Lorenzo Villani
e7703d0d9c
Add support for Apache 2.4 on Ubuntu 14.04
10 jaren geleden
Lorenzo Villani
e2e61a2f76
Install 'fuse' instead of 'fuse-utils'
The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a
transitional package on both Debian 7 and Ubuntu 12.04 that installs the
'fuse' package.
Since Debian 7 is the officially supported distribution we can safely
switch to install 'fuse' instead of 'fuse-utils' and we also gain
compatibility with Ubuntu 14.04.
10 jaren geleden
Sven Neuhaus
63ba754eb7
libpam-google-authenticator uses distribution package on Ubuntu 14.04
10 jaren geleden
Gelnior
7995bac36c
put back enc.fs (removed by mistake)
10 jaren geleden
Gelnior
bd57edd5a5
newebe config: fix Newebe config file task
10 jaren geleden
Justin Plock
1d7986fd96
Enable UFW and deny everything by default
Removed unused status checks on UFW
10 jaren geleden
Justin Plock
ea0b288818
Moved ufw firewall rules into individual roles
10 jaren geleden
Justin Plock
ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead
10 jaren geleden
Justin Plock
e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.
10 jaren geleden
Justin Plock
2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token
10 jaren geleden
Justin Plock
c037dce07a
Clarified parameters are bit in a comment
10 jaren geleden
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
10 jaren geleden
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
10 jaren geleden
Justin Plock
89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
10 jaren geleden
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
10 jaren geleden
Benjamin Reitzammer
d957760697
Making main user's shell configurable
10 jaren geleden
Justin Plock
3b0308d69e
Allow both TCP and UDP port 53 for DNS lookups through OpenVPN
11 jaren geleden
Joost Baaij
4837d2e87a
extract NTP logic
11 jaren geleden
Joost Baaij
2033c37982
Enabled unattended-upgrades
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
11 jaren geleden
Joost Baaij
335cef5c9f
Enabled POP3S for old-timeys who dig that
added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests
11 jaren geleden
Joshua Lund
4ed07a1e0a
* Made the OpenVPN port and protocol (tcp/udp) configurable
* Added 'cipher' and 'auth' lines to the generated client configs
11 jaren geleden
Luke Cyca
4bc4cebf41
Explicit permissions for all cert files
11 jaren geleden
Luke Cyca
76d52b63f3
XMPP cert handling improvements, ufw rules, and tests
11 jaren geleden
Alex Payne
f7f7157cec
more updated variable formatting and accommodation of the YAML parser being a fussbudget
11 jaren geleden
Alex Payne
34d7595c0b
ensure we can install from third-party repos across playbooks
11 jaren geleden
Alex Payne
d28f0f82b9
move to non-deprecated template variable formatting
11 jaren geleden
Luke Cyca
2f145ce543
Two small apache-related fixes
11 jaren geleden
Luke Cyca
37a0400c22
Standardize apache’s 301 redirect to https, and enable HSTS
11 jaren geleden
Luke Cyca
bdab1cd6b1
Reworked ufw logic to not use change_when keyword
because it's not available in a stable ansible release yet
11 jaren geleden
Allen Riddell
5b8ba840a4
workaround ufw bug, call ufw enable twice
11 jaren geleden
Allen Riddell
ae0d1ca8f4
Ignore ufw error resulting from known bug on Debian 7
In order to check the version of the linux distribution we need to
set `gather_facts` to True.
Closes #73 .
11 jaren geleden
Luke Cyca
7043143f90
Improved idempotency and removed ip detection for checkrbl
11 jaren geleden
Allen Riddell
88705bb7fa
Replace ferm with ufw
11 jaren geleden
Bertrand Cachet
373cb4584b
add(apticron): configure email
Apticron is configured to send email to {{ admin_email }}
11 jaren geleden
Luke Cyca
c697e135e9
Move NameVirtualHost directives to ports.conf
11 jaren geleden
Alex Payne
f27442b678
move tarsnap to its own role
11 jaren geleden
Luke Cyca
5beacea2d2
Absolute path for tarsnap
11 jaren geleden
Luke Cyca
ca8a371320
Use combined cert for postfix, dovecot, and znc
Fix CAcert usage in postfix and dovecot
11 jaren geleden
Alex Payne
65103923ec
Fix typo in firm task name
11 jaren geleden
Luke Cyca
7e2ce80a25
Update apt repo and upgrade safe packages
11 jaren geleden
Luke Cyca
09c8fcb295
Named all tasks and made them idempotent where possible
11 jaren geleden
Luke Cyca
6168cd68d0
Automate encfs setup and name mount point more appropriately
11 jaren geleden
Luke Cyca
12d42ad38a
Configure sshd_config to disable PermitRootLogin and PasswordAuthentication
11 jaren geleden
Luke Cyca
921cebb41d
Fix invalid service state
11 jaren geleden
Luke Cyca
5920b17609
Remove usergroup because debian adds it by default as the primary group
11 jaren geleden
Henrik Hodne
a844401d7c
tarsnap: Only run cron job once per day.
The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.
11 jaren geleden
Alex Payne
080d38986c
first commit
11 jaren geleden