Sven Neuhaus
9a4d253d3e
Use available gitolite3 package on Ubuntu trusty
пре 10 година
Gelnior
7995bac36c
put back enc.fs (removed by mistake)
пре 10 година
Gelnior
bd57edd5a5
newebe config: fix Newebe config file task
пре 10 година
Gelnior
e4021dda88
newebe config: use template instead of file
+ make lines < 80 chars
пре 10 година
Gelnior
89b6a8d7a4
turn newebe config.yaml into a template
пре 10 година
Gelnior
5a30943955
add newebe playbooks and config files/templates
пре 10 година
Justin Plock
1d7986fd96
Enable UFW and deny everything by default
Removed unused status checks on UFW
пре 10 година
Justin Plock
ea0b288818
Moved ufw firewall rules into individual roles
пре 10 година
Thom Wiggers
6312286b64
Remove ahbl as it's being winded down
http://ahbl.org/content/changes-ahbl
Fixes #232
пре 10 година
Alban Seurat
c22d179e83
cgit dependency missing
пре 10 година
Justin Plock
d1073d042d
Added read-it-later functionality from Wallabag
пре 10 година
Norman S.
53010bed89
fixes #156
fixes #156 by adding the -L flag, as suggested by @ventolin
пре 10 година
Alex Dunae
b44972ab87
Only install Tarsnap when version is missing
Checks if the exact version of Tarsnap is already installed and, if so,
skips the download and build steps.
пре 10 година
Justin Plock
79fd923668
Initial work to support wallabag
пре 10 година
Mike Hostetler
8ec36ca875
add cgi module for cgit
пре 10 година
Thom Wiggers
8578f49e21
Make sure that only ZNC can read its certificate
To bring this certificate in line with how those in ssl.yml are managed.
пре 10 година
Joshua Lund
64883159e9
* Update OpenVPN role to generate self-contained "unified" .ovpn
profiles
* The role now generates .ovpn profiles with embedded CA, certificate,
key, and HMAC firewall key information. These .ovpn profiles are
compatible with OpenVPN for iOS and Android, and only a single file
needs to be transferred to your mobile device.
* Added explicit route information to the .ovpn profile
пре 10 година
Justin Plock
ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead
пре 10 година
Justin Plock
921ae6957e
Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)
пре 10 година
Justin Plock
e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.
пре 10 година
Justin Plock
408d83341f
Add a 2FA plugin for Roundcube (fixes #201 )
пре 10 година
Justin Plock
2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token
пре 10 година
Justin Plock
c037dce07a
Clarified parameters are bit in a comment
пре 10 година
Justin Plock
22a8717f6d
Automatically generate the Google authenticator file for the default user
пре 10 година
Justin Plock
84c9febec7
Added Google Authenticator 2FA logins
пре 10 година
Justin Plock
89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.
пре 10 година
Norman S.
b1092e800b
changed from 52 to 5 versions.
пре 10 година
Larry Fox
092cb287e0
add gitolite and some cgit settings
пре 10 година
Larry Fox
158503b6ca
add cgit
пре 10 година
Justin Plock
9f918363b9
Set a ServerName for apache (fixes #187 )
пре 10 година
Norman S.
d8153552b8
add logrotate task
пре 10 година
Norman S.
a6889500b6
add logrotate task
пре 10 година
Justin Plock
8928993772
The group and mode of debian-db.php need to be readable by apache
пре 10 година
Justin Plock
00b263608e
Properly generate a PHP /etc/roundcube/debian-db.php file
пре 10 година
Justin Plock
c3b1362e78
Ignore carddav database errors
пре 10 година
Justin Plock
1bd900bfae
Properly set the roundcube database password
пре 10 година
Justin Plock
057a8c8872
Properly reconfigure the roundcube database and import the carddav tables
пре 10 година
Justin Plock
bd9b22f603
Import carddav database schema. I'm unable to run this against the vagrant VM as the webmail_db_password seems to be automatically generated.
пре 10 година
Justin Plock
d19e9a7d73
Move tarsnap.key from /root to /decrypted and don't overwrite it if one already exists (fixes #15 )
пре 10 година
Justin Plock
d3499da52e
Safer symlink creation and downloaded file removal
пре 10 година
Justin Plock
876b81a1a7
Install the carddav plugin so owncloud contacts can be used (fixes #154 )
пре 10 година
James Ravn
e3825cf6dd
Revert "Redirects naked domain to www"
This reverts commit 703d356492 .
пре 10 година
Bryan Swift
9194c5fe55
Fix URL of z-push download
пре 10 година
James Ravn
aa404cd642
Fixes z-push download
пре 10 година
James Ravn
3f45b1bee4
Uses monit to stop/start postgres for tarsnap
пре 10 година
James Ravn
146c587644
Stops postgresql for tarsnap backup
Data loss will occur if backing up postgresql while it runs. A simple
fix is to stop it during the backup. I've moved the backup to early
morning to reduce possible downtime.
A better approach would be to use pg_dump.
пре 10 година
James Ravn
6ec6a6d03f
Uses global roundcube sieve configuration option
The previous behaviour relied on managesieve copying over the
.dovecot.sieve file into the user's directory. I found this to be
particularly fragile. For instance, re-deploying roundcube without
dovecot could overwrite the .dovecot.sieve symlink and break
managesieve.
A better approach is to use the global sieve configuration that
roundcube provides and not mess with dovecot's files directly.
пре 10 година
James Ravn
703d356492
Redirects naked domain to www
Properly behaving websites should 301 redirect the naked domain.
пре 10 година
James Ravn
46eabbedd7
Limits z-push sync to 3 months
This prevents timeouts when trying to sync very large mailboxes. By
default, z-push attempts to get headers for all messages in a folder.
пре 10 година
Allen Riddell
9a6cbcd925
Quote password substitution (may contain spaces)
пре 10 година