summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-10-06[feat] remove tapicero leftoversvarac
Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero.
2015-10-05Merge branch 'bugfix/virtualaliases' into developelijah
2015-10-05Merge branch 'feature/firewall' into developelijah
2015-10-05Merge branch 'soledad_userdb_creation' into developvarac
2015-10-05[feat] Create-user-db: use couchdb admin rightsvarac
- create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502
2015-10-01Merge remote-tracking branch 'alster-hamburgers/invite_codes' into developvarac
2015-09-30fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge remote-tracking branch 'gitlab/develop' into developMicah
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge branch 'bug/server-status_7456' into 'develop' varac
Fix server-status availability to tor hidden services (#7456) Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb See merge request !73
2015-09-30Merge branch 'develop' into 'develop' varac
fix missing service dependency error this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e See merge request !77
2015-09-28Create invite code db and design docsankonym
2015-09-28Merge pull request #82 from Alster-Hamburgers/invite_codesvarac
Modify config.yml.erb to include the invite code option
2015-09-28Modify config.yml.erb to include the invite code optionankonym
2015-09-28[feat] Vagrant: forward leap_web ports 443 ad 80varac
2015-09-24add spf to compile zone, closes #5925elijah
2015-09-24do not remove /var/log/leap/mx.log.*, this is where leap_mx is logging.elijah
2015-09-24allow certain aliases, like 'abuse', to be publicly forwardable.elijah
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-24fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-24Remove no longer used vhost for leap_webapp (#7475)Micah
The configuration /etc/apache/sites-enabled/leap_webapp.conf was never removed after 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 made it obsolete, and because it exists on older systems, it is being used instead of the correct common.conf. This removes it and reloads apache. Change-Id: Ic4c9901f4bba869ecb3dfe5362dfd1971570f89a
2015-09-20automatic update of submodule aptkwadronaut
2015-09-15fix vagrant ssh private key pathelijah
2015-09-15Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-15Merge branch 'feature/rewrite_openpgp_header_7413' into developMicah Anderson
Change-Id: I42a1ef661dc55fb8110e82e930f67679c3dff1f8
2015-09-15make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-15service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-09-15minor lintingMicah Anderson
Change-Id: If92faee5f877301bf23564d5b6e71c4b1263de54
2015-09-15fix incorrect name for vagrant ssh public key fileelijah
2015-09-14Added help/warning if running tunnel command without TCP forwarding enabled.elijah
2015-09-14Merge remote-tracking branch 'micah/hiera_defaults_7443' into developvarac
2015-09-11Merge branch 'bugfix/mxaliases' into developelijah
2015-09-11switch aliases to use virtual_alias_mapselijah
2015-09-11Merge remote-tracking branch 'elijah/feature/sshconfig' into developMicah Anderson
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-10fix various problems with webapp config generationelijah
2015-09-10Make sure hiera values have valid defaults if they are not specified (#7443)Micah Anderson
Change-Id: Ib701886ad26c5e39ccd669fadca81404b5c0426a
2015-09-10Fix clients being blocked by RBLs (#7431)Micah Anderson
Valid users submitting mail to be delivered should not be blocked by configured RBLs. Settings in main.cf are valid and used globally, unless they are overridden in master.cf for specific Postfix daemons. We have set in main.cf the smtp_client_restrictions parameter to check for configured rbls, so we need to override that and empty it in order to allow valid clients to send mail, even when their IP is listed in an RBL. Note: most users will typically be connecting via VPN, so their IP would typically be replaced by the VPN gateway one, but there are cases where this is still useful. Change-Id: Ie4171113c78ae2814402a1ed9b5343280cbf79d1
2015-09-10Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-09-10Don't exit after failed deployvarac
Sometimes only trivial things fail that doesn't affect basic functionallity. Change-Id: I9d9d1a531a11e6eeee6fd823a51bb02e99771ec2
2015-09-10use vagrant user for configuring provider with leap_cli (new leap_cli ↵varac
version complain when called by root) we don't need to enable ssh pw auth because we're now using the vagrant user that has ssh key-based auth configured already. Change-Id: I5e28e6f5c71724573ff11def5b96142e8eb8b185
2015-09-10moved leap_cli installation to leap modulevarac
Change-Id: I385f7877d0816456e7c57179511604645a4740bc
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-09updates to zone compile and tags/development.json to be compatible with the ↵elijah
definition of 'domain' in provider.env.json.
2015-09-08rewrite openpgp header to be always correct (#7413)Micah Anderson
The openpgp header added by the client is sometimes incorrect, because the client doesn't actually know what the proper URL is for the webapp. The server knows, however. Change-Id: I2243b19a6337d8e0be97590e2ca9c9c0b0fffdac
2015-09-03make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31Merge branch 'feature/mxalias' into developelijah