4 files changed, 20 insertions, 4 deletions

diff --git a/lib/leap_cli/commands/vagrant.rb b/lib/leap_cli/commands/vagrant.rb
index 5168a3c0..9fdd48e3 100644
--- a/lib/leap_cli/commands/vagrant.rb
+++ b/lib/leap_cli/commands/vagrant.rb
@@ -151,10 +151,10 @@ module LeapCli; module Commands
         lines << %[    config.vm.provider "virtualbox" do |v|]
         lines << %[      v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]]
         lines << %[      v.name   = "#{node.name}"]
-        lines << %[      v.memory = 1024]
+        lines << %[      v.memory = 1536]
         lines << %[    end]
         lines << %[    config.vm.provider "libvirt" do |v|]
-        lines << %[      v.memory = 1024]
+        lines << %[      v.memory = 1536]
         lines << %[    end]
         lines << %[    #{leapfile.custom_vagrant_vm_line}] if leapfile.custom_vagrant_vm_line
         lines << %[  end]
diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp
index 4ce972d0..07c3c6c6 100644
--- a/puppet/modules/site_config/manifests/remove/tapicero.pp
+++ b/puppet/modules/site_config/manifests/remove/tapicero.pp
@@ -1,6 +1,8 @@
 # remove tapicero leftovers from previous deploys on couchdb nodes
 class site_config::remove::tapicero {
 
+  ensure_packages('curl')
+
   # remove tapicero couchdb user
   $couchdb_config = hiera('couch')
   $couchdb_mode   = $couchdb_config['mode']
@@ -14,7 +16,8 @@ class site_config::remove::tapicero {
 
   exec { 'remove_couchdb_user':
     onlyif  => "/usr/bin/curl -s 127.0.0.1:${port}/_users/org.couchdb.user:tapicero | grep -qv 'not_found'",
-    command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete"
+    command => "/usr/local/bin/couch-doc-update --host 127.0.0.1:${port} --db _users --id org.couchdb.user:tapicero --delete",
+    require => Package['curl']
   }
 
 
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 221c79a7..d7f6f9eb 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -204,4 +204,17 @@ define site_openvpn::server_config(
       value  => '3',
       server => $openvpn_configname;
   }
+
+  # register openvpn services at systemd on nodes newer than wheezy
+  # see https://leap.se/code/issues/7798
+  case $::operatingsystemrelease {
+    /^7.*/: { }
+    default:  {
+      exec { "enable_systemd_${openvpn_configname}":
+        refreshonly => true,
+        command     => "/bin/systemctl enable openvpn@${openvpn_configname}",
+        subscribe   => File["/etc/openvpn/${openvpn_configname}.conf"];
+      }
+    }
+  }
 }
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
index f2bd571b..0ea452ee 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp
@@ -6,7 +6,7 @@ class site_postfix::mx::smtpd_checks {
     'checks_dir':
       value => '$config_directory/checks';
     'smtpd_client_restrictions':
-      value => "${site_postfix::mx::rbls}permit_mynetworks,permit";
+      value => "permit_mynetworks,${site_postfix::mx::rbls},permit";
     'smtpd_data_restrictions':
       value => 'permit_mynetworks, reject_unauth_pipelining, permit';
     'smtpd_delay_reject':