Alex Payne
b674035d21
formatting
9 роки тому
Alex Payne
6906412f63
Remove wheezy-specific ufw task.
9 роки тому
Alex Payne
6d1eebb9d2
Use Ansible task names, not comments.
9 роки тому
Alex Payne
c9b32cd2e2
Same Google auth install should work for both Jessie and Trusty.
Move Apache task to their own file.
9 роки тому
Alex Payne
006f8e9b82
Just plain Ruby
9 роки тому
Florian Anderiasch
076b6d2452
Fix typo in tarsnap.yml
9 роки тому
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
9 роки тому
Alex Payne
417403f534
Use {{ mail_server_hostname }} over mail.servername
Resolves #402 .
9 роки тому
Alex Payne
7bb62ca678
Explicitly require MySQL server as part of OpenDMARC isntall.
Resolves #410 .
9 роки тому
Miloš Hadžić
d823ed0848
Use lmtp instead of lda for delivery.
9 роки тому
Pavel Karoukin
a86e43d5b4
Couple issues with OpenDMARC on Debian 7:
* fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
not found.
* python-mysqldb package is required. Add it to opendmarc task.
9 роки тому
Laurent Arnoud
21e0110684
Ignore copy tasks
9 роки тому
Laurent Arnoud
ad22aed4cc
rm used in place of argument state=absent to file module
9 роки тому
Laurent Arnoud
343db8edea
Git checkouts must contain explicit version
9 роки тому
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
9 роки тому
Laurent Arnoud
0730284671
curl used in place of get_url module
9 роки тому
Laurent Arnoud
311fae7e11
Trailing whitespace
9 роки тому
Laurent Arnoud
3b8f15b745
Added whois for fail2ban report
Report will print: "missing whois program"
9 роки тому
Will McCutchen
1be1afe1ff
Disable SSL stapling on wheezy
9 роки тому
Will McCutchen
16b66cc849
Define apache SSL config in one place
9 роки тому
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
9 роки тому
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
9 роки тому
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
9 роки тому
John Rogerson
f72e1d2350
Update dovecot version from wheezy backports
For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372 ), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.
9 роки тому
Sven Neuhaus
a088d9c456
Use "modern" SSLCipherSuite per Mozilla recommendations.
See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
Removes RC4 cipher. Fixes issue #341 .
Also explicitly disabled SSLCompression and enables OCSP stapling.
We should put all these settings in
/etc/apache2/mods-enabled/ssl.conf
to avoid duplication...
9 роки тому
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
9 роки тому
Sven Neuhaus
edf65c530a
Install lua-sec-prosody package on Debian Wheezy and Ubuntu Precise
This is the updated version from the prosody repository because
these distributions have an old version of the lua-sec package
that lacks PFS and other features. Second commit for issue #285 .
9 роки тому
Sven Neuhaus
570bebac70
wheezy: need librrd2-dev from backports to be compatible with dovecot
9 роки тому
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
9 роки тому
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
9 роки тому
Laurent Arnoud
353e69d299
Remove duplication with items unattended upgrades
9 роки тому
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 роки тому
Alex Payne
5222776e34
install Dovecot from wheezy-backports on wheezy, specifying default_release
9 роки тому
Alex Payne
c3afbc3b46
install Dovecot from wheezy-backports on wheezy. resolves #372
9 роки тому
Laurent Arnoud
89d47731ff
Add molly-guard and unattended-upgrades as common pkgs
9 роки тому
Yannik
7c5d1c2261
remove duplicate options which are already specified in main.cf
9 роки тому
Sven Neuhaus
37aa7e2cb5
Dovecot: Fix for logjam attack
9 роки тому
Bob Van Landuyt
211b95189e
Add a tag for newebe, so it can be installed separately
Added a tag for newebe in a similar style to the other roles.
9 роки тому
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
9 роки тому
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
9 роки тому
Alex Payne
b11fb68559
Automatically set up passwordless sudo for deploy user.
Closes #343 .
9 роки тому
Aleksandr Bogdanov
a849948e8d
Choosing the closest ubuntu mirror before anything else
10 роки тому
Aleksandr Bogdanov
461be2b260
fixing a dependency on mailserver, as psycopg and postgres are only installed there
10 роки тому
Aleksandr Bogdanov
2b9c722ed9
Enabling php5-mcrypt for roundcube, as it is not by default
10 роки тому
Sven Neuhaus
ae58053653
Create /decrypted directory even if encfs is not used.
Helps with issue #120 .
9 роки тому
Sven Neuhaus
d5217ea1cd
Create main user without "fuse" group, instead add it later as part
of the "encfs" tag. This allows the user to make encfs optional.
Helps with issue #120 .
9 роки тому
Justin Plock
941baf72d6
Integration between selfoss and wallabag (fixes #349
9 роки тому
Marius Voila
b13ab39f11
cleaning security.yml
9 роки тому
fengor
7ed46f590c
renamed templates to be consistent with coding standard.
removed comment line in ssh_config
9 роки тому
Marius Voila
ec69fef60c
removed old template
9 роки тому