summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-10-03Merge branch 'feature/3953' into developMicah Anderson
2013-10-03It turns out postfix's variable for 1024bit DH parameters can actually take ↵Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-02setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵Micah Anderson
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
2013-10-02Merge branch 'bug/3869' into developMicah Anderson
2013-10-02Merge branch 'bug/3959' into developMicah Anderson
2013-10-02Merge branch 'feature/3955' into developMicah Anderson
2013-10-02only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵Micah Anderson
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c
2013-09-26set myhostname in postfix the internet hostname of this mail system. The ↵Micah Anderson
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6
2013-09-26Merge branch 'bug/3868' into developMicah Anderson
2013-09-26create a site_config::packages directory, move site_config::base_packages to ↵Micah Anderson
site_config::packages::base add site_config::packages::gnutls for inclusion (#3955) Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb
2013-09-26Add client-side TLS configuration (#3868)Micah Anderson
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
2013-09-26Merge branch 'bug/3868' into developMicah Anderson
2013-09-26properly set the $smtps_recipient_restrictions variable in master.cf (#3935)Micah Anderson
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd
2013-09-25add smtp_tls_received_header to include information about the protocol and ↵Micah Anderson
cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4
2013-09-25openvpn is restarted before package is installed (Bug #3904)varac
2013-09-25recent couchdb puppet - requires git submodule updateAzul
2013-09-24deploy client_ca on webapp nodevarac
2013-09-24webapp leftover for seperate cert and key deployment (Feature #3918)varac
2013-09-24fix client_ca cert+key for mx service (Feature #3921)varac
2013-09-24added site_config::x509::client_ca::cert and ↵varac
site_config::x509::client_ca::key for client_ca deployment (#3917)
2013-09-24https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919)varac
2013-09-24Webapp doesn't serve commercial cert (Bug #3916)varac
2013-09-24move commercial x509 deployment to site_x509 (Feature #3889)varac
2013-09-24seperate cert and key deployment (#3918)varac
2013-09-22Merge branch 'api-crt-3384' into develop fixes #3384kwadronaut
2013-09-22adding fqdn as default servername and moving service.domain to ServerAlias ↵kwadronaut
(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns)
2013-09-20use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵elijah
on the same node (requires latest leap_cli)
2013-09-20Merge branch 'feature/3782_Discuss_run_stages_on_deploy' into developvarac
2013-09-20move all resources that are applied on every node into site_config::default ↵varac
(#3782) in commit 338833, we established a relationship between all resources that have a leap_service tag, that are called in site.pp. But we had some resources as default on every node in site.pp (apt::update, Package { require => Exec['apt_updated'] }, site_config::slow and stdlib), that were still lacking any relationship to the leap_service tag. By moving them into default.pp they automatically are executed before resources with a leap_service tag.
2013-09-20fix whitespace issues from https://review.leap.se/r/82varac
2013-09-19fix x509 path in webapp config.yml.erb (#3894)varac
2013-09-19tidy soledad x509 definitions (#3841)varac
2013-09-19tidy webapp api x509 definitions (#3840)varac
2013-09-19tidy nickserver x509 definitions (#3842)varac
2013-09-19webapp: Depend services on deployment of default key, cert and ca (Feature ↵varac
#3838)
2013-09-19Depend services on deployment of default key, cert and ca (Feature #3838)varac
2013-09-19soledad should use default key, cert and ca (Feature #3841)varac
2013-09-19tidy openvpn x509 definitions (#3831)varac
2013-09-19only deploy x509 stuff for nodes if it existes in hiera (Feature #3875)varac
2013-09-19Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-09-18Setup a class dependency for every tag 'leap_service' to make sure that ↵Micah Anderson
shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501
2013-09-18use x509 for postfix ca and fix names for cert+key (Feature #3833)varac
2013-09-18deploy client_ca (#3833)varac
2013-09-18openvpn should use /usr/local/share/ca-certificates/leap_ca.crt (Feature #3831)varac
2013-09-18include shorewall::interface{eth0} in setup.pp so packages can be installed ↵varac
during main puppetrun, even before shorewall is configured completly
2013-09-17fix stunnel module so that code was not removed accidentallyMicah Anderson
Change-Id: Ia236eb5b7609d9f96970230fce4d0051d832e3cb
2013-09-17shorewall: #2399 blocks uplink (Bug #2866)varac
2013-09-17site_config::params::interface should contain eth1 for vagrant cause it's ↵varac
the main interface we use (#2399, #2401)
2013-09-17update stunnel submodule commit id to correct one for new repositoryMicah Anderson
Change-Id: I33292b9eb2a5553ac296857c99fdaf350ed52542
2013-09-17Merge branch 'bug/3757' into developMicah Anderson