Commit 882f6e8a authored by Hinrikus Wolf's avatar Hinrikus Wolf
Browse files

Merge branch 'master' of chaos:git/wolfscloud

parents 55fae33c 11654183
......@@ -46,10 +46,12 @@ ssl_key = <{{ ssl_key }}
ssl_dh_parameters_length = 4096
# SSL protocols to use
ssl_protocols = !SSLv3
ssl_protocols = TLSv1.1 TLSv1.2 !SSLv3
# SSL ciphers to use
ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!SHA1
#ssl_cipher_list = HIGH:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!SHA1
#Supported Ciphers downto Android 2.3
ssl_cipher_list = {{ tls_ciphers }}
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes
......
......@@ -3,6 +3,9 @@
- name: restart postfix
service: name=postfix state=restarted
- name: restart memcached
service: name=memcached state=restarted
- name: postmap system
command: postalias cdb:/etc/aliases
......
......@@ -34,6 +34,14 @@
tags:
- postfix
- mail
- name: ensure memcached config is present
template: src=templates/memcached.conf.j2 dest=/etc/memcached.conf
notify:
- restart memcached
tags:
- postfix
- mail
- name: ensure system alias database is present
template: src=templates/aliases.j2 dest=/etc/aliases
......
......@@ -29,6 +29,15 @@ smtpd_tls_auth_only=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#ciphers supported downto android 2.3
smtpd_tls_mandatory_protocols = !TLSv1 !SSLv2, !SSLv3
smtpd_tls_protocols = !TLSv1 !SSLv2 !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist = {{ tls_ciphers }}
smtpd_tls_eecdh_grade=ultra
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_sasl_type = dovecot
......
# memcached default config file
# 2003 - Jay Bonci <jaybonci@debian.org>
# This configuration file is read by the start-memcached script provided as
# part of the Debian GNU/Linux distribution.
# Run memcached as a daemon. This command is implied, and is not needed for the
# daemon to run. See the README.Debian that comes with this package for more
# information.
-d
# Log memcached's output to /var/log/memcached
logfile /var/log/memcached.log
# Be verbose
# -v
# Be even more verbose (print client commands as well)
# -vv
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m 64
# Default connection port is 11211
-p 11211
# Run the daemon as root. The start-memcached will default to running as root if no
# -u command is present in this config file
-u memcache
# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l {{ tinc_vpnip }}
# Limit the number of simultaneous incoming connections. The daemon default is 1024
# -c 1024
# Lock down all paged memory. Consult with the README and homepage before you do this
# -k
# Return error when memory is exhausted (rather than removing items)
# -M
# Maximize core file limit
# -r
......@@ -3,9 +3,9 @@
#
{% for partner in groups['mail'] %}
{% if partner != ansible_hostname %}
memcache = inet::{{hostvars[partner]["tinc_vpnip"]}}11211
{% endif %}
{% if partner != ansible_hostname %}
memcache = inet:{{hostvars[partner]["tinc_vpnip"]}}:11211
{% endif %}
{% endfor %}
backup = proxy:btree:/var/lib/postfix/postscreen_cache
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment