Commit Graph

93 Commits

Author SHA1 Message Date
KiekerJan 334df74e49 ensure fail2ban is enabled 2022-05-27 18:12:50 +02:00
KiekerJan 90f0a0ae1d simpler directory creation 2022-05-16 08:42:00 +02:00
KiekerJan 4457eaf3a4 fixes to installation 2022-05-15 22:16:48 +02:00
KiekerJan 6c58403616 fixes to installation and compatibility with 22.04 2022-04-23 01:20:41 +02:00
KiekerJan e947f8e68b change apt daily timers to only show system software upgrades where user intervention is required 2022-04-22 21:23:11 +02:00
KiekerJan 87c9e2381e check unbound is up before changing local dns server 2022-04-17 23:08:12 +02:00
KiekerJan a4b6b15c14 add possibility for unbound blocklist 2022-03-22 13:05:25 +01:00
KiekerJan 600c07fb47 document bind9 replacement 2022-03-20 22:26:50 +01:00
KiekerJan 0f80d071db remove elaborate dns config, simply delete resolv.conf symlink 2022-03-20 22:12:02 +01:00
KiekerJan 640751b606 initial changes to use unbound as local dns resolver instead of bind 2022-03-20 20:57:19 +01:00
github@kiekerjan.isdronken.nl 2e23e44582 merge prelim 22.04 changes from upstream 2022-02-16 23:32:30 +01:00
github@kiekerjan.isdronken.nl e2bfe62939 merge upstream V56 2022-02-01 21:02:18 +01:00
Joshua Tauberer d1d6318862 Set systemd journald log retention to 10 days (from no limit) to reduce disk usage 2022-01-08 09:11:48 -05:00
KiekerJan be899f2b9e avoid a runaway /64 in jail.conf 2021-10-25 16:44:25 +02:00
KiekerJan 87be897d36 update DH security to 4096 2021-08-01 21:52:37 +02:00
KiekerJan 104d40e819 add alternative sshd port to ssh jail 2021-07-31 21:42:57 +02:00
KiekerJan 128541d506 add alternative sshd port to ssh jail 2021-07-31 21:36:38 +02:00
github@kiekerjan.isdronken.nl 050c77a49a fix sed order 2021-06-27 22:14:57 +02:00
github@kiekerjan.isdronken.nl 212b9a31df add definition of admin ipv6 address 2021-06-27 22:12:15 +02:00
github@kiekerjan.isdronken.nl f5a59d8bb1 add bind9 configuration 2021-04-13 21:28:17 +02:00
github@kiekerjan.isdronken.nl c24ca5abd4 include changes from v0.53. Remove some POWER modifications to closer follow original mialinabox 2021-04-13 09:50:23 +02:00
Jan van de Wijdeven d9629caab7 Fixes for 20.04 version 2021-04-11 23:09:41 +02:00
github@kiekerjan.isdronken.nl daf5a62e83 Merge changes from kiekerjan special 2021-04-11 20:45:24 +02:00
github@kiekerjan.isdronken.nl 12d0aee27a Add own changes 2021-04-11 12:14:41 +02:00
github@kiekerjan.isdronken.nl 98c6bdbf27 Move editconf.py 2021-03-11 23:25:58 +01:00
Joshua Tauberer d36a2cc938 Enable Backblaze B2 backups
This reverts commit b1d703a5e7 and adds python3-setuptools per the first version of #1899 which fixes an installation error for the b2sdk Python package.
2021-02-28 08:04:14 -05:00
David Duque 4829e687ff
Merge changes from master 2021-01-31 16:20:15 +00:00
Hilko 003e8b7bb1
Adjust max-recursion-queries to fix alternating rdns status (#1876) 2020-12-25 17:19:16 -05:00
Hilko 8664afa997
Implement Backblaze for Backup (#1812)
* Installing b2sdk for b2 support
* Added Duplicity PPA so the most recent version is used
* Implemented list_target_files for b2
* Implemented b2 in frontend
* removed python2 boto package
2020-11-26 07:13:31 -05:00
David Duque 022a11e159 Merge remote-tracking branch 'up/master' 2020-06-21 15:52:31 +01:00
Marcus Bointon cfc8fb484c
Add rate limiting of SSH in the firewall (#1770)
See #1767.
2020-06-07 09:47:51 -04:00
David Duque baa5d32dea
Make sure /etc/default/bind9 exists 2020-05-17 02:58:19 +01:00
David Duque 2d228c0520
Remove PPA installation process 2020-04-21 14:59:54 +01:00
David Duque 52e9afcf2f
Just use the script directly 2020-04-17 22:59:25 +01:00
David Duque 9fb02090bf
Remove operations not applicable to Debian
Signed-off-by: David Duque <david.f.s.duque@tecnico.ulisboa.pt>
2020-04-11 19:24:20 +01:00
Joshua Tauberer 385340da46 install openssh-client which provides ssh-keygen and is not present on desktop Ubuntu by default 2019-12-12 11:27:39 -05:00
Brendan Hide 70f05e9d52 Ensure the universe repository is enabled
A minimal Ubuntu server installation might not have universe enabled by
default. By adding it, we ensure we can install packages only available
in universe, such as python3-pip

Merges #1650.
2019-10-05 16:14:12 -04:00
jvolkenant c60e3dc842 fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl (fixes #1453, merges #1454)
* fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl

* specified custom datepattern for miab-owncloud.conf
2019-01-18 09:40:51 -05:00
Joshua Tauberer 0d4565e71d merge master branch 2018-12-02 18:19:15 -05:00
Joshua Tauberer 703a9376ef fix /etc /usr permissions for Scaleway, see #1438 2018-12-02 18:16:40 -05:00
Joshua Tauberer bd54b41041 add missing rsyslog to apt install line
see #1438
2018-12-02 18:02:00 -05:00
Joshua Tauberer 9ddca42c91 add 'nameserver' to resolv.conf, fixes #1450 2018-11-30 10:46:54 -05:00
Joshua Tauberer e5e0c64395 turn on bash strict mode to better catch setup errors
fixes #893
2018-11-30 10:46:54 -05:00
Joshua Tauberer 3dbd6c994a update bind9 configuration 2018-10-03 14:28:43 -04:00
Joshua Tauberer bbfa01f33a update to PHP 7.2
* drop the ondrej/php PPA since PHP 7.x is available directly from Ubuntu 18.04
* intall PHP 7.2 which is just the "php" package in Ubuntu 18.04
* some package names changed, some unnecessary packages are no longer provided
* update paths
2018-10-03 13:00:15 -04:00
Joshua Tauberer 51972fd129 fix some comments 2018-10-03 13:00:15 -04:00
Christopher A. DeFlumeri d96613b8fe minimal changeset to get things working on 18.04
@joshdata squashed pull request #1398, removed some comments, and added these notes:

* The old init.d script for the management daemon is replaced with a systemd service.
* A systemd service configuration is added to configure permissions for munin on startup.
* nginx SSL settings are updated because nginx's options and defaults have changed, and we now enable http2.
* Automatic SSHFP record generation is updated to know that 22 is the default SSH daemon port, since it is no longer explicit in sshd_config.
* The dovecot-lucene package is dropped because the Mail-in-a-Box PPA where we built the package has not been updated for Ubuntu 18.04.
* The stock postgrey package is installed instead of the one from our PPA (which we no longer support), which loses the automatic whitelisting of DNSWL.org-whitelisted senders.
* Drop memcached and the status check for memcached, which we used to use with ownCloud long ago but are no longer installing.
* Other minor changes.
2018-10-03 13:00:06 -04:00
Joshua Tauberer 2a72c800f6 replace free_tls_certificates with certbot 2018-06-29 16:46:21 -04:00
Joshua Tauberer 8ee7de6ff3 no need to do a second apt-get update after 'installing' the PHP7 PPA if the PPA was already installed 2018-01-15 13:28:18 -05:00
Joshua Tauberer f080eabb3a run apt-get autoremove after updating system packages
Old kernels can build up and some packages may not be needed anymore.

See https://discourse.mailinabox.email/t/storage-space-decreasing/2525/5.
2017-11-15 11:05:43 -05:00