Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8 vuotta sitten
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8 vuotta sitten
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8 vuotta sitten
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8 vuotta sitten
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8 vuotta sitten
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8 vuotta sitten
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8 vuotta sitten
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8 vuotta sitten
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8 vuotta sitten
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8 vuotta sitten
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8 vuotta sitten
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8 vuotta sitten
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8 vuotta sitten
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8 vuotta sitten
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8 vuotta sitten
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8 vuotta sitten
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
8 vuotta sitten
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
8 vuotta sitten
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
8 vuotta sitten
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8 vuotta sitten
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8 vuotta sitten
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
8 vuotta sitten
Dan Milon
829c8491c7
restart apache on SSL changes
9 vuotta sitten
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9 vuotta sitten
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
8 vuotta sitten
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9 vuotta sitten
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9 vuotta sitten
Alex Payne
0579cf1ba9
Use same Apache server name configuration across distros
9 vuotta sitten
Alex Payne
474c1d5f92
No longer need `fuse` group in Jessie.
9 vuotta sitten
Alex Payne
6906412f63
Remove wheezy-specific ufw task.
9 vuotta sitten
Alex Payne
6d1eebb9d2
Use Ansible task names, not comments.
9 vuotta sitten
Alex Payne
c9b32cd2e2
Same Google auth install should work for both Jessie and Trusty.
Move Apache task to their own file.
9 vuotta sitten
Alex Payne
006f8e9b82
Just plain Ruby
9 vuotta sitten
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
9 vuotta sitten
Laurent Arnoud
311fae7e11
Trailing whitespace
9 vuotta sitten
Laurent Arnoud
3b8f15b745
Added whois for fail2ban report
Report will print: "missing whois program"
9 vuotta sitten
Will McCutchen
16b66cc849
Define apache SSL config in one place
9 vuotta sitten
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
9 vuotta sitten
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
9 vuotta sitten
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 vuotta sitten
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 vuotta sitten
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 vuotta sitten
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
9 vuotta sitten
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 vuotta sitten
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 vuotta sitten
Marius Voila
b13ab39f11
cleaning security.yml
9 vuotta sitten
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
9 vuotta sitten
fengor
2fd1e1b722
readded google authenticator lines
9 vuotta sitten
fengor
224e8cb339
Setting timezone to UTC
9 vuotta sitten
fengor
39566abb6c
More secure defaults for ssh.
Ciphers, Kex and MAC can be set via defaults.var
9 vuotta sitten