fengor
b368984641
Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
see: http://undeadly.org/cgi?action=article&sid= 2016011414
9 years ago
Sebastian Kriems
968abba197
ufw tasks shall have the ufw tag
resolves #453
9 years ago
Justin Plock
ab00ee6376
Ensure the config.ini is readable by www-data
9 years ago
Alex Payne
27e9340402
Pin Selfoss version to an actual release
9 years ago
Sven Neuhaus
20bd80c599
Generate 2048 DH group and add it to Postfix
9 years ago
Filipp Frizzy
309bdc7f60
update openvpn server config
Change default network buffer size
Should increase tcp tunnel speed for openvpn < 2.3.9
https://community.openvpn.net/openvpn/ticket/461
9 years ago
Dan Milon
af80bc817d
Configure logrotate permissions for selfoss
9 years ago
Allen Riddell
22cd611e90
Remove reference to Google's DNS servers
Per discussion on #429 (after the merge). This project is about encouraging users to run services themselves and not rely on for-profit corporations such as Google.
9 years ago
Dan Milon
34f3a483aa
Add SSL stapling cache for apache
Fixes #406
9 years ago
Dan Milon
a419d9403b
restart apache on SSL changes
9 years ago
Dan Milon
e063abaa51
properly install changed SSL certificate
9 years ago
Allen Riddell
6cc6756ce1
Comment copyediting
9 years ago
Filipp Frizzy
39d8983452
up comments in openvpn config template
add additional comment about `tun-mtu` parameter in openvpn config template
9 years ago
Filipp Frizzy
68b4bf7954
comment out google dns in openvpn config template
9 years ago
Filipp Frizzy
3cca3c61d4
add new settings into openvpn config template
- google dns setting for client
- verb level
- mtu
- TLS settings
9 years ago
Laurent Arnoud
dfb1b764d7
Use common_timezone and fix idempotence
Thanks-to: 8e693b3db3
9 years ago
Reh Wanne
71fffc20f7
change auth to interna_hashed
because why the fuck not?
9 years ago
Florian Anderiasch
076b6d2452
Fix typo in tarsnap.yml
9 years ago
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
9 years ago
Alex Payne
417403f534
Use {{ mail_server_hostname }} over mail.servername
Resolves #402 .
9 years ago
Alex Payne
7bb62ca678
Explicitly require MySQL server as part of OpenDMARC isntall.
Resolves #410 .
9 years ago
Miloš Hadžić
d823ed0848
Use lmtp instead of lda for delivery.
9 years ago
Pavel Karoukin
a86e43d5b4
Couple issues with OpenDMARC on Debian 7:
* fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
not found.
* python-mysqldb package is required. Add it to opendmarc task.
9 years ago
Laurent Arnoud
21e0110684
Ignore copy tasks
9 years ago
Laurent Arnoud
ad22aed4cc
rm used in place of argument state=absent to file module
9 years ago
Laurent Arnoud
343db8edea
Git checkouts must contain explicit version
9 years ago
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
9 years ago
Laurent Arnoud
0730284671
curl used in place of get_url module
9 years ago
Laurent Arnoud
311fae7e11
Trailing whitespace
9 years ago
Laurent Arnoud
3b8f15b745
Added whois for fail2ban report
Report will print: "missing whois program"
9 years ago
Will McCutchen
1be1afe1ff
Disable SSL stapling on wheezy
9 years ago
Will McCutchen
16b66cc849
Define apache SSL config in one place
9 years ago
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
9 years ago
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
9 years ago
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
9 years ago
John Rogerson
f72e1d2350
Update dovecot version from wheezy backports
For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372 ), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.
9 years ago
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 years ago
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
9 years ago
Sven Neuhaus
edf65c530a
Install lua-sec-prosody package on Debian Wheezy and Ubuntu Precise
This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285 .
9 years ago
Sven Neuhaus
570bebac70
wheezy: need librrd2-dev from backports to be compatible with dovecot
9 years ago
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
9 years ago
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
9 years ago
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 years ago
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 years ago
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 years ago
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 years ago
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 years ago
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 years ago
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 years ago