summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-07platform version -> 0.5rc2varac
2014-02-06add a comment why we use a custom way to populate authorized_keysvarac
2014-02-06updated submodule check_mkvarac
2014-02-06Merge branch '5096_monitor_node_has_no_apache_conf' into 4982_check_mkvarac
2014-02-06move leap_webapp.conf template to common.conf which is included by the ↵varac
nagios and webapp node (#5096)
2014-02-06added site_nagios::server::apachevarac
2014-02-06added site_nagios::server::check_mkvarac
2014-02-05use check_mk::agent to install check-mk-agentvarac
2014-02-05updated submodule check_mkvarac
2014-02-05updated submodule check_mkvarac
2014-02-05include site_nagios::client by defaultvarac
2014-02-05updated submodule check_mkvarac
2014-02-05site_nagios::client: install check_mk agentvarac
2014-02-04added submodule check_mk from ↵varac
https://git.codecoop.org/varacanero/puppet_check_mk.git
2014-02-04updated submodule rubygems, change gem source to use https instead of http ↵varac
(Feature #3827)
2014-01-31Merge branch 'develop' into 0.6varac
2014-01-30Merge branch 'feature/4889_restrict_port_5984_proc_to_localhost' into develop0.5.0rc2varac
2014-01-29add a .mailmap so authors show up with a unified name/email combinationvarac
2014-01-24swiss privacy foundation changed their nameserver IPs: ↵varac
http://www.privacyfoundation.ch/de/service/server.html
2014-01-22anonymize webapp ips (Bug #4896)varac
2014-01-21updated submodule couchdbvarac
2014-01-21Merge branch 'feature/4971_install_leap_bigcouch_package' into developvarac
2014-01-21properly purge cloudant repository leftovers (#4971)varac
2014-01-20configure leap_platform to install our leap bigcouch package (Feature #4971)varac
2014-01-13load_design_documents.sh fails (Bug #4945)varac
2014-01-09fix function issues in webapp design documentsAzul
This change is a result of https://github.com/leapcode/leap_web/pull/133. Both should be deployed at the same time to prevent conflicts.
2014-01-08fix webapp couchdb.yml to be couchdb.yml not couchdb.yml.webappelijah
2014-01-08updated submodule couchdbvarac
2014-01-07restrict bigcouch chttp proc to localhostvarac
2014-01-06install ntp on all platform nodes (Feature #4913)varac
2014-01-04updated submodule couchdbvarac
2014-01-03reduce tapicero log level.Azul
Debug is becoming quite verbose with the backtraces. Info should suffice as a default.
2014-01-02added support for minimum client version checkingelijah
2013-12-31add design docs for new soledad version to shared dbAzul
2013-12-30tests -- added tests to check that the right processes are runningelijah
2013-12-27added more network tests and pgrep test helperelijah
2013-12-27more couchdb testselijah
2013-12-27improve couchdb testelijah
2013-12-27improved stunnel testelijah
2013-12-27added some network tests for stunnelelijah
2013-12-24move nickserver config to /etc/nickserver.yml (fixes #4843)elijah
2013-12-22Adopt tapicero config file to tapicero > 0.2.0Azul
In order to reuse the couch changes observer for key uploads I extracted it from tapicero and made the configuration more generic. This results in some changes to the config file format. When deploying tapicero >= 0.2.0 this config file format should be used instead. Also set log_level to debug by default. We can reduce this later but it might be useful for now.
2013-12-19Set mynetworks to include any mx server in the provider to allow them to0.5.0rc1Micah Anderson
Helo as the domain (#4495) Change-Id: I6c8ac28faceb8b0c6129a606ede04837efd3d261
2013-12-19Fix the location of the smtp/smtpd_tls_session_cache_database (#4813)Micah Anderson
Change-Id: I959fa40ff508bbeaf7baa0b6ba90c10c9e6b0ef7
2013-12-19Deploy /etc/leap/couchdb_scripts_defaults.conf so we can exclude some DBs, ↵varac
i.e. sessions + tokens (#4794)
2013-12-18Merge branch 'feature/4506' into developMicah Anderson
2013-12-18Fix for openvpn/unbound not starting at boot (#4506)Micah Anderson
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow applications to bind to an address, even when the link is down. This is necessary because applications like unbound and openvpn fail to start on boot in some situations because interfaces are not fully up (due to a combination of non-deterministic booting because of the likely potential setting of allow-hotplug in the interfaces file and the LSB boot dependency on $network not being sufficient. The only down-side to setting this is a daemon could bind to an incorrect ip and we wouldn't get an error, but this would be a configuration mistake, rather than a fatal condition. Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
2013-12-18set x509 use to true for all nodes, we need a cert for relaying usingMicah Anderson
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd
2013-12-18add a smtp_tls class and include that on both mx servers and satellitesMicah Anderson
Change-Id: I779ea60e6d726d042203fa0756d73b4af079d728
2013-12-18rename the tls.pp to be smtpd_tls.pp, this allows us to have a separateMicah Anderson
class for smtp vs. smtpd tls configurations Change-Id: Ic1cc560c76924fcbbc15e245bec7b78ac2de83d3