sovereign

Author	SHA1	Message	Date
Thomas Buck	8b83bd66b1	Properly setup hostname	5 years ago
Thomas Buck	4ab56bdf6e	Added gitea	5 years ago
Thomas Buck	bad2e4f9a1	Add tmux to common programs. Generate german locale. Remove unneeded empty lines.	5 years ago
Brett Haines	eddcdd7993	Updating fail2ban jail list	6 years ago
Tomas Bedrich	3efc7ae54e	Allowed SSH agent forwarding when using sudo	7 years ago
Tomas Bedrich	7a399d45ca	Fix SSH connections to Github	8 years ago
Dosenpfand	f2c14dd911	Remove unneeded/deprecated apache configuration	8 years ago
Carl Meyer	60855eda70	Fix typo in fail2ban config for dovecot.	8 years ago
Mike Ashley	4a33ebecdc	Add non-interactive to LE client options Depending on when the client is run, there are no certificates to update. By default, the client runs in interactive mode and wants to notify the user of this. This causes Ansible to hang waiting for an acknowledgement that will never come. Adding the non-interactive flag fixes this.	8 years ago
Carl Meyer	b93deb9411	Remove stray + prefix in sudoers file.	8 years ago
Mike Ashley	2ad6f78e45	Address incomplete chain error Fix Apache's configuration for version 2.4.8 and above. See https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903	8 years ago
Mike Ashley	7bb523950e	Draft design description for Let's Encrypt support	8 years ago
Mike Ashley	8e1d473027	Use Let's Encrypt for generating site certificates This method uses Subjective Alternative Names (SANs) to get one certificate for all the subdomains that Sovereign employs, whether or not the user configured their site with the roles.	8 years ago
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	8 years ago
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	8 years ago
fengor	e63661f982	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	8 years ago
fengor	b368984641	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	8 years ago
Alex Payne	290a3b4312	Remove wheezy-specific Apache SSL config omission	8 years ago
Will McCutchen	1be1afe1ff	Disable SSL stapling on wheezy	9 years ago
Will McCutchen	16b66cc849	Define apache SSL config in one place	9 years ago
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	9 years ago
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	9 years ago
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	9 years ago
Marius Voila	ec69fef60c	removed old template	9 years ago
Marius Voila	2ae2c3683c	removed template and implemented logic	9 years ago
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	9 years ago
Marius Voila	67e1bf0fc3	fail2ban support for Trusty	9 years ago
Marius Voila	e62bd7c71a	fail2ban support for Trusty	9 years ago
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 years ago
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 years ago
Joost Baaij	ae2e74bb79	make NTP pool configurable use the world-wide pool by default, but specify north-america in user.yml. Also, documentation. This way Sovereign will still behave the same, but the NTP servers can be changed when desired.	10 years ago
Joost Baaij	715399a2f1	added pop3s and imaps ports to fail2ban. Otherwise only pop and imap (un-secured) are blocked. Which we don't use.	10 years ago
Mark Paschal	10aff54015	Only ban in response to fail2ban results Don't mail them individually to the destemail. The destemail setting is thus no longer used, but let's set it anyway to be clear where it will mail if you change the action back.	10 years ago
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	10 years ago
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	10 years ago
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	10 years ago
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	10 years ago
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	10 years ago
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	10 years ago
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	10 years ago
Alex Payne	080d38986c	first commit	10 years ago

44 Commits (8b83bd66b126a24f2f700af8f1ce05e4a06faa64)