sovereign

Author	SHA1	Message	Date
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	10 years ago
Justin Plock	921ae6957e	Optional 2FA support for OpenVPN (requires uncommenting on the server and pushing new client configs)	10 years ago
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	10 years ago
Justin Plock	408d83341f	Add a 2FA plugin for Roundcube (fixes #201)	10 years ago
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	10 years ago
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	10 years ago
Justin Plock	22a8717f6d	Automatically generate the Google authenticator file for the default user	10 years ago
Justin Plock	84c9febec7	Added Google Authenticator 2FA logins	10 years ago
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 years ago
Norman S.	b1092e800b	changed from 52 to 5 versions.	10 years ago
Larry Fox	092cb287e0	add gitolite and some cgit settings	10 years ago
Larry Fox	158503b6ca	add cgit	10 years ago
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 years ago
Norman S.	d8153552b8	add logrotate task	10 years ago
Norman S.	a6889500b6	add logrotate task	10 years ago
Justin Plock	8928993772	The group and mode of debian-db.php need to be readable by apache	10 years ago
Justin Plock	00b263608e	Properly generate a PHP /etc/roundcube/debian-db.php file	10 years ago
Justin Plock	c3b1362e78	Ignore carddav database errors	10 years ago
Justin Plock	1bd900bfae	Properly set the roundcube database password	10 years ago
Justin Plock	057a8c8872	Properly reconfigure the roundcube database and import the carddav tables	10 years ago
Justin Plock	bd9b22f603	Import carddav database schema. I'm unable to run this against the vagrant VM as the webmail_db_password seems to be automatically generated.	10 years ago
Justin Plock	d19e9a7d73	Move tarsnap.key from /root to /decrypted and don't overwrite it if one already exists (fixes #15)	10 years ago
Justin Plock	d3499da52e	Safer symlink creation and downloaded file removal	10 years ago
Justin Plock	876b81a1a7	Install the carddav plugin so owncloud contacts can be used (fixes #154)	10 years ago
James Ravn	e3825cf6dd	Revert "Redirects naked domain to www" This reverts commit 703d356492.	10 years ago
Bryan Swift	9194c5fe55	Fix URL of z-push download	10 years ago
James Ravn	aa404cd642	Fixes z-push download	10 years ago
James Ravn	3f45b1bee4	Uses monit to stop/start postgres for tarsnap	10 years ago
James Ravn	146c587644	Stops postgresql for tarsnap backup Data loss will occur if backing up postgresql while it runs. A simple fix is to stop it during the backup. I've moved the backup to early morning to reduce possible downtime. A better approach would be to use pg_dump.	10 years ago
James Ravn	6ec6a6d03f	Uses global roundcube sieve configuration option The previous behaviour relied on managesieve copying over the .dovecot.sieve file into the user's directory. I found this to be particularly fragile. For instance, re-deploying roundcube without dovecot could overwrite the .dovecot.sieve symlink and break managesieve. A better approach is to use the global sieve configuration that roundcube provides and not mess with dovecot's files directly.	10 years ago
James Ravn	703d356492	Redirects naked domain to www Properly behaving websites should 301 redirect the naked domain.	10 years ago
James Ravn	46eabbedd7	Limits z-push sync to 3 months This prevents timeouts when trying to sync very large mailboxes. By default, z-push attempts to get headers for all messages in a folder.	10 years ago
Allen Riddell	9a6cbcd925	Quote password substitution (may contain spaces)	10 years ago
Allen Riddell	d1e9e2b4ff	Quote password variables (they may contain spaces) String-valued variables containing spaces can be substituted into an ansible tasks file but they will not be interpreted correctly.	10 years ago
Ben Morse	869e73fa4d	quote password environment variable in case it contains shell metacharacters	10 years ago
Benjamin Reitzammer	d957760697	Making main user's shell configurable	10 years ago
Cameron Rudnick	0493e9b57e	Allow # in mail_db_password I had a # in my mail_db_password and spent the last 2 hours trying to figure out why I couldn't connect by IMAP. A # is only allowed if the connect string is wrapped in quotes.	10 years ago
Justin Plock	6e669fb2df	Following the instructions of using a Debian 7 image, PostgreSQL 9.1 is installed in /var/lib/postgresql not /opt/postgresql	10 years ago
Justin Plock	3b0308d69e	Allow both TCP and UDP port 53 for DNS lookups through OpenVPN	10 years ago
Justin Plock	f16d7f33d7	If we want to use SSL, I wasn’t able to connect to port 6667 so I had to change this to 6697 which is the SSL only port	11 years ago
cji	015617c18c	Fixes issue #8 Fixes issue #8. Adds new variable mail_header_privacy, on by default. Installs postfix-pcre unconditionally, and then copies the pcre file over and adds the header check to main.cf based on the variable value. “this header replacement works great, but it logs that the replacement has been done, which means that you are storing this information, unless you are anonymizing your logs”	11 years ago
Justin Plock	8b2d31e985	PostgreSQL 9.1 installs its pid into a different folder than 9.2	11 years ago
Joost Baaij	ae2e74bb79	make NTP pool configurable use the world-wide pool by default, but specify north-america in user.yml. Also, documentation. This way Sovereign will still behave the same, but the NTP servers can be changed when desired.	11 years ago
Joost Baaij	4837d2e87a	extract NTP logic	11 years ago
Joost Baaij	715399a2f1	added pop3s and imaps ports to fail2ban. Otherwise only pop and imap (un-secured) are blocked. Which we don't use.	11 years ago
Joost Baaij	2033c37982	Enabled unattended-upgrades This works on Debian/Ubuntu only. There are similar packages for other distributions, but they still need manual configuration. It seemed better to go for the common denominator. unattended-upgrades is usually installed by default anyway, so we are just reinforcing best practices.	11 years ago
Joost Baaij	335cef5c9f	Enabled POP3S for old-timeys who dig that added dovecot-pop3d allowed in the firewall monitored with monit added relevant tests	11 years ago
Justin Plock	75ce61f993	Changed port to reflect MySQL -> Postgres change Updated the default port to reflect MySQL to Postgres change (port 3306 to 5432)	11 years ago
Joshua Lund	4ed07a1e0a	* Made the OpenVPN port and protocol (tcp/udp) configurable * Added 'cipher' and 'auth' lines to the generated client configs	11 years ago
Shawn Sorichetti	1dc0a81479	Convert all varchars to text PostgreSQL works similarly with varchar and text columns. Rather than limiting the amount of characters a column can hold simply use text columns. Because this sql is now PostgreSQL specific, there's no need to maintain what was set in the mysql settings.	11 years ago

First Previous ... 2 3 4 5 6 Next Last

258 Commits (ca1d595b07799403578f41a997cebe3bd01f535b)