summaryrefslogtreecommitdiff
path: root/puppet
AgeCommit message (Collapse)Author
2013-07-25added site_mxvarac
2013-07-25added submodule postfix from git://labs.riseup.net/shared-postfixvarac
2013-07-25include site_mxvarac
2013-07-23Merge branch 'develop' of ssh://code.leap.se/leap_platform into developvarac
2013-07-23fix linting errorMicah Anderson
Change-Id: I975e1bd480d756a85e556b440a0e28e3899c9af8
2013-07-23not need for file { '/srv/leap/webapp': }, we have vcsrepo { ↵varac
'/srv/leap/webapp': }
2013-07-23/srv/leap/webapp/public/img: require => Vcsrepo['/srv/leap/webapp']varac
2013-07-19try::file - absolute exec paths.elijah
2013-07-19an entirely different implementation of try::file, using all execs. the ↵elijah
built in file resource of puppet can't be used for what we want, because if you specify $source, it always bombs out if it doesn't exist, regardless of dependencies.
2013-07-17default to false for $hostselijah
2013-07-16lint site_openvpn manifestsMicah Anderson
Change-Id: I314031d93aa9f4a0f217680870678e39c096d46a
2013-07-15lint nickserver classMicah Anderson
Change-Id: I03cdb5a6255d245cb1163a30b221b4c32dc4bef6
2013-07-15Merge branch 'hotfix/issue/3140' into developvarac
2013-07-15fix smtpd_recipient_restrictions, debug connections from localhostvarac
2013-07-11changes to support restrictive permissions for /etc/leap. this is required ↵elijah
to work with the latest leap_cli.
2013-07-10ensure that /etc/hosts is output deterministically, so that content does not ↵elijah
change each time you deploy.
2013-07-10added tls support, including smtp auth via client certvarac
2013-07-09use file_line from stdlib instead of line, now both ↵varac
vpn_unlimited_tcp_resolver and vpn_unlimited_udp_resolver are included
2013-07-09re-add mx servicevarac
2013-07-09updated submodule apachevarac
2013-07-09updated submodule couchdbvarac
2013-07-09updated submodule aptvarac
2013-07-09beginning of smtp_auth config with client certsvarac
2013-07-09smtpd_recipient_restrictions: +permit_tls_all_clientcertsvarac
2013-07-09smtpd_checks: smtpd_delay_rejectvarac
2013-07-09smtpd_checks: smtpd_data_restrictionsvarac
2013-07-09using alias resolvervarac
2013-07-09update postfix module to new shared version for parameterized classes, and otherMicah Anderson
2.7 updates update site_postfix::mx to use parameterized classes
2013-07-09no need to import common anymorevarac
2013-07-09Configure Postfix for incoming mails (Feature #2269)varac
2013-07-09hiera variable mx.contact -> postfix $root_mail_recipientvarac
2013-07-09initial mx couchdb stunnel configurationMicah Anderson
2013-07-09added site_mx::haproxyvarac
2013-07-09added basic site_postfix::mx configvarac
2013-07-09include shorewall rules for site_mxvarac
2013-07-09shorewall rules for site_mxvarac
2013-07-09added site_mxvarac
2013-07-09added submodule postfix from git://labs.riseup.net/shared-postfixvarac
2013-07-09include site_mxvarac
2013-07-06site_webapp -- make bundler not install test-only or development-only gems.elijah
2013-07-04more robust openvpn restartingMicah Anderson
this ensures that an actual restart is run on the service when config files are added or removed, instead of relying on the status parameter of the initscript, which can be confused if config files are removed out from under it Change-Id: I1c69fff26933338b707acf7dc4593547f32f92e3
2013-07-03Merge branch 'bug/1983' into leapMicah Anderson
2013-07-02update stunnel submodule to fix refresh bug #3013Micah Anderson
Change-Id: I9ed218d9353c05b34d34c363a6a3f10d54b3a60a
2013-07-02create a site_config subclass for package installation and removal add ↵Micah Anderson
packages that we want to make sure are installed remove packages that were found on vagrant and PC installations that have no business being there Change-Id: I4887a327ca89eb60945ad817a75ff199859824d3
2013-07-02deleted bind9 purging, it was only needed for the transition from bind to ↵varac
unbound
2013-07-01restart stunnels if /etc/hosts is changed (#3031)Micah Anderson
Due to the fact that /etc/hosts is modified in the early stage setup.pp run and the stunnel service is not deployed on an initial puppet run, we cannot simply override the Service['stunnel'] but instead need to trigger a restart through an exec calling the init script that first tests to see if it is present. Change-Id: I6bf5dfece9ecbdb8319747774185dec50d5a55f6
2013-06-30Fix 'Failed to call refresh: /usr/local/sbin/reload_dhclient returned 2 insteadMicah Anderson
of one of [0]' by putting in the missing closing single quote. Change-Id: I86feb5d06dd25e28ea67da0b5627e7be4174e01e
2013-07-01Merge branch 'feature/authorized_keys' of ↵micah
/home/git/repositories/micah/leap_platform into develop
2013-06-30switch to own define for managing ssh keysvarac
The problem with puppet's built-in ssh_authorized_key is that you can purge unmanaged keys in a authorized_keys file. see https://leap.se/code/issues/3010 for details. Conflicts: puppet/modules/site_sshd/manifests/authorized_keys.pp Change-Id: I640bf7ebc0f0f7fb19cc46feb4cb2702d6561a9b
2013-06-30modularize and standardize site_sshd:Micah Anderson
. move the setting of the xterm title to site_config::shell . change the xterm file resource to use standard source lines, switch to single quotes, quote mode, and line up parameters . move the mosh pieces into a site_ssh::mosh class and only include it if the right mosh variable is enabled, passing into the class the necessary hiera parameters . lint the site_ssh::mosh resources . change the authorized_keys class to accept the key parameter which is passed in from the main ssh class (but allow for out of scope variable lookup when the tag is passed) Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604