summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-09-18use x509 for postfix ca and fix names for cert+key (Feature #3833)varac
2013-09-18deploy client_ca (#3833)varac
2013-09-18Include content of client_ca.crt and client_ca.key in hiera (Feature #3874)varac
2013-09-18openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)varac
2013-09-18include shorewall::interface{eth0} in setup.pp so packages can be installed ↵varac
during main puppetrun, even before shorewall is configured completly
2013-09-17fix stunnel module so that code was not removed accidentallyMicah Anderson
Change-Id: Ia236eb5b7609d9f96970230fce4d0051d832e3cb
2013-09-17Merge branch 'feature/2399_shorewall_on_vagrant_fails' into developvarac
2013-09-17shorewall: #2399 blocks uplink (Bug #2866)varac
2013-09-17site_config::params::interface should contain eth1 for vagrant cause it's ↵varac
the main interface we use (#2399, #2401)
2013-09-17update stunnel submodule commit id to correct one for new repositoryMicah Anderson
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542
2013-09-17Merge branch 'bug/3757' into developMicah Anderson
2013-09-17updated submodule stunnel - include stunnel in stunnel::service ↵varac
(https://leap.se/code/issues/3861)
2013-09-17Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into developvarac
2013-09-14ensure site_config::caching_resolver runs with tag leap_base (#3757)Micah Anderson
Change-Id: I593602ff9d3486dee39227673147e137045c55c5
2013-09-14moved openvpn submodule back to 25f1fe8d8, like it was beforekwadronaut
2013-09-14Merge branch 'vcs_module' into developkwadronaut
2013-09-13change vcsrepo submodule url (bug #3139)kwadronaut
2013-09-13change openvpn submodule url (bug #3139)kwadronaut
2013-09-13setup stunnel config to use default x509 cert,key+ca (#3837)varac
* fix stunnel setups for couchdb, mx, webapp services
2013-09-13Deploy default x509 cert + key that services can use (Feature #3836)varac
2013-09-13remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵varac
(#3817)
2013-09-13deploy default x509::ca leap_ca in site_config::default (#3817)varac
2013-09-13use define instead of class for site_stunnel::setup (#3817)varac
so it can be called multiple times
2013-09-05make sure we gather ec2_public_ipv4 fact. REQUIRES latest leap_cli (1.2.2)elijah
2013-09-05require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1Micah Anderson
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d
2013-09-05updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵varac
#3098)
2013-09-05Merge branch 'feature/3747_puppet_fails_if_no_services_are_configured' into ↵varac
develop
2013-09-05Some packages are installed before refresh_apt is called (Bug #2988)varac
2013-09-05puppet fails if no services are configured (Bug #3747)varac
2013-09-04fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)Micah Anderson
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48
2013-09-04change git repository clone URIs from git:// to https:// (#3732)Micah Anderson
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9
2013-09-04need to test that /etc/init.d/shorewall exists before attempting to call it, ↵Micah Anderson
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a
2013-09-04updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵varac
members (Bug #3703)
2013-09-04Merge branch 'bug/3339' into developMicah Anderson
2013-09-04fix soledad-server not being available before the leap repository has been ↵Micah Anderson
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e
2013-09-04make sure that the shorewall package is installed before trying to change ↵Micah Anderson
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed
2013-09-04updated submodule couchdb: don't use couchdb::document for creating ↵varac
_security, cause this special doc doesn't have and _id (#3706)
2013-09-03Work around for shorewall not being available at the site_config stage (#3339)Micah Anderson
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
2013-09-03Merge branch ↵varac
'feature/3667_Sending_mail_fails_when_relaying_using_non-fully-qualified_hostname' into develop
2013-09-03use check_helo_access hash:/helo_checks also for $submission_helo_restrictionsvarac
2013-09-03fix $master_cf_tail formatvarac
2013-09-03Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵varac
#3667)
2013-09-03Merge branch 'feature/helo_access' into developMicah Anderson
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
2013-09-03Merge branch 'bug/3339' into developMicah Anderson
Conflicts: puppet/modules/site_config/manifests/initial_firewall.pp Change-Id: I794d057dc5d89133e552dd12939e8b9792cf1611
2013-09-03add /etc/postfix/checks directory and setup a check_helo_access that allows ↵Micah Anderson
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵Micah Anderson
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7
2013-09-02disable postfix debugging by defaultvarac
2013-09-02create all webapp databases so _security is set (fixes 3517)Azul
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 21:20:46 +0000