Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-12-18 | set x509 use to true for all nodes, we need a cert for relaying using | Micah Anderson | |
TLS (#1910) Change-Id: I347178f2a172e4be6af8c0c76d801b3c769235cd | |||
2013-11-28 | fix soledad couchdb hiera variables, part ii | Micah Anderson | |
Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3 | |||
2013-11-28 | fix soledad couchdb hiera variables | Micah Anderson | |
Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d | |||
2013-11-28 | remove leap_mx admin user and fix leap_mx couchdb hiera variables | Micah Anderson | |
Change-Id: I052576279d8a47313cd99412fdd7b715daa73374 | |||
2013-11-28 | remove nickserver admin user, and fix nickserver couchdb hiera variables | Micah Anderson | |
Change-Id: I5bdb6b946becdc95cadc92651c06e66b826e2698 | |||
2013-11-28 | remove admin access from nickserver | Micah Anderson | |
Change-Id: If7fff4c2b839cef5807ee8cee1355aea4dc719a8 | |||
2013-11-28 | remove admin access from soledad | Micah Anderson | |
Change-Id: I7c516c6a4ba26d2c5cebe19a9bff66eae3bd430f | |||
2013-11-27 | add the tapicero couchdb user, and appropriate roles | Micah Anderson | |
Change-Id: I41e9a73c8d04d5a2d74b41c8e32aca9906f3a4cf | |||
2013-11-27 | add nickserver couchdb user, set it to have 'identities' role | Micah Anderson | |
Change-Id: I06723ccf2ba040204e9fc5256c99a1faad6abb5f | |||
2013-11-27 | add leap_mx couchdb user/password | Micah Anderson | |
Change-Id: Ice83115e0feabddd40ad74c2a6e98e24da9b4c2f | |||
2013-11-27 | pretty reformat couchdb.json and site_couchdb/manifests/init.pp, ↵ | Micah Anderson | |
alphabetizing couchdb users Change-Id: I88264d32e9381f826652d1631083ba371e2b1b54 | |||
2013-11-22 | improvements to webapp deployment: allow for greater customization, allow ↵ | elijah | |
for custom git source, improve apache config. | |||
2013-11-22 | added custom index.html | elijah | |
2013-11-01 | Change SMTP port to 465 in smtp-service.json (Feature #4339) | varac | |
2013-10-15 | produce a hash for nagios.hosts | elijah | |
2013-10-10 | added mail.smarthost variable to hiera | varac | |
2013-10-10 | provide global.provider.contacts.default on every node, no need to add in ↵ | varac | |
services/mx.json again | |||
2013-09-21 | ensure that contacts.default is an array, and is required (requires latest ↵ | elijah | |
leap_cli). | |||
2013-09-20 | use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵ | elijah | |
on the same node (requires latest leap_cli) | |||
2013-09-18 | Include content of client_ca.crt and client_ca.key in hiera (Feature #3874) | varac | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
2013-08-15 | Revert "temp hack: deploy the webapp as couch user 'admin'" | Micah Anderson | |
This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2. | |||
2013-08-01 | run soledad daemon using the configured port. | elijah | |
2013-08-01 | add a requirement to soledad.json that soledad service is found on a couchdb | Micah Anderson | |
node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6 | |||
2013-08-01 | fix #3291: set the soledad port properly in the json and as a temporary ↵ | Micah Anderson | |
work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa | |||
2013-08-01 | Merge branch 'feature/issue/3278' into develop | varac | |
2013-07-31 | add haproxy servers to services/mx.json | varac | |
2013-07-31 | fix /etc/leap/mx.conf doesn't contain any user credentials (Feature #3347) | varac | |
2013-07-30 | webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵ | elijah | |
default to empty list. | |||
2013-07-30 | added webapp.secure flag (turns on secure cookies and HSTS) | elijah | |
2013-07-26 | Merge branch 'feature/mx' into develop | Micah Anderson | |
2013-07-26 | Merge branch 'feature/soledad' into feature/leap_mx | Micah Anderson | |
2013-07-26 | added haproxy weights to webapp hiera (at haproxy.servers) | elijah | |
2013-07-26 | fix cert generation bug: was creating 2024 bit keys instead of 2048 bit keys ↵ | elijah | |
by default. | |||
2013-07-25 | initial soledad configuration | Micah Anderson | |
Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190 | |||
2013-07-25 | fixed provider_base/services/mx.json syntax | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | add necessary service type to the mx.json | Micah Anderson | |
2013-07-25 | fixed provider_base/services/mx.json syntax | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | hiera variable mx.contact -> postfix $root_mail_recipient | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | added provider_base/services/mx.json | varac | |
2013-07-04 | bugfix - properly generate provider.json file. | elijah | |
2013-07-04 | make sure webapps have the full domain suffix as an alias (fixes problems ↵ | elijah | |
generating zone file). | |||
2013-07-04 | couchdb.json should not set service_type, since internal_service is the default. | elijah | |
2013-07-04 | remove stupid bandwidth limit from default provider.json | elijah | |
2013-06-25 | add hash for authorized_keys to common.json | elijah | |
2013-06-12 | temp hack: deploy the webapp as couch user 'admin' | elijah | |