Sven Neuhaus
41c9779eb9
Explicitly use SHA256 for openssl (not SHA1)
9 years ago
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 years ago
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
9 years ago
Sven Neuhaus
edf65c530a
Install lua-sec-prosody package on Debian Wheezy and Ubuntu Precise
This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285 .
9 years ago
Sven Neuhaus
e542de0a5c
Update Debian base box to Debian 7.8
9 years ago
Sven Neuhaus
570bebac70
wheezy: need librrd2-dev from backports to be compatible with dovecot
9 years ago
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
9 years ago
Sven Neuhaus
20d3014f00
Merge pull request #386 from spk/remove-duplicate-unattended-upgrades
Installation of package unattended-upgrades was listed twice.
9 years ago
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
9 years ago
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 years ago
Sven Neuhaus
b0c8ab978a
Update CONTRIBUTING.md
added details about the license and the supported distributions.
9 years ago
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 years ago
Alex Payne
a6afd2395d
Updated README. Adding AUTHORS, CONTRIBUTING, and LICENSE documents.
Reflects the move to the `sovereign` GitHub organization.
9 years ago
Alex Payne
8450e059e1
Merge pull request #377 from Yannik/patch-1
remove duplicate options which are already specified in main.cf
9 years ago
Alex Payne
0ccfb6dfb0
Merge pull request #376 from spk/common-packages-safety
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 years ago
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 years ago
Alex Payne
5f192bd5bb
Merge pull request #372 from neuhaus/patch-1
Dovecot: Fix for logjam attack
9 years ago
Alex Payne
27cc1a5ff0
Merge pull request #371 from Reprazent/bvl-newebe-tag
Add a tag for newebe, so it can be installed separately
9 years ago
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 years ago
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 years ago
Alex Payne
ae1e6c64f0
Merge pull request #366 from poops/master
adds deploy user to sudoers
9 years ago
brandon paolin
b96b9e6c80
adds deploy user to sudoers
9 years ago
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 years ago
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 years ago
Alex Payne
3eff916b3e
Further document what to do on reboot.
Addresses #361 .
9 years ago
Alex Payne
3ff928c762
Merge pull request #339 from fengor/master
More secure defaults for ssh.
9 years ago
Alex Payne
34e94aa4c2
Merge branch 'master' of github.com:al3x/sovereign
# Conflicts:
# roles/common/tasks/users.yml
9 years ago
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 years ago
Alex Payne
07ead66dda
Merge pull request #354 from jplock/jp-selfoss-wallabag
Integration between selfoss and wallabag (fixes #349 )
9 years ago
Alex Payne
95563f20b3
Merge pull request #356 from neuhaus/encfs_optional
Create main user without "fuse" group, instead add it later
9 years ago
Alex Payne
d1e4340a78
Merge pull request #357 from synchrone/roundcube-mcrypt-fix
Enabling php5-mcrypt for roundcube, as it is not by default
9 years ago
Alex Payne
6265916caa
Merge pull request #358 from synchrone/owncloud-dependencies-fix
fixing a dependency on mailserver, as psycopg and postgres are only installed there
9 years ago
Alex Payne
8023f26d81
Merge pull request #359 from synchrone/apt-closest-mirror
Choosing the closest ubuntu mirror before anything else
9 years ago
Alex Payne
c64f0d9572
Convert README from Textile to Markdown
9 years ago
Alex Payne
250c61d825
Textile syntax, not Markdown.
9 years ago
Alex Payne
090d9705cb
Add note in README about reboots. Addresses #361 .
9 years ago
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 years ago
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 years ago
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 years ago
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 years ago
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 years ago
Justin Plock
941baf72d6
Integration between selfoss and wallabag (fixes #349
9 years ago
Luke Cyca
e995b2f7c2
Merge pull request #342 from mariusv/master
cleaning security.yml
9 years ago
Marius Voila
b13ab39f11
cleaning security.yml
10 years ago
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
10 years ago
Alex Payne
e26940569d
Merge pull request #336 from mariusv/master
fail2ban support for Trusty
10 years ago
Marius Voila
ec69fef60c
removed old template
10 years ago
Marius Voila
2ae2c3683c
removed template and implemented logic
10 years ago
Alex Payne
87e2497fbc
Merge pull request #332 from apsanz/master
Enable UFW only after setting firewall rules
10 years ago