Alex Payne
b674035d21
formatting
9 anos atrás
Alex Payne
6906412f63
Remove wheezy-specific ufw task.
9 anos atrás
Alex Payne
6d1eebb9d2
Use Ansible task names, not comments.
9 anos atrás
Alex Payne
c9b32cd2e2
Same Google auth install should work for both Jessie and Trusty.
Move Apache task to their own file.
9 anos atrás
Alex Payne
006f8e9b82
Just plain Ruby
9 anos atrás
Florian Anderiasch
076b6d2452
Fix typo in tarsnap.yml
9 anos atrás
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
9 anos atrás
Alex Payne
417403f534
Use {{ mail_server_hostname }} over mail.servername
Resolves #402 .
9 anos atrás
Alex Payne
7bb62ca678
Explicitly require MySQL server as part of OpenDMARC isntall.
Resolves #410 .
9 anos atrás
Miloš Hadžić
d823ed0848
Use lmtp instead of lda for delivery.
9 anos atrás
Pavel Karoukin
a86e43d5b4
Couple issues with OpenDMARC on Debian 7:
* fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
not found.
* python-mysqldb package is required. Add it to opendmarc task.
9 anos atrás
Laurent Arnoud
21e0110684
Ignore copy tasks
9 anos atrás
Laurent Arnoud
ad22aed4cc
rm used in place of argument state=absent to file module
9 anos atrás
Laurent Arnoud
343db8edea
Git checkouts must contain explicit version
9 anos atrás
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
9 anos atrás
Laurent Arnoud
0730284671
curl used in place of get_url module
9 anos atrás
Laurent Arnoud
311fae7e11
Trailing whitespace
9 anos atrás
Laurent Arnoud
3b8f15b745
Added whois for fail2ban report
Report will print: "missing whois program"
9 anos atrás
Will McCutchen
1be1afe1ff
Disable SSL stapling on wheezy
9 anos atrás
Will McCutchen
16b66cc849
Define apache SSL config in one place
9 anos atrás
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
9 anos atrás
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
9 anos atrás
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
9 anos atrás
John Rogerson
f72e1d2350
Update dovecot version from wheezy backports
For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372 ), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.
9 anos atrás
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 anos atrás
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
9 anos atrás
Sven Neuhaus
edf65c530a
Install lua-sec-prosody package on Debian Wheezy and Ubuntu Precise
This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285 .
9 anos atrás
Sven Neuhaus
570bebac70
wheezy: need librrd2-dev from backports to be compatible with dovecot
9 anos atrás
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
9 anos atrás
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
9 anos atrás
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 anos atrás
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 anos atrás
Alex Payne
5222776e34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 anos atrás
Alex Payne
c3afbc3b46
install Dovecot from wheezy-backports on wheezy. resolves #372
9 anos atrás
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 anos atrás
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 anos atrás
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 anos atrás
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 anos atrás
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 anos atrás
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 anos atrás
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 anos atrás
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 anos atrás
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 anos atrás
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 anos atrás
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 anos atrás
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 anos atrás
Justin Plock
941baf72d6
Integration between selfoss and wallabag (fixes #349
9 anos atrás
Marius Voila
b13ab39f11
cleaning security.yml
9 anos atrás
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
9 anos atrás
Marius Voila
ec69fef60c
removed old template
9 anos atrás