Lorenzo Villani
e7703d0d9c
Add support for Apache 2.4 on Ubuntu 14.04
10 년 전
Lorenzo Villani
e2e61a2f76
Install 'fuse' instead of 'fuse-utils'
The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a
transitional package on both Debian 7 and Ubuntu 12.04 that installs the
'fuse' package.
Since Debian 7 is the officially supported distribution we can safely
switch to install 'fuse' instead of 'fuse-utils' and we also gain
compatibility with Ubuntu 14.04.
10 년 전
Sven Neuhaus
63ba754eb7
libpam-google-authenticator uses distribution package on Ubuntu 14.04
10 년 전
Gelnior
7995bac36c
put back enc.fs (removed by mistake)
10 년 전
Gelnior
bd57edd5a5
newebe config: fix Newebe config file task
10 년 전
Justin Plock
1d7986fd96
Enable UFW and deny everything by default
Removed unused status checks on UFW
10 년 전
Justin Plock
ea0b288818
Moved ufw firewall rules into individual roles
10 년 전
Justin Plock
ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead
10 년 전
Justin Plock
e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.
10 년 전
Justin Plock
2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token
10 년 전
Justin Plock
c037dce07a
Clarified parameters are bit in a comment
10 년 전
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
10 년 전
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
10 년 전
Justin Plock
89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
10 년 전
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
10 년 전
Benjamin Reitzammer
d957760697
Making main user's shell configurable
10 년 전
Justin Plock
3b0308d69e
Allow both TCP and UDP port 53 for DNS lookups through OpenVPN
10 년 전
Joost Baaij
4837d2e87a
extract NTP logic
11 년 전
Joost Baaij
2033c37982
Enabled unattended-upgrades
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
11 년 전
Joost Baaij
335cef5c9f
Enabled POP3S for old-timeys who dig that
added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests
11 년 전
Joshua Lund
4ed07a1e0a
* Made the OpenVPN port and protocol (tcp/udp) configurable
* Added 'cipher' and 'auth' lines to the generated client configs
11 년 전
Luke Cyca
4bc4cebf41
Explicit permissions for all cert files
11 년 전
Luke Cyca
76d52b63f3
XMPP cert handling improvements, ufw rules, and tests
11 년 전
Alex Payne
f7f7157cec
more updated variable formatting and accommodation of the YAML parser being a fussbudget
11 년 전
Alex Payne
34d7595c0b
ensure we can install from third-party repos across playbooks
11 년 전
Alex Payne
d28f0f82b9
move to non-deprecated template variable formatting
11 년 전
Luke Cyca
2f145ce543
Two small apache-related fixes
11 년 전
Luke Cyca
37a0400c22
Standardize apache’s 301 redirect to https, and enable HSTS
11 년 전
Luke Cyca
bdab1cd6b1
Reworked ufw logic to not use change_when keyword
because it's not available in a stable ansible release yet
11 년 전
Allen Riddell
5b8ba840a4
workaround ufw bug, call ufw enable twice
11 년 전
Allen Riddell
ae0d1ca8f4
Ignore ufw error resulting from known bug on Debian 7
In order to check the version of the linux distribution we need to
set `gather_facts` to True.
Closes #73 .
11 년 전
Luke Cyca
7043143f90
Improved idempotency and removed ip detection for checkrbl
11 년 전
Allen Riddell
88705bb7fa
Replace ferm with ufw
11 년 전
Bertrand Cachet
373cb4584b
add(apticron): configure email
Apticron is configured to send email to {{ admin_email }}
11 년 전
Luke Cyca
c697e135e9
Move NameVirtualHost directives to ports.conf
11 년 전
Alex Payne
f27442b678
move tarsnap to its own role
11 년 전
Luke Cyca
5beacea2d2
Absolute path for tarsnap
11 년 전
Luke Cyca
ca8a371320
Use combined cert for postfix, dovecot, and znc
Fix CAcert usage in postfix and dovecot
11 년 전
Alex Payne
65103923ec
Fix typo in firm task name
11 년 전
Luke Cyca
7e2ce80a25
Update apt repo and upgrade safe packages
11 년 전
Luke Cyca
09c8fcb295
Named all tasks and made them idempotent where possible
11 년 전
Luke Cyca
6168cd68d0
Automate encfs setup and name mount point more appropriately
11 년 전
Luke Cyca
12d42ad38a
Configure sshd_config to disable PermitRootLogin and PasswordAuthentication
11 년 전
Luke Cyca
921cebb41d
Fix invalid service state
11 년 전
Luke Cyca
5920b17609
Remove usergroup because debian adds it by default as the primary group
11 년 전
Henrik Hodne
a844401d7c
tarsnap: Only run cron job once per day.
The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.
11 년 전
Alex Payne
080d38986c
first commit
11 년 전