ansible.git
15 months agojournalwatch: bind
Ralf Jung [Mon, 18 Jun 2018 09:34:25 +0000 (11:34 +0200)]
journalwatch: bind

15 months agoupdate site.yml dependency comment
Ralf Jung [Mon, 18 Jun 2018 07:23:24 +0000 (09:23 +0200)]
update site.yml dependency comment

15 months agoignore more strato-specific errors
Ralf Jung [Mon, 18 Jun 2018 07:05:29 +0000 (09:05 +0200)]
ignore more strato-specific errors

15 months agoonly redirect to https if we have letsencrypt
Ralf Jung [Sun, 17 Jun 2018 21:08:35 +0000 (23:08 +0200)]
only redirect to https if we have letsencrypt

15 months agopostfix: permit adding more domains to virtual_mailbox_domains
Ralf Jung [Sat, 16 Jun 2018 18:15:22 +0000 (20:15 +0200)]
postfix: permit adding more domains to virtual_mailbox_domains

15 months agojournalwatch: only filter broken conterinerization messages on strato machines
Ralf Jung [Sat, 16 Jun 2018 18:06:44 +0000 (20:06 +0200)]
journalwatch: only filter broken conterinerization messages on strato machines

15 months agopermit configuring mail system hostname
Ralf Jung [Sat, 16 Jun 2018 18:01:27 +0000 (20:01 +0200)]
permit configuring mail system hostname

15 months agomake unbound dependency for postfix optional
Ralf Jung [Sat, 16 Jun 2018 17:57:33 +0000 (19:57 +0200)]
make unbound dependency for postfix optional

15 months agojournalwatch: systemd error on strato
Ralf Jung [Sat, 16 Jun 2018 17:17:50 +0000 (19:17 +0200)]
journalwatch: systemd error on strato

15 months agomake letsencrypt optional for apache/postfix
Ralf Jung [Sat, 16 Jun 2018 17:17:41 +0000 (19:17 +0200)]
make letsencrypt optional for apache/postfix

15 months agoInstall libpam-systemd before installing needrestart
Ralf Jung [Sat, 16 Jun 2018 10:05:23 +0000 (12:05 +0200)]
Install libpam-systemd before installing needrestart

Otherwise, needrestart can pull in libpam-systemd from backports, and therefore
upgrade the entire systemd to backports.

15 months agoMailman CAPTCHA: rename displayhtml -> display
Ralf Jung [Sun, 10 Jun 2018 17:40:56 +0000 (19:40 +0200)]
Mailman CAPTCHA: rename displayhtml -> display

15 months agoadd script to easily play site.yml
Ralf Jung [Sun, 10 Jun 2018 17:40:30 +0000 (19:40 +0200)]
add script to easily play site.yml

15 months agofix mailman patch detection
Ralf Jung [Sun, 3 Jun 2018 20:42:41 +0000 (22:42 +0200)]
fix mailman patch detection

15 months agoadd data protection information to subscribeack
Ralf Jung [Sun, 3 Jun 2018 18:44:03 +0000 (20:44 +0200)]
add data protection information to subscribeack

15 months agopatch mailman to add a simple question-and-answer CAPTCHA
Ralf Jung [Sun, 3 Jun 2018 18:37:35 +0000 (20:37 +0200)]
patch mailman to add a simple question-and-answer CAPTCHA

15 months agomailman: set SUBSCRIBE_FORM_SECRET to protect better against spammers
Ralf Jung [Sat, 2 Jun 2018 13:49:21 +0000 (15:49 +0200)]
mailman: set SUBSCRIBE_FORM_SECRET to protect better against spammers

15 months agoapache: anonymize error.log; set ServerAdmin and ServerName
Ralf Jung [Sat, 2 Jun 2018 07:48:26 +0000 (09:48 +0200)]
apache: anonymize error.log; set ServerAdmin and ServerName

15 months agofix log-anon script
Ralf Jung [Sat, 2 Jun 2018 07:48:20 +0000 (09:48 +0200)]
fix log-anon script

15 months agotweak apache2 config
Ralf Jung [Sat, 2 Jun 2018 07:13:10 +0000 (09:13 +0200)]
tweak apache2 config

15 months agojournalwatch: postfix
Ralf Jung [Sun, 27 May 2018 14:00:40 +0000 (16:00 +0200)]
journalwatch: postfix

15 months agolater prosody uses systemd to daemonize
Ralf Jung [Wed, 23 May 2018 19:07:52 +0000 (21:07 +0200)]
later prosody uses systemd to daemonize

15 months agodocument role dependencies
Ralf Jung [Tue, 22 May 2018 20:25:54 +0000 (22:25 +0200)]
document role dependencies

15 months agojournalwatch: postfix
Ralf Jung [Tue, 22 May 2018 16:23:20 +0000 (18:23 +0200)]
journalwatch: postfix

15 months agojournalwatch: opendkim
Ralf Jung [Tue, 22 May 2018 14:34:41 +0000 (16:34 +0200)]
journalwatch: opendkim

15 months agojournalwatch: dovecot
Ralf Jung [Tue, 22 May 2018 12:43:10 +0000 (14:43 +0200)]
journalwatch: dovecot

15 months agoadd tag to only deploy journalwatch patterns (and config)
Ralf Jung [Tue, 22 May 2018 12:37:33 +0000 (14:37 +0200)]
add tag to only deploy journalwatch patterns (and config)

15 months agojournalwatch: opendkim
Ralf Jung [Tue, 22 May 2018 12:35:48 +0000 (14:35 +0200)]
journalwatch: opendkim

16 months agoalso create newmail settings.py
Ralf Jung [Mon, 21 May 2018 08:48:47 +0000 (10:48 +0200)]
also create newmail settings.py

16 months agogenerate virtual transport_map from mailman and dovecot domain lists
Ralf Jung [Mon, 21 May 2018 08:38:23 +0000 (10:38 +0200)]
generate virtual transport_map from mailman and dovecot domain lists

16 months agomove newmail script to dovecot tasks; add changepw script; fix quota-warning script
Ralf Jung [Sun, 20 May 2018 22:00:28 +0000 (00:00 +0200)]
move newmail script to dovecot tasks; add changepw script; fix quota-warning script

16 months agoconfigure mailman; group mailman tasks together
Ralf Jung [Sun, 20 May 2018 21:48:41 +0000 (23:48 +0200)]
configure mailman; group mailman tasks together

16 months agopostfix: use default jinja combinator
Ralf Jung [Sun, 20 May 2018 20:59:37 +0000 (22:59 +0200)]
postfix: use default jinja combinator

16 months agomake unbound its own role
Ralf Jung [Sun, 20 May 2018 20:50:08 +0000 (22:50 +0200)]
make unbound its own role

16 months agopostfix: offer opening another smtpd on port 26
Ralf Jung [Sun, 20 May 2018 20:45:20 +0000 (22:45 +0200)]
postfix: offer opening another smtpd on port 26

16 months agoopendkim: properly create tmpdir; use DNSSEC
Ralf Jung [Sun, 20 May 2018 20:16:35 +0000 (22:16 +0200)]
opendkim: properly create tmpdir; use DNSSEC

16 months agogenerate relay_clientcerts whitelist from host_vars
Ralf Jung [Sun, 20 May 2018 19:46:04 +0000 (21:46 +0200)]
generate relay_clientcerts whitelist from host_vars

16 months agoadd a host_vars template
Ralf Jung [Sun, 20 May 2018 19:38:50 +0000 (21:38 +0200)]
add a host_vars template

16 months agofix playall to site.yml, now that that's the only playbook
Ralf Jung [Sun, 20 May 2018 17:24:22 +0000 (19:24 +0200)]
fix playall to site.yml, now that that's the only playbook

16 months agostart dovecot config; generate postfix transport_map; support multiple sender IPs...
Ralf Jung [Sun, 20 May 2018 16:58:07 +0000 (18:58 +0200)]
start dovecot config; generate postfix transport_map; support multiple sender IPs in postfix

16 months agoreorganize postfix/email role; drop meta/main.yml dependencies as they interact badly...
Ralf Jung [Sun, 20 May 2018 08:57:35 +0000 (10:57 +0200)]
reorganize postfix/email role; drop meta/main.yml dependencies as they interact badly with tags

16 months agoadd etherpad role
Ralf Jung [Sun, 20 May 2018 08:43:50 +0000 (10:43 +0200)]
add etherpad role

16 months agoadd dependencies between roles
Ralf Jung [Sun, 20 May 2018 07:49:10 +0000 (09:49 +0200)]
add dependencies between roles

16 months agoavoid gathering facts when we do not need to
Ralf Jung [Sat, 19 May 2018 09:48:11 +0000 (11:48 +0200)]
avoid gathering facts when we do not need to

16 months agogather most of the playbooks in one and just use tags
Ralf Jung [Sat, 19 May 2018 08:01:53 +0000 (10:01 +0200)]
gather most of the playbooks in one and just use tags

the email playbook is still a mess...

16 months agoadd named.conf.options
Ralf Jung [Sat, 12 May 2018 12:56:41 +0000 (14:56 +0200)]
add named.conf.options

16 months agofix timesyncd service name
Ralf Jung [Sat, 12 May 2018 12:42:09 +0000 (14:42 +0200)]
fix timesyncd service name

16 months agoorder site.yml
Ralf Jung [Fri, 11 May 2018 17:20:00 +0000 (19:20 +0200)]
order site.yml

16 months agoadd bind role
Ralf Jung [Fri, 11 May 2018 17:15:38 +0000 (19:15 +0200)]
add bind role

16 months agoinstall acl; use latest LE-tiny
Ralf Jung [Fri, 11 May 2018 17:15:33 +0000 (19:15 +0200)]
install acl; use latest LE-tiny

16 months agoadd README
Ralf Jung [Fri, 11 May 2018 11:08:51 +0000 (13:08 +0200)]
add README

16 months agoadd lets-encrypt-tiny
Ralf Jung [Fri, 11 May 2018 10:01:13 +0000 (12:01 +0200)]
add lets-encrypt-tiny

16 months agogroup newmail script stuff in a block
Ralf Jung [Fri, 11 May 2018 08:53:14 +0000 (10:53 +0200)]
group newmail script stuff in a block

16 months agoMove dh2048 creation to base, remove server-scripts from base
Ralf Jung [Fri, 11 May 2018 08:47:45 +0000 (10:47 +0200)]
Move dh2048 creation to base, remove server-scripts from base

16 months agoadd newmail script
Ralf Jung [Thu, 10 May 2018 22:51:53 +0000 (00:51 +0200)]
add newmail script

16 months agoadd mailman-check cronjob
Ralf Jung [Thu, 10 May 2018 22:41:37 +0000 (00:41 +0200)]
add mailman-check cronjob

16 months agomake base a role
Ralf Jung [Thu, 10 May 2018 10:58:34 +0000 (12:58 +0200)]
make base a role

16 months agoconfigure timesyncd
Ralf Jung [Thu, 10 May 2018 08:44:31 +0000 (10:44 +0200)]
configure timesyncd

16 months agodon't get DNS via DHCPv6 either
Ralf Jung [Thu, 10 May 2018 07:35:31 +0000 (09:35 +0200)]
don't get DNS via DHCPv6 either

16 months agounbound: make sure unbound is loaded before the network is considered online
Ralf Jung [Thu, 10 May 2018 07:18:52 +0000 (09:18 +0200)]
unbound: make sure unbound is loaded before the network is considered online

16 months agoadd do-update script
Ralf Jung [Thu, 10 May 2018 07:08:04 +0000 (09:08 +0200)]
add do-update script

16 months agopostfix needs opendkim access
Ralf Jung [Sat, 5 May 2018 15:23:13 +0000 (17:23 +0200)]
postfix needs opendkim access

16 months agoupdate server-scripts repo URL
Ralf Jung [Wed, 2 May 2018 07:53:25 +0000 (09:53 +0200)]
update server-scripts repo URL

16 months agodeploy apache log anonymizer
Ralf Jung [Tue, 1 May 2018 16:25:51 +0000 (18:25 +0200)]
deploy apache log anonymizer

16 months agojournalwatch: ssh, postfix
Ralf Jung [Tue, 1 May 2018 08:25:09 +0000 (10:25 +0200)]
journalwatch: ssh, postfix

16 months agofix NEEDRESTART_MODE
Ralf Jung [Tue, 1 May 2018 08:18:27 +0000 (10:18 +0200)]
fix NEEDRESTART_MODE

17 months agoI don't think we still need this with PW-logins disabled
Ralf Jung [Fri, 20 Apr 2018 07:33:58 +0000 (09:33 +0200)]
I don't think we still need this with PW-logins disabled

17 months agoapache: disable access_compat module
Ralf Jung [Tue, 17 Apr 2018 20:37:17 +0000 (22:37 +0200)]
apache: disable access_compat module

17 months agoless MAM
Ralf Jung [Tue, 17 Apr 2018 14:56:46 +0000 (16:56 +0200)]
less MAM

17 months agojournalwatch: ssh
Ralf Jung [Mon, 16 Apr 2018 20:36:38 +0000 (22:36 +0200)]
journalwatch: ssh

17 months agomake sure dhclient does not give us another DNS server
Ralf Jung [Mon, 16 Apr 2018 17:39:54 +0000 (19:39 +0200)]
make sure dhclient does not give us another DNS server

17 months agoSSH: filter more
Ralf Jung [Mon, 16 Apr 2018 08:52:38 +0000 (10:52 +0200)]
SSH: filter more

17 months agoadd unbound and more tools
Ralf Jung [Sun, 15 Apr 2018 16:26:57 +0000 (18:26 +0200)]
add unbound and more tools

17 months agoinstall more stuff
Ralf Jung [Sun, 15 Apr 2018 15:54:32 +0000 (17:54 +0200)]
install more stuff

17 months agoadd prosody config
Ralf Jung [Sun, 15 Apr 2018 15:32:35 +0000 (17:32 +0200)]
add prosody config

17 months agoconfigure root shell from /etc/skel; put conditionals above actions
Ralf Jung [Sun, 15 Apr 2018 15:32:25 +0000 (17:32 +0200)]
configure root shell from /etc/skel; put conditionals above actions

17 months agojournalwatch: ignore failed SSH attempts... there are just too many...
Ralf Jung [Sun, 15 Apr 2018 13:35:42 +0000 (15:35 +0200)]
journalwatch: ignore failed SSH attempts... there are just too many...

17 months agoroll out psmisc (for killall)
Ralf Jung [Sun, 15 Apr 2018 13:30:31 +0000 (15:30 +0200)]
roll out psmisc (for killall)

17 months agofail2ban cleanup done
Ralf Jung [Sun, 15 Apr 2018 13:27:03 +0000 (15:27 +0200)]
fail2ban cleanup done

17 months agoget rid of fail2ban, it doesnt actually help
Ralf Jung [Sun, 15 Apr 2018 13:23:25 +0000 (15:23 +0200)]
get rid of fail2ban, it doesnt actually help

17 months agoadd shared apache config
Ralf Jung [Sun, 8 Apr 2018 11:12:39 +0000 (13:12 +0200)]
add shared apache config

17 months agofix postscreen and DKIM permissions
Ralf Jung [Sun, 8 Apr 2018 10:16:12 +0000 (12:16 +0200)]
fix postscreen and DKIM permissions

17 months agoproperly set up opendkim
Ralf Jung [Sun, 8 Apr 2018 09:58:45 +0000 (11:58 +0200)]
properly set up opendkim

17 months agomake --diff the default
Ralf Jung [Sun, 8 Apr 2018 08:32:00 +0000 (10:32 +0200)]
make --diff the default

17 months agoadd script to run ad-hoc on all hosts
Ralf Jung [Sun, 8 Apr 2018 08:23:11 +0000 (10:23 +0200)]
add script to run ad-hoc on all hosts

17 months agotweak upgrade playbook
Ralf Jung [Sun, 8 Apr 2018 08:22:34 +0000 (10:22 +0200)]
tweak upgrade playbook

17 months agoonly install needrestart from backports; pin server-scripts commit
Ralf Jung [Sun, 8 Apr 2018 08:17:14 +0000 (10:17 +0200)]
only install needrestart from backports; pin server-scripts commit

17 months agoextend gitignore
Ralf Jung [Sat, 7 Apr 2018 21:11:40 +0000 (23:11 +0200)]
extend gitignore

17 months agoextend postfix: vmail and more
Ralf Jung [Sat, 7 Apr 2018 21:05:20 +0000 (23:05 +0200)]
extend postfix: vmail and more

17 months agoadd master playbook
Ralf Jung [Sat, 7 Apr 2018 18:20:59 +0000 (20:20 +0200)]
add master playbook

17 months agotweak email
Ralf Jung [Sat, 7 Apr 2018 18:20:47 +0000 (20:20 +0200)]
tweak email

17 months agocheck if we are on a supported distro
Ralf Jung [Sat, 7 Apr 2018 18:20:06 +0000 (20:20 +0200)]
check if we are on a supported distro

17 months agoadd postfix and journalwatch roles
Ralf Jung [Sat, 7 Apr 2018 17:01:29 +0000 (19:01 +0200)]
add postfix and journalwatch roles

17 months agowork
Ralf Jung [Sat, 7 Apr 2018 15:27:45 +0000 (17:27 +0200)]
work

17 months agoadd basic packages playbook; work on upgrade playbook; provide script to run it on...
Ralf Jung [Thu, 5 Apr 2018 08:10:23 +0000 (10:10 +0200)]
add basic packages playbook; work on upgrade playbook; provide script to run it on all hosts despite sudo PW differences

17 months agowrite upgrade playbook and try it on some more hosts
Ralf Jung [Tue, 3 Apr 2018 09:33:50 +0000 (11:33 +0200)]
write upgrade playbook and try it on some more hosts

17 months agoinitial commit
Ralf Jung [Mon, 2 Apr 2018 20:11:12 +0000 (22:11 +0200)]
initial commit