summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-07-12Merge branch 'fix_subrepo_behavior' of ↵elijah
https://github.com/pixelated/leap_platform into develop
2016-07-12only update git submodules only if not subrepoChristoph Kluenter
2016-07-05Use DANE/TLSA validation in postfix (#8141).Micah
Configure DNSSEC validation for client verification, giving us a stronger form of opportunistic TLS Change-Id: Iab92d4f593c4a5a44e3b694295096b0d7f687a37
2016-07-05set domain-secure to internal domain.Micah
Without this set, dnssec will fail validation for internal domains, which should not be validated Change-Id: I8589332598fe97ad5218dd23825ac77af2d8def6
2016-07-05Enable DNSSEC validation in unbound (#8214).Micah
Change-Id: Ibdf39a721162b4a5663ef27c27b2db0261c6e8a5
2016-07-05Merge branch '8021_rsyslog' of https://0xacab.org/micah/platform into developelijah
2016-07-05Remove duplicate syslog entry (#8021).Micah
In an attempt to resolve #8021, a template error was made, causing duplicated entries to appear in the rsyslog template. Change-Id: Ic41d6ef9aec9865cf64312c1eb96e408b39d441c
2016-07-05Polish platform buils config filevarac
2016-07-05add gitlab-runners pubkeyvarac
2016-07-05renenable global before_script in .gitlab-ci.ymlvarac
2016-07-05Update .gitlab-ci.yml and build config for local buildsvarac
2016-07-05remove private stuff from test provider dirvarac
2016-07-05prevent users from configuring a node and an environment with the same nameelijah
2016-07-05use single node with vagrantvarac
2016-07-05fix error caused by passing an empty option to net-sshelijah
2016-07-03bugfix: work-around for problem with upload file permissions (#8235)elijah
2016-07-02[bug] fix typo in leap add-uservarac
2016-07-01fix access to vagrant key fileelijah
2016-07-01leap cli: move everything we can from leap_cli to leap_platformelijah
2016-07-01leap cli: remove commands/util.rb (duplicate of common.rb)elijah
2016-07-01ssh remote command: reraise unknown exceptionselijah
2016-07-01ssh logging: set the correct hostelijah
2016-07-01print both sha1 and sha256 fingerprints for 'leap inspect'elijah
2016-07-01migrate commands to use new ssh system: node init, test, add-userelijah
2016-06-30fix static site apache configelijah
2016-06-30directly call build-platform.sh in build jobvarac
2016-06-30Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-30Remove bigcouch (#8056)Micah
Change-Id: I0c6e27298c63bd37de1410985d054799818c22a4
2016-06-28Fix for when tor is not an array.Micah
When tor is not configured, then its possible to get this error on deploy: Error: tor is not a hash or array when accessing it with hidden_service at /srv/leap/puppet/modules/site_static/manifests/init.pp:16 on node rewdevstatic1.rewire.org This commit only accesses the array when its enabled. Change-Id: Ia75ac7a51179da980966adba0cc614b9cd642b0c
2016-06-28added command `leap open monitor` for handy access to nagioselijah
2016-06-28Make static tor hidden services work (#8212).Micah
When tor hidden services were enabled for static sites, only a very basic configuration was setup and it didn't take into account the different location configurations that can be configured for a static site. This commit resolves that by making a site_static::hidden_service class similar to the site_webapp::hidden_service class, and fixes up the apache vhost template to properly create the location blocks for the hidden service vhost. Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a
2016-06-28Stop tor from restarting on every deploy (#8211).Micah
We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66
2016-06-28Reload tor if config or key is changed (#8210).Micah
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5
2016-06-28Make sure bind9 doesn't take over unbound (#8213).Micah
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
2016-06-28dont run default before_script for build stagevarac
2016-06-27Fix the permissions on the DOMAIN/provider.json file for static sites.elijah
2016-06-28Don't use docker for platform ci buildsvarac
Will try later, but for now it fails with not finding bundle cmd.
2016-06-28use leap_cli:develop gem in Gemfilevarac
2016-06-27Puppet-lint 2.0 releasevarac
2016-06-27Lint and Document site_webapp::hidden_servicevarac
2016-06-22set the platform version to be 0.9, require leap_cli 1.9elijah
2016-06-22leap_cli: removed dependency on gems 'paint' and 'command_line_reporter'elijah
2016-06-21minor ruby lintingelijah
2016-06-21Fix hidden service static template (#8203).Micah
Change-Id: Iab9597f5f0336f66df9b73fea9d79c789cbb8302
2016-06-17tests - default to admin access when testing existence of a dbelijah
2016-06-16New Build Badge from 0xacab.orgvarac
2016-06-16Merge branch '0.8.1' into developMicah
2016-06-16Disable the Trace method (#8195)0.8.1Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
2016-06-16Fix matching for cleanup check.Micah
The onlyif check was incorrectly specified in the original implementation in commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it is properly detected. Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
2016-06-16Disable the Trace method (#8195)Micah
The Trace method is enabled because of the Apache module, but it is not the default in Debian, and it should not be enabled, for more information see the following: https://www.kb.cert.org/vuls/id/867593 Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268