| Age | Commit message (Collapse) | Author |
|---|
|
http://www.privacyfoundation.ch/de/service/server.html
|
|
|
|
This change sets the sysctl net.ipv4.ip_nonlocal_bind to allow
applications to bind to an address, even when the link is down. This is
necessary because applications like unbound and openvpn fail to start on
boot in some situations because interfaces are not fully up (due to a
combination of non-deterministic booting because of the likely potential
setting of allow-hotplug in the interfaces file and the LSB boot
dependency on $network not being sufficient.
The only down-side to setting this is a daemon could bind to an
incorrect ip and we wouldn't get an error, but this would be a
configuration mistake, rather than a fatal condition.
Change-Id: I5c03083e8c20bb25afad85a1230f4555808d341c
|
|
Change-Id: I18aa0ee635d7166676e4bb4384e2b517784a68b0
|
|
|
|
|
|
(#4161)
Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0
|
|
(#4161)
Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d
|
|
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports
Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
|
|
from debian
Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
|
|
|
|
* the german privacy foundation has dissolved itself and shut down their
public nameserver. we are now using the public nameserver by Digitalcourage,
a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage)
* the IP for the server of the swiss privacy foundation has changed
(http://www.privacyfoundation.ch/de/service/server.html)
|
|
|
|
|
|
they are needed for building gems
|
|
|
|
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd
|
|
site_config::packages::base
add site_config::packages::gnutls for inclusion (#3955)
Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb
|
|
site_config::x509::client_ca::key for client_ca deployment (#3917)
|
|
|
|
|
|
|
|
(#3782)
in commit 338833, we established a relationship between all
resources that have a leap_service tag, that are called in site.pp.
But we had some resources as default on every node in site.pp
(apt::update, Package { require => Exec['apt_updated'] },
site_config::slow and stdlib), that were still lacking any
relationship to the leap_service tag.
By moving them into default.pp they automatically are executed
before resources with a leap_service tag.
|
|
#3838)
|
|
|
|
|
|
|
|
|
|
|
|
the main interface we use (#2399, #2401)
|
|
|
|
Change-Id: I593602ff9d3486dee39227673147e137045c55c5
|
|
|
|
|
|
otherwise puppet complains (#3339)
Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a
|
|
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
|
|
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
|
|
Change-Id: I341628d0f36225ce49ae301246e7c152553efcae
|
|
cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339)
Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38
|
|
squashed commits:
site_squid_deb_proxy::client: include shorewall::rules::mdns for avahi discovery
added submodule squid_deb_proxy from git://code.leap.se/puppet_squid_deb_proxy
updated submodule squid_deb_proxy
use squid_deb_proxy::client
|
|
This reverts commit 9e83de3497ec55f4910de099917387d500b8f4b4.
|
|
|
|
|
|
to work with the latest leap_cli.
|
|
|
|
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there
Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
|
|
unbound
|
|
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and
the stunnel service is not deployed on an initial puppet run, we cannot simply
override the Service['stunnel'] but instead need to trigger a restart through
an exec calling the init script that first tests to see if it is present.
Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6
|
|
. move the setting of the xterm title to site_config::shell
. change the xterm file resource to use standard source lines, switch to single
quotes, quote mode, and line up parameters
. move the mosh pieces into a site_ssh::mosh class and only include it if the
right mosh variable is enabled, passing into the class the necessary hiera parameters
. lint the site_ssh::mosh resources
. change the authorized_keys class to accept the key parameter which is passed
in from the main ssh class (but allow for out of scope variable lookup when the
tag is passed)
Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604
|
|
openstack/amazon instances
The dhclient in these environments is quite aggressive and overwrites the
nameservers we've deliberately chosen to use with google's nameservers. This
commit attempts to fix that.
The dhclient methodology for altering these things is particularly
unpleasant. We effectively redefine the functions that mess with this file to be
noops in the /etc/dhcp/dhclient-enter-hooks.d directory and then we are forced
to restart dhclient by shipping a script that tries to determine the correct PID
and arguments that it was running as before killing and restarting it with the
same arguments.
See debian bugs #681698, #712796 for further discussion about how to make this
less difficult
Change-Id: I51cf40cf98eaddcefd8180e157b6e3ca824173f0
|
