Sven Neuhaus
9a4d253d3e
Use available gitolite3 package on Ubuntu trusty
10 years ago
Gelnior
7995bac36c
put back enc.fs (removed by mistake)
10 years ago
Gelnior
bd57edd5a5
newebe config: fix Newebe config file task
10 years ago
Gelnior
e4021dda88
newebe config: use template instead of file
+ make lines < 80 chars
10 years ago
Gelnior
89b6a8d7a4
turn newebe config.yaml into a template
10 years ago
Gelnior
5a30943955
add newebe playbooks and config files/templates
10 years ago
Justin Plock
1d7986fd96
Enable UFW and deny everything by default
Removed unused status checks on UFW
10 years ago
Justin Plock
ea0b288818
Moved ufw firewall rules into individual roles
10 years ago
Thom Wiggers
6312286b64
Remove ahbl as it's being winded down
http://ahbl.org/content/changes-ahbl
Fixes #232
10 years ago
Alban Seurat
c22d179e83
cgit dependency missing
10 years ago
Justin Plock
d1073d042d
Added read-it-later functionality from Wallabag
10 years ago
Norman S.
53010bed89
fixes #156
fixes #156 by adding the -L flag, as suggested by @ventolin
10 years ago
Alex Dunae
b44972ab87
Only install Tarsnap when version is missing
Checks if the exact version of Tarsnap is already installed and, if so,
skips the download and build steps.
10 years ago
Justin Plock
79fd923668
Initial work to support wallabag
10 years ago
Mike Hostetler
8ec36ca875
add cgi module for cgit
10 years ago
Thom Wiggers
8578f49e21
Make sure that only ZNC can read its certificate
To bring this certificate in line with how those in ssl.yml are managed.
10 years ago
Joshua Lund
64883159e9
* Update OpenVPN role to generate self-contained "unified" .ovpn
profiles
* The role now generates .ovpn profiles with embedded CA, certificate,
key, and HMAC firewall key information. These .ovpn profiles are
compatible with OpenVPN for iOS and Android, and only a single file
needs to be transferred to your mobile device.
* Added explicit route information to the .ovpn profile
10 years ago
Justin Plock
ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead
10 years ago
Justin Plock
921ae6957e
Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)
10 years ago
Justin Plock
e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.
10 years ago
Justin Plock
408d83341f
Add a 2FA plugin for Roundcube (fixes #201 )
10 years ago
Justin Plock
2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token
10 years ago
Justin Plock
c037dce07a
Clarified parameters are bit in a comment
10 years ago
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
10 years ago
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
10 years ago
Justin Plock
89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
10 years ago
Norman S.
b1092e800b
changed from 52 to 5 versions.
10 years ago
Larry Fox
092cb287e0
add gitolite and some cgit settings
10 years ago
Larry Fox
158503b6ca
add cgit
10 years ago
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
10 years ago
Norman S.
d8153552b8
add logrotate task
10 years ago
Norman S.
a6889500b6
add logrotate task
10 years ago
Justin Plock
8928993772
The group and mode of debian-db.php need to be readable by apache
10 years ago
Justin Plock
00b263608e
Properly generate a PHP /etc/roundcube/debian-db.php file
10 years ago
Justin Plock
c3b1362e78
Ignore carddav database errors
10 years ago
Justin Plock
1bd900bfae
Properly set the roundcube database password
10 years ago
Justin Plock
057a8c8872
Properly reconfigure the roundcube database and import the carddav tables
10 years ago
Justin Plock
bd9b22f603
Import carddav database schema. I'm unable to run this against the vagrant VM as the webmail_db_password seems to be automatically generated.
10 years ago
Justin Plock
d19e9a7d73
Move tarsnap.key from /root to /decrypted and don't overwrite it if one already exists (fixes #15 )
10 years ago
Justin Plock
d3499da52e
Safer symlink creation and downloaded file removal
10 years ago
Justin Plock
876b81a1a7
Install the carddav plugin so owncloud contacts can be used (fixes #154 )
10 years ago
James Ravn
e3825cf6dd
Revert "Redirects naked domain to www"
This reverts commit 703d356492 .
10 years ago
Bryan Swift
9194c5fe55
Fix URL of z-push download
10 years ago
James Ravn
aa404cd642
Fixes z-push download
10 years ago
James Ravn
3f45b1bee4
Uses monit to stop/start postgres for tarsnap
10 years ago
James Ravn
146c587644
Stops postgresql for tarsnap backup
Data loss will occur if backing up postgresql while it runs. A simple
fix is to stop it during the backup. I've moved the backup to early
morning to reduce possible downtime.
A better approach would be to use pg_dump.
10 years ago
James Ravn
6ec6a6d03f
Uses global roundcube sieve configuration option
The previous behaviour relied on managesieve copying over the
.dovecot.sieve file into the user's directory. I found this to be
particularly fragile. For instance, re-deploying roundcube without
dovecot could overwrite the .dovecot.sieve symlink and break
managesieve.
A better approach is to use the global sieve configuration that
roundcube provides and not mess with dovecot's files directly.
10 years ago
James Ravn
703d356492
Redirects naked domain to www
Properly behaving websites should 301 redirect the naked domain.
10 years ago
James Ravn
46eabbedd7
Limits z-push sync to 3 months
This prevents timeouts when trying to sync very large mailboxes. By
default, z-push attempts to get headers for all messages in a folder.
10 years ago
Allen Riddell
9a6cbcd925
Quote password substitution (may contain spaces)
10 years ago