Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
special client certificates with the FREE prefix in the common name. | |||
2013-02-26 | require that the package unbound be installed before trying to write to its | Micah Anderson | |
configuration file, this addresses issue #1853 - [vpn1] err: /Stage[main]/Site_openvpn::Resolver/Line[add_tcp_resolver]/Exec[echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf']/returns: change from notrun to 0 failed: echo 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver' >> '/etc/unbound/unbound.conf' returned 2 instead of one of [0] at /srv/leap/puppet/modules/common/manifests/defines/line.pp:45 | |||
2013-02-26 | missed another require => Package['shorewall'] on the file resources in ↵ | Micah Anderson | |
site_shorewall | |||
2013-02-23 | adding angkat family | kwadronaut | |
2013-02-21 | changed submodule url | Micah Anderson | |
2013-02-21 | linted a bit | varac | |
2013-02-21 | linted | varac | |
2013-02-21 | linted | varac | |
2013-02-12 | switch to using stdlib's standard stages | Micah Anderson | |
2013-02-12 | remove the apt-get autoclean from the initial apt-get update, this just ↵ | Micah Anderson | |
slows things down and I don't see a need for it | |||
2013-02-12 | missed one require => Package['shorewall'] on of the file resources in ↵ | Micah Anderson | |
site_shorewall | |||
2013-02-12 | file resources that make changes to shorewall need to make sure that ↵ | Micah Anderson | |
shorewall is installed first (#1741) | |||
2013-02-12 | remove unused commented-out line | Micah Anderson | |
2013-02-12 | update shorewall submodule to get fix for augeas package dependency problem | Micah Anderson | |
2013-02-12 | Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-user | Micah Anderson | |
2013-02-12 | fixed shorewall is blocking api port (Bug #1735) | varac | |
2013-02-11 | duplicate shortwall service definitions now inclduded from services/* | varac | |
2013-02-10 | set webapp module to use try::file where appropriate | elijah | |
2013-02-10 | added 'try' module | elijah | |
2013-02-09 | run bundler and rake assets:precompile as normal user | Azul | |
otherwise the generated files will be owned by root and the bundle will be inside roots /home/max | |||
2013-02-09 | site_shorewall::monitor: allow port 80 + 443 | varac | |
2013-02-09 | re-enabling futon (see #1121) | varac | |
2013-02-08 | changed contact_email to tor.contacts | elijah | |
2013-02-08 | couchdb: disable futon (Feature #1121) | varac | |
2013-02-07 | configure tor relay nickname | varac | |
2013-02-07 | working tor relay | varac | |
2013-02-07 | configure exit policies | varac | |
2013-02-06 | allow outgoing traffic moved to site_shorewall::defaults | varac | |
2013-02-06 | allow port 80 to tor server | varac | |
2013-02-06 | add basic tor service | varac | |
2013-02-06 | nagios: don't check openvpn, check cmd doesn't work | varac | |
2013-02-06 | include shorewall config for webapp and couchdb | varac | |
2013-02-06 | site_config::default : include site_shorewall::defaults | varac | |
2013-02-06 | configure shorewall for couchdb, tor, webapp | varac | |
2013-02-06 | allow all outgoing traffic | varac | |
2013-02-06 | Restructuring site_shorewall | varac | |
site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns. | |||
2013-02-06 | added submodule tor | varac | |
2013-02-04 | compile assets for webapp, fixes #1628 | varac | |
2013-02-03 | Increase Exec[bundler_update] timeout | varac | |
Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643) | |||
2013-02-01 | moved concat::setup to site_config::default | varac | |
Because in site.pp it didn't get the tag "leap_base" and would not be declared with leap cli's default puppet tags. Fixes: parent directory /var/lib/puppet/concat does not exist (Feature#1625) | |||
2013-02-01 | update x509 submodule to get key owner enhancement | Micah Anderson | |
2013-02-01 | automatic update of submodule puppet_apt | varac | |
2013-02-01 | disable nagios debug mode (Feature #1551) | varac | |
2013-01-31 | update the x509 submodule to get non-root application access to key file ↵ | Micah Anderson | |
enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it | |||
2013-01-31 | install an apache Directory override block to disable passenger for nagios, ↵ | Micah Anderson | |
if the node is a monitor node | |||
2013-01-31 | tag 'base' is a bad idea because it invokes apache::base as well | varac | |
2013-01-31 | Merge branch 'develop' of ssh://code.leap.se/leap_platform into develop | varac | |
2013-01-31 | install etckeeper on all nodes | varac | |
2013-01-31 | Merge branch 'develop' of ssh://leap.se/leap_platform into develop | elijah | |
2013-01-31 | added /etc/openvpn/ca_bundle.pem in order to allow multiple CA certs to be used. | elijah | |