sovereign

Commit graph

Autor	SHA1	Nachricht	Datum
Luke Cyca	4bc4cebf41	Explicit permissions for all cert files	vor 11 Jahren
Luke Cyca	76d52b63f3	XMPP cert handling improvements, ufw rules, and tests	vor 11 Jahren
Alex Payne	f7f7157cec	more updated variable formatting and accommodation of the YAML parser being a fussbudget	vor 11 Jahren
Alex Payne	34d7595c0b	ensure we can install from third-party repos across playbooks	vor 11 Jahren
Alex Payne	d28f0f82b9	move to non-deprecated template variable formatting	vor 11 Jahren
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	vor 11 Jahren
Luke Cyca	2f145ce543	Two small apache-related fixes	vor 11 Jahren
Luke Cyca	08d6827755	New vagrant-based development environment	vor 11 Jahren
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	vor 11 Jahren
Luke Cyca	37a0400c22	Standardize apache’s 301 redirect to https, and enable HSTS	vor 11 Jahren
Luke Cyca	bdab1cd6b1	Reworked ufw logic to not use change_when keyword because it's not available in a stable ansible release yet	vor 11 Jahren
Allen Riddell	5b8ba840a4	workaround ufw bug, call ufw enable twice	vor 11 Jahren
Allen Riddell	ae0d1ca8f4	Ignore ufw error resulting from known bug on Debian 7 In order to check the version of the linux distribution we need to set `gather_facts` to True. Closes #73.	vor 11 Jahren
Luke Cyca	7043143f90	Improved idempotency and removed ip detection for checkrbl	vor 11 Jahren
Allen Riddell	88705bb7fa	Replace ferm with ufw	vor 11 Jahren
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	vor 11 Jahren
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	vor 11 Jahren
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	vor 11 Jahren
Alex Payne	a9cabad947	Update etc_ferm_ferm.conf	vor 11 Jahren
Allen Riddell	580e3ef5c1	Don't open unused ports Sovereign does not currently use jabber/xmpp or insecure smtp.	vor 11 Jahren
Greg Karékinian	58dddc55d1	Remove variables from roles Refs #39	vor 11 Jahren
Luke Cyca	c697e135e9	Move NameVirtualHost directives to ports.conf	vor 11 Jahren
Alex Payne	f27442b678	move tarsnap to its own role	vor 11 Jahren
Luke Cyca	5beacea2d2	Absolute path for tarsnap	vor 11 Jahren
Luke Cyca	ca8a371320	Use combined cert for postfix, dovecot, and znc Fix CAcert usage in postfix and dovecot	vor 11 Jahren
Alex Payne	65103923ec	Fix typo in firm task name	vor 11 Jahren
Luke Cyca	7e2ce80a25	Update apt repo and upgrade safe packages	vor 11 Jahren
Luke Cyca	cf9d8350dd	Fix ssh handler typo	vor 11 Jahren
Luke Cyca	09c8fcb295	Named all tasks and made them idempotent where possible	vor 11 Jahren
Luke Cyca	6168cd68d0	Automate encfs setup and name mount point more appropriately	vor 11 Jahren
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	vor 11 Jahren
Luke Cyca	921cebb41d	Fix invalid service state	vor 11 Jahren
Luke Cyca	5920b17609	Remove usergroup because debian adds it by default as the primary group	vor 11 Jahren
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	vor 11 Jahren
Henrik Hodne	a844401d7c	tarsnap: Only run cron job once per day. The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.	vor 11 Jahren
Alex Payne	080d38986c	first commit	vor 11 Jahren

39 Commits (310d28ef39acc0f643a4e320ee874db7b37f3f2f)