summaryrefslogtreecommitdiff
path: root/puppet/modules
AgeCommit message (Collapse)Author
2013-02-27openvpn -- added support for optional "free" rate-limited service via ↵elijah
special client certificates with the FREE prefix in the common name.
2013-02-26require that the package unbound be installed before trying to write to itsMicah Anderson
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45
2013-02-26missed another require => Package['shorewall'] on the file resources in ↵Micah Anderson
site_shorewall
2013-02-23adding angkat familykwadronaut
2013-02-21changed submodule urlMicah Anderson
2013-02-21linted a bitvarac
2013-02-21lintedvarac
2013-02-21lintedvarac
2013-02-12switch to using stdlib's standard stagesMicah Anderson
2013-02-12remove the apt-get autoclean from the initial apt-get update, this just ↵Micah Anderson
slows things down and I don't see a need for it
2013-02-12missed one require => Package['shorewall'] on of the file resources in ↵Micah Anderson
site_shorewall
2013-02-12file resources that make changes to shorewall need to make sure that ↵Micah Anderson
shorewall is installed first (#1741)
2013-02-12remove unused commented-out lineMicah Anderson
2013-02-12update shorewall submodule to get fix for augeas package dependency problemMicah Anderson
2013-02-12Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-userMicah Anderson
2013-02-12fixed shorewall is blocking api port (Bug #1735)varac
2013-02-11duplicate shortwall service definitions now inclduded from services/*varac
2013-02-10set webapp module to use try::file where appropriateelijah
2013-02-10added 'try' moduleelijah
2013-02-09run bundler and rake assets:precompile as normal userAzul
otherwise the generated files will be owned by root and the bundle will be inside roots /home/max
2013-02-09site_shorewall::monitor: allow port 80 + 443varac
2013-02-09re-enabling futon (see #1121)varac
2013-02-08changed contact_email to tor.contactselijah
2013-02-08couchdb: disable futon (Feature #1121)varac
2013-02-07configure tor relay nicknamevarac
2013-02-07working tor relayvarac
2013-02-07configure exit policiesvarac
2013-02-06allow outgoing traffic moved to site_shorewall::defaultsvarac
2013-02-06allow port 80 to tor servervarac
2013-02-06add basic tor servicevarac
2013-02-06nagios: don't check openvpn, check cmd doesn't workvarac
2013-02-06include shorewall config for webapp and couchdbvarac
2013-02-06site_config::default : include site_shorewall::defaultsvarac
2013-02-06configure shorewall for couchdb, tor, webappvarac
2013-02-06allow all outgoing trafficvarac
2013-02-06Restructuring site_shorewallvarac
site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns.
2013-02-06added submodule torvarac
2013-02-04compile assets for webapp, fixes #1628varac
2013-02-03Increase Exec[bundler_update] timeoutvarac
Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643)
2013-02-01moved concat::setup to site_config::defaultvarac
Because in site.pp it didn't get the tag "leap_base" and would not be declared with leap cli's default puppet tags. Fixes: parent directory /var/lib/puppet/concat does not exist (Feature#1625)
2013-02-01update x509 submodule to get key owner enhancementMicah Anderson
2013-02-01automatic update of submodule puppet_aptvarac
2013-02-01disable nagios debug mode (Feature #1551)varac
2013-01-31update the x509 submodule to get non-root application access to key file ↵Micah Anderson
enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it
2013-01-31install an apache Directory override block to disable passenger for nagios, ↵Micah Anderson
if the node is a monitor node
2013-01-31tag 'base' is a bad idea because it invokes apache::base as wellvarac
2013-01-31Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-01-31install etckeeper on all nodesvarac
2013-01-31Merge branch 'develop' of ssh://leap.se/leap_platform into developelijah
2013-01-31added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used.elijah