Skip to content

Releases: david-loffredo/lowcloud

Webmail and Docker

14 Mar 19:03
@david-loffredo david-loffredo
v1.2
b1de4b8
Compare
Choose a tag to compare
Webmail and Docker Latest
Latest

Added a new playbook for Roundcube if you want a webmail, and reworked all of the firewall rules to work with Docker containers. The Roundcube install also uses the managesieve plugin for easy filtering on the server.

  • Added roles for Docker and Roundcube, plus a webmail playbook that
    sets up a Roundcube container on a separate machine.

  • Reworked firewall to cover both native applications and Docker
    containers. Now blocking in the PREROUTING chain of the "mangle"
    table. This is lower cost because it is early in the process, and
    before the split between INPUT (used by native apps) and FORWARD
    (used by Docker) so it covers both. Also added rules for DHCP
    because connection tracking can break in some situations.

  • Reworked fail2ban configuration to allow customization of the jails,
    to change bantimes or retarget to the DOCKER-USER chain.

  • Tightened permissions on DKIM folder.

  • Added managesieve plugins for Dovecot and Roundcube.

Assets 2
Loading

Fine Tuning

19 Feb 03:24
@david-loffredo david-loffredo
v1.1
f6c9073
Compare
Choose a tag to compare
Fine Tuning

[1.1] - 2020-02-18

  • Added 'www' user account for uploading website data. Also reworked
    the website configs to add a variety of extra flags.

  • Changed '-' to '_' in backup_server and raspberry_pi group names to
    satisfy new Ansible naming requirements. Update your host files and
    group_var files to match. Many lint fixes throughout the playbooks.

  • Certbot handling now broken out into a separate role, the renewal
    hooks are now configurable and handled by a few simple variables.
    Now requesting a separate certificate for the mail server. This
    makes it possible to build a mail-only or web-only server without
    having to rework certbot.

  • Simplified HTTPS handling, tightened up SLL parameters, and Apache
    directory permissions.

  • backup-server play now brings in the cryptdir role. Encryption type
    is 'none' by default, set to luks to encrypt the backups at rest.

  • bacula_director_bootstart controls whether director starts at boot.
    Starts normally when encryption type is 'none'.

  • mail_services_bootstart controls whether mail starts at boot.
    Starts normally when encryption type is 'none'.

  • web_services_bootstart controls whether apache starts at boot.
    Starts normally but can be overridden if using encryption for the
    document root.

  • The first.yml playbook now does sudo on raspberry pis.

Assets 2
Loading

Initial Baseline

02 Feb 02:56
@david-loffredo david-loffredo
v1.0
a287326
Compare
Choose a tag to compare
Initial Baseline

Mail, web, and backup are all functional. I'm sure there are rough edges that could still use attention.

Assets 2
Loading