Alex Payne
34e94aa4c2
Merge branch 'master' of github.com:al3x/sovereign
# Conflicts:
# roles/common/tasks/users.yml
9 years ago
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 years ago
Alex Payne
07ead66dda
Merge pull request #354 from jplock/jp-selfoss-wallabag
Integration between selfoss and wallabag (fixes #349 )
9 years ago
Alex Payne
95563f20b3
Merge pull request #356 from neuhaus/encfs_optional
Create main user without "fuse" group, instead add it later
9 years ago
Alex Payne
d1e4340a78
Merge pull request #357 from synchrone/roundcube-mcrypt-fix
Enabling php5-mcrypt for roundcube, as it is not by default
9 years ago
Alex Payne
6265916caa
Merge pull request #358 from synchrone/owncloud-dependencies-fix
fixing a dependency on mailserver, as psycopg and postgres are only installed there
9 years ago
Alex Payne
8023f26d81
Merge pull request #359 from synchrone/apt-closest-mirror
Choosing the closest ubuntu mirror before anything else
9 years ago
Alex Payne
c64f0d9572
Convert README from Textile to Markdown
9 years ago
Alex Payne
250c61d825
Textile syntax, not Markdown.
9 years ago
Alex Payne
090d9705cb
Add note in README about reboots. Addresses #361 .
9 years ago
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 years ago
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 years ago
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 years ago
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 years ago
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 years ago
Justin Plock
941baf72d6
Integration between selfoss and wallabag (fixes #349
9 years ago
Luke Cyca
e995b2f7c2
Merge pull request #342 from mariusv/master
cleaning security.yml
9 years ago
Marius Voila
b13ab39f11
cleaning security.yml
10 years ago
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
10 years ago
Alex Payne
e26940569d
Merge pull request #336 from mariusv/master
fail2ban support for Trusty
10 years ago
Marius Voila
ec69fef60c
removed old template
10 years ago
Marius Voila
2ae2c3683c
removed template and implemented logic
10 years ago
Alex Payne
87e2497fbc
Merge pull request #332 from apsanz/master
Enable UFW only after setting firewall rules
10 years ago
Alex Payne
f7e4b2eb14
Merge pull request #329 from cantsin/selfoss-fix
Install php5-gd dependency for selfoss.
10 years ago
Alex Payne
1c68901438
Merge pull request #325 from neuhaus/patch-3
Postfix: Disable SSLv3 for TLS connections
10 years ago
Alex Payne
4e4c8596d3
Merge pull request #323 from philandstuff/monit-apache-fix
Fix monit monitoring for apache
10 years ago
Alex Payne
ae1cb76f3d
Merge pull request #319 from mikeashley/fixes/roundcube-backport
Update roundcube role to use wheezy backports
10 years ago
fengor
2fd1e1b722
readded google authenticator lines
10 years ago
fengor
224e8cb339
Setting timezone to UTC
10 years ago
Luke Cyca
5d74a065e7
Merge pull request #340 from philandstuff/bump-checkrbl-version
Bump checkrbl version to stop using ahbl
10 years ago
Philip Potter
41243fa3ec
Bump checkrbl version to stop using ahbl
ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
10 years ago
Philip Potter
ca1d595b07
Fix monit monitoring for apache
Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality. Ideas cribbed from [1]. It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.
Open question: does collectd support apache-status? Might it also be
interested in this vhost?
Fixes #299 .
[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus
10 years ago
fengor
39566abb6c
More secure defaults for ssh.
Ciphers, Kex and MAC can be set via defaults.var
10 years ago
Sven Neuhaus
ac59435d6e
exclude SSLv3 for all TLS
to mitigate POODLE vulnerability
10 years ago
Marius Voila
67e1bf0fc3
fail2ban support for Trusty
10 years ago
Marius Voila
e62bd7c71a
fail2ban support for Trusty
10 years ago
Anthony Perez-sanz
cdf9ed07bb
Enable UFW after setting firewall rules
On fresh installs of Debian 7.6, the current order of steps will lock you
out of SSH. This will enable UFW after creating rules for http, https, ssh,
and DNS. Fix comes from @Debugreality in issue #303 :
https://github.com/al3x/sovereign/issues/303
10 years ago
James Tranovich
e04aa23fd3
Install php5-gd dependency for selfoss.
10 years ago
Mike Ashley
0b164bd904
Correct whitespace error
10 years ago
Mike Ashley
963b257edf
Merge pull request #2 from neuhaus/patch-1
Add Ubuntu compatibility to wheezy-backports patch
10 years ago
Sven Neuhaus
925d67988b
Do not add wheezy backports on Ubuntu
10 years ago
Sven Neuhaus
4201f0b182
Update roundcube.yml
10 years ago
Sven Neuhaus
53ede6e37a
roundcube install from wheezy backports or Ubuntu main
Make change to install roundcube from wheezy backports on Debian 7 work with Ubuntu 14.04
10 years ago
Luke Cyca
6d6885a02a
Merge pull request #324 from neuhaus/patch-1
Disable SSLv3 in Dovecot imap server
10 years ago
Luke Cyca
05a37b8c0b
Merge pull request #318 from mikeashley/fixes/autoconfig
Correct SMTP port number in mail autoconfig
10 years ago
Sven Neuhaus
f338b1e15d
Postfix: Disable SSLv2 and SSLv3 for mandatory TLS connections
Postfix: Disable SSLv2 and SSLv3 for 'mandatory SSL' mode connections to completely mitigate the POODLE issue.
10 years ago
Sven Neuhaus
f4177313d7
Disable SSLv3 in Dovecot imap server
Disable SSLv3 in Dovecot imap server to avoid POODLE vulnerability
10 years ago
Alex Payne
c55437d341
Restrict permissions on Postgres backups files. Resolves #322 .
10 years ago
Alex Payne
ea266b73bc
Tarsnap key should be 0600. Resolves #321 .
10 years ago
Mike Ashley
cf5d98c505
Correct SMTP port number
10 years ago