sovereign

Graphique des révisions

Auteur	SHA1	Message	Date
Justin Plock	1d7986fd96	Enable UFW and deny everything by default Removed unused status checks on UFW	il y a 10 ans
Justin Plock	ea0b288818	Moved ufw firewall rules into individual roles	il y a 10 ans
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	il y a 10 ans
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	il y a 10 ans
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	il y a 10 ans
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	il y a 10 ans
Justin Plock	22a8717f6d	Automatically generate the Google authenticator file for the default user	il y a 10 ans
Justin Plock	84c9febec7	Added Google Authenticator 2FA logins	il y a 10 ans
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	il y a 10 ans
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	il y a 10 ans
Benjamin Reitzammer	d957760697	Making main user's shell configurable	il y a 10 ans
Justin Plock	3b0308d69e	Allow both TCP and UDP port 53 for DNS lookups through OpenVPN	il y a 10 ans
Joost Baaij	4837d2e87a	extract NTP logic	il y a 11 ans
Joost Baaij	2033c37982	Enabled unattended-upgrades This works on Debian/Ubuntu only. There are similar packages for other distributions, but they still need manual configuration. It seemed better to go for the common denominator. unattended-upgrades is usually installed by default anyway, so we are just reinforcing best practices.	il y a 11 ans
Joost Baaij	335cef5c9f	Enabled POP3S for old-timeys who dig that added dovecot-pop3d allowed in the firewall monitored with monit added relevant tests	il y a 11 ans
Joshua Lund	4ed07a1e0a	* Made the OpenVPN port and protocol (tcp/udp) configurable * Added 'cipher' and 'auth' lines to the generated client configs	il y a 11 ans
Luke Cyca	4bc4cebf41	Explicit permissions for all cert files	il y a 11 ans
Luke Cyca	76d52b63f3	XMPP cert handling improvements, ufw rules, and tests	il y a 11 ans
Alex Payne	f7f7157cec	more updated variable formatting and accommodation of the YAML parser being a fussbudget	il y a 11 ans
Alex Payne	34d7595c0b	ensure we can install from third-party repos across playbooks	il y a 11 ans
Alex Payne	d28f0f82b9	move to non-deprecated template variable formatting	il y a 11 ans
Luke Cyca	2f145ce543	Two small apache-related fixes	il y a 11 ans
Luke Cyca	37a0400c22	Standardize apache’s 301 redirect to https, and enable HSTS	il y a 11 ans
Luke Cyca	bdab1cd6b1	Reworked ufw logic to not use change_when keyword because it's not available in a stable ansible release yet	il y a 11 ans
Allen Riddell	5b8ba840a4	workaround ufw bug, call ufw enable twice	il y a 11 ans
Allen Riddell	ae0d1ca8f4	Ignore ufw error resulting from known bug on Debian 7 In order to check the version of the linux distribution we need to set `gather_facts` to True. Closes #73.	il y a 11 ans
Luke Cyca	7043143f90	Improved idempotency and removed ip detection for checkrbl	il y a 11 ans
Allen Riddell	88705bb7fa	Replace ferm with ufw	il y a 11 ans
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	il y a 11 ans
Luke Cyca	c697e135e9	Move NameVirtualHost directives to ports.conf	il y a 11 ans
Alex Payne	f27442b678	move tarsnap to its own role	il y a 11 ans
Luke Cyca	5beacea2d2	Absolute path for tarsnap	il y a 11 ans
Luke Cyca	ca8a371320	Use combined cert for postfix, dovecot, and znc Fix CAcert usage in postfix and dovecot	il y a 11 ans
Alex Payne	65103923ec	Fix typo in firm task name	il y a 11 ans
Luke Cyca	7e2ce80a25	Update apt repo and upgrade safe packages	il y a 11 ans
Luke Cyca	09c8fcb295	Named all tasks and made them idempotent where possible	il y a 11 ans
Luke Cyca	6168cd68d0	Automate encfs setup and name mount point more appropriately	il y a 11 ans
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	il y a 11 ans
Luke Cyca	921cebb41d	Fix invalid service state	il y a 11 ans
Luke Cyca	5920b17609	Remove usergroup because debian adds it by default as the primary group	il y a 11 ans
Henrik Hodne	a844401d7c	tarsnap: Only run cron job once per day. The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.	il y a 11 ans
Alex Payne	080d38986c	first commit	il y a 11 ans

46 Révisions (1d7986fd961e49a54d614c5888ce471d6091101c)