sovereign

Author	SHA1	Message	Date
Dosenpfand	f2c14dd911	Remove unneeded/deprecated apache configuration	9 years ago
Tomas Bedrich	899f527ca3	Updated LE renewal hook system	9 years ago
Tomas Bedrich	9786230808	Changed LE-renew cron frequency	9 years ago
Mike Ashley	3d68705341	Add leading 0 to octal file permissions This is done to suppress warnings from ansible-lint.	9 years ago
Carl Meyer	a343509129	No need for letsencrypt.yml to ensure Apache is running.	9 years ago
Carl Meyer	a5f3ec17c1	Workaround bug with enabling SysV scripts on Jessie.	9 years ago
Carl Meyer	c3c2cbf096	Don't bounce Apache unless we actually need to.	9 years ago
Carl Meyer	cc4b3d6fef	Don't request a new LE cert if we have one already.	9 years ago
Carl Meyer	3009c9d2d3	Fix changed-reporting for LE deps installation.	9 years ago
Carl Meyer	e8796ecd28	Idempotent and independent post-certificate-renewal tasks.	9 years ago
Allen Riddell	a77f9b95ad	Replace deprecated sudo_user with become_user The ``sudo`` and ``sudo_user`` directives are replaced with ``become`` and ``become_user`` in Ansible 1.9.	9 years ago
Mike Ashley	3d4987c4e2	Use a more descriptive name for cert generation script	9 years ago
Mike Ashley	a38f4e08d3	Force download of letsencrypt release The installer automatically updates itself, which registers as a change in the git repo. To maintain idempotency of the task list, the repo download must be forced.	9 years ago
Mike Ashley	5385badd49	Correct bug in SSL cert setup for test environment	9 years ago
Mike Ashley	bc5bfa4b21	Determine registered subdomains at deploy-time for LE	9 years ago
Mike Ashley	86048ee397	Update prosody to use LE certs directly Don't copy the LE certificates. Instead use the ssl-cert group to manage access to the LE certificates directly. See https://github.com/letsencrypt/letsencrypt/issues/1425 for a request to have the LE client do this itself.	9 years ago
Mike Ashley	1746afcc3a	Arrange automated tests to not use Let's Encrypt	9 years ago
Mike Ashley	8e1d473027	Use Let's Encrypt for generating site certificates This method uses Subjective Alternative Names (SANs) to get one certificate for all the subdomains that Sovereign employs, whether or not the user configured their site with the roles.	9 years ago
Mike Ashley	7f46129a4c	Remove use of wildcard certificate	9 years ago
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	9 years ago
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	9 years ago
Sebastian Kriems	fe536873b7	ufw tasks shall have the ufw tag resolves #453 Conflicts: roles/common/tasks/ufw.yml	9 years ago
Dan Milon	829c8491c7	restart apache on SSL changes	9 years ago
Dan Milon	a5c6f663ce	properly install changed SSL certificate	9 years ago
Sven Neuhaus	d59c5eff05	Generate 2048 DH group and add it to Postfix	9 years ago
Dan Milon	2fb7cfa7c9	Add SSL stapling cache for apache Fixes #406	9 years ago
Laurent Arnoud	1419c4e26e	Use common_timezone and fix idempotence Thanks-to: 8e693b3db3 Conflicts: roles/common/tasks/main.yml	9 years ago
Alex Payne	0579cf1ba9	Use same Apache server name configuration across distros	10 years ago
Alex Payne	474c1d5f92	No longer need `fuse` group in Jessie.	10 years ago
Alex Payne	6906412f63	Remove wheezy-specific ufw task.	10 years ago
Alex Payne	6d1eebb9d2	Use Ansible task names, not comments.	10 years ago
Alex Payne	c9b32cd2e2	Same Google auth install should work for both Jessie and Trusty. Move Apache task to their own file.	10 years ago
Alex Payne	006f8e9b82	Just plain Ruby	10 years ago
Laurent Arnoud	a09e2e71c1	tar used in place of unarchive module	10 years ago
Laurent Arnoud	311fae7e11	Trailing whitespace	10 years ago
Laurent Arnoud	3b8f15b745	Added whois for fail2ban report Report will print: "missing whois program"	10 years ago
Will McCutchen	16b66cc849	Define apache SSL config in one place	10 years ago
Manfred Touron	16c93ea486	Using more verbose 'dependencies' tag (#393)	10 years ago
Manfred Touron	b49f3a6586	Tagged 'deps' aptitude tasks	10 years ago
Laurent Arnoud	353e69d299	Remove duplication with items unattended upgrades	10 years ago
Laurent Arnoud	89d47731ff	Add molly-guard and unattended-upgrades as common pkgs	10 years ago
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	10 years ago
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	10 years ago
Sven Neuhaus	ae58053653	Create /decrypted directory even if encfs is not used. Helps with issue #120.	10 years ago
Sven Neuhaus	d5217ea1cd	Create main user without "fuse" group, instead add it later as part of the "encfs" tag. This allows the user to make encfs optional. Helps with issue #120.	10 years ago
Marius Voila	b13ab39f11	cleaning security.yml	10 years ago
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	10 years ago
fengor	2fd1e1b722	readded google authenticator lines	10 years ago
fengor	224e8cb339	Setting timezone to UTC	10 years ago
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	10 years ago

First Previous 1 2 3 Next Last

111 Commits (7b71f9a8f009151d366f44eb37e3e4e8cf8f43f5)