summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-10-16/etc/apt/preferences is changed twice on every puppetrun on couch nodes ↵varac
(Feature #3962) this will fix the alteration of the preferences file. we now use the apt module default preferences, and pin the depending packages from squeeze that are dependencies for the bigcouch package in the couchdb module, class couchdb::bigcouch::package::cloudant.
2013-10-16syslog: add rsyslog::snippet to anonymize logsMicah Anderson
it is necessary to install the fixed package from the leap.se repository until it is available in wheezy-backports, so install the apt preferences to pull it from there, and add its necessary library dependency from wheezy-backports Change-Id: I379ff2ceaac1a978143715d3a7ced0011ca0d747
2013-10-16rsyslog: setup default local config that gets us the same config as default ↵Micah Anderson
from debian Change-Id: If07ee200e2ae0d9cfaf8e405d6354c80d77330ca
2013-10-16add rsyslog puppet submoduleMicah Anderson
Change-Id: Ic9f521010af7b362490ee5b0048e41cf11bfc593
2013-10-16vagrant: support other providers besides virtualbox (Bug #4158)varac
2013-10-15Merge branch 'feature/1863_puppet_-_openvpn_gateway_netmask' into developvarac
2013-10-15new fallback nameservers (#4113)varac
* the german privacy foundation has dissolved itself and shut down their public nameserver. we are now using the public nameserver by Digitalcourage, a german privacy organisation (https://en.wikipedia.org/wiki/Digitalcourage) * the IP for the server of the swiss privacy foundation has changed (http://www.privacyfoundation.ch/de/service/server.html)
2013-10-15puppet - openvpn gateway address is hard coded as a /24 network (Bug #1863)varac
2013-10-11/etc/haproxy/haproxy.cfg changed randomly (Feature #4111)varac
2013-10-11class moved but forgot to renamevarac
2013-10-11fixed issues from https://review.leap.se/r/98/varac
2013-10-11install ruby-dev for nickserver/webapp (#4079 + #4080)varac
2013-10-11don't remove dev-packages on webapp nodevarac
they are needed for building gems
2013-10-11move site_config::checks to site_config::mx::checksvarac
2013-10-11deploy postfix satellites on all nodes (Bug #1683)varac
2013-10-10contacts is now a top-level hiera variablevarac
2013-10-10fix site_postfix::mx::reserved_aliases class name and package arrayvarac
2013-10-09setup email account 'blacklist' by configuring reserved aliases, effectively ↵Micah Anderson
implementing RFC2142 and more (#3602) Change-Id: Ic2765b25ff9e1560def4900a1bf38dc8023b0ffa
2013-10-06It turns out postfix's variable for 1024bit DH parameters can actually take ↵0.3.0rc3Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-06implement stripping user's home IPs from Received headers (#3866)Micah Anderson
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0
2013-10-06only use TLSv1 or later for smtp (Feature #4011)Micah Anderson
Disable on the client-side with postfix (smtp) SSLv2/SSLv3 and only allow for TLSv1 or later SMTP servers almost universally support TLSv1. There are very few servers that don't (the few that are would result sending in the clear for these, but the alternative isn't much better). This is unlikely to cause any significant problems. Change-Id: I8f98ba32973537905b71f63b100f41a420b6aa3f
2013-10-03fix name of base class fileMicah Anderson
Change-Id: I844970f1c8f895d5a460d5082bfa1a2a88b32ecd
2013-10-03Merge branch 'feature/3953' into developMicah Anderson
2013-10-03It turns out postfix's variable for 1024bit DH parameters can actually take ↵Micah Anderson
a file of arbitrary length (#4012) Neither Postfix nor OpenSSL actually care about the size of the prime in "smtpd_tls_dh1024_param_file". You can make it 2048 bits Change-Id: Id60deec93547e7df6dfc414209afaf9d53c710b5
2013-10-02setup smtpd_tls_eecdh_grade to 'ultra' and configure the ↵Micah Anderson
smtpd_tls_dh1024_param file, after generating it (#3953) Change-Id: I8e88a4862cda052c2f0ca0149f1d0753c7c83cb5
2013-10-02Merge branch 'bug/3869' into developMicah Anderson
2013-10-02Merge branch 'bug/3959' into developMicah Anderson
2013-10-02Merge branch 'feature/3955' into developMicah Anderson
2013-10-02only add vpn_(un)?limited_udp_resolver and vpn_(un)?limited_tcp_resolver ↵Micah Anderson
lines to unbound.conf if the openvpn package is installed (#3868) Change-Id: I65852660a606ccea7569b2207bd535bd8aa3867c
2013-09-26set myhostname in postfix the internet hostname of this mail system. The ↵Micah Anderson
default would otherwise be set to be something like starfish.local instead of the fully qualified domain (#3869) Change-Id: I4a537402de08b41446d344d8c21973b8d09e7ad6
2013-09-26Merge branch 'bug/3868' into developMicah Anderson
2013-09-26create a site_config::packages directory, move site_config::base_packages to ↵Micah Anderson
site_config::packages::base add site_config::packages::gnutls for inclusion (#3955) Change-Id: I9599eb26844503613c16f57ee17d6ea7bd0cf6fb
2013-09-26Add client-side TLS configuration (#3868)Micah Anderson
Change-Id: I0b82930f6f6a453e57f1d57fd8b5df78d464e206
2013-09-26Merge branch 'bug/3868' into developMicah Anderson
2013-09-26properly set the $smtps_recipient_restrictions variable in master.cf (#3935)Micah Anderson
Change-Id: Ia5f35977b3dad08c10256f0281ab36ffb230c9fd
2013-09-25add smtp_tls_received_header to include information about the protocol and ↵Micah Anderson
cipher used as well as the client and issuer CommonName into the "Received:" header Also, clean up the parameters to standardize them Change-Id: Ib6be27f0f93e0a9e20fbdffa1d42220a25fc8ed4
2013-09-25openvpn is restarted before package is installed (Bug #3904)varac
2013-09-25recent couchdb puppet - requires git submodule updateAzul
2013-09-24deploy client_ca on webapp nodevarac
2013-09-24webapp leftover for seperate cert and key deployment (Feature #3918)varac
2013-09-24fix client_ca cert+key for mx service (Feature #3921)varac
2013-09-24added site_config::x509::client_ca::cert and ↵varac
site_config::x509::client_ca::key for client_ca deployment (#3917)
2013-09-24https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919)varac
2013-09-24Webapp doesn't serve commercial cert (Bug #3916)varac
2013-09-24move commercial x509 deployment to site_x509 (Feature #3889)varac
2013-09-24seperate cert and key deployment (#3918)varac
2013-09-22Merge branch 'api-crt-3384' into develop fixes #3384kwadronaut
2013-09-22adding fqdn as default servername and moving service.domain to ServerAlias ↵kwadronaut
(fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns)
2013-09-20use newer haproxy_servers macro in order to allow couchdb and webapp to be ↵elijah
on the same node (requires latest leap_cli)
2013-09-20Merge branch 'feature/3782_Discuss_run_stages_on_deploy' into developvarac