sovereign

Author	SHA1	Message	Date
Lorenzo Villani	5d1090d488	Make sure fail2ban is started	10 years ago
Lorenzo Villani	d5ecf673d3	Calm OCD by sorting almost every with_items block in alphabetical order	10 years ago
Lorenzo Villani	e7703d0d9c	Add support for Apache 2.4 on Ubuntu 14.04	10 years ago
Lorenzo Villani	e2e61a2f76	Install 'fuse' instead of 'fuse-utils' The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a transitional package on both Debian 7 and Ubuntu 12.04 that installs the 'fuse' package. Since Debian 7 is the officially supported distribution we can safely switch to install 'fuse' instead of 'fuse-utils' and we also gain compatibility with Ubuntu 14.04.	10 years ago
Sven Neuhaus	63ba754eb7	libpam-google-authenticator uses distribution package on Ubuntu 14.04	10 years ago
Gelnior	7995bac36c	put back enc.fs (removed by mistake)	10 years ago
Gelnior	bd57edd5a5	newebe config: fix Newebe config file task	10 years ago
Justin Plock	1d7986fd96	Enable UFW and deny everything by default Removed unused status checks on UFW	10 years ago
Justin Plock	ea0b288818	Moved ufw firewall rules into individual roles	10 years ago
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	10 years ago
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	10 years ago
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	10 years ago
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	10 years ago
Justin Plock	22a8717f6d	Automatically generate the Google authenticator file for the default user	10 years ago
Justin Plock	84c9febec7	Added Google Authenticator 2FA logins	10 years ago
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 years ago
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 years ago
Benjamin Reitzammer	d957760697	Making main user's shell configurable	10 years ago
Justin Plock	3b0308d69e	Allow both TCP and UDP port 53 for DNS lookups through OpenVPN	10 years ago
Joost Baaij	4837d2e87a	extract NTP logic	10 years ago
Joost Baaij	2033c37982	Enabled unattended-upgrades This works on Debian/Ubuntu only. There are similar packages for other distributions, but they still need manual configuration. It seemed better to go for the common denominator. unattended-upgrades is usually installed by default anyway, so we are just reinforcing best practices.	10 years ago
Joost Baaij	335cef5c9f	Enabled POP3S for old-timeys who dig that added dovecot-pop3d allowed in the firewall monitored with monit added relevant tests	10 years ago
Joshua Lund	4ed07a1e0a	* Made the OpenVPN port and protocol (tcp/udp) configurable * Added 'cipher' and 'auth' lines to the generated client configs	10 years ago
Luke Cyca	4bc4cebf41	Explicit permissions for all cert files	11 years ago
Luke Cyca	76d52b63f3	XMPP cert handling improvements, ufw rules, and tests	11 years ago
Alex Payne	f7f7157cec	more updated variable formatting and accommodation of the YAML parser being a fussbudget	11 years ago
Alex Payne	34d7595c0b	ensure we can install from third-party repos across playbooks	11 years ago
Alex Payne	d28f0f82b9	move to non-deprecated template variable formatting	11 years ago
Luke Cyca	2f145ce543	Two small apache-related fixes	11 years ago
Luke Cyca	37a0400c22	Standardize apache’s 301 redirect to https, and enable HSTS	11 years ago
Luke Cyca	bdab1cd6b1	Reworked ufw logic to not use change_when keyword because it's not available in a stable ansible release yet	11 years ago
Allen Riddell	5b8ba840a4	workaround ufw bug, call ufw enable twice	11 years ago
Allen Riddell	ae0d1ca8f4	Ignore ufw error resulting from known bug on Debian 7 In order to check the version of the linux distribution we need to set `gather_facts` to True. Closes #73.	11 years ago
Luke Cyca	7043143f90	Improved idempotency and removed ip detection for checkrbl	11 years ago
Allen Riddell	88705bb7fa	Replace ferm with ufw	11 years ago
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	11 years ago
Luke Cyca	c697e135e9	Move NameVirtualHost directives to ports.conf	11 years ago
Alex Payne	f27442b678	move tarsnap to its own role	11 years ago
Luke Cyca	5beacea2d2	Absolute path for tarsnap	11 years ago
Luke Cyca	ca8a371320	Use combined cert for postfix, dovecot, and znc Fix CAcert usage in postfix and dovecot	11 years ago
Alex Payne	65103923ec	Fix typo in firm task name	11 years ago
Luke Cyca	7e2ce80a25	Update apt repo and upgrade safe packages	11 years ago
Luke Cyca	09c8fcb295	Named all tasks and made them idempotent where possible	11 years ago
Luke Cyca	6168cd68d0	Automate encfs setup and name mount point more appropriately	11 years ago
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	11 years ago
Luke Cyca	921cebb41d	Fix invalid service state	11 years ago
Luke Cyca	5920b17609	Remove usergroup because debian adds it by default as the primary group	11 years ago
Henrik Hodne	a844401d7c	tarsnap: Only run cron job once per day. The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.	11 years ago
Alex Payne	080d38986c	first commit	11 years ago

First Previous 1 2 Next Last

51 Commits (c55437d3412bedf749bf80d7748f7bc1497eeaf9)