Benjamin Reitzammer
d957760697
Making main user's shell configurable
10 年前
Justin Plock
3b0308d69e
Allow both TCP and UDP port 53 for DNS lookups through OpenVPN
11 年前
Joost Baaij
ae2e74bb79
make NTP pool configurable
use the world-wide pool by default, but specify north-america in
user.yml. Also, documentation. This way Sovereign will still behave the
same, but the NTP servers can be changed when desired.
11 年前
Joost Baaij
4837d2e87a
extract NTP logic
11 年前
Joost Baaij
715399a2f1
added pop3s and imaps ports to fail2ban.
Otherwise only pop and imap (un-secured) are blocked.
Which we don't use.
11 年前
Joost Baaij
2033c37982
Enabled unattended-upgrades
This works on Debian/Ubuntu only.
There are similar packages for other distributions, but they still
need manual configuration. It seemed better to go for the common
denominator. unattended-upgrades is usually installed by default
anyway, so we are just reinforcing best practices.
11 年前
Joost Baaij
335cef5c9f
Enabled POP3S for old-timeys who dig that
added dovecot-pop3d
allowed in the firewall
monitored with monit
added relevant tests
11 年前
Joshua Lund
4ed07a1e0a
* Made the OpenVPN port and protocol (tcp/udp) configurable
* Added 'cipher' and 'auth' lines to the generated client configs
11 年前
Mark Paschal
10aff54015
Only ban in response to fail2ban results
Don't mail them individually to the destemail. The destemail setting is thus no
longer used, but let's set it anyway to be clear where it will mail if you
change the action back.
11 年前
Luke Cyca
4bc4cebf41
Explicit permissions for all cert files
11 年前
Luke Cyca
76d52b63f3
XMPP cert handling improvements, ufw rules, and tests
11 年前
Alex Payne
f7f7157cec
more updated variable formatting and accommodation of the YAML parser being a fussbudget
11 年前
Alex Payne
34d7595c0b
ensure we can install from third-party repos across playbooks
11 年前
Alex Payne
d28f0f82b9
move to non-deprecated template variable formatting
11 年前
Luke Cyca
e46ad018ba
Improved test suite, rewritten in python
Added friendly_networks variable to denote whitelisted networks
11 年前
Luke Cyca
2f145ce543
Two small apache-related fixes
11 年前
Luke Cyca
08d6827755
New vagrant-based development environment
11 年前
Luke Cyca
b1a3b8b67d
Use discovered IPv4 address
11 年前
Luke Cyca
37a0400c22
Standardize apache’s 301 redirect to https, and enable HSTS
11 年前
Luke Cyca
bdab1cd6b1
Reworked ufw logic to not use change_when keyword
because it's not available in a stable ansible release yet
11 年前
Allen Riddell
5b8ba840a4
workaround ufw bug, call ufw enable twice
11 年前
Allen Riddell
ae0d1ca8f4
Ignore ufw error resulting from known bug on Debian 7
In order to check the version of the linux distribution we need to
set `gather_facts` to True.
Closes #73 .
11 年前
Luke Cyca
7043143f90
Improved idempotency and removed ip detection for checkrbl
11 年前
Allen Riddell
88705bb7fa
Replace ferm with ufw
11 年前
Bertrand Cachet
f43c57e132
fix(apticron): apticron emails are sent to root
Instead of sending email to {{ admin_email }} we send them to root user.
These emails will be redirected to the appropriate user via
mail_virtual_aliases variables
11 年前
Bertrand Cachet
373cb4584b
add(apticron): configure email
Apticron is configured to send email to {{ admin_email }}
11 年前
Bertrand Cachet
df802919f7
add(fail2ban): Add server IP address to ignore IP
ignoreip field inside /etc/fail2ban/jail.local is populated with
server_ip_address variable
11 年前
Alex Payne
a9cabad947
Update etc_ferm_ferm.conf
11 年前
Allen Riddell
580e3ef5c1
Don't open unused ports
Sovereign does not currently use jabber/xmpp or insecure smtp.
11 年前
Greg Karékinian
58dddc55d1
Remove variables from roles
Refs #39
11 年前
Luke Cyca
c697e135e9
Move NameVirtualHost directives to ports.conf
11 年前
Alex Payne
f27442b678
move tarsnap to its own role
11 年前
Luke Cyca
5beacea2d2
Absolute path for tarsnap
11 年前
Luke Cyca
ca8a371320
Use combined cert for postfix, dovecot, and znc
Fix CAcert usage in postfix and dovecot
11 年前
Alex Payne
65103923ec
Fix typo in firm task name
11 年前
Luke Cyca
7e2ce80a25
Update apt repo and upgrade safe packages
11 年前
Luke Cyca
cf9d8350dd
Fix ssh handler typo
11 年前
Luke Cyca
09c8fcb295
Named all tasks and made them idempotent where possible
11 年前
Luke Cyca
6168cd68d0
Automate encfs setup and name mount point more appropriately
11 年前
Luke Cyca
12d42ad38a
Configure sshd_config to disable PermitRootLogin and PasswordAuthentication
11 年前
Luke Cyca
921cebb41d
Fix invalid service state
11 年前
Luke Cyca
5920b17609
Remove usergroup because debian adds it by default as the primary group
11 年前
Luke Cyca
dfe8bd1cca
TODO for fail2ban ignoreip
Removed your hardcoded server IP
11 年前
Henrik Hodne
a844401d7c
tarsnap: Only run cron job once per day.
The old action would generate a crontab job for `* 3 * * *`, which means every minute at 3am, so 60 times per day.
11 年前
Alex Payne
080d38986c
first commit
11 年前