|
|
faaddffce4
|
more fiddling with ssh security now relying on mozilla recommendations
|
2019-05-28 20:30:03 +03:00 |
|
|
|
180dae44a4
|
create relayd role and enable it for proxy group
|
2019-05-28 02:33:03 +03:00 |
|
|
|
0a8c59335a
|
add ifstated role and enable it on proxy group
|
2019-05-28 02:09:35 +03:00 |
|
|
|
ddb7ddc71b
|
use fullchain certificates for nginx
|
2019-05-28 01:10:42 +03:00 |
|
|
|
4dedb4f2d0
|
create fullchain of host certificate
|
2019-05-28 00:59:15 +03:00 |
|
|
|
dd19c94511
|
create network role and include it into base (only openbsd does something)
|
2019-05-28 00:25:06 +03:00 |
|
|
|
ba0c70532f
|
first version of proxy site for nginx
|
2019-05-27 23:49:38 +03:00 |
|
|
|
d448eb6522
|
no default vars just os family specific
|
2019-05-27 23:15:35 +03:00 |
|
|
|
e95bd87ab5
|
fix nginx/server role for openbsd
|
2019-05-27 22:36:35 +03:00 |
|
|
|
a69e66bbac
|
initial version of ldap client
|
2019-05-27 21:10:50 +03:00 |
|
|
|
81a3becc55
|
initial version of saslauthd role
|
2019-05-27 21:04:07 +03:00 |
|
|
|
33a70eacfd
|
add handler for sshd restarts
|
2019-05-27 21:03:31 +03:00 |
|
|
|
f06707ce6b
|
tighten sshd settings (ciphers, kex, macs)
|
2019-05-27 20:59:36 +03:00 |
|
|
|
e393ab4f6a
|
disable reporting changes when getting certificate hash
|
2019-05-24 13:03:57 +03:00 |
|
|
|
f1caad541e
|
store local ca certificate hash in variable
|
2019-05-24 12:48:39 +03:00 |
|
|
|
52c23c914f
|
create hostkey group which has read access to host certificate key
|
2019-05-24 11:57:03 +03:00 |
|
|
|
30d791d27d
|
lint fixes
|
2019-05-23 17:41:19 +03:00 |
|
|
|
3162d50738
|
no need to run quota check on boot for openbsd
|
2019-05-23 17:38:23 +03:00 |
|
|
|
011aafca1c
|
add bash and emacs by default on openbsd
|
2019-05-23 17:38:03 +03:00 |
|
|
|
12b270c57b
|
openbsd is missing /srv hierarcy by default so create it
|
2019-05-23 17:37:24 +03:00 |
|
|
|
fd64da10cf
|
hardode datacenter to home for now and use local mirror for openbsd packages
|
2019-05-23 17:36:14 +03:00 |
|
|
|
2809799242
|
try fixing line length errors from yamllint
|
2019-05-23 17:33:08 +03:00 |
|
|
|
eecf34b517
|
fix outside connectivity when default route goes through internal network
|
2019-05-23 17:31:53 +03:00 |
|
|
|
6c5f344318
|
lint fixes
|
2019-05-23 02:36:37 +03:00 |
|
|
|
46ccf974f9
|
lint fixes
|
2019-05-23 02:35:05 +03:00 |
|
|
|
1d0636dfa4
|
enable psacct on all hosts
|
2019-05-23 02:27:39 +03:00 |
|
|
|
7ffafeb09f
|
create role psacct
|
2019-05-23 02:27:05 +03:00 |
|
|
|
7d45cde22e
|
starting work on gw group
|
2019-05-22 23:53:35 +03:00 |
|
|
|
81df3e7c10
|
always add pf role to openbsd hosts
|
2019-05-22 23:51:12 +03:00 |
|
|
|
078e00f054
|
force correct hostname
|
2019-05-22 23:46:25 +03:00 |
|
|
|
332b433971
|
initial version of pf module
|
2019-05-22 23:39:12 +03:00 |
|
|
|
62cc0ab869
|
add openbsd support to pki role
|
2019-05-22 23:30:18 +03:00 |
|
|
|
612644e92a
|
fix lo0 device check
|
2019-05-22 23:18:58 +03:00 |
|
|
|
e022e3f991
|
add openbsd support to opensmtpd role
|
2019-05-22 22:58:25 +03:00 |
|
|
|
745b4a5a77
|
initial support for openbsd
|
2019-05-22 22:35:43 +03:00 |
|
|
|
4417cb2697
|
fix selinux context from mirror data diretories
|
2019-05-22 19:45:59 +03:00 |
|
|
|
dce83410e4
|
fix selinux context from web root
|
2019-05-22 19:45:32 +03:00 |
|
|
|
b31968dcf1
|
run rsyncd as rsyncd user instead of nobody
|
2019-05-22 19:44:04 +03:00 |
|
|
|
b74e793e62
|
run real rsync with exec
|
2019-05-21 11:28:49 +03:00 |
|
|
|
cc47310d89
|
retry fixing tls version
|
2019-05-21 10:21:53 +03:00 |
|
|
|
26e94be9c8
|
clean up rsyncd config
|
2019-05-21 10:20:52 +03:00 |
|
|
|
5ccc0a6a5c
|
force tls version to default in rsync client
|
2019-05-21 10:12:07 +03:00 |
|
|
|
8e6db48503
|
require client certificate for incoming connections on backend servers
|
2019-05-20 23:45:09 +03:00 |
|
|
|
de148708a9
|
globally define tls version and ciphers
|
2019-05-20 23:33:40 +03:00 |
|
|
|
7c0c59a187
|
add web server support to mirror role
|
2019-05-20 23:10:54 +03:00 |
|
|
|
d49da2f96e
|
initial version of rsync module which supports running rsynd server on top of tls
|
2019-05-20 23:07:35 +03:00 |
|
|
|
60406a69f9
|
always install tcpdump
|
2019-05-20 23:06:31 +03:00 |
|
|
|
2da62057d0
|
git: also copy gitweb theme files :)
|
2019-05-17 14:30:43 +03:00 |
|
|
|
75b6a52eb3
|
git: add local branding to gitweb
|
2019-05-17 13:13:19 +03:00 |
|
|
|
04e821116b
|
include mime.types for nginx config
|
2019-05-17 13:01:13 +03:00 |
|
