maxbachmann
4f3d1e415f
Update security.yml
5年前
Thomas Buck
8b83bd66b1
Properly setup hostname
5年前
Thomas Buck
5684f3c673
Install fail2ban with IPv6 support from stretch-backports (Debian 9).
5年前
Thomas Buck
72cb7a3d23
letsencrypt cert folder should stay with ssl-cert group
5年前
Thomas Buck
bad2e4f9a1
Add tmux to common programs. Generate german locale. Remove unneeded empty lines.
5年前
Thomas Buck
04ba7ad539
Added Fathom statistics tracker to blog task
5年前
Thomas Buck
4cf67e7aed
Explicitly install postgres-9.6 and fix monit pid-file location for it.
5年前
Thomas Buck
f34c0c827f
Typo in common apache config, file actually ends with .conf
5年前
Thomas Buck
c41cd737fd
Support multiple domains for letsencrypt
5年前
Thomas Buck
1b7628c756
Install ACL so newer ansible versions can properly upload scripts from and for unprivileged users.
5年前
Thomas Buck
c71c6d8559
Use new style of calling apt in ansible
5年前
Thomas Buck
472dd068c2
Remove unneeded testing / vagrant stuff.
5年前
Thomas Buck
31afcaa7b9
Remove encfs and call directory data instead of decrypted
5年前
Thomas Buck
183b80da8d
Remove Google Authenticator / Two-Factor Authentification
5年前
Óscar Nájera
8f0cc14f76
Fix: Ansible uses the value present in apt module state parameter
6年前
Bryan Voss
128b7e63a2
Update for Debian 9
7年前
Ndubisi Nwaku
55770977da
Add group name ssl-cert for SSL certificates
7年前
Aleksandr Bogdanov
cdc0d3fb4e
Fixing encfs shell invocation for ansible 2 compatibility
7年前
Óscar Nájera
0635815b52
Ensure en_US.UTF-8 locale is present
7年前
Wolfgang Steitz
3a42d15850
setup posgres within the common role
Postgres is used by several roles, but the setup is currently part of the 'mailserver' role. By moving it to 'common', it's possible to disable the mailserver without breaking the others.
8年前
Mike Ashley
0e7adf6e3a
Fix bug exposed by commit 264c232b (#572 )
The `private_key` variable used to check for changes was never
registered.
8年前
Simon Schoeters
264c232bbf
Remove duplicate when statement in Let's Encrypt task
While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.
8年前
Dosenpfand
f2c14dd911
Remove unneeded/deprecated apache configuration
8年前
Tomas Bedrich
899f527ca3
Updated LE renewal hook system
8年前
Tomas Bedrich
9786230808
Changed LE-renew cron frequency
8年前
Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
8年前
Carl Meyer
a343509129
No need for letsencrypt.yml to ensure Apache is running.
8年前
Carl Meyer
a5f3ec17c1
Workaround bug with enabling SysV scripts on Jessie.
8年前
Carl Meyer
c3c2cbf096
Don't bounce Apache unless we actually need to.
8年前
Carl Meyer
cc4b3d6fef
Don't request a new LE cert if we have one already.
8年前
Carl Meyer
3009c9d2d3
Fix changed-reporting for LE deps installation.
8年前
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
8年前
Allen Riddell
a77f9b95ad
Replace deprecated sudo_user with become_user
The ``sudo`` and ``sudo_user`` directives are replaced with ``become``
and ``become_user`` in Ansible 1.9.
8年前
Mike Ashley
3d4987c4e2
Use a more descriptive name for cert generation script
8年前
Mike Ashley
a38f4e08d3
Force download of letsencrypt release
The installer automatically updates itself, which registers as a change
in the git repo. To maintain idempotency of the task list, the repo
download must be forced.
8年前
Mike Ashley
5385badd49
Correct bug in SSL cert setup for test environment
8年前
Mike Ashley
bc5bfa4b21
Determine registered subdomains at deploy-time for LE
8年前
Mike Ashley
86048ee397
Update prosody to use LE certs directly
Don't copy the LE certificates. Instead use the ssl-cert group to
manage access to the LE certificates directly. See
https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to
have the LE client do this itself.
8年前
Mike Ashley
1746afcc3a
Arrange automated tests to not use Let's Encrypt
8年前
Mike Ashley
8e1d473027
Use Let's Encrypt for generating site certificates
This method uses Subjective Alternative Names (SANs) to get one
certificate for all the subdomains that Sovereign employs, whether or
not the user configured their site with the roles.
8年前
Mike Ashley
7f46129a4c
Remove use of wildcard certificate
8年前
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
8年前
Mike Ashley
d3abc02f84
Clean up Apache SSL configuration
Avoid using the Include directive. Move most of the SSL configuration
to the global configuration and leave enabling the SSL engine to each
virtual host that wants to use it.
8年前
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
8年前
Dan Milon
829c8491c7
restart apache on SSL changes
9年前
Dan Milon
a5c6f663ce
properly install changed SSL certificate
9年前
Sven Neuhaus
d59c5eff05
Generate 2048 DH group and add it to Postfix
9年前
Dan Milon
2fb7cfa7c9
Add SSL stapling cache for apache
Fixes #406
9年前
Laurent Arnoud
1419c4e26e
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
Conflicts:
roles/common/tasks/main.yml
9年前
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
8年前