summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-11-22update couchdb submodule to get debugging output #4225Micah Anderson
Change-Id: Ie1b6d67f493ed6891a2df76b044d64d359edb420
2013-11-21initial design documents from the webapp (#3770)Azul
2013-11-19added website nagios check (#1629)Micah Anderson
Change-Id: Icebf9d8849b4440f4f6dbc00a1a8ac0873b62f6a
2013-10-31Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-10-31Automate local backup of couchdb data (Feature #4350)varac
2013-10-31certtool-postfix-gendh attempted before postfix is installed (Bug #4340)Micah Anderson
Change-Id: I4ffb5b9203741d1152dfd93ef9ecc45f6a6088d4
2013-10-31require postfix is installed before installing postfix-pcre (#4223)Micah Anderson
Change-Id: I547b99becb8b16fec0ac89f06fb6d833cbde3c2b
2013-10-30added submodule backupninja from https://leap.se/git/puppet_backupninjavarac
2013-10-30Merge branch 'feature/3974_site_tor__can_t_convert_String' into developvarac
2013-10-30updated submodule stdlibvarac
2013-10-30Users with access to a db are called members - not readers (#4219)Azul
( they can read and write ). I think couch themselves changed the termology at some point but i might just have used the wrong term from the beginning on. Let's call them members either way because it's more clear that read only members require aditional design docs.
2013-10-24stop specifying the haproxy that we provided in our repository, it is ↵Micah Anderson
available in wheezy-backports now (#4272) Change-Id: Ie0b8b69f1305f4ec8d11356acc308aad2a8c1e91
2013-10-22site_tor: can't convert String into Integer (Bug #3974)varac
tor.contacts has been a string, and is now an array of email addresses this change needed to be adopted also in stdlib/lib/puppet/parser/functions/obfuscate_email.rb (see #4193).
2013-10-21updated submodule postfixvarac
2013-10-20Possibility to include local puppet recipes (Feature #3976)varac
2013-10-18"Header set X-Frame-Options: Allow" only for nagios (Bug #4169)varac
Nagios won't work with setting this option to "DENY", as set in conf.d/security (#4169). Therefor we allow it here, only for nagios.
2013-10-18nagios: use hash instead of array for hosts (Bug #3909)varac
Puppet 2.7.19 introduced a change that don't allow resource titles to be something else that a string. from the puppet 2.7.19 changelog: Don’t allow resource titles which aren’t strings It was possible to create resources whose titles weren't strings, by using a variable containing a hash, or the result of a function which doesn't return a string. This can cause problems resolving relationships when the stringified version of the title differs between master and agent. Now we will only accept primitives, and will stringify them. That is: string, symbol, number, boolean. Arrays or nested arrays will still be flattened and used to create multiple resources. Any other value (for instance: a hash) will cause a parse error. currently, it's much easier to iterate over a hash in puppet than over an array, cause every resource you call iterating over an array would need a unique name, and you don't have this in arrays.
2013-10-17syslog: fix apt_preferences snippet to glob on both rsyslog and rsyslog-relp ↵Micah Anderson
(#4161) Change-Id: I7eaa35897da3b24833be3b2c14db99cd66b547c0
2013-10-17Merge branch 'feature/4158_vagrant__support_other_provider' into developvarac
2013-10-16fix for rsyslog-relp being installed first, resulting in dependency errors ↵Micah Anderson
(#4161) Change-Id: I2f0bcc5b4cb5effae57051f04251aeb8b09a4c6d
2013-10-16Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-10-16updated submodule couchdbvarac
2013-10-16vagrant: support other providers besides virtualbox (Bug #4158), Part 2varac
took out the last remaining virtualbox references
2013-10-16/etc/apt/preferences is changed twice on every puppetrun on couch nodes ↵varac
(Feature #3962) this will fix the alteration of the preferences file. we now use the apt module default preferences, and pin the depending packages from squeeze that are dependencies for the bigcouch package in the couchdb module, class couchdb::bigcouch::package::cloudant.
2013-10-16syslog: add rsyslog::snippet to anonymize logsMicah Anderson
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
2013-10-16rsyslog: setup default local config that gets us the same config as default ↵Micah Anderson
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
2013-10-16add rsyslog puppet submoduleMicah Anderson
Change-Id: Ic9f521010af7b362490ee5b0048e41cf11bfc593
2013-10-16vagrant: support other providers besides virtualbox (Bug #4158)varac
2013-10-15Merge branch 'feature/1863_puppet_-_openvpn_gateway_netmask' into developvarac
2013-10-15new fallback nameservers (#4113)varac
* the german privacy foundation has dissolved itself and shut down their public nameserver. we are now using the public nameserver by Digitalcourage, a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage) * the IP for the server of the swiss privacy foundation has changed (http://www.privacyfoundation.ch/de/service/server.html)
2013-10-15puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863)varac
2013-10-11/etc/haproxy/haproxy.cfg changed randomly (Feature #4111)varac
2013-10-11class moved but forgot to renamevarac
2013-10-11fixed issues from https://review.leap.se/r/98/varac
2013-10-11install ruby-dev for nickserver/webapp (#4079 + #4080)varac
2013-10-11don't remove dev-packages on webapp nodevarac
they are needed for building gems
2013-10-11move site_config::checks to site_config::mx::checksvarac
2013-10-11deploy postfix satellites on all nodes (Bug #1683)varac
2013-10-10contacts is now a top-level hiera variablevarac
2013-10-10fix site_postfix::mx::reserved_aliases class name and package arrayvarac
2013-10-09setup email account 'blacklist' by configuring reserved aliases, effectively ↵Micah Anderson
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa
2013-10-06It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-06implement stripping user's home IPs from Received headers (#3866)Micah Anderson
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0
2013-10-06only use TLSv1 or later for smtp (Feature #4011)Micah Anderson
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
2013-10-03fix name of base class fileMicah Anderson
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd
2013-10-03Merge branch 'feature/3953' into developMicah Anderson
2013-10-03It turns out postfix's variable for 1024bit DH parameters can actually take ↵Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-02setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵Micah Anderson
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
2013-10-02Merge branch 'bug/3869' into developMicah Anderson
2013-10-02Merge branch 'bug/3959' into developMicah Anderson