Sven Neuhaus
41c9779eb9
Explicitly use SHA256 for openssl (not SHA1)
9 years ago
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 years ago
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
9 years ago
Sven Neuhaus
edf65c530a
Install lua-sec-prosody package on Debian Wheezy and Ubuntu Precise
This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285 .
9 years ago
Sven Neuhaus
e542de0a5c
Update Debian base box to Debian 7.8
9 years ago
Sven Neuhaus
570bebac70
wheezy: need librrd2-dev from backports to be compatible with dovecot
9 years ago
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
9 years ago
Sven Neuhaus
20d3014f00
Merge pull request #386 from spk/remove-duplicate-unattended-upgrades
Installation of package unattended-upgrades was listed twice.
9 years ago
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
9 years ago
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 years ago
Sven Neuhaus
b0c8ab978a
Update CONTRIBUTING.md
added details about the license and the supported distributions.
9 years ago
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 years ago
Alex Payne
5222776e34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 years ago
Alex Payne
c3afbc3b46
install Dovecot from wheezy-backports on wheezy. resolves #372
9 years ago
Luke Cyca
64c8b20559
Merge pull request #381 from neuhaus/patch-2
fix link to build status
9 years ago
Sven Neuhaus
20b0d0394e
show build status for jessie branch while we're on it
9 years ago
Sven Neuhaus
035e19e0f6
fix link to build status
9 years ago
Alex Payne
a6afd2395d
Updated README. Adding AUTHORS, CONTRIBUTING, and LICENSE documents.
Reflects the move to the `sovereign` GitHub organization.
9 years ago
Alex Payne
d64b71e383
Add nose to requirements.txt
9 years ago
Alex Payne
151e0e55b6
Vagrant boxes for Jessie, latest Trusty. Formatting.
9 years ago
Alex Payne
cd8bee604a
Formatting
9 years ago
Alex Payne
a6a06639ac
Latest Ansible in requirements.txt
9 years ago
Alex Payne
8450e059e1
Merge pull request #377 from Yannik/patch-1
remove duplicate options which are already specified in main.cf
9 years ago
Alex Payne
0ccfb6dfb0
Merge pull request #376 from spk/common-packages-safety
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 years ago
Alex Payne
5f192bd5bb
Merge pull request #372 from neuhaus/patch-1
Dovecot: Fix for logjam attack
9 years ago
Alex Payne
27cc1a5ff0
Merge pull request #371 from Reprazent/bvl-newebe-tag
Add a tag for newebe, so it can be installed separately
9 years ago
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 years ago
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 years ago
Alex Payne
ae1e6c64f0
Merge pull request #366 from poops/master
adds deploy user to sudoers
9 years ago
brandon paolin
b96b9e6c80
adds deploy user to sudoers
9 years ago
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 years ago
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 years ago
Alex Payne
3eff916b3e
Further document what to do on reboot.
Addresses #361 .
9 years ago
Alex Payne
3ff928c762
Merge pull request #339 from fengor/master
More secure defaults for ssh.
9 years ago
Alex Payne
34e94aa4c2
Merge branch 'master' of github.com:al3x/sovereign
# Conflicts:
# roles/common/tasks/users.yml
9 years ago
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 years ago
Alex Payne
07ead66dda
Merge pull request #354 from jplock/jp-selfoss-wallabag
Integration between selfoss and wallabag (fixes #349 )
9 years ago
Alex Payne
95563f20b3
Merge pull request #356 from neuhaus/encfs_optional
Create main user without "fuse" group, instead add it later
9 years ago
Alex Payne
d1e4340a78
Merge pull request #357 from synchrone/roundcube-mcrypt-fix
Enabling php5-mcrypt for roundcube, as it is not by default
9 years ago
Alex Payne
6265916caa
Merge pull request #358 from synchrone/owncloud-dependencies-fix
fixing a dependency on mailserver, as psycopg and postgres are only installed there
9 years ago
Alex Payne
8023f26d81
Merge pull request #359 from synchrone/apt-closest-mirror
Choosing the closest ubuntu mirror before anything else
9 years ago
Alex Payne
c64f0d9572
Convert README from Textile to Markdown
9 years ago
Alex Payne
250c61d825
Textile syntax, not Markdown.
9 years ago
Alex Payne
090d9705cb
Add note in README about reboots. Addresses #361 .
9 years ago
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 years ago
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 years ago
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 years ago
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 years ago