Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
puppet/modules/systemd
subrepo:
subdir: "puppet/modules/systemd"
merged: "f3c4059"
upstream:
origin: "https://leap.se/git/puppet_systemd"
branch: "master"
commit: "f3c4059"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo.git"
commit: "841aa43"
|
|
This commit was moved to the systemd puppet repo.
This reverts commit f5db49cf6b3ca0a5830b849c0aac074e371b95d9.
|
|
- Resolves: #8693
|
|
bugfix: couchdb nodes should not require soledad. closes #8693
See merge request !60
|
|
|
|
|
|
|
|
This HTTP response header enables the Cross-site scripting (XSS) filter
built into some modern web browsers. This header is usually enabled by
default anyway, so the role of this header is to re-enable the filter
if it was disabled maliciously, or by accident.
|
|
Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.
When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.
|
|
|
|
When the soledad couch user is not present, soledad-server
refuses to start, so we need to ensure that couch is setup correctly
before starting soledad-server.
see https://leap.se/code/issues/8535
|
|
|
|
New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.
- Resolves: #8418
|
|
|
|
is configured
The problem is that we have a single onion address per server, so if more
than one domain is configured we need to make sure they don't both try to
use the same onion address.
|
|
|
|
|
|
freshclam might not be able to start clamav via the socket because
the socket might not be there. This systemd unit watches for the
definitions and then starts clamav.
Resolves: #8431
|
|
|
|
Sometimes, after a deploy from scratch `leap test`
fails because clamd could not get started (even when
the deploy log says so).
This fixes the dependencies of all resources needed in
order to let clamd start reliable.
Resolves: #8431
|
|
When setting values like
ignored_services = [...]
this will override other `ignored_services` that might get parsed
before. Instead, we use `+=` so multiple files can add sth to this
config value.
|
|
|
|
|
|
|
|
|
|
leap_cli already checks for running procs
- Resolves: #8380
|
|
|
|
|
|
|
|
New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.
- Resolves: #8418
|
|
Change-Id: I90f8d160d2293288066847bcc199f480d06d877d
|
|
The auth.log rsyslog entry was accidentally removed in #7863.
Change-Id: I4ebffeafedbca5df902041ddd2bcb80d3f68b230
|
|
Change-Id: Ia1764cb28e263353856523c11f351a39774bf3b4
|
|
Change-Id: Ie09a6a34dfa8fe3d72568d2de0b208e7d947412f
|
|
If you connect to the VPN with a client, you can make direct network
connections to the other connected clients.
This allows communication to the eip gateways, but disallows any other
connections.
Change-Id: I73e5bb5715e4d91256cbf95eda8c0ec70aa75f93
|
|
If you connect to the VPN with a client, you can make direct network
connections to the other connected clients.
This allows communication to the eip gateways, but disallows any other
connections.
Change-Id: I73e5bb5715e4d91256cbf95eda8c0ec70aa75f93
|
|
There is no need to keep this symlink around any longer, it was there
for older puppet.
Change-Id: Ie7a380821d478e5ad69df39f03009d773afb73f3
|
|
Mochiweb in couchdb by default sets the TCP socket option SO_NODELAY to
false. This means that small data sent to the TCP socket, like the reply
to a document write request (or reading a very small document), will not
be sent immediately to the network - TCP will buffer it for a while
hoping that it will be asked to send more data through the same socket
and then send all the data at once for increased performance.
Setting this increases the couchdb speed significantly.
Change-Id: Ib493ef061ff62c9bdee501e44ce2b55990fe14b7
|
|
|
|
|
|
subrepo:
subdir: "puppet/modules/openvpn"
merged: "ba7ec7a"
upstream:
origin: "https://leap.se/git/puppet_openvpn"
branch: "master"
commit: "ba7ec7a"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "cb2995b"
|
|
|
|
Change-Id: If39222dc9ec68d1786c70c4b82b740e0a06773c4
|
|
Numeric helo is a very strong indicator of spam. When this is blocked, a
very significant amount of spam stops.
Change-Id: Ieb340190faf37638950d1aa60b52268659e0b7f6
|
|
Nobody should be claiming that they are localhost when they are
connecting over smtpd
Change-Id: Ifb7df855b4e12021c58b89b2053e31fb10806096
|
|
|
|
Latest shorewall module does `shorewall check` (executed
by `Exec[shorewall_check]`) so every related resource change
must notify this Exec instead of `Service[shorewall]` as before.
|