Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-16 | /etc/apt/preferences is changed twice on every puppetrun on couch nodes ↵ | varac | |
(Feature #3962) this will fix the alteration of the preferences file. we now use the apt module default preferences, and pin the depending packages from squeeze that are dependencies for the bigcouch package in the couchdb module, class couchdb::bigcouch::package::cloudant. | |||
2013-10-16 | syslog: add rsyslog::snippet to anonymize logs | Micah Anderson | |
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747 | |||
2013-10-16 | rsyslog: setup default local config that gets us the same config as default ↵ | Micah Anderson | |
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca | |||
2013-10-16 | add rsyslog puppet submodule | Micah Anderson | |
Change-Id: Ic9f521010af7b362490ee5b0048e41cf11bfc593 | |||
2013-10-16 | vagrant: support other providers besides virtualbox (Bug #4158) | varac | |
2013-10-15 | Merge branch 'feature/1863_puppet_-_openvpn_gateway_netmask' into develop | varac | |
2013-10-15 | new fallback nameservers (#4113) | varac | |
* the german privacy foundation has dissolved itself and shut down their public nameserver. we are now using the public nameserver by Digitalcourage, a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage) * the IP for the server of the swiss privacy foundation has changed (http://www.privacyfoundation.ch/de/service/server.html) | |||
2013-10-15 | puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863) | varac | |
2013-10-11 | /etc/haproxy/haproxy.cfg changed randomly (Feature #4111) | varac | |
2013-10-11 | class moved but forgot to rename | varac | |
2013-10-11 | fixed issues from https://review.leap.se/r/98/ | varac | |
2013-10-11 | install ruby-dev for nickserver/webapp (#4079 + #4080) | varac | |
2013-10-11 | don't remove dev-packages on webapp node | varac | |
they are needed for building gems | |||
2013-10-11 | move site_config::checks to site_config::mx::checks | varac | |
2013-10-11 | deploy postfix satellites on all nodes (Bug #1683) | varac | |
2013-10-10 | contacts is now a top-level hiera variable | varac | |
2013-10-10 | fix site_postfix::mx::reserved_aliases class name and package array | varac | |
2013-10-09 | setup email account 'blacklist' by configuring reserved aliases, effectively ↵ | Micah Anderson | |
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa | |||
2013-10-06 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3 | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-06 | implement stripping user's home IPs from Received headers (#3866) | Micah Anderson | |
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0 | |||
2013-10-06 | only use TLSv1 or later for smtp (Feature #4011) | Micah Anderson | |
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f | |||
2013-10-03 | fix name of base class file | Micah Anderson | |
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd | |||
2013-10-03 | Merge branch 'feature/3953' into develop | Micah Anderson | |
2013-10-03 | It turns out postfix's variable for 1024bit DH parameters can actually take ↵ | Micah Anderson | |
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5 | |||
2013-10-02 | setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵ | Micah Anderson | |
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5 | |||
2013-10-02 | Merge branch 'bug/3869' into develop | Micah Anderson | |
2013-10-02 | Merge branch 'bug/3959' into develop | Micah Anderson | |
2013-10-02 | Merge branch 'feature/3955' into develop | Micah Anderson | |
2013-10-02 | only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵ | Micah Anderson | |
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c | |||
2013-09-26 | set myhostname in postfix the internet hostname of this mail system. The ↵ | Micah Anderson | |
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6 | |||
2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
2013-09-26 | create a site_config::packages directory, move site_config::base_packages to ↵ | Micah Anderson | |
site_config::packages::base add site_config::packages::gnutls for inclusion (#3955) Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb | |||
2013-09-26 | Add client-side TLS configuration (#3868) | Micah Anderson | |
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206 | |||
2013-09-26 | Merge branch 'bug/3868' into develop | Micah Anderson | |
2013-09-26 | properly set the $smtps_recipient_restrictions variable in master.cf (#3935) | Micah Anderson | |
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd | |||
2013-09-25 | add smtp_tls_received_header to include information about the protocol and ↵ | Micah Anderson | |
cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4 | |||
2013-09-25 | openvpn is restarted before package is installed (Bug #3904) | varac | |
2013-09-25 | recent couchdb puppet - requires git submodule update | Azul | |
2013-09-24 | deploy client_ca on webapp node | varac | |
2013-09-24 | webapp leftover for seperate cert and key deployment (Feature #3918) | varac | |
2013-09-24 | fix client_ca cert+key for mx service (Feature #3921) | varac | |
2013-09-24 | added site_config::x509::client_ca::cert and ↵ | varac | |
site_config::x509::client_ca::key for client_ca deployment (#3917) | |||
2013-09-24 | https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919) | varac | |
2013-09-24 | Webapp doesn't serve commercial cert (Bug #3916) | varac | |
2013-09-24 | move commercial x509 deployment to site_x509 (Feature #3889) | varac | |
2013-09-24 | seperate cert and key deployment (#3918) | varac | |
2013-09-22 | Merge branch 'api-crt-3384' into develop fixes #3384 | kwadronaut | |
2013-09-22 | adding fqdn as default servername and moving service.domain to ServerAlias ↵ | kwadronaut | |
(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns) | |||
2013-09-20 | use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵ | elijah | |
on the same node (requires latest leap_cli) | |||
2013-09-20 | Merge branch 'feature/3782_Discuss_run_stages_on_deploy' into develop | varac | |