summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-13Merge branch 'bug/7527' into developMicah
2015-10-13Update resource_file to not include /private/ as this is not usedMicah
anymore by the nagios module, and our config template has drifted. Fixes: #7527 Change-Id: I56c3492056fcb95c499cf78b893249adcf0ae67f
2015-10-13Merge branch '7514_remove_tapicero_couchdb_user' into 'develop' Micah
7514 remove tapicero couchdb user - Resolves: #7514 this depends on this couchdb m.r.: https://gitlab.com/leap/couchdb/merge_requests/2 See merge request !78
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-12[feat] Remove tapicero couchdb uservarac
- Resolves: #7514
2015-10-08Update submodule couchdbvarac
2015-10-07added `leap db destroy --username USER` command.elijah
2015-10-07[bug] Fix missing dependency (tapicero leftovers)varac
We need to remove local check-mk-agent checks on the tapicero nodes, and want to notify the monitoring server to re-inventarize the local checks. This doesn't work when both services run on different hosts, it will fail with: Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool] So i remove the notifies, because we will re-inventarize of local checks by a daily cronjob anyway, see #6873. ... - Resolves: #XYZ - Related: #XYZ - Documentation: #XYZ - Releases: XYZ
2015-10-07[bug] Fix removal of webapp apache config filevarac
Done by including a service-dependend site_config::remove::webapp class.
2015-10-07Merge branch 'develop' of gitlab.com:leap/platform into developvarac
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-10-06[feat] remove tapicero leftoversvarac
Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero.
2015-10-05Merge branch 'bugfix/virtualaliases' into developelijah
2015-10-05Merge branch 'feature/firewall' into developelijah
2015-10-05Merge branch 'soledad_userdb_creation' into developvarac
2015-10-05[feat] Create-user-db: use couchdb admin rightsvarac
- create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502
2015-10-01Merge remote-tracking branch 'alster-hamburgers/invite_codes' into developvarac
2015-09-30fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge remote-tracking branch 'gitlab/develop' into developMicah
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge branch 'bug/server-status_7456' into 'develop' varac
Fix server-status availability to tor hidden services (#7456) Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb See merge request !73
2015-09-30Merge branch 'develop' into 'develop' varac
fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e See merge request !77
2015-09-28Create invite code db and design docsankonym
2015-09-28Merge pull request #82 from Alster-Hamburgers/invite_codesvarac
Modify config.yml.erb to include the invite code option
2015-09-28Modify config.yml.erb to include the invite code optionankonym
2015-09-28[feat] Vagrant: forward leap_web ports 443 ad 80varac
2015-09-24add spf to compile zone, closes #5925elijah
2015-09-24do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging.elijah
2015-09-24allow certain aliases, like 'abuse', to be publicly forwardable.elijah
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-24fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24Remove no longer used vhost for leap_webapp (#7475)Micah
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
2015-09-20automatic update of submodule aptkwadronaut
2015-09-15fix vagrant ssh private key pathelijah
2015-09-15Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-15Merge branch 'feature/rewrite_openpgp_header_7413' into developMicah Anderson
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8
2015-09-15make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-15service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-09-15minor lintingMicah Anderson
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54
2015-09-15fix incorrect name for vagrant ssh public key fileelijah
2015-09-14Added help/warning if running tunnel command without TCP forwarding enabled.elijah
2015-09-14Merge remote-tracking branch 'micah/hiera_defaults_7443' into developvarac
2015-09-11Merge branch 'bugfix/mxaliases' into developelijah
2015-09-11switch aliases to use virtual_alias_mapselijah
2015-09-11Merge remote-tracking branch 'elijah/feature/sshconfig' into developMicah Anderson
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-10fix various problems with webapp config generationelijah
2015-09-10Make sure hiera values have valid defaults if they are not specified (#7443)Micah Anderson
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a
2015-09-10Fix clients being blocked by RBLs (#7431)Micah Anderson
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1