Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-03-11 | fix tor-related jessie deprecation problems (#7962) | Micah | |
Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639 | |||
2016-03-11 | update tor submodule to latest, to adapt to new jessie puppet requirements | Micah | |
Change-Id: I0ed4827bc53da280d9ed62ea71382ca302ce6924 | |||
2016-03-11 | Set MUA required ciphers, tighten up the mandatory protocols (#4232) | Micah | |
Change-Id: I328aa37b393817e1764ea7e635fcefc801adbbf4 | |||
2016-03-10 | [feat] add /etc/nagios3/conf.d/local as confdir | varac | |
- Related: #2327 | |||
2016-03-10 | [jessie] Remove obsolete backports pinning | varac | |
2016-03-10 | [bug] Remove stunnel leftovers from bigcouch | varac | |
- Resolves: #7785 | |||
2016-03-10 | Merge branch 'add_site_nagios_dependencies' into develop | varac | |
2016-03-10 | Update submodule nagios | varac | |
2016-03-10 | Add Dependencies to site_nagios resources | varac | |
2016-03-09 | [bug] Adopt new parameters from nagios and check_mk module | varac | |
2016-03-09 | Merge branch '2327_dont_recreate_nagios_resources' into develop | varac | |
2016-03-09 | Update submodule check_mk | varac | |
2016-03-09 | Update submoduls nagios | varac | |
2016-03-08 | update copy of the archive signing keys, switching to the new names | Micah | |
Change-Id: I0305e33c743c15ec38abcf66979a1b2f582f693c | |||
2016-03-08 | change name of leap-keyring package to leap-archive-keyring (#7950) | Micah | |
Change-Id: I5f04e31e49642597c69895b5aca3ff5326dfd6ec | |||
2016-03-08 | [bug] Fix inline template with deprecated variable notation | varac | |
- Resolves: #7948 | |||
2016-03-08 | updated submodule couchdb | varac | |
2016-03-04 | fix location of couchdb.admin.yml | elijah | |
2016-03-04 | ensure /var/leap/couchdb exists before creating files there. | elijah | |
2016-03-04 | move the location of couchdb.admin.yml so that it does not need to have its ↵ | elijah | |
ownership reset on each deploy. | |||
2016-03-04 | only not create soledad admin .netrc file if soledad is enabled | elijah | |
2016-03-02 | Dont recreate nagios resources on every run | varac | |
Use purging of nagios resources in a way that not all resources are recreated on every puppetrun. Resolves: #2327 | |||
2016-02-26 | Update submodules apache and apt | varac | |
2016-02-26 | Merge branch 'develop' of ssh://leap.se/leap_platform into develop | elijah | |
2016-02-26 | plain couchdb now required, bigcouch support disabled. | elijah | |
2016-02-25 | fix typo in last commit | varac | |
2016-02-25 | check-mk's mk_job depends on the time package | varac | |
2016-02-25 | couchdb module uses pbkdf2 as default pwhash algor. now | varac | |
2016-02-25 | remove couchdb_pwhash_alg leftover | varac | |
2016-02-25 | no build-essential packages needed for building leap_cli | varac | |
2016-02-24 | [bug] Adopt ncli aliases to new version of icli | varac | |
- Resolves: #7887 | |||
2016-02-24 | Use site_couchdb::plain even when couch.master is set top "master" | varac | |
2016-02-24 | Update module stunnel | varac | |
2016-02-23 | Update opendkim platform pieces to match leap-cli. | Micah | |
Change-Id: I9c8f9c9c3ee7cd89f013cbb08397377522ed5a4a | |||
2016-02-23 | We are rotating the mx logs 5 times, but we originally thought we should | Micah | |
only have the following logfiles in that directory ever: mx.log, mx.log.[1-5], with an optional .gz suffix. However, we were wrong about the 'optional' part of the compression, we use the 'compress' option, so the logs will always be compressed. So there should never be the log files mx.log.1, mx.log.2, etc. This change adjusts the clean-up to deal with that. (#7058) https://github.com/leapcode/leap_platform/pull/97 Change-Id: I109d08ac063fe094c54e93be91893a67d7fbb51b | |||
2016-02-23 | use pbkdf2 pwhash for plain couch. | elijah | |
2016-02-23 | default to plain couchdb, unless otherwise specified. | elijah | |
# Conflicts: # puppet/modules/site_couchdb/manifests/plain.pp | |||
2016-02-23 | get dkim working, closes #5924 | elijah | |
2016-02-23 | Update submodule vcsrepo | varac | |
2016-02-23 | Update submodule postfix | varac | |
2016-02-16 | remove pinning of openvpn package to backports | elijah | |
2016-02-12 | update postfix submodule for postscreen (Resolves: 2303)0.8.0rc1 | kwadronaut | |
2016-02-12 | add postscreen greeter (Resolves: 2303) | kwadronaut | |
Conflicts: puppet/modules/site_postfix/manifests/mx.pp | |||
2016-02-11 | Allow ecdsa hostkeys (#7642) until we can safely transition providers to | Micah | |
better key algorithm choices. Change-Id: I6b9ec83dbfbf15d1b65e14145bf625db6517f6b7 | |||
2016-02-11 | Disable journald in order to resolve IP logging subversion (#7863) | Micah | |
Change-Id: I9cee85c19d86dc7c8d70c4cdeb2e7426191b57a5 | |||
2016-02-11 | Due to the smtps transport specifying a header_check, the received_anon | Micah | |
replacement wasn't being done. (#7890) This moves that replacement into its own class, clears the old value and sets it properly in the smtps transport. Change-Id: I27c02730597df4943761d8bcb61014aeded9dc75 | |||
2016-02-10 | add postscreen greeter (Resolves: 2303) | kwadronaut | |
2016-02-04 | fix postfix Received anonymizing header regexp to properly match Client | Micah | |
CN entries (#7867) Change-Id: Ie33277a62e90f9dc0602bb963dbb96a61cebed1d | |||
2016-02-02 | Merge branch 'bugfix/mxlog' into develop | elijah | |
2016-02-02 | [bug] Add smtpd_relay_restrictions to postfix conf | varac | |
smtpd_relay_restrictions was added in postfix 2.10 (jessie has 2.11 atm). Without this, outbound mails are rejected to be relayed. from http://www.postfix.org/SMTPD_ACCESS_README.html: NOTE: Postfix versions before 2.10 did not have smtpd_relay_restrictions. They combined the mail relay and spam blocking policies, under smtpd_recipient_restrictions. This could lead to unexpected results. For example, a permissive spam blocking policy could unexpectedly result in a permissive mail relay policy. An example of this is documented under "Dangerous use of smtpd_recipient_restrictions". smtpd_relay_restrictions defaults to 'permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination' and is configured here to check for a valid client cert. see http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions - Resolves: #7856 |