summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp/manifests
AgeCommit message (Collapse)Author
2017-05-06Restructure site_tor to be more clear and re-usable (fixes #8784).Micah Anderson
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install.
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-25Add single-hop hidden service capability.Micah Anderson
This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden.
2017-04-25LintMicah Anderson
2017-03-22webapp: add secret_key_base to configAzul
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
2017-03-15Direct connection when couch runs locallyvarac
2017-03-15[8144] Remove Haproxyvarac
We used haproxy because we had multiple bigcouch nodes but now with a single couchdb node this is not needed anymore. - Resolves: #8144
2017-03-15Linted couchdb.ppvarac
2016-08-30lint site_webapp/manifests/init.ppvarac
2016-08-30[feat] Use twisted 16.2 from jessie-backportsvarac
New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418
2016-07-13Newest passenger module dont manage munin by defaultvarac
2016-06-28Stop tor from restarting on every deploy (#8211).Micah
We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66
2016-06-28Reload tor if config or key is changed (#8210).Micah
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5
2016-06-27Lint and Document site_webapp::hidden_servicevarac
2016-04-18[style] more manual linting for custom manifestsvarac
2016-03-11fix tor-related jessie deprecation problems (#7962)Micah
Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639
2016-03-04fix location of couchdb.admin.ymlelijah
2016-03-04ensure /var/leap/couchdb exists before creating files there.elijah
2016-03-04move the location of couchdb.admin.yml so that it does not need to have its ↵elijah
ownership reset on each deploy.
2016-02-02don't deploy bundler debug to serverskwadronaut
2016-01-22restructured site.pp, now only one class gets included in site.pp per ↵varac
service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd
2016-01-04Fix status module invocation for hidden service enabled webapps (#7776)Micah
Change-Id: I101e4c9791102123d4334e1b84a48dacea99ac52
2015-11-30fix missing apache status module (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-10-30[feat] Add soledad::client class for soledad-syncvarac
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-07[bug] Fix removal of webapp apache config filevarac
Done by including a service-dependend site_config::remove::webapp class.
2015-09-30Fix server-status availability to tor hidden services (#7456)Micah Anderson
Make the server-status information unavailable by putting the vhost on a port that isn't configured as available to the tor hidden-service. Change-Id: Idd3bfefb5b7fc26fb0a8cf48cdf6afc68a4192bb
2015-09-03make couchdb.admin.yml only readable by root, make non-admin cron run as ↵elijah
webapp user.
2015-04-16properly clean up unused fileselijah
2015-04-16clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to ↵elijah
their own files, fix mx logwatch path.
2015-04-15disable 'rake cleanup:sessions' cron job.elijah
2015-04-08move rotated db creation to site_couchdb and fix rotated db testselijah
2015-03-30added support for rotating couchdb databases.elijah
2015-02-04consolidate sources into common.jsonelijah
2015-01-12Adds apache support for webapp.domain if defined. Fixes #6632guido
Change-Id: If63aac60e44c4a68f030f93e20e8dc071f9df610
2014-12-09Soledad sync check needs python-u1db package installed (Bug #6520)varac
Change-Id: I8a6c27434f548f24d9dba1a969699200ab307477
2014-12-02Use $hostname to locate tor.key. Fixes #6478guido
Change-Id: Ibbe3687d5a773b444f6e9145bf235aaeea637e1d
2014-11-07Better check for tor hidden service on a webapp node.guido
Change-Id: I92f69b6fa30aae953243ae19096e2998810c9ac6
2014-11-04Adds support for Tor hidden service on webapp (Feature #6273)guido
Change-Id: I56250e05e3a933deacd0b6e02192e712d3fd9fd5
2014-09-03Merge branch 'master' into developvarac
Conflicts: platform.rb puppet/modules/site_config/manifests/hosts.pp
2014-08-28syslog logs everything but webapp FIX #6020guido
2014-08-05Fixes: #5952 Webapp now logs to it's own file instead of syslog and user.logguido
2014-06-25stunnel: make site_mx and site_webapp use new site_stunnelelijah
2014-06-17allow webapp.json to configure what engines are enabledelijah
2014-05-22remove old classesChristoph
site_mx::haproxy and site_webapp::haproxy only included site_haproxy. They didn't do anything else. So just include site_haproxy in manifests/init.pp and remove the unused classes
2014-05-22fix haproxy config if webapp and mx run on the same hostChristoph
the problem was, that both site_mx::haproxy and site_webapp::haproxy declared the same resource. I fixed it by moving that resource to site_haproxy. Since that gets included by both classes, everything works like a charm
2014-02-27check syslog for webapp errorsvarac
2014-02-10move leap_webapp.conf template to common.conf which is included by the ↵varac
nagios and webapp node (#5096)
2014-01-22anonymize webapp ips (Bug #4896)varac
2014-01-08fix webapp couchdb.yml to be couchdb.yml not couchdb.yml.webappelijah