sovereign

Graphique des révisions

Auteur	SHA1	Message	Date
Luke Cyca	4bc4cebf41	Explicit permissions for all cert files	il y a 11 ans
Luke Cyca	76d52b63f3	XMPP cert handling improvements, ufw rules, and tests	il y a 11 ans
Alex Payne	f7f7157cec	more updated variable formatting and accommodation of the YAML parser being a fussbudget	il y a 11 ans
Alex Payne	34d7595c0b	ensure we can install from third-party repos across playbooks	il y a 11 ans
Alex Payne	d28f0f82b9	move to non-deprecated template variable formatting	il y a 11 ans
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	il y a 11 ans
Luke Cyca	2f145ce543	Two small apache-related fixes	il y a 11 ans
Luke Cyca	08d6827755	New vagrant-based development environment	il y a 11 ans
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	il y a 11 ans
Luke Cyca	37a0400c22	Standardize apache’s 301 redirect to https, and enable HSTS	il y a 11 ans
Luke Cyca	bdab1cd6b1	Reworked ufw logic to not use change_when keyword because it's not available in a stable ansible release yet	il y a 11 ans
Allen Riddell	5b8ba840a4	workaround ufw bug, call ufw enable twice	il y a 11 ans
Allen Riddell	ae0d1ca8f4	Ignore ufw error resulting from known bug on Debian 7 In order to check the version of the linux distribution we need to set `gather_facts` to True. Closes #73.	il y a 11 ans
Luke Cyca	7043143f90	Improved idempotency and removed ip detection for checkrbl	il y a 11 ans
Allen Riddell	88705bb7fa	Replace ferm with ufw	il y a 11 ans
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	il y a 11 ans
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	il y a 11 ans
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	il y a 11 ans
Alex Payne	a9cabad947	Update etc_ferm_ferm.conf	il y a 11 ans
Allen Riddell	580e3ef5c1	Don't open unused ports Sovereign does not currently use jabber/xmpp or insecure smtp.	il y a 11 ans
Greg Karékinian	58dddc55d1	Remove variables from roles Refs #39	il y a 11 ans
Luke Cyca	c697e135e9	Move NameVirtualHost directives to ports.conf	il y a 11 ans
Alex Payne	f27442b678	move tarsnap to its own role	il y a 11 ans
Luke Cyca	5beacea2d2	Absolute path for tarsnap	il y a 11 ans
Luke Cyca	ca8a371320	Use combined cert for postfix, dovecot, and znc Fix CAcert usage in postfix and dovecot	il y a 11 ans
Alex Payne	65103923ec	Fix typo in firm task name	il y a 11 ans
Luke Cyca	7e2ce80a25	Update apt repo and upgrade safe packages	il y a 11 ans
Luke Cyca	cf9d8350dd	Fix ssh handler typo	il y a 11 ans
Luke Cyca	09c8fcb295	Named all tasks and made them idempotent where possible	il y a 11 ans
Luke Cyca	6168cd68d0	Automate encfs setup and name mount point more appropriately	il y a 11 ans
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	il y a 11 ans
Luke Cyca	921cebb41d	Fix invalid service state	il y a 11 ans
Luke Cyca	5920b17609	Remove usergroup because debian adds it by default as the primary group	il y a 11 ans
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	il y a 11 ans
Henrik Hodne	a844401d7c	tarsnap: Only run cron job once per day. The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.	il y a 11 ans
Alex Payne	080d38986c	first commit	il y a 11 ans

39 Révisions (d0ce813bc3cdbd34b334c295a1c092432b7d779c)