summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-16Use http://deb.leap.se/platform jessie snapshots for platform CIvarac
2017-03-16Make platform apt dist/component configurablevarac
2017-03-16Try new packages from exerimental-gitbuildpackagevarac
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-01-03Revert "Use experimental-0.9 instead of experimental-platform"varac
This reverts commit 44cae3cf731d29fd1e882cf35526fb0e098914d2.
2016-12-23Use experimental-0.9 instead of experimental-platformvarac
experimental-platform is still WIP, see https://leap.se/code/issues/8437#note-8 for more details
2016-12-22bugfix: don't block commercial certs for mx serverselijah
2016-12-22COMPATIBILITY CHANGE: set platform version to 0.10 & require client 0.9.4 or ↵elijah
later
2016-12-19bugfix: mx service does not require a commercial certificateelijah
2016-12-08Use webapp/nickserver:master on leap_platform:master (#8678)varac
2016-11-10Use webapp 0.9developvarac
2016-10-20[bug] properly set 'enrollment_policy' in provider.jsonelijah
2016-10-20upgrade: nickserver version 0.9.xAzul
2016-10-04[bug] fix Tor hidden service key generationelijah
2016-09-01added support for Let's Encryptelijah
2016-08-23added 'leap vm' commandelijah
2016-08-04switch to deb.d.o from httpredir.d.o (#8288).Micah
The deb.debian.org method may be a better one than httpredir: . deb.debian.org is maintained much more reliably than httpredir . httpredir is backed by the mirror network; deb.d.o is by a CDN . httpredir redirects to the mirror network. deb.d.o is a cache that sits in front of ftp.d.o (and security, and debug, and ports) . one potential disadvantage: deb.d.o's CDN is a commercial service (fastly) that donates its traffic to debian . in stretch and later, apt uses the SRV records of deb.d.o to find places instead of HTTP redirects . local peering arrangements of fastly are likely to result in mirror choices that are more local (and thus faster) to the machine Peering arrangements for the deb.d.o CDN can be seen here: https://www.peeringdb.com/asn/54113 Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32
2016-04-10pin nickserver source to origin/version/0.8elijah
2016-04-08tests: include _api_tester partial for couchdb nodes.elijah
2016-04-08partials - add support for leap_cli's inheritable service partials (requires ↵elijah
latest develop branch leap_cli)
2016-04-08minor: remove _api_tester.json from soledad test.elijah
2016-04-05testing: adds mx delivery testselijah
2016-02-26plain couchdb now required, bigcouch support disabled.elijah
2016-02-23allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵elijah
warning.
2016-02-23added templates for `leap node add`, so that new nodes can get default ↵elijah
values set in their initial .json file.
2016-02-23default to plain couchdb, unless otherwise specified.elijah
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23get dkim working, closes #5924elijah
2016-02-10resolves #7646: leap_cli should fail when soledad and couchdb service are ↵elijah
seperated
2016-01-26pin webapp to 0.8elijah
2015-12-10[bug] Configure default sources.platform.apt.basicvarac
Providing a custom sources.platform.apt.basic value worked with the last commit, but without that the platform would fail. So we provide a default value now in provider_base/common.json, which can get overridden.
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-09ensure that the webapp has the service levels config it requires.elijah
2015-09-09updates to zone compile and tags/development.json to be compatible with the ↵elijah
definition of 'domain' in provider.env.json.
2015-09-03service definition .json files should not refer to properties inherited from ↵elijah
common.json. closes #7423
2015-08-31mx: added mx.key_lookup_domain propertyelijah
2015-08-19allow ca_cert_uri to be configuredelijah
2015-08-19mv commands and macros to lib/leap_clielijah
2015-08-07move 'enabled service' calculation to a macro.elijah
2015-08-03allow_registration should always be false if enrollment_policy is 'closed'elijah
2015-08-03webapp: add support for customizing localeselijah
2015-07-28Support RBL blocking of incoming mail (#5923)Micah Anderson
Set zen.spamhaus as the default rbl Change-Id: Ic3537d645c80ba42267bab370a1cf77730382158
2015-06-30pin leap_web to 0.7.1elijah
2015-05-06Merge branch '0.7.0' into developMicah Anderson
2015-05-06Change http.debian.net to now official name: httpredir.debian.org (#6932)Micah Anderson
Change-Id: I1e411ef3ffa2ef7fdcae90081f530f44023a96b6