summaryrefslogtreecommitdiff
path: root/provider_base
AgeCommit message (Collapse)Author
2017-10-07feat: add v3 tor hidden service supportMicah Anderson
Resolves: #8879
2017-10-05Feat: Refactor tor servicesMicah Anderson
In order to refactor the tor services, we need to split them out into three different services. This adds the hidden service class that is necessary to support the previous commits. Fixes #8864.
2017-10-05Feat: split tor service into threeelijah
The 'tor' service is now three separate services, 'tor_exit', 'tor_relay', or 'hidden_service'.
2017-09-28Feat: Use version branches for webapp + nickserverVarac
We'll release soon so we pin both git repos to there release version branches instead of pulling from master.
2017-07-27Bug: allow old client to connect to VPNMicah Anderson
The old client is compatible, just the version check did not allow it. People are still relying on the old client for a while, and this prevents people from upgrading. This fixes #8850.
2017-07-18by default, new providers will now require invites. requires leap_cli ↵elijah
4173154a177b00c11a36b3168b1ce12af59f04af or later (>1.9.2). resolves #8474. create new invites with `leap run invite`
2017-06-28static - gracefully handle incorrect static site configselijah
2017-06-21Use apt master component for LEAP packagesVarac
Currently, the platform configures the `snapshots` component in /etc/apt/sources.list.d/leap.list. `snapshots` contains packages uploaded by feature branches and merge requests so we change to `master` (which contains packges built from changes to the master branches. Resolves: #8828
2017-05-30static - support for renewing certs with let's encrypt for static siteselijah
2017-05-10Nickserver direct access to couchdb on same nodevarac
Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-16Use http://deb.leap.se/platform jessie snapshots for platform CIvarac
2017-03-16Make platform apt dist/component configurablevarac
2017-03-16Try new packages from exerimental-gitbuildpackagevarac
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-01-03Revert "Use experimental-0.9 instead of experimental-platform"varac
This reverts commit 44cae3cf731d29fd1e882cf35526fb0e098914d2.
2016-12-23Use experimental-0.9 instead of experimental-platformvarac
experimental-platform is still WIP, see https://leap.se/code/issues/8437#note-8 for more details
2016-12-22bugfix: don't block commercial certs for mx serverselijah
2016-12-22COMPATIBILITY CHANGE: set platform version to 0.10 & require client 0.9.4 or ↵elijah
later
2016-12-19bugfix: mx service does not require a commercial certificateelijah
2016-12-08Use webapp/nickserver:master on leap_platform:master (#8678)varac
2016-11-10Use webapp 0.9developvarac
2016-10-20[bug] properly set 'enrollment_policy' in provider.jsonelijah
2016-10-20upgrade: nickserver version 0.9.xAzul
2016-10-04[bug] fix Tor hidden service key generationelijah
2016-09-01added support for Let's Encryptelijah
2016-08-23added 'leap vm' commandelijah
2016-08-04switch to deb.d.o from httpredir.d.o (#8288).Micah
The deb.debian.org method may be a better one than httpredir: . deb.debian.org is maintained much more reliably than httpredir . httpredir is backed by the mirror network; deb.d.o is by a CDN . httpredir redirects to the mirror network. deb.d.o is a cache that sits in front of ftp.d.o (and security, and debug, and ports) . one potential disadvantage: deb.d.o's CDN is a commercial service (fastly) that donates its traffic to debian . in stretch and later, apt uses the SRV records of deb.d.o to find places instead of HTTP redirects . local peering arrangements of fastly are likely to result in mirror choices that are more local (and thus faster) to the machine Peering arrangements for the deb.d.o CDN can be seen here: https://www.peeringdb.com/asn/54113 Change-Id: I4dee089a3b2f674860bfff21eb25a6e37c491d32
2016-04-10pin nickserver source to origin/version/0.8elijah
2016-04-08tests: include _api_tester partial for couchdb nodes.elijah
2016-04-08partials - add support for leap_cli's inheritable service partials (requires ↵elijah
latest develop branch leap_cli)
2016-04-08minor: remove _api_tester.json from soledad test.elijah
2016-04-05testing: adds mx delivery testselijah
2016-02-26plain couchdb now required, bigcouch support disabled.elijah
2016-02-23allow legacy plain couchdb nodes to stay couchdb nodes, although issue a ↵elijah
warning.
2016-02-23added templates for `leap node add`, so that new nodes can get default ↵elijah
values set in their initial .json file.
2016-02-23default to plain couchdb, unless otherwise specified.elijah
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp
2016-02-23get dkim working, closes #5924elijah
2016-02-10resolves #7646: leap_cli should fail when soledad and couchdb service are ↵elijah
seperated
2016-01-26pin webapp to 0.8elijah
2015-12-10[bug] Configure default sources.platform.apt.basicvarac
Providing a custom sources.platform.apt.basic value worked with the last commit, but without that the platform would fail. So we provide a default value now in provider_base/common.json, which can get overridden.
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-13add clamav filtering, with sanesecurity signature updating and provider ↵Micah
whitelisting (#3625) Change-Id: I15985ca00ee95bc62855f098a78e364ebbc32616
2015-10-06[feat] Remove tapicero from more placesvarac
Remove from: - platform white-box tests (couchdb user ACLs, tapicero daemon test) - provider_base/ dir that handles the compilation of the hiera config file - Resolves: #7501
2015-09-24added firewall information to nodes (needed for `leap compile firewall`)elijah
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2015-09-09ensure that the webapp has the service levels config it requires.elijah