summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-02Add initial rate-limiting for outgoing SMTP, using postfwd (#5972)Micah
Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2
2015-11-02Add basic DKIM support, this requires changes in leap_cli detailed inMicah
issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
2015-10-31[bug] Add bigcouch syslog snippet for logwatchvarac
2015-10-30[bug] Remove duplicte declarationvarac
Duplicate declaration: File[/srv/leap/nagios/plugins/check_unix_open_fds.pl] is already declared in file /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb/bigcouch.pp at line 44; cannot redeclare at /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb.pp:23 on node rewdevcouch1.rewire.org
2015-10-30[feat] Remove bigcouch nagios leftoversvarac
When migrating from bigcouch to couchdb, we need to remove leftover nagios tests for bigcouch. - Added new classes: site_check_mk::agent::couchdb::bigcouch and site_check_mk::agent::couchdb::master - Tested: unstable.pixelated-project.org - Resolves: https://github.com/pixelated/pixelated-platform/issues/126
2015-10-30[feat] Add soledad::client class for soledad-syncvarac
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-26updated unbound submodulevarac
2015-10-26Add Jenkins Embeddable Build Status Iconvarac
2015-10-26[bug] Disable user-creation and soledad testvarac
Until we have a proper fix for #7523, we disable this test. - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-23Merge remote-tracking branch 'alster-hamburgers/invite_codes' into developvarac
2015-10-20Merge branch 'bug/7546' into 'develop' guido
Provide tor hidden service configuration for static sites (#7546) Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933 See merge request !81
2015-10-20Provide tor hidden service configuration for static sites (#7546)Micah
Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933
2015-10-20Merge branch 'develop' into 'develop' Micah
Redirect to webapp_domain instead of domain This is needed for webapp when running on a subdomain. See merge request !80
2015-10-19change apache header set for HSTS to be always, otherwise it wont be set for ↵Micah
redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e
2015-10-19Redirect to webapp_domain instead of domainguido
This is needed for webapp when running on a subdomain.
2015-10-17[feat] Added contrib folder for contributed stuffvarac
- Added a README.md - added a git commit template - moved offlineimap example config file from vagrant/ to crontib/
2015-10-17[bug] updated submodule couchdbvarac
- Tested: [local singlenode, citest] - Resolves: #7530
2015-10-17switch to ensure_packages to avoid puppet duplicate package definitions (#7530)Micah
Change-Id: I398b929fc96cf64e46075266ace0d8d1145b3aac
2015-10-14Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2015-10-13Fix ordering of clamav resources, by requiring the package installationMicah
as a pre-requisite Change-Id: Ic9c8cc6ccfb31ce5e56937a2d95de7974707c368
2015-10-13Class was renamed, but not properly cared for in the rest of the manifestMicah
Change-Id: Ic9f022dcbb9f2096b933c898ae43023e0bf278c6
2015-10-13updated submodule couchdbvarac
2015-10-13Make syslog stop logging the icmpv6_send: no reply to icmp errorMicah
messages, these are spamming provider's logs and will continue to do so until we have ipv6 working for the VPN (#6540) Change-Id: I80673bb64d8239e478bc042794929640f7a7cc39
2015-10-13Merge branch 'bug/7527' into developMicah
2015-10-13Update resource_file to not include /private/ as this is not usedMicah
anymore by the nagios module, and our config template has drifted. Fixes: #7527 Change-Id: I56c3492056fcb95c499cf78b893249adcf0ae67f
2015-10-13Merge branch '7514_remove_tapicero_couchdb_user' into 'develop' Micah
7514 remove tapicero couchdb user - Resolves: #7514 this depends on this couchdb m.r.: https://gitlab.com/leap/couchdb/merge_requests/2 See merge request !78
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-12[feat] Remove tapicero couchdb uservarac
- Resolves: #7514
2015-10-12Fix soledad test when invite codes are enabledankonym
This provides an invite code when invite codes are enabled while the test runs (but it does not get deleted yet afterwards)
2015-10-11russian text requires amber 0.3.8elijah
2015-10-08Update submodule couchdbvarac
2015-10-07added `leap db destroy --username USER` command.elijah
2015-10-07Modify bonafide_helper to improve user creation test with invitesankonym
Will now use the correct user to generate invite codes and only add invite code parameter when invite codes are enabled
2015-10-07Change webapp tests to work with enabled invite codesankonym
This will generate an invite code so test_05_Can_create_and_authenticate_and_delete_user_via_API? will work correctly (when invite codes are required for signups).
2015-10-07[bug] Fix missing dependency (tapicero leftovers)varac
We need to remove local check-mk-agent checks on the tapicero nodes, and want to notify the monitoring server to re-inventarize the local checks. This doesn't work when both services run on different hosts, it will fail with: Could not find dependent Exec[check_mk-refresh] for Tidy[checkmk_logwatch_spool] So i remove the notifies, because we will re-inventarize of local checks by a daily cronjob anyway, see #6873. ... - Resolves: #XYZ - Related: #XYZ - Documentation: #XYZ - Releases: XYZ
2015-10-07[bug] Fix removal of webapp apache config filevarac
Done by including a service-dependend site_config::remove::webapp class.
2015-10-07Merge branch 'develop' of gitlab.com:leap/platform into developvarac
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-10-06[feat] remove tapicero leftoversvarac
Soledad now creates user-dbs, which has been done by tapicero in the past. we need to remove any leftovers from tapicero.
2015-10-05Merge branch 'bugfix/virtualaliases' into developelijah
2015-10-05Merge branch 'feature/firewall' into developelijah
2015-10-05Merge branch 'soledad_userdb_creation' into developvarac
2015-10-05[feat] Create-user-db: use couchdb admin rightsvarac
- create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502
2015-10-01Merge remote-tracking branch 'alster-hamburgers/invite_codes' into developvarac
2015-09-30fix missing service dependency errorMicah
this tidy should only happen on webapp nodes Change-Id: I56faac4fa28fde9dcad7ce9a6ed0d684630a556e
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge remote-tracking branch 'gitlab/develop' into developMicah
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-30Merge branch 'bug/server-status_7456' into 'develop' varac
Fix server-status availability to tor hidden services (#7456) Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb See merge request !73