Luke Cyca
d5951797e1
Merge pull request #204 from jplock/jp-2fa-webmail
Add a 2FA plugin for Roundcube (fixes #201 )
10 years ago
Justin Plock
ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead
10 years ago
Justin Plock
921ae6957e
Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)
10 years ago
Justin Plock
e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.
10 years ago
Justin Plock
408d83341f
Add a 2FA plugin for Roundcube (fixes #201 )
10 years ago
Luke Cyca
3ea5e23c9e
Merge pull request #203 from jplock/jp-fix-google-auth-generation
Fix Google Authenticator file generation
10 years ago
Justin Plock
2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token
10 years ago
Luke Cyca
aa02a19972
Update README with 2-factor auth
10 years ago
Luke Cyca
6af323dca3
Merge pull request #199 from jplock/jp-googleauth
Added Google Authenticator 2FA logins
10 years ago
Justin Plock
c037dce07a
Clarified parameters are bit in a comment
10 years ago
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
10 years ago
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
10 years ago
Luke Cyca
a5a3e2d06b
Merge pull request #198 from jplock/jp-sshd-simplification
Modify sshd_config in place
10 years ago
Justin Plock
89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
10 years ago
Luke Cyca
7118c07753
Merge pull request #193 from nstanke/patch-1
reduce z-push logrotation to 5 versions
10 years ago
Norman S.
b1092e800b
changed from 52 to 5 versions.
10 years ago
Larry Fox
e67ef75d63
add cgit test
10 years ago
Larry Fox
092cb287e0
add gitolite and some cgit settings
10 years ago
Larry Fox
158503b6ca
add cgit
10 years ago
Luke Cyca
2ef34ef1db
Merge pull request #191 from jplock/jp-hostname
Set a ServerName for apache (fixes #187 )
10 years ago
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
10 years ago
Luke Cyca
b08dd123a5
Merge pull request #189 from nstanke/patch-1
add z-push logrotation
10 years ago
Norman S.
d8153552b8
add logrotate task
10 years ago
Norman S.
a6889500b6
add logrotate task
10 years ago
Luke Cyca
d2fd59a6d1
Merge pull request #186 from jplock/jp-roundcube-fixes
Properly generate a PHP /etc/roundcube/debian-db.php file
10 years ago