sovereign

提交图

作者	SHA1	备注	提交日期
Mike Ashley	86048ee397	Update prosody to use LE certs directly Don't copy the LE certificates. Instead use the ssl-cert group to manage access to the LE certificates directly. See https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to have the LE client do this itself.	9 年前
Mike Ashley	1746afcc3a	Arrange automated tests to not use Let's Encrypt	9 年前
Mike Ashley	8e1d473027	Use Let's Encrypt for generating site certificates This method uses Subjective Alternative Names (SANs) to get one certificate for all the subdomains that Sovereign employs, whether or not the user configured their site with the roles.	9 年前
Mike Ashley	7f46129a4c	Remove use of wildcard certificate	9 年前
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	9 年前
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	9 年前
Sebastian Kriems	fe536873b7	ufw tasks shall have the ufw tag resolves #453 Conflicts: roles/common/tasks/ufw.yml	9 年前
Dan Milon	829c8491c7	restart apache on SSL changes	9 年前
Dan Milon	a5c6f663ce	properly install changed SSL certificate	9 年前
Sven Neuhaus	d59c5eff05	Generate 2048 DH group and add it to Postfix	9 年前
Dan Milon	2fb7cfa7c9	Add SSL stapling cache for apache Fixes #406	9 年前
Laurent Arnoud	1419c4e26e	Use common_timezone and fix idempotence Thanks-to: 8e693b3db3 Conflicts: roles/common/tasks/main.yml	9 年前
Alex Payne	0579cf1ba9	Use same Apache server name configuration across distros	10 年前
Alex Payne	474c1d5f92	No longer need `fuse` group in Jessie.	10 年前
Alex Payne	6906412f63	Remove wheezy-specific ufw task.	10 年前
Alex Payne	6d1eebb9d2	Use Ansible task names, not comments.	10 年前
Alex Payne	c9b32cd2e2	Same Google auth install should work for both Jessie and Trusty. Move Apache task to their own file.	10 年前
Alex Payne	006f8e9b82	Just plain Ruby	10 年前
Laurent Arnoud	a09e2e71c1	tar used in place of unarchive module	10 年前
Laurent Arnoud	311fae7e11	Trailing whitespace	10 年前
Laurent Arnoud	3b8f15b745	Added whois for fail2ban report Report will print: "missing whois program"	10 年前
Will McCutchen	16b66cc849	Define apache SSL config in one place	10 年前
Manfred Touron	16c93ea486	Using more verbose 'dependencies' tag (#393)	10 年前
Manfred Touron	b49f3a6586	Tagged 'deps' aptitude tasks	10 年前
Laurent Arnoud	353e69d299	Remove duplication with items unattended upgrades	10 年前
Laurent Arnoud	89d47731ff	Add molly-guard and unattended-upgrades as common pkgs	10 年前
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	10 年前
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	10 年前
Sven Neuhaus	ae58053653	Create /decrypted directory even if encfs is not used. Helps with issue #120.	10 年前
Sven Neuhaus	d5217ea1cd	Create main user without "fuse" group, instead add it later as part of the "encfs" tag. This allows the user to make encfs optional. Helps with issue #120.	10 年前
Marius Voila	b13ab39f11	cleaning security.yml	10 年前
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	10 年前
fengor	2fd1e1b722	readded google authenticator lines	10 年前
fengor	224e8cb339	Setting timezone to UTC	10 年前
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	10 年前
Marius Voila	e62bd7c71a	fail2ban support for Trusty	10 年前
Anthony Perez-sanz	cdf9ed07bb	Enable UFW after setting firewall rules On fresh installs of Debian 7.6, the current order of steps will lock you out of SSH. This will enable UFW after creating rules for http, https, ssh, and DNS. Fix comes from @Debugreality in issue #303: https://github.com/al3x/sovereign/issues/303	10 年前
Lorenzo Villani	5d1090d488	Make sure fail2ban is started	11 年前
Lorenzo Villani	d5ecf673d3	Calm OCD by sorting almost every with_items block in alphabetical order	11 年前
Lorenzo Villani	e7703d0d9c	Add support for Apache 2.4 on Ubuntu 14.04	11 年前
Lorenzo Villani	e2e61a2f76	Install 'fuse' instead of 'fuse-utils' The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a transitional package on both Debian 7 and Ubuntu 12.04 that installs the 'fuse' package. Since Debian 7 is the officially supported distribution we can safely switch to install 'fuse' instead of 'fuse-utils' and we also gain compatibility with Ubuntu 14.04.	11 年前
Sven Neuhaus	63ba754eb7	libpam-google-authenticator uses distribution package on Ubuntu 14.04	11 年前
Gelnior	7995bac36c	put back enc.fs (removed by mistake)	11 年前
Gelnior	bd57edd5a5	newebe config: fix Newebe config file task	11 年前
Justin Plock	1d7986fd96	Enable UFW and deny everything by default Removed unused status checks on UFW	11 年前
Justin Plock	ea0b288818	Moved ufw firewall rules into individual roles	11 年前
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	11 年前
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	11 年前
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	11 年前
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	11 年前

111 次代码提交 (5190ea1c5bcab7fc9802366d4aba0ed2d9cca0eb)