Benjamin Reitzammer
d957760697
Making main user's shell configurable
il y a 11 ans
Justin Plock
3b0308d69e
Allow both TCP and UDP port 53 for DNS lookups through OpenVPN
il y a 11 ans
Joost Baaij
4837d2e87a
extract NTP logic
il y a 11 ans
Joost Baaij
2033c37982
Enabled unattended-upgrades
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
il y a 11 ans
Joost Baaij
335cef5c9f
Enabled POP3S for old-timeys who dig that
added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests
il y a 11 ans
Joshua Lund
4ed07a1e0a
* Made the OpenVPN port and protocol (tcp/udp) configurable
* Added 'cipher' and 'auth' lines to the generated client configs
il y a 11 ans
Luke Cyca
4bc4cebf41
Explicit permissions for all cert files
il y a 11 ans
Luke Cyca
76d52b63f3
XMPP cert handling improvements, ufw rules, and tests
il y a 11 ans
Alex Payne
f7f7157cec
more updated variable formatting and accommodation of the YAML parser being a fussbudget
il y a 11 ans
Alex Payne
34d7595c0b
ensure we can install from third-party repos across playbooks
il y a 11 ans
Alex Payne
d28f0f82b9
move to non-deprecated template variable formatting
il y a 11 ans
Luke Cyca
2f145ce543
Two small apache-related fixes
il y a 11 ans
Luke Cyca
37a0400c22
Standardize apache’s 301 redirect to https, and enable HSTS
il y a 11 ans
Luke Cyca
bdab1cd6b1
Reworked ufw logic to not use change_when keyword
because it's not available in a stable ansible release yet
il y a 11 ans
Allen Riddell
5b8ba840a4
workaround ufw bug, call ufw enable twice
il y a 11 ans
Allen Riddell
ae0d1ca8f4
Ignore ufw error resulting from known bug on Debian 7
In order to check the version of the linux distribution we need to
set `gather_facts` to True.
Closes #73 .
il y a 11 ans
Luke Cyca
7043143f90
Improved idempotency and removed ip detection for checkrbl
il y a 11 ans
Allen Riddell
88705bb7fa
Replace ferm with ufw
il y a 11 ans
Bertrand Cachet
373cb4584b
add(apticron): configure email
Apticron is configured to send email to {{ admin_email }}
il y a 11 ans
Luke Cyca
c697e135e9
Move NameVirtualHost directives to ports.conf
il y a 11 ans
Alex Payne
f27442b678
move tarsnap to its own role
il y a 11 ans
Luke Cyca
5beacea2d2
Absolute path for tarsnap
il y a 11 ans
Luke Cyca
ca8a371320
Use combined cert for postfix, dovecot, and znc
Fix CAcert usage in postfix and dovecot
il y a 11 ans
Alex Payne
65103923ec
Fix typo in firm task name
il y a 11 ans
Luke Cyca
7e2ce80a25
Update apt repo and upgrade safe packages
il y a 11 ans
Luke Cyca
09c8fcb295
Named all tasks and made them idempotent where possible
il y a 11 ans
Luke Cyca
6168cd68d0
Automate encfs setup and name mount point more appropriately
il y a 11 ans
Luke Cyca
12d42ad38a
Configure sshd_config to disable PermitRootLogin and PasswordAuthentication
il y a 11 ans
Luke Cyca
921cebb41d
Fix invalid service state
il y a 11 ans
Luke Cyca
5920b17609
Remove usergroup because debian adds it by default as the primary group
il y a 11 ans
Henrik Hodne
a844401d7c
tarsnap: Only run cron job once per day.
The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.
il y a 11 ans
Alex Payne
080d38986c
first commit
il y a 11 ans