Alex Payne
0ccfb6dfb0
Merge pull request #376 from spk/common-packages-safety
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 years ago
Alex Payne
5f192bd5bb
Merge pull request #372 from neuhaus/patch-1
Dovecot: Fix for logjam attack
9 years ago
Alex Payne
27cc1a5ff0
Merge pull request #371 from Reprazent/bvl-newebe-tag
Add a tag for newebe, so it can be installed separately
9 years ago
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 years ago
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 years ago
Alex Payne
ae1e6c64f0
Merge pull request #366 from poops/master
adds deploy user to sudoers
9 years ago
brandon paolin
b96b9e6c80
adds deploy user to sudoers
9 years ago
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 years ago
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 years ago
Alex Payne
3eff916b3e
Further document what to do on reboot.
Addresses #361 .
9 years ago
Alex Payne
3ff928c762
Merge pull request #339 from fengor/master
More secure defaults for ssh.
9 years ago
Alex Payne
34e94aa4c2
Merge branch 'master' of github.com:al3x/sovereign
# Conflicts:
# roles/common/tasks/users.yml
9 years ago
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 years ago
Alex Payne
07ead66dda
Merge pull request #354 from jplock/jp-selfoss-wallabag
Integration between selfoss and wallabag (fixes #349 )
9 years ago
Alex Payne
95563f20b3
Merge pull request #356 from neuhaus/encfs_optional
Create main user without "fuse" group, instead add it later
9 years ago
Alex Payne
d1e4340a78
Merge pull request #357 from synchrone/roundcube-mcrypt-fix
Enabling php5-mcrypt for roundcube, as it is not by default
9 years ago
Alex Payne
6265916caa
Merge pull request #358 from synchrone/owncloud-dependencies-fix
fixing a dependency on mailserver, as psycopg and postgres are only installed there
9 years ago
Alex Payne
8023f26d81
Merge pull request #359 from synchrone/apt-closest-mirror
Choosing the closest ubuntu mirror before anything else
9 years ago
Alex Payne
c64f0d9572
Convert README from Textile to Markdown
9 years ago
Alex Payne
250c61d825
Textile syntax, not Markdown.
9 years ago
Alex Payne
090d9705cb
Add note in README about reboots. Addresses #361 .
9 years ago
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 years ago
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 years ago
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 years ago
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 years ago
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 years ago
Justin Plock
941baf72d6
Integration between selfoss and wallabag (fixes #349
9 years ago
Luke Cyca
e995b2f7c2
Merge pull request #342 from mariusv/master
cleaning security.yml
10 years ago
Marius Voila
b13ab39f11
cleaning security.yml
10 years ago
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
10 years ago
Alex Payne
e26940569d
Merge pull request #336 from mariusv/master
fail2ban support for Trusty
10 years ago
Marius Voila
ec69fef60c
removed old template
10 years ago
Marius Voila
2ae2c3683c
removed template and implemented logic
10 years ago
Alex Payne
87e2497fbc
Merge pull request #332 from apsanz/master
Enable UFW only after setting firewall rules
10 years ago
Alex Payne
f7e4b2eb14
Merge pull request #329 from cantsin/selfoss-fix
Install php5-gd dependency for selfoss.
10 years ago
Alex Payne
1c68901438
Merge pull request #325 from neuhaus/patch-3
Postfix: Disable SSLv3 for TLS connections
10 years ago
Alex Payne
4e4c8596d3
Merge pull request #323 from philandstuff/monit-apache-fix
Fix monit monitoring for apache
10 years ago
Alex Payne
ae1cb76f3d
Merge pull request #319 from mikeashley/fixes/roundcube-backport
Update roundcube role to use wheezy backports
10 years ago
fengor
2fd1e1b722
readded google authenticator lines
10 years ago
fengor
224e8cb339
Setting timezone to UTC
10 years ago
Luke Cyca
5d74a065e7
Merge pull request #340 from philandstuff/bump-checkrbl-version
Bump checkrbl version to stop using ahbl
10 years ago
Philip Potter
41243fa3ec
Bump checkrbl version to stop using ahbl
ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
10 years ago
Philip Potter
ca1d595b07
Fix monit monitoring for apache
Add a status vhost to apache, so that monit's http monitoring will work.
It doesn't particularly matter to the monit check what this vhost does
as long as it returns 200, but I thought it would be nice to use
apache's builtin status functionality. Ideas cribbed from [1]. It
might also be possible to use monit's apache-status functionality to
alert on more sophisticated criteria, but this will do for now.
Open question: does collectd support apache-status? Might it also be
interested in this vhost?
Fixes #299 .
[1] http://mmonit.com/wiki/Monit/MonitorApacheStatus
10 years ago
fengor
39566abb6c
More secure defaults for ssh.
Ciphers, Kex and MAC can be set via defaults.var
10 years ago
Sven Neuhaus
ac59435d6e
exclude SSLv3 for all TLS
to mitigate POODLE vulnerability
10 years ago
Marius Voila
67e1bf0fc3
fail2ban support for Trusty
10 years ago
Marius Voila
e62bd7c71a
fail2ban support for Trusty
10 years ago
Anthony Perez-sanz
cdf9ed07bb
Enable UFW after setting firewall rules
On fresh installs of Debian 7.6, the current order of steps will lock you
out of SSH. This will enable UFW after creating rules for http, https, ssh,
and DNS. Fix comes from @Debugreality in issue #303 :
https://github.com/al3x/sovereign/issues/303
10 years ago