Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-10 | provide global.provider.contacts.default on every node, no need to add in ↵ | varac | |
services/mx.json again | |||
2013-09-21 | ensure that contacts.default is an array, and is required (requires latest ↵ | elijah | |
leap_cli). | |||
2013-09-20 | use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵ | elijah | |
on the same node (requires latest leap_cli) | |||
2013-09-18 | Include content of client_ca.crt and client_ca.key in hiera (Feature #3874) | varac | |
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-29 | Make TLS-required smtps (465) be port for sending SMTP. This is preferred ↵ | Micah Anderson | |
over 25 because that is typically blocked, and we cannot force TLS on that port due to other MTAs not being configured for this century. We don't use submission (568) because that uses STARTTLS, and the STARTTLS banner can easily be stripped by an adversary. (#3604) . enable smtps (port 465) for client submission over TLS, and require that TLS is enabled . add 465 to the allowed open ports in the firewall . change the smtp-service.json to use 465 instead of 25 note: I did not use the 'use_smtps' parameter that is available in the postfix class because it added some options that we do not want/need. Change-Id: I0040eb2dff6008a1c830d59df9963eb83dc9ea02 | |||
2013-08-15 | Revert "temp hack: deploy the webapp as couch user 'admin'" | Micah Anderson | |
This reverts commit 8c038fea91adc87adf9e408c16e2f0ec9838e3d2. | |||
2013-08-01 | run soledad daemon using the configured port. | elijah | |
2013-08-01 | add a requirement to soledad.json that soledad service is found on a couchdb | Micah Anderson | |
node, if it is not, it will fail to compile this requires a newer leap_cli, so I've bumped the compatibility requirement Change-Id: Ie1061798d058087126163793b216dd5938eb95a6 | |||
2013-08-01 | fix #3291: set the soledad port properly in the json and as a temporary ↵ | Micah Anderson | |
work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa | |||
2013-08-01 | Merge branch 'feature/issue/3278' into develop | varac | |
2013-07-31 | add haproxy servers to services/mx.json | varac | |
2013-07-31 | fix /etc/leap/mx.conf doesn't contain any user credentials (Feature #3347) | varac | |
2013-07-30 | webapp - use hiera config "webapp.admins" for the list of admin usernames, ↵ | elijah | |
default to empty list. | |||
2013-07-30 | added webapp.secure flag (turns on secure cookies and HSTS) | elijah | |
2013-07-26 | Merge branch 'feature/mx' into develop | Micah Anderson | |
2013-07-26 | Merge branch 'feature/soledad' into feature/leap_mx | Micah Anderson | |
2013-07-26 | added haproxy weights to webapp hiera (at haproxy.servers) | elijah | |
2013-07-26 | fix cert generation bug: was creating 2024 bit keys instead of 2048 bit keys ↵ | elijah | |
by default. | |||
2013-07-25 | initial soledad configuration | Micah Anderson | |
Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190 | |||
2013-07-25 | fixed provider_base/services/mx.json syntax | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | add necessary service type to the mx.json | Micah Anderson | |
2013-07-25 | fixed provider_base/services/mx.json syntax | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | hiera variable mx.contact -> postfix $root_mail_recipient | varac | |
2013-07-25 | initial mx couchdb stunnel configuration | Micah Anderson | |
2013-07-25 | added provider_base/services/mx.json | varac | |
2013-07-04 | bugfix - properly generate provider.json file. | elijah | |
2013-07-04 | make sure webapps have the full domain suffix as an alias (fixes problems ↵ | elijah | |
generating zone file). | |||
2013-07-04 | couchdb.json should not set service_type, since internal_service is the default. | elijah | |
2013-07-04 | remove stupid bandwidth limit from default provider.json | elijah | |
2013-06-25 | add hash for authorized_keys to common.json | elijah | |
2013-06-12 | temp hack: deploy the webapp as couch user 'admin' | elijah | |
2013-06-04 | add support for client-side collection of facter facts. | elijah | |
2013-05-30 | site_sshd -- added xterm title, optional support for mosh | elijah | |
2013-05-27 | common.json - default all nodes to be 'enabled' | elijah | |
2013-05-23 | added couch.bigcouch.neighbors to provider_base/services/couchdb.json | varac | |
2013-05-21 | only advertise services that are actually deployed (in public provider.json) | elijah | |
2013-05-18 | added module site_nickserver | elijah | |
2013-05-17 | minor - webapp api port should be integer, not string. | elijah | |
2013-05-14 | added smtp-service.json, requires latest leap_cli | elijah | |
2013-04-30 | added soledad-service.json | elijah | |
2013-04-24 | provider base - service definitions are now versioned (requires new leap_cli) | elijah | |
2013-04-24 | updated needed couchdb users and DBs | varac | |
2013-04-23 | remove no longer used json key couchdb_hosts | Micah Anderson | |
2013-04-23 | move generic couchdb host configuration from bitmask into the provider base ↵ | Micah Anderson | |
(#2016) | |||
2013-04-18 | provider.json 'domain' entry should match the domain suffix of the node. | elijah | |
2013-04-10 | clean up ca_daemon things, it is not used any longer because it has been ↵ | Micah Anderson | |
included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json | |||
2013-04-04 | add Erlang Distributed Node Protocol Port json entry under bigcouch | Micah Anderson | |
setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections |