summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-06Install tor from backports (fixes #8783).Micah Anderson
The newer version is needed for the single-hop functionality.
2017-05-06Restructure site_tor to be more clear and re-usable (fixes #8784).Micah Anderson
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install.
2017-05-03Merge remote-tracking branch 'origin/merge-requests/80'varac
2017-05-03Merge branch 'master' of 0xACAB.org:leap/platformvarac
2017-05-02Merge branch 'bug/fix_ci_deploy' into 'master' micah
Limit ci.leap.se deployment to leap/master (Closes #8782) Closes #8782 See merge request !83
2017-05-02Limit ci.leap.se deployment to leap/master (Closes #8782)Micah Anderson
2017-05-02Add signed-by option to sources.list (Closes: #8425)Micah Anderson
This gets us a simple apt repository privilege separation: (a) our key can't be used to forge other repos (b) other keys can't be used to forge our repo. From sources.list(5): ยท Signed-By (signed-by) is either an absolute path to a keyring file (has to be accessible and readable for the _apt user, so ensure everyone has read-permissions on the file) or one or more fingerprints of keys either in the trusted.gpg keyring or in the keyrings in the trusted.gpg.d/ directory (see apt-key fingerprint). If the option is set, only the key(s) in this keyring or only the keys with these fingerprints are used for the apt-secure(8) verification of this repository. Defaults to the value of the option with the same name if set in the previously acquired Release file. Otherwise all keys in the trusted keyrings are considered valid signers for this repository.
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-27change environment names to match ci-build.shMicah Anderson
2017-04-27Improve ci-build.sh (Closes #8771)varac
* Change environment names for clarity: . Use staging for deploying to latest . Use production environments to deploy to demo: production/vpn production/mail * Install leap_cli if not present and define default values * Remove old nodes from cached runs * Remove no longer used SEEDS variable * Debugging improvements: . Hide secrets when calling ci-build.sh with xtrace enabled . Use unbuffer to we can add debug output locally . Add debugging to build_from_scratch()
2017-04-25bugfix: ensure that nodes only have one environment specified (closes #8778)elijah
2017-04-25Add a production environment for demovpn, demomailMicah Anderson
Pull duplicated bits into a function
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-04-25LintMicah Anderson
2017-04-25git subrepo pull (merge) puppet/modules/torMicah Anderson
subrepo: subdir: "puppet/modules/tor" merged: "5ef29012" upstream: origin: "https://leap.se/git/puppet_tor" branch: "master" commit: "5ef29012" git-subrepo: version: "0.4.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "2e78d5d"
2017-04-25Fix the pipefail by putting ts inside of ci-build.shMicah Anderson
2017-04-25Switch to using new docker location for ruby imageMicah Anderson
2017-04-25CI: deploy_test should run for MRs, but not when merged into masterMicah Anderson
2017-04-20switch to using CI_ENVIRONMENT_NAME and defaulting to the basic deploymentMicah Anderson
2017-04-20Enhance ci-build.sh for latest CI builds.Micah Anderson
. Reorganize script to allow for multiple builds . Add latest build, pulling from the ibex provider . Run the build as the cirunner unprivileged user . Set pipefail because job is run within a pipe . Change name of 'build' stage to 'deploy' . Setup an environment for the latest CI deployment
2017-04-20Ensure leap command is setup properly for CIMicah Anderson
Add a `leap help` command at the end of the CI setup.sh to ensure that the command is setup properly before continuing
2017-03-29Run leap info after deployvarac
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-16Use http://deb.leap.se/platform jessie snapshots for platform CIvarac
2017-03-16Make platform apt dist/component configurablevarac
2017-03-16Try new packages from exerimental-gitbuildpackagevarac
2017-03-16Direct couch connection if running on same hostvarac
2017-03-15Merge branch '8144_remove_haproxy' into 'master' Varac
8144 remove haproxy Closes #8144 See merge request !70
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxy testsvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-03-15Linted couchdb.ppvarac
2017-02-28Merge branch 'stunnel_from_backports' into 'master' Varac
Install stunnel4 from jessie-backports Closes #8746 See merge request !72
2017-02-27Install stunnel4 from jessie-backportsvarac
The jessie version randonly closes the connection prematurely see https://0xacab.org/leap/platform/issues/8746 - Resolves: #8746
2017-02-23Merge branch 'clean_vcsrepo' into 'master' Varac
Cleanup modified Gemfile.lock before pulling nickserver vcsrepo Closes #8492 See merge request !71
2017-02-23Cleanup modified Gemfile.lock before pulling nickserver vcsrepovarac
Resolves: #8492
2017-02-23Dont apply specific ssh parameters for wheezyvarac
2017-02-23[feat] always set smtpd_relay_restrictionsvarac
now that we deprecate wheezy, we can always set smtpd_relay_restrictions
2017-02-23no build_essential packages for wheeyz anymorevarac
2017-02-23assume systemd is always present nowvarac
2017-02-23[feat] only care for apache >= 2.4varac
2017-02-23[feat] dont use backports for rsyslog anymorevarac
2017-02-23[feat] dont use backports for passenger anymorevarac
2017-02-23Remove old leap-keyring packagevarac
2017-02-09tests: check process by either process scan or service name. closes #8753elijah
2017-02-06Merge branch 'dont_run_bundle_install_in_parallel' into 'master' Varac
Platform CI: Dont run bundle install in parallel Closes #8684 See merge request !67
2017-01-31Platform CI: Dont run bundle install in parallelvarac
Closes: #8684
2017-01-18Merge branch 'master' of 0xACAB.org:leap/platformvarac
2017-01-18Ensure the directory exists before creating the fileTulio Casagrande
with @aarni
2017-01-18Change autorestart to use systemd::unit_fileTulio Casagrande