-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog.txt
64 lines (44 loc) · 2.48 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
## [xx] - in progress
- Configured ARC signing by rspamd for incoming messages. This will
improve delivery if messages are forwarded to an offsite address.
- Fixes for rspamd 2.7 where we had some bad config file perms and the
default storage for bayes changed from sqlite to redis.
## [1.2] - 2020-03-14
- Added roles for Docker and Roundcube, plus a webmail playbook that
sets up a Roundcube container on a separate machine.
- Reworked firewall to cover both native applications and Docker
containers. Now blocking in the PREROUTING chain of the "mangle"
table. This is lower cost because it is early in the process, and
before the split between INPUT (used by native apps) and FORWARD
(used by Docker) so it covers both. Also added rules for DHCP
because connection tracking can break in some situations.
- Reworked fail2ban configuration to allow customization of the jails,
to change bantimes or retarget to the DOCKER-USER chain.
- Tightened permissions on DKIM folder.
- Added managesieve plugins for Dovecot and Roundcube.
## [1.1] - 2020-02-18
- Added 'www' user account for uploading website data. Also reworked
the website configs to add a variety of extra flags.
- Changed '-' to '_' in backup_server and raspberry_pi group names to
satisfy new Ansible naming requirements. Update your host files and
group_var files to match. Many lint fixes throughout the playbooks.
- Certbot handling now broken out into a separate role, the renewal
hooks are now configurable and handled by a few simple variables.
Now requesting a separate certificate for the mail server. This
makes it possible to build a mail-only or web-only server without
having to rework certbot.
- Simplified HTTPS handling, tightened up SLL parameters, and Apache
directory permissions.
- backup-server play now brings in the cryptdir role. Encryption type
is 'none' by default, set to luks to encrypt the backups at rest.
- bacula_director_bootstart controls whether director starts at boot.
Starts normally when encryption type is 'none'.
- mail_services_bootstart controls whether mail starts at boot.
Starts normally when encryption type is 'none'.
- web_services_bootstart controls whether apache starts at boot.
Starts normally but can be overridden if using encryption for the
document root.
- The first.yml playbook now does sudo on raspberry pis.
## [1.0] - 2020-02-02
- Baseline release. Mail, web, and backup all working, although there
may be rough spots here and there