# Date Author Comment
a7e9483c 2019-01-17 14:34 Marc Dequènes

disable all monitoring until Nicecity-NG is ready

the current machine is not able to hold the load and crash

2dbd6575 2019-01-11 19:28 Marc Dequènes

force lists in intermediate variables to be resolved #2

65d9ed5c 2019-01-11 19:23 Marc Dequènes

dc-web: rsync needed for 'synchronize' module

d25cc3cc 2019-01-11 17:02 Marc Dequènes

update submodules

1562056d 2019-01-11 17:01 Marc Dequènes

force lists in intermediate variables to be resolved

35a67e9f 2019-01-10 04:58 Marc Dequènes fix index permissions

802177b7 2018-12-30 14:44 Marc Dequènes

Orfeo: needs accounts resolution

It was removed in e8b3717 because Orfeo does not have historical VIP
shell accounts anymore, but certain services needs it (like

aad53888 2018-12-30 13:41 Marc Dequènes

dns: adjust rate limiting

f498ead5 2018-12-30 10:33 Marc Dequènes

Pond: experimenting with Bind DNSSEC support

55ee712d 2018-12-30 10:32 Marc Dequènes

Pond: update list of reverse zones

a7da91d8 2018-12-29 10:18 Marc Dequènes

dns: add rate limiting

6e731173 2018-12-29 08:31 Marc Dequènes

added duckcorp/

9ab70ad9 2018-12-29 07:59 Marc Dequènes

dc-postfix: rework TLS security

  • enforce server cipher order
  • be more restrictive with mandatory secured connections
  • smtpd?_tls_session_cache_database is not needed anymore, RFC 5077 TLS
    session tickets is recommended instead
  • share TLS settings among server types
7dcda2d6 2018-12-28 16:35 Marc Dequènes (Duck) webstats are no more

Removed Piwik/Matomo from the CSP.

0cf9ae03 2018-12-28 16:27 Marc Dequènes (Duck) forgot alias to TLD

e8b37173 2018-12-28 07:35 Marc Dequènes (Duck)

Orfeo: not a shell server anymore

f968f7df 2018-12-27 07:04 Marc Dequènes

unlock_host_encryption: failed when facts caching is expired

`system.boot.options` could not be defined because `_ip` depends on
facts, which prevented using any of the `system.boot.*` variables. So
moved initramfs SSH IP option in a separate top-level variable.

112ade40 2018-12-27 07:03 Marc Dequènes

unlock_host_encryption: do not log passphrases

f4d889a8 2018-12-20 09:19 Marc Dequènes

add a simplified view of the hosts<->services association

84711404 2018-12-19 08:17 Marc Dequènes ensure 'proxy_wstunnel' Apache module is loaded

df6e330d 2018-12-19 08:08 Marc Dequènes no need for TLS to reach weechat on localhost

A recent update changed the behavior and the weechat certificate was not
accepted anymore. Weechat can bind on localhost only, and the port is
not opened anyway, so we do not need TLS between the proxy and Weechat.

75a83248 2018-12-19 08:00 Marc Dequènes weechat port was hardcoded

f7f0da45 2018-12-14 02:47 Marc Dequènes

dc-web: remove manually managed vhost confdir

b18c4706 2018-12-14 02:47 Marc Dequènes

added duckcorp/ (web only)

c1c28bf2 2018-12-14 02:33 Marc Dequènes

added duckland/ (web only)

(1-25/598) Per page: 25, 50, 100

Also available in: Atom