Mike Ashley
3d68705341
Add leading 0 to octal file permissions
This is done to suppress warnings from ansible-lint.
9 years ago
Carl Meyer
619eac6534
Adjust comment for clarity.
9 years ago
Carl Meyer
d46a9c47ef
Idempotency/changed-reporting fixes for OpenDMARC tasks.
9 years ago
Carl Meyer
7e817bfae6
Encrypt Postgres passwords, and fix change-reporting.
9 years ago
Carl Meyer
e8796ecd28
Idempotent and independent post-certificate-renewal tasks.
9 years ago
Laurent Arnoud
d56f0bd7ef
Use https for rpsamd key and repository
9 years ago
Carl Meyer
1a3d01f311
Complete rmilter/rspamd setup.
9 years ago
Carl Meyer
d46fb1521b
Make OpenDMARC cron job email root only on error.
9 years ago
Mike Ashley
8f1b6a9ed8
Arrange for services to restart on cert renewal
9 years ago
Mike Ashley
beaceafbd1
Update mailserver role to use LE certificate
9 years ago
Mike Ashley
1bc60827ef
Revert opendmarc to use mysql
An earlier commit started transitioning opendmarc to use postgres, but
this was incomplete. This patch reverts that change and uses mysql for
the reporting database.
Other changes:
* Do not maintain a copy of the database import schema. A copy is
included in the distribution in /usr/share/doc, so that is used
instead.
* The configuration file is replaced with the distribution's sample
configuration. A second patch will restore the actual configuration.
This will make the changes easier to see if the default configuraton
file changes in future versions of opendmarc.
9 years ago
Mike Ashley
195d8811fc
Remove references to Trusty and Wheezy
Make a clean distinction between Debian 7 and Debian 8. Anticipate the
next Ubuntu LTS release (Xenial) that is planned for support.
9 years ago
Mike Ashley
ae6d97a4b6
Match tomcat version to solr
The package solr installs and uses tomcat7. Installing tomcat8 appears
to be a mistake for Debian Jessie.
9 years ago
Carl Meyer
3265e77865
Update rspamd repository to the official one.
9 years ago
Sebastian Kriems
fe536873b7
ufw tasks shall have the ufw tag
resolves #453
Conflicts:
roles/common/tasks/ufw.yml
9 years ago
Mike Ashley
aa59a1a2f0
Correct special-casing of z-push Apache configuration
9 years ago
Stuart Read
e444efa2b4
Add jessie to special-casing for modern apache conf.d handling.
9 years ago
Stuart Read
22ef6be96e
Revert "Z-push apache config: Jessie also uses conf-available/conf-enabled"
This reverts commit 6b53da4bdc .
Using a different approach to maintain wheezy compatibility
9 years ago
Stuart Read
6b53da4bdc
Z-push apache config: Jessie also uses conf-available/conf-enabled
9 years ago
rokaz
a8a0905738
Fix dependency for Solr
9 years ago
Alex Payne
69abd70297
Remove references to Debian 7
10 years ago
Alex Payne
2352d2d67e
OpenDMARC running under Postgres (?)
10 years ago
Alex Payne
7275a52ba6
Update to Tomcat 8
10 years ago
Alex Payne
34d537fcf2
Remove Dovecot installation for older distros
10 years ago
Alex Payne
2e966fe790
Don't need older Postgres anymore
10 years ago
Alex Payne
b674e0a669
Unified Solr installation across distros
10 years ago
Alex Payne
ecaa4c2330
Partially working Rspamd replacement for dspam
10 years ago
Alex Payne
58a4532fe7
Better permission handling for OpenDMARC.
Resolves #400 .
10 years ago
Alex Payne
7bb62ca678
Explicitly require MySQL server as part of OpenDMARC isntall.
Resolves #410 .
10 years ago
Pavel Karoukin
a86e43d5b4
Couple issues with OpenDMARC on Debian 7:
* fix mail_db_opendmarc_username/mail_db_opendmarc_password variable
not found.
* python-mysqldb package is required. Add it to opendmarc task.
10 years ago
Laurent Arnoud
21e0110684
Ignore copy tasks
10 years ago
Laurent Arnoud
a09e2e71c1
tar used in place of unarchive module
10 years ago
Alex Payne
26d61c68a8
Implement OpenDMARC. Resolves #369 .
10 years ago
Manfred Touron
16c93ea486
Using more verbose 'dependencies' tag (#393 )
10 years ago
Manfred Touron
b49f3a6586
Tagged 'deps' aptitude tasks
10 years ago
John Rogerson
f72e1d2350
Update dovecot version from wheezy backports
For correct implementation of the fix for logjam attack (https://github.com/sovereign/sovereign/pull/372 ), state=latest is needed to grab sufficient version of Dovecot. If not then 37aa7e2cb5 doesn't work.
10 years ago
Sven Neuhaus
c898aa98d6
Install postgresql 9.4, 9.3 or 9.1 if available
(on Debian Jessie, Ubuntu Trusty or older distributions such as
Debian Wheezy and Ubuntu Precise).
10 years ago
Sven Neuhaus
a849a49f37
Fix: Files shouldn't be owned or writeable by httpd unless necessary.
10 years ago
Sven Neuhaus
8b5ed21e38
use wheezy-backports for dspam and solr packages on wheezy
relates to pull request #372
10 years ago
Alex Payne
34448d5d34
install Dovecot from wheezy-backports on wheezy, specifying default_release
10 years ago
Alex Payne
5222776e34
install Dovecot from wheezy-backports on wheezy, specifying default_release
10 years ago
Alex Payne
c3afbc3b46
install Dovecot from wheezy-backports on wheezy. resolves #372
10 years ago
Alex Payne
1a96a87374
Ubuntu Trusty gets postgresql-9.3.
Resolves #363 .
10 years ago
Alex Payne
177ac9222b
Affix Postgres to version 9.1.
Addresses #362 .
10 years ago
Philip Potter
41243fa3ec
Bump checkrbl version to stop using ahbl
ahbl is no longer being maintained and has been configured to return a
positive value for every host. This means I get a cron warning every
day reporting that my mailserver is in ircbl.ahbl.org and
dnsbl.ahbl.org.
lukecyca/check-rbl#1 has removed ahbl from the blacklists that it
checks. This just pulls in that change.
Unfortunately, ansible's get_url won't update files which have been
downloaded already unless you set force=yes, which will cause ansible to
pull down the file from github on every single run, which isn't really
acceptable. I have filed ansible/ansible-modules-core#625 to ask that
get_url redownload if and only if the sha256sum differs. In the
meantime, you have to manually delete /opt/check-rbl.pl before rerunning
ansible to pull in the update. However, at least this will work fine
for new installs.
Related to #338 (though I don't know if it truly fixes it).
10 years ago
Luke Cyca
befde9f660
Update check-rbl to omit uribl. Fixes #279
11 years ago
Lorenzo Villani
8959f1c183
Add support for Thunderbird automatic configuration
Resolves #114
11 years ago
Lorenzo Villani
661ed29a3e
Use /usr/sbin/nologin as login shells for vmail and znc users
11 years ago
Lorenzo Villani
d5ecf673d3
Calm OCD by sorting almost every with_items block in alphabetical order
11 years ago
Lorenzo Villani
e7703d0d9c
Add support for Apache 2.4 on Ubuntu 14.04
11 years ago