summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2013-11-27add the tapicero couchdb user, and appropriate rolesMicah Anderson
Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf
2013-11-27add nickserver couchdb user, set it to have 'identities' roleMicah Anderson
Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f
2013-11-27add leap_mx couchdb user/passwordMicah Anderson
Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f
2013-11-27pretty reformat couchdb.json and site_couchdb/manifests/init.pp, ↵Micah Anderson
alphabetizing couchdb users Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54
2013-11-22improvements to webapp deployment: allow for greater customization, allow ↵elijah
for custom git source, improve apache config.
2013-11-22added custom index.htmlelijah
2013-11-01Change SMTP port to 465 in smtp-service.json (Feature #4339)varac
2013-10-15produce a hash for nagios.hostselijah
2013-10-10added mail.smarthost variable to hieravarac
2013-10-10provide global.provider.contacts.default on every node, no need to add in ↵varac
services/mx.json again
2013-09-21ensure that contacts.default is an array, and is required (requires latest ↵elijah
leap_cli).
2013-09-20use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵elijah
on the same node (requires latest leap_cli)
2013-09-18Include content of client_ca.crt and client_ca.key in hiera (Feature #3874)varac
2013-08-31postfix enable submission port using starttls, so the client can transition ↵Micah Anderson
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa
2013-08-29Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵Micah Anderson
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02
2013-08-15Revert "temp hack: deploy the webapp as couch user 'admin'"Micah Anderson
This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2.
2013-08-01run soledad daemon using the configured port.elijah
2013-08-01add a requirement to soledad.json that soledad service is found on a couchdbMicah Anderson
node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6
2013-08-01fix #3291: set the soledad port properly in the json and as a temporary ↵Micah Anderson
work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa
2013-08-01Merge branch 'feature/issue/3278' into developvarac
2013-07-31add haproxy servers to services/mx.jsonvarac
2013-07-31fix /etc/leap/mx.conf doesn't contain any user credentials (Feature #3347)varac
2013-07-30webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵elijah
default to empty list.
2013-07-30added webapp.secure flag (turns on secure cookies and HSTS)elijah
2013-07-26Merge branch 'feature/mx' into developMicah Anderson
2013-07-26Merge branch 'feature/soledad' into feature/leap_mxMicah Anderson
2013-07-26added haproxy weights to webapp hiera (at haproxy.servers)elijah
2013-07-26fix cert generation bug: was creating 2024 bit keys instead of 2048 bit keys ↵elijah
by default.
2013-07-25initial soledad configurationMicah Anderson
Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190
2013-07-25fixed provider_base/services/mx.json syntaxvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25add necessary service type to the mx.jsonMicah Anderson
2013-07-25fixed provider_base/services/mx.json syntaxvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25hiera variable mx.contact -> postfix $root_mail_recipientvarac
2013-07-25initial mx couchdb stunnel configurationMicah Anderson
2013-07-25added provider_base/services/mx.jsonvarac
2013-07-04bugfix - properly generate provider.json file.elijah
2013-07-04make sure webapps have the full domain suffix as an alias (fixes problems ↵elijah
generating zone file).
2013-07-04couchdb.json should not set service_type, since internal_service is the default.elijah
2013-07-04remove stupid bandwidth limit from default provider.jsonelijah
2013-06-25add hash for authorized_keys to common.jsonelijah
2013-06-12temp hack: deploy the webapp as couch user 'admin'elijah
2013-06-04add support for client-side collection of facter facts.elijah
2013-05-30site_sshd -- added xterm title, optional support for moshelijah
2013-05-27common.json - default all nodes to be 'enabled'elijah
2013-05-23added couch.bigcouch.neighbors to provider_base/services/couchdb.jsonvarac
2013-05-21only advertise services that are actually deployed (in public provider.json)elijah
2013-05-18added module site_nickserverelijah
2013-05-17minor - webapp api port should be integer, not string.elijah