summaryrefslogtreecommitdiff
path: root/puppet/modules
AgeCommit message (Collapse)Author
2013-09-20move all resources that are applied on every node into site_config::default ↵varac
(#3782) in commit 338833, we established a relationship between all resources that have a leap_service tag, that are called in site.pp. But we had some resources as default on every node in site.pp (apt::update, Package { require => Exec['apt_updated'] }, site_config::slow and stdlib), that were still lacking any relationship to the leap_service tag. By moving them into default.pp they automatically are executed before resources with a leap_service tag.
2013-09-20fix whitespace issues from https://review.leap.se/r/82varac
2013-09-19fix x509 path in webapp config.yml.erb (#3894)varac
2013-09-19tidy soledad x509 definitions (#3841)varac
2013-09-19tidy webapp api x509 definitions (#3840)varac
2013-09-19tidy nickserver x509 definitions (#3842)varac
2013-09-19webapp: Depend services on deployment of default key, cert and ca (Feature ↵varac
#3838)
2013-09-19Depend services on deployment of default key, cert and ca (Feature #3838)varac
2013-09-19soledad should use default key, cert and ca (Feature #3841)varac
2013-09-19tidy openvpn x509 definitions (#3831)varac
2013-09-19only deploy x509 stuff for nodes if it existes in hiera (Feature #3875)varac
2013-09-19Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-09-18Setup a class dependency for every tag 'leap_service' to make sure that ↵Micah Anderson
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
2013-09-18use x509 for postfix ca and fix names for cert+key (Feature #3833)varac
2013-09-18deploy client_ca (#3833)varac
2013-09-18openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)varac
2013-09-17fix stunnel module so that code was not removed accidentallyMicah Anderson
Change-Id: Ia236eb5b7609d9f96970230fce4d0051d832e3cb
2013-09-17shorewall: #2399 blocks uplink (Bug #2866)varac
2013-09-17site_config::params::interface should contain eth1 for vagrant cause it's ↵varac
the main interface we use (#2399, #2401)
2013-09-17update stunnel submodule commit id to correct one for new repositoryMicah Anderson
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542
2013-09-17Merge branch 'bug/3757' into developMicah Anderson
2013-09-17updated submodule stunnel - include stunnel in stunnel::service ↵varac
(https://leap.se/code/issues/3861)
2013-09-17Merge branch 'feature/3817_3836_3837_Duplicate_declarations' into developvarac
2013-09-14ensure site_config::caching_resolver runs with tag leap_base (#3757)Micah Anderson
Change-Id: I593602ff9d3486dee39227673147e137045c55c5
2013-09-14moved openvpn submodule back to 25f1fe8d8, like it was beforekwadronaut
2013-09-13change vcsrepo submodule url (bug #3139)kwadronaut
2013-09-13setup stunnel config to use default x509 cert,key+ca (#3837)varac
* fix stunnel setups for couchdb, mx, webapp services
2013-09-13Deploy default x509 cert + key that services can use (Feature #3836)varac
2013-09-13remove x509::ca for leap_ca in site_openvpn::keys and site_stunnel::stunnel ↵varac
(#3817)
2013-09-13deploy default x509::ca leap_ca in site_config::default (#3817)varac
2013-09-13use define instead of class for site_stunnel::setup (#3817)varac
so it can be called multiple times
2013-09-05require that shorewall is up before running bundler commands, it needs to ↵0.3.0rc1Micah Anderson
pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d
2013-09-05updated submodule apt: unattended-upgrades package cannot be installed (Bug ↵varac
#3098)
2013-09-05Some packages are installed before refresh_apt is called (Bug #2988)varac
2013-09-04fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)Micah Anderson
this allows nameserver queries to the local resolver to work and clones to the leap https repository to work Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48
2013-09-04change git repository clone URIs from git:// to https:// (#3732)Micah Anderson
Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9
2013-09-04need to test that /etc/init.d/shorewall exists before attempting to call it, ↵Micah Anderson
otherwise puppet complains (#3339) Change-Id: I7c8cc235817fe3d898157de4c4fdd8f1fe74f05a
2013-09-04updated couchdb submodule: bigcouch nodes doesn't get registered as cluster ↵varac
members (Bug #3703)
2013-09-04Merge branch 'bug/3339' into developMicah Anderson
2013-09-04fix soledad-server not being available before the leap repository has been ↵Micah Anderson
configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e
2013-09-04make sure that the shorewall package is installed before trying to change ↵Micah Anderson
its configuration file (#3701) Change-Id: Ib2dad30d53e5bf7539762eb3683430b10eb875ed
2013-09-04updated submodule couchdb: don't use couchdb::document for creating ↵varac
_security, cause this special doc doesn't have and _id (#3706)
2013-09-03Work around for shorewall not being available at the site_config stage (#3339)Micah Anderson
Change-Id: Id3138cb967f76380b7f4e22ce862a099cb47669e
2013-09-03use check_helo_access hash:/helo_checks also for $submission_helo_restrictionsvarac
2013-09-03fix $master_cf_tail formatvarac
2013-09-03Sending mail fails when relaying using non-fully-qualified hostname (Feature ↵varac
#3667)
2013-09-03Merge branch 'feature/helo_access' into developMicah Anderson
Conflicts: puppet/modules/site_postfix/manifests/mx/smtpd_checks.pp Change-Id: I51555935f9d9409e45809d6df021b10e926ea520
2013-09-03add /etc/postfix/checks directory and setup a check_helo_access that allows ↵Micah Anderson
admins to have some control over problem clients connecting that present helo patterns that they wish to block (#3694) Change-Id: I159c29b6fe17e3d75b607d1a6fa82856b976c9b4
2013-09-03require that shorewall has been installed before execs are run (#3339)Micah Anderson
Change-Id: Iae2b1cacd64565931cef77194a733aeae681efaf
2013-09-03Without smtpd_helo_required, the helo restrictions are easily bypassed by ↵Micah Anderson
not sending a HELO (#3693) Change-Id: I6a7338136a53e16962a070826493139fa3307df7