a8f4500567
Add IPv6 support to firewall tasks / template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-05-25 18:17:23 +03:00
3a5b50f941
roles/common: Set I/O scheduler via udev
...
All servers with non-rotating disks (SSDs) should be running noop,
and the rest should be running deadline.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-03-15 17:52:05 +03:00
2367b843d9
roles/common: Remove I/O scheduler logic from rc.local
...
It's better to set this using udev rules anyways
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-03-15 17:40:54 +03:00
58222706ba
roles/common: Remove logic for TCP congestion avoidance on early kernels in sysctl
...
We don't have anything near 2.6.32 anymore.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-03-15 17:25:33 +03:00
60ba4dacbd
roles/common: Add TCP/IP tweaks to sysctl template
...
Disable TCP slow start and increase the number of ports available
for client connections.
See: http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html
See: http://www.chromium.org/spdy/spdy-best-practices
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-03-15 17:23:10 +03:00
13b592dfcd
roles/common: Tune sshd_config to be more strict
...
Disable ECDSA as a signature algorithm and drop some older message
authentication algorithms.
See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-07 01:47:06 +03:00
a80cb49957
roles/common: Update sshd_config template to explicitly allow the provisioning user
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-06 17:45:06 +03:00
60b8ecdd4c
Initial commit
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-08-17 00:35:57 +03:00