summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-01-18lintedvarac
2013-01-18create cronjob for leap_cavarac
2013-01-17require the augeas class before doing any augeas operations (#1215)Micah Anderson
2013-01-17notify unbound when these configuration files changeMicah Anderson
2013-01-17fix typo in cidr variable nameMicah Anderson
2013-01-17change to using the CIDR notation for unbound access listMicah Anderson
2013-01-17set a default exec path for all nodesMicah Anderson
2013-01-17fully qualify the variables that are used in the vpn gateway resolverMicah Anderson
2013-01-17unfortunately the version of unbound that is in wheezy does not support wildcardMicah Anderson
include directives, so this commit works around this by doing something less elegant than before. When we have the newer unbound available, we should switch to that method instead.
2013-01-17fix unbound access controlMicah Anderson
2013-01-16setup openvpn gateway resolver to listen on the udp/tcp virtual network ips soMicah Anderson
that queries can be made from clients on the vpn
2013-01-16update unbound submodule to fix infinite service restart problemMicah Anderson
2013-01-16Swtich from bind9 as the local caching resolver to unbound. This will enable usMicah Anderson
to do tor lookups over DNS on servers, if tor services are defined. To do this, we remove the bind9 configurations from site_config::resolvconf.pp and replace it with site_config::caching_resolver with a basic unbound configuration that can be used everywhere. The unbound configuration enables a /etc/unbound/conf.d directory for additional config snippits that can be dropped in from other places. This will be used for setting up different interfaces in the vpn gateway, for example. There will be a set of transition package/file absent blocks to clean up providers.
2013-01-16fix syntax errorMicah Anderson
2013-01-16setup site_unbound with a basic caching-only configuration and include that onMicah Anderson
the openvpn gateway (see #1172)
2013-01-16remove unnecessary include that was left over from ↵Micah Anderson
c2d57624c15dfaff038f9991f04ade46b5ad1d40:
2013-01-15add stdlib and unbound submodulesMicah Anderson
2013-01-13added ability to customize the webapp appearanceelijah
2013-01-11configure webapp with correct domainelijah
2013-01-03using master branch for webapp now.Azul
develop branch is no longer used in webapp dev and will be removed.
2012-12-19webapp api now uses a customizable port (so that we don't try to rely on SNI ↵elijah
for hosting two TLS domains on one IP).
2012-12-19automatic update of submodule puppet_aptvarac
2012-12-19added ca_daemon initscript for latervarac
2012-12-19move apt-get upgrade to inital stagevarac
2012-12-19automatic update of submodule puppet_aptvarac
2012-12-19Merge branch 'feature/dist_upgrade' into developvarac
Conflicts: puppet/modules/site_apt/manifests/init.pp
2012-12-18ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server.elijah
2012-12-16named.options -> named.conf.optionsvarac
2012-12-16bind: use local, ipv4 only name-caching resolver (fixes #1171)varac
2012-12-16/usr/local/bin/leap_ca_daemon symlinkvarac
2012-12-16automatic update of submodule puppet_aptvarac
2012-12-16no need for custom 50unattended-upgrades with new unattended_upgrades classvarac
2012-12-14deploy custom unettended upgrade filevarac
2012-12-14leftover apt sources file, see commit febd45328varac
2012-12-14moved site_config::apt to site_aptvarac
2012-12-14Merge branch 'feature/openvpn_ip_forward' into developvarac
2012-12-14no need for sections in shorewall rulesvarac
from the shorewall-rules manpage: "If no Section Headers appear in the file then all rules are assumed to be in the NEW section."
2012-12-11add prefix to couchdb.yamlMicah Anderson
2012-12-11update shorewall submodule to fix the shorewall.conf problemMicah Anderson
2012-12-11fix couchdb portMicah Anderson
2012-12-11neglected to add the 'refreshonly' parameter to the exec in previous commitMicah Anderson
2012-12-11change hostname exec to only apply when either the /etc/hostname or ↵Micah Anderson
/etc/hosts files are changed (otherwise it runs on every run)
2012-12-11set up an 'initial' run stage to happen before the 'main' run stage and put theMicah Anderson
site_config::hosts to be in the initial run stage to make sure the hostname is set before anything else.
2012-12-11replace Documentroot path from - to _Micah Anderson
2012-12-11remove extra space in hostname execMicah Anderson
2012-12-11test to see if the hosts value is empty before trying to reference it in a ↵Micah Anderson
template also set the hostname to what the hiera 'name' is set to
2012-12-11update augeas submodule to try and resolve unreferenced commitMicah Anderson
2012-12-11setup /etc/hosts based on a template and the hiera value 'hosts'Micah Anderson
This will replace the existing /etc/hosts, so we will want to make this more smart later
2012-12-10openvpn: use x509 module to deploy certs (fixes #1064)varac
2012-12-10couchdb: use x509 module to deploy certs (fixes #1063)varac