summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-04Additional entries/updates0.9.0Micah Anderson
2016-11-01bugfix: allow 'leap facts update' to work again.elijah
2016-10-25Change CI build webapp source branch to master.Micah Anderson
The develop branch was removed, and current master is the same as develop was before.
2016-10-24Set X-XSS-Protection HTTP response header to '1'.Micah Anderson
This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter if it was disabled maliciously, or by accident.
2016-10-24Set X-Content-Type-Options nosniff.Micah Anderson
Setting this header will prevent the browser from interpreting files as something else than declared by the content type in the HTTP headers. This will prevent the browser from MIME-sniffing a response away from the declared content-type. When this is not set, older versions of Internet Explorer and Chrome perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type.
2016-10-20[bug] properly set 'enrollment_policy' in provider.jsonelijah
2016-10-20Merge branch 'twisted_backports' into developvarac
2016-10-20Merge branch 'soledad_ordering' into developvarac
2016-10-20Merge branch 'upgrade/nickserver' into 'develop' Varac
upgrade: nickserver version 0.9.x See merge request !49
2016-10-20upgrade: nickserver version 0.9.xAzul
2016-10-18Setup couch for soledad before starting soledadvarac
When the soledad couch user is not present, soledad-server refuses to start, so we need to ensure that couch is setup correctly before starting soledad-server. see https://leap.se/code/issues/8535
2016-10-18Lint site_couchdb::setupvarac
2016-10-18[feat] Use twisted 16.2 from jessie-backportsvarac
New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418
2016-10-18lint site_mx classvarac
2016-10-18Fix Are_daemons_running test for nickservervarac
2016-10-18Use docker for CI testingvarac
2016-10-18Use random vm name when running localvarac
when using gitlab-runner locally, CI_BUILD_ID is always 1 which will conflict with running/terminating AWS instances in subsequent runs therefore we pick a random number in this case
2016-10-18Use caching in setup.shvarac
2016-10-18Include secret variables from gitlab ci settingsvarac
- Assemble cloud.json from aws credential env vars - Deploy ssh private key from env var
2016-10-18Add public sshkey of gitlab-runner for platform buildsvarac
2016-10-18Checkin cloud.json template without credentialsvarac
2016-10-18Add timestamps to build outputvarac
2016-10-18Gitignore some files needed for cibuildsvarac
2016-10-18Use leap vm for ci buildsvarac
2016-10-18Dont track facts.json and users/gitlab-runnervarac
2016-10-18Dont track provider/files/ssh/known_hostsvarac
2016-10-18Lint ci-build.shvarac
2016-10-18Do a dist-upgrade in 'node init'.Micah Anderson
Starting with a recent debian stable point release update, it is possible that the system is in an inconsistent library state. For example, puppet could not be run because the libraries on the system were not the ones that the puppet package was built against. So that means that deploys could not happen until we've dont a dist-upgrade.
2016-10-11Use puppet-catalog-test from git to circumvent deprecation warnvarac
2016-10-11Add instructions for running testsvarac
2016-10-04generate utf8 locale solves #85110.9.0rc1kwadronaut
2016-10-04[bug] fix Tor hidden service key generationelijah
2016-09-15leap vm: grab ssh host key when adding a new vmelijah
2016-09-15leap vm: require 'fog/aws' instead of all of 'fog'elijah
2016-09-14refresh /docs/elijah
2016-09-14updated docselijah
2016-09-14[bugfix] leap vm: make the default instance type 't2.nano'elijah
2016-09-14leap vm: fix typo (closes #8468)elijah
2016-09-13[bugfix] static sites: only enable hidden service by default if one domain ↵elijah
is configured The problem is that we have a single onion address per server, so if more than one domain is configured we need to make sure they don't both try to use the same onion address.
2016-09-08Merge branch 'clamd_dependencies' into developvarac
2016-09-08Merge branch 'ensure_clamav_running' into developvarac
2016-09-08start clamav after definitions are downloadedChristoph Kluenter
freshclam might not be able to start clamav via the socket because the socket might not be there. This systemd unit watches for the definitions and then starts clamav. Resolves: #8431
2016-09-08Merge branch 'check_mk_add_services' into developvarac
2016-09-08Add systemd::enable definevarac
2016-09-07Update contributing docs regarding 0xacab.org CIvarac
2016-09-07Fix dependencies for clamd servicevarac
Sometimes, after a deploy from scratch `leap test` fails because clamd could not get started (even when the deploy log says so). This fixes the dependencies of all resources needed in order to let clamd start reliable. Resolves: #8431
2016-09-06leap cert renew: added more messages in case anything goes wrongelijah
2016-09-06leap run: stream results by default if there is only one nodeelijah
2016-09-06Added known issues to CHANGES.mdelijah
2016-09-06[feat] Add check_mk config values, dont set themvarac
When setting values like ignored_services = [...] this will override other `ignored_services` that might get parsed before. Instead, we use `+=` so multiple files can add sth to this config value.