Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-16 | syslog: add rsyslog::snippet to anonymize logs | Micah Anderson | |
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747 | |||
2013-10-16 | rsyslog: setup default local config that gets us the same config as default ↵ | Micah Anderson | |
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca | |||
2013-10-16 | add rsyslog puppet submodule | Micah Anderson | |
Change-Id: Ic9f521010af7b362490ee5b0048e41cf11bfc593 | |||
2013-10-16 | vagrant: support other providers besides virtualbox (Bug #4158) | varac | |
2013-10-15 | Merge branch 'feature/1863_puppet_-_openvpn_gateway_netmask' into develop | varac | |
2013-10-15 | new fallback nameservers (#4113) | varac | |
* the german privacy foundation has dissolved itself and shut down their public nameserver. we are now using the public nameserver by Digitalcourage, a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage) * the IP for the server of the swiss privacy foundation has changed (http://www.privacyfoundation.ch/de/service/server.html) | |||
2013-10-15 | puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863) | varac | |
2013-10-11 | /etc/haproxy/haproxy.cfg changed randomly (Feature #4111) | varac | |
2013-10-11 | class moved but forgot to rename | varac | |
2013-10-11 | Merge branch 'feature/4079_dont_remove_build_packages' into develop | varac | |
2013-10-11 | fixed issues from https://review.leap.se/r/98/ | varac | |
2013-10-11 | install ruby-dev for nickserver/webapp (#4079 + #4080) | varac | |
2013-10-11 | don't remove dev-packages on webapp node | varac | |
they are needed for building gems | |||
2013-10-11 | Merge branch 'feature/1683_configure_postfix_satellites' into develop | varac | |
2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
2013-10-11 | deploy postfix satellites on all nodes (Bug #1683) | varac | |
2013-10-10 | added mail.smarthost variable to hiera | varac | |
2013-10-10 | contacts is now a top-level hiera variable | varac | |
2013-10-10 | fix site_postfix::mx::reserved_aliases class name and package array | varac | |
2013-10-10 | provide global.provider.contacts.default on every node, no need to add in ↵ | varac | |
services/mx.json again | |||
2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
2013-10-06 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3 | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-06 | implement stripping user's home IPs from Received headers (#3866) | Micah Anderson | |
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0 | |||
2013-10-06 | only use TLSv1 or later for smtp (Feature #4011) | Micah Anderson | |
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f | |||
2013-10-03 | fix name of base class file | Micah Anderson | |
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd | |||
2013-10-03 | Merge branch 'feature/3953' into develop | Micah Anderson | |
2013-10-03 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵ | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-02 | setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵ | Micah Anderson | |
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5 | |||
2013-10-02 | Merge branch 'bug/3869' into develop | Micah Anderson | |
2013-10-02 | Merge branch 'bug/3959' into develop | Micah Anderson | |
2013-10-02 | Merge branch 'feature/3955' into develop | Micah Anderson | |
2013-10-02 | only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵ | Micah Anderson | |
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c | |||
2013-09-26 | set myhostname in postfix the internet hostname of this mail system. The ↵ | Micah Anderson | |
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6 | |||
2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
2013-09-26 | create a site_config::packages directory, move site_config::base_packages to ↵ | Micah Anderson | |
site_config::packages::base add site_config::packages::gnutls for inclusion (#3955) Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb | |||
2013-09-26 | Add client-side TLS configuration (#3868) | Micah Anderson | |
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 | |||
2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
2013-09-26 | properly set the $smtps_recipient_restrictions variable in master.cf (#3935) | Micah Anderson | |
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd | |||
2013-09-25 | add smtp_tls_received_header to include information about the protocol and ↵ | Micah Anderson | |
cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4 | |||
2013-09-25 | openvpn is restarted before package is installed (Bug #3904) | varac | |
2013-09-25 | recent couchdb puppet - requires git submodule update | Azul | |
2013-09-24 | Merge branch 'feature/3917_openvpn_is_failing_to_connect' into develop | varac | |
2013-09-24 | deploy client_ca on webapp node | varac | |
2013-09-24 | webapp leftover for seperate cert and key deployment (Feature #3918) | varac | |
2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
2013-09-24 | added site_config::x509::client_ca::cert and ↵ | varac | |
site_config::x509::client_ca::key for client_ca deployment (#3917) | |||
2013-09-24 | Merge branch 'feature/3916_Webapp_doesn_t_serve_commercial_cert' into develop | varac | |
2013-09-24 | https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919) | varac | |
2013-09-24 | Webapp doesn't serve commercial cert (Bug #3916) | varac | |
2013-09-24 | move commercial x509 deployment to site_x509 (Feature #3889) | varac | |