Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-09-19 | tidy openvpn x509 definitions (#3831) | varac | |
2013-09-19 | only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) | varac | |
2013-09-19 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2013-09-18 | Setup a class dependency for every tag 'leap_service' to make sure that ↵ | Micah Anderson | |
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 | |||
2013-09-18 | use x509 for postfix ca and fix names for cert+key (Feature #3833) | varac | |
2013-09-18 | deploy client_ca (#3833) | varac | |
2013-09-18 | openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831) | varac | |
2013-09-17 | fix stunnel module so that code was not removed accidentally | Micah Anderson | |
Change-Id: Ia236eb5b7609d9f96970230fce4d0051d832e3cb | |||
2013-09-17 | shorewall: #2399 blocks uplink (Bug #2866) | varac | |
2013-09-17 | site_config::params::interface should contain eth1 for vagrant cause it's ↵ | varac | |
the main interface we use (#2399, #2401) | |||
2013-09-17 | update stunnel submodule commit id to correct one for new repository | Micah Anderson | |
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542 | |||
2013-09-17 | Merge branch 'bug/3757' into develop | Micah Anderson | |
2013-09-17 | updated submodule stunnel - include stunnel in stunnel::service ↵ | varac | |
(https://leap.se/code/issues/3861) | |||
2013-09-17 | Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into develop | varac | |
2013-09-14 | ensure site_config::caching_resolver runs with tag leap_base (#3757) | Micah Anderson | |
Change-Id: I593602ff9d3486dee39227673147e137045c55c5 | |||
2013-09-14 | moved openvpn submodule back to 25f1fe8d8, like it was before | kwadronaut | |
2013-09-13 | change vcsrepo submodule url (bug #3139) | kwadronaut | |
2013-09-13 | setup stunnel config to use default x509 cert,key+ca (#3837) | varac | |
* fix stunnel setups for couchdb, mx, webapp services | |||
2013-09-13 | Deploy default x509 cert + key that services can use (Feature #3836) | varac | |
2013-09-13 | remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵ | varac | |
(#3817) | |||
2013-09-13 | deploy default x509::ca leap_ca in site_config::default (#3817) | varac | |
2013-09-13 | use define instead of class for site_stunnel::setup (#3817) | varac | |
so it can be called multiple times | |||
2013-09-05 | require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1 | Micah Anderson | |
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d | |||
2013-09-05 | updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵ | varac | |
#3098) | |||
2013-09-05 | Some packages are installed before refresh_apt is called (Bug #2988) | varac | |
2013-09-04 | fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736) | Micah Anderson | |
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48 | |||
2013-09-04 | change git repository clone URIs from git:// to https:// (#3732) | Micah Anderson | |
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9 | |||
2013-09-04 | need to test that /etc/init.d/shorewall exists before attempting to call it, ↵ | Micah Anderson | |
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a | |||
2013-09-04 | updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵ | varac | |
members (Bug #3703) | |||
2013-09-04 | Merge branch 'bug/3339' into develop | Micah Anderson | |
2013-09-04 | fix soledad-server not being available before the leap repository has been ↵ | Micah Anderson | |
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e | |||
2013-09-04 | make sure that the shorewall package is installed before trying to change ↵ | Micah Anderson | |
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed | |||
2013-09-04 | updated submodule couchdb: don't use couchdb::document for creating ↵ | varac | |
_security, cause this special doc doesn't have and _id (#3706) | |||
2013-09-03 | Work around for shorewall not being available at the site_config stage (#3339) | Micah Anderson | |
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e | |||
2013-09-03 | use check_helo_access hash:/helo_checks also for $submission_helo_restrictions | varac | |
2013-09-03 | fix $master_cf_tail format | varac | |
2013-09-03 | Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵ | varac | |
#3667) | |||
2013-09-03 | Merge branch 'feature/helo_access' into develop | Micah Anderson | |
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520 | |||
2013-09-03 | add /etc/postfix/checks directory and setup a check_helo_access that allows ↵ | Micah Anderson | |
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4 | |||
2013-09-03 | require that shorewall has been installed before execs are run (#3339) | Micah Anderson | |
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf | |||
2013-09-03 | Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵ | Micah Anderson | |
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7 | |||
2013-09-02 | disable postfix debugging by default | varac | |
2013-09-02 | create all webapp databases so _security is set (fixes 3517) | Azul | |
2013-09-02 | specify RAILS_ENV when calling bundle assets-precompile (fixes #3638) | Azul | |
We currently disable the billing gem in production while it's on in development and test. Therefore bundler will not install its dependencies - in particular the braintree gem when deploying. Since the RAILS_ENV was not specified rake was called with the default of 'development'. It therefore tried to load the development gems and failed when looking for 'braintree'. Specifying the production RAILS_ENV fixes this. It looks like we'll always need to specify RAILS_ENV when calling rake or we might want to export it to the environment in a separate task or the user config files such as .bashrc | |||
2013-08-31 | postfix enable submission port using starttls, so the client can transition ↵ | Micah Anderson | |
to the more restrictive TLS wrapper mode Change-Id: I2a1728788378d9a1b79155ddb9bb4b0464b16baa | |||
2013-08-31 | change the master.cf_tail to pull in -o ↵ | Micah Anderson | |
smtpd_recipient_restrictions=$smtps_recipient_restrictions from main.cf, allowing us to setup specific restrictions for the smtps port move permit_tls_all_clientcerts from the smtpd_data_restrictions and smtpd_recipient_restrictions to only be in smtps_recipient_restrictions make a note about the permit_tls_all_clientcerts being something that we don't want in the future remove check_sender_access check which was doing an unnecessary lookup Change-Id: If9101512e42f7cd82c0e06543cef696d6063f8dc | |||
2013-08-30 | updated submodule couchdb: couchdb: update_user_webapp fails (Bug #3611) | varac | |
2013-08-30 | create sessions db with puppet (Bug #3597) | varac | |
2013-08-29 | Merge branch 'feature/3604' into develop | Micah Anderson | |
2013-08-29 | Merge branch 'bug/3612' into develop | Micah Anderson | |