summaryrefslogtreecommitdiff
path: root/puppet/modules
AgeCommit message (Collapse)Author
2015-12-01stop delivering non-existing local user mail to leap-mx (#5431)Micah
When mail comes in to the system, a lookup is done to see if it is a valid leap user, if it is, leap_mx now returns something of the form: uuid@deliver.local (see #5959). The virtual_mailbox_domains lists deliver.local, so postfix choses to deliver to virtual_mailbox_base (/var/mail/vmail) which has been hardcoded to the 'vmail' maildir and user. We want leap related mail and leap aliases to go through the virtual alias system, all the hard-coded universal aliases we want to go through the local system and we dont want these separate. Known domains that are considered 'virtual' will be forwarded or delivered to the vmail user, the rest rejected as unknown recipient, instead of being handed off to leap-mx. Previously, the way this was done is we leaned (too heavily) on the 'luser_relay' postfix configuration which sent anything that wasn't locally configured right to the leap_mx spool. That meant everything went there, including addresses that didn't exist, and leap-mx would then have to process those and bounce them. This removes the 'luser_relay' option, so any address that doesn't resolve properly to either a local address/alias, or a leap address or alias (through tcp lookups on 2424 and 4242) will get bounced as an unknown user. Change-Id: I3c22e9383861b3794dd9adfd7aa6a0cf0a773a18
2015-12-01Merge branch 'nickserver_jessie' into developvarac
2015-12-01Update submodule postfixvarac
2015-12-01Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2015-12-01updated submodule couchdbvarac
2015-11-30fix missing apache modules (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix missing apache status module (#7638)Micah
Change-Id: I77fa50990b5ae60074c54738e8c19929b486d1d0
2015-11-30fix site_apache module class names that were renamed (#7636)Micah
Change-Id: Iea1242b3c27d92cef7b217006211e57631fd7e62
2015-11-30Revert "[feat] install couchdb from unstable on jessie"varac
This reverts commit 02b1b484ad9a5d065ceac72b8263b7bcc112c923. Now that we have a proper couchdb jessie package we don't need to install it from Debian unstable.
2015-11-28[bug] Don't enable storedconfig in sshd classvarac
- Related: #7615
2015-11-28[bug] [jessie] register nickserver at systemdvarac
- resolves #7614
2015-11-28updated submoule apachevarac
2015-11-27Merge remote-tracking branch 'azul/develop' into developvarac
2015-11-26updated submodule couchdbvarac
2015-11-25added submodule couchdbvarac
2015-11-24Switch to syslog for leap_mx (#6942)Micah
In order to switch to syslog for leap_mx, leap_mx needs to change to log to syslog (#6307 and #6937), and we need to clean up the platform pieces that set the non-syslog options, and rotated log files (#6942). Hopefully, this will solve the leap_mx logrotation issue at the same time (#7058) Change-Id: If68f808a65c24c91231b88d15759809c9e379294
2015-11-24Cleanup old leap mx logs that may appear on some nodes due to how thingsMicah
were logged before Change-Id: Ief95f35ea52a189075c2eda28c00bcc567c464b2
2015-11-24[bug] [jessie] Install pnp4nagios deb from stretchvarac
Configure the apt class together with "use_next_release => true", so pnp4nagios* packages can get installed from strech. No other package will be upgraded as the apt module pins stretch very low, so that only packages are installed if there are no other sources available. - Resolves: #7604
2015-11-19[bug] Use right sshd Ciphers and MACs for wheezyvarac
- Tested: [unstable.bitmask.net]
2015-11-18update design docs for couch from webappAzul
2015-11-17[bug] Don't limit sshd KexAlgorithmsvarac
- #7591 Net::SSH::Exception: could not settle on kex algorithm We need to disable the ssh hardened mode, because it will not work together with the net-ssh gem leap_cli is pinned to. All other options that would be included by this parameter are included by '$::sshd::tail_additional_options'.
2015-11-17[deprec] use @ in front of erb template tagsvarac
Puppet 3 shows now deprecation warnings if the "@" is missing. see https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#non-printing-tags#[bug|feat|docs|style|refactor|test|pkg|i18n]
2015-11-17[deprec] Update subm. for puppet3 deprec warnsvarac
- sshd - haproxy - unbound
2015-11-17[bug] use $lsbdistcodename to query apache versionvarac
Using $::apache_version won't work because the facts are evaluated before compiling the catalog and with this, before the installation of apache. so on an install from scratch, this fact won't contain anything.
2015-11-17[bug] fix check_mk on jessievarac
- Related: #6920
2015-11-17[bug] [jessie] Allow apache to access webapp dirvarac
- Resolves: #7580
2015-11-17[bug] [jessie] Load needed modules for apache 2.4varac
- Related: #6920
2015-11-17[bug] [jessie] template functions need an arrayvarac
from https://docs.puppetlabs.com/puppet/latest/reference/lang_template_erb.html#calling-puppet-functions-from-templates: "The arguments of the function must be provided as an array, even if there is only one argument." This is a hard requirement in puppet 3 now. - Related: #6920
2015-11-17[bug] [jessie] Don't specify ruby versionsvarac
because ruby-1.9.3 is not available on jessie. - Related: #6920
2015-11-17[feat] Query erb variables like puppet 3 needs itvarac
- Related: #6920
2015-11-17[feat] Provide postfix preseed fix also for jessievarac
2015-11-17[feat] Don't manually install compiler packagesvarac
These packages are a dependency of build-essential and will get installed anyway. - Related: #6920
2015-11-17[feat] install couchdb from unstable on jessievarac
- Related: #6920
2015-11-17[feat] Release-specific apt sources file for leapvarac
- Related: #6920
2015-11-17[feat] updated submodules to work with jessievarac
- sshd - couchdb - apache - Related: #6920
2015-11-16[feat] Remove redundant nagios check for mx procsvarac
leap_cli integrates a check for running mx procs already, which is also integrated into nagios (called "Mx/Are_MX_daemons_running")
2015-11-02remove unused postfwd ruleMicah
Change-Id: I8756c5c3212a3d7e3c44414fdf6bfff5cd29d70f
2015-11-02fix postfwd dependency requirementMicah
Change-Id: Ied475dd1d555a2388034012f5a799a202dcc6ee7
2015-11-02Merge branch '7523_new_soledad_test' into developvarac
2015-11-02Add initial rate-limiting for outgoing SMTP, using postfwd (#5972)Micah
Change-Id: I6a6e68908b71d7499eb3ef3c7f0173b3d5b7baa2
2015-11-02Add basic DKIM support, this requires changes in leap_cli detailed inMicah
issue #5924 Change-Id: I6aa1e7751633407d441cbc6436d8426d37dbbfa7
2015-10-31[bug] Add bigcouch syslog snippet for logwatchvarac
2015-10-30[bug] Remove duplicte declarationvarac
Duplicate declaration: File[/srv/leap/nagios/plugins/check_unix_open_fds.pl] is already declared in file /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb/bigcouch.pp at line 44; cannot redeclare at /srv/leap/puppet/modules/site_check_mk/manifests/agent/couchdb.pp:23 on node rewdevcouch1.rewire.org
2015-10-30[feat] Remove bigcouch nagios leftoversvarac
When migrating from bigcouch to couchdb, we need to remove leftover nagios tests for bigcouch. - Added new classes: site_check_mk::agent::couchdb::bigcouch and site_check_mk::agent::couchdb::master - Tested: unstable.pixelated-project.org - Resolves: https://github.com/pixelated/pixelated-platform/issues/126
2015-10-30[feat] Add soledad::client class for soledad-syncvarac
- Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523
2015-10-27[bug] Add leap_mx username to soledad.confvarac
- Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127
2015-10-26updated unbound submodulevarac
2015-10-20Provide tor hidden service configuration for static sites (#7546)Micah
Without this configuration, a very basic, and non-functional virtualhost is created, making the hidden service not work Change-Id: Ibe87c6acf5c21cff2388247c4ba320a5b6af7933
2015-10-20Merge branch 'develop' into 'develop' Micah
Redirect to webapp_domain instead of domain This is needed for webapp when running on a subdomain. See merge request !80
2015-10-19change apache header set for HSTS to be always, otherwise it wont be set for ↵Micah
redirects (#7540) Change-Id: Ic77c64c03a99dad951f42633de04c352bed17c1e