summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--platform.rb2
-rw-r--r--puppet/modules/clamav/templates/clamav-milter.conf.erb1
-rw-r--r--puppet/modules/site_apache/files/conf.d/security4
-rw-r--r--puppet/modules/site_check_mk/templates/use_ssh.mk2
-rw-r--r--puppet/modules/site_config/manifests/default.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp6
-rw-r--r--puppet/modules/site_static/manifests/location.pp13
-rw-r--r--puppet/modules/site_stunnel/manifests/client.pp5
-rw-r--r--puppet/modules/site_stunnel/manifests/servers.pp5
-rw-r--r--puppet/modules/soledad/manifests/server.pp1
m---------puppet/modules/stunnel0
11 files changed, 31 insertions, 11 deletions
diff --git a/platform.rb b/platform.rb
index 1e19a2a9..61fb50ce 100644
--- a/platform.rb
+++ b/platform.rb
@@ -45,7 +45,7 @@ Leap::Platform.define do
:node_config => 'nodes/#{arg}.json',
# input config files, environmentally scoped
- :common_env_config => 'commmon.#{arg}.json',
+ :common_env_config => 'common.#{arg}.json',
:provider_env_config => 'provider.#{arg}.json',
:service_env_config => 'services/#{arg[0]}.#{arg[1]}.json',
:tag_env_config => 'tags/#{arg[0]}.#{arg[1]}.json',
diff --git a/puppet/modules/clamav/templates/clamav-milter.conf.erb b/puppet/modules/clamav/templates/clamav-milter.conf.erb
index 9bf7099e..50b4c620 100644
--- a/puppet/modules/clamav/templates/clamav-milter.conf.erb
+++ b/puppet/modules/clamav/templates/clamav-milter.conf.erb
@@ -4,7 +4,6 @@ FixStaleSocket true
User clamav
MilterSocketGroup clamav
MilterSocketMode 666
-AllowSupplementaryGroups true
ReadTimeout 120
Foreground false
PidFile /var/run/clamav/clamav-milter.pid
diff --git a/puppet/modules/site_apache/files/conf.d/security b/puppet/modules/site_apache/files/conf.d/security
index a5ae5bdc..fdcf6270 100644
--- a/puppet/modules/site_apache/files/conf.d/security
+++ b/puppet/modules/site_apache/files/conf.d/security
@@ -45,8 +45,8 @@ ServerSignature Off
#
# Set to one of: On | Off | extended
#
-#TraceEnable Off
-TraceEnable On
+TraceEnable Off
+#TraceEnable On
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
diff --git a/puppet/modules/site_check_mk/templates/use_ssh.mk b/puppet/modules/site_check_mk/templates/use_ssh.mk
index 55269536..25f951e0 100644
--- a/puppet/modules/site_check_mk/templates/use_ssh.mk
+++ b/puppet/modules/site_check_mk/templates/use_ssh.mk
@@ -1,6 +1,6 @@
# http://mathias-kettner.de/checkmk_datasource_programs.html
datasource_programs = [
<% @nagios_hosts.sort.each do |name,config| %>
- ( "ssh -l root -i /etc/check_mk/.ssh/id_rsa -p <%=config['ssh_port']%> <%=config['domain_internal']%> check_mk_agent", [ "<%=config['domain_internal']%>" ], ),<%- end -%>
+ ( "ssh -o ConnectTimeout=5 -l root -i /etc/check_mk/.ssh/id_rsa -p <%=config['ssh_port']%> <%=config['domain_internal']%> check_mk_agent", [ "<%=config['domain_internal']%>" ], ),<%- end -%>
]
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index 256de1a1..9bc8c30d 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -7,8 +7,9 @@ class site_config::default {
include site_config::params
include site_config::setup
- # default class, used by all hosts
+ service { 'puppet': ensure => stopped }
+ # default class, used by all hosts
include lsb, git
# configure sysctl parameters
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index c269946b..0b760eb4 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -69,10 +69,10 @@ class site_postfix::mx {
value => '$alias_maps';
# setup clamav and opendkim on smtpd
'smtpd_milters':
- value => 'unix:/run/clamav/milter.ctl,inet:localhost:8891';
+ value => 'unix:/run/clamav/milter.ctl,unix:/run/opendkim/opendkim.sock';
# setup opendkim for smtp (non-smtpd) outgoing mail
'non_smtpd_milters':
- value => 'inet:localhost:8891';
+ value => 'unix:/run/opendkim/opendkim.sock';
'milter_default_action':
value => 'accept';
# Make sure that the right values are set, these could be set to different
@@ -96,7 +96,7 @@ class site_postfix::mx {
# access the opendkim milter socket (#8020)
exec { 'unset_cleanup_chroot':
command => '/usr/sbin/postconf -F "cleanup/unix/chroot=n"',
- onlyif => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -q ^n',
+ onlyif => '/usr/sbin/postconf -h -F "cleanup/unix/chroot" | egrep -qv ^n',
notify => Service['postfix'],
require => File['/etc/postfix/master.cf']
}
diff --git a/puppet/modules/site_static/manifests/location.pp b/puppet/modules/site_static/manifests/location.pp
index d116de2f..ab2b7494 100644
--- a/puppet/modules/site_static/manifests/location.pp
+++ b/puppet/modules/site_static/manifests/location.pp
@@ -23,6 +23,19 @@ define site_static::location($path, $format, $source) {
}
}
+ if ($format == 'rack') {
+ # Run bundler if there is a Gemfile
+ exec { 'bundler_update':
+ cwd => $file_path,
+ command => '/bin/bash -c "/usr/bin/bundle check --path vendor/bundle || /usr/bin/bundle install --path vendor/bundle --without test development debug"',
+ unless => '/usr/bin/bundle check --path vendor/bundle',
+ onlyif => 'test -f Gemfile',
+ user => 'www-data',
+ timeout => 600,
+ require => [Class['bundler::install'], Class['site_config::ruby::dev']];
+ }
+ }
+
vcsrepo { $file_path:
ensure => present,
force => true,
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp
index c9e034f1..7c431c50 100644
--- a/puppet/modules/site_stunnel/manifests/client.pp
+++ b/puppet/modules/site_stunnel/manifests/client.pp
@@ -39,7 +39,10 @@ define site_stunnel::client (
debuglevel => $debuglevel,
sslversion => 'TLSv1',
syslog => 'no',
- output => $logfile;
+ output => $logfile,
+ require => [ Class['Site_config::X509::Key'],
+ Class['Site_config::X509::Cert'],
+ Class['Site_config::X509::Ca'] ];
}
# define the log files so that we can purge the
diff --git a/puppet/modules/site_stunnel/manifests/servers.pp b/puppet/modules/site_stunnel/manifests/servers.pp
index e76d1e9d..37aaf5a6 100644
--- a/puppet/modules/site_stunnel/manifests/servers.pp
+++ b/puppet/modules/site_stunnel/manifests/servers.pp
@@ -39,7 +39,10 @@ define site_stunnel::servers (
debuglevel => $debuglevel,
sslversion => 'TLSv1',
syslog => 'no',
- output => $logfile;
+ output => $logfile,
+ require => [ Class['Site_config::X509::Key'],
+ Class['Site_config::X509::Cert'],
+ Class['Site_config::X509::Ca'] ];
}
# allow incoming connections on $accept_port
diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
index 8674f421..6cf806d0 100644
--- a/puppet/modules/soledad/manifests/server.pp
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -17,6 +17,7 @@ class soledad::server {
$sources = hiera('sources')
+ include x509::variables
include site_config::x509::cert
include site_config::x509::key
include site_config::x509::ca
diff --git a/puppet/modules/stunnel b/puppet/modules/stunnel
-Subproject 79e874c1a86ad5c48c4e726a5d4c68bd879ce45
+Subproject 523612fb6daff51837423619f5014e62dc83555
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 06:49:46 +0000