summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-31Merge branch 'master' into trainingtrainingJan Dittberner
* master: Manage /etc/network/interfaces of LXC containers only Only perform update-ca-certificates on changes Fix version number for debian-security check
2021-10-31Merge commit '500ee63f8027d7d0672c7f0172feaa2401fccf03' into trainingJan Dittberner
* commit '500ee63f8027d7d0672c7f0172feaa2401fccf03':
2021-10-31Manage /etc/network/interfaces of LXC containers onlyJan Dittberner
2021-10-31Only perform update-ca-certificates on changesJan Dittberner
2021-10-31Fix version number for debian-security checkJan Dittberner
2021-10-31Fix version number for debian-security checkJan Dittberner
2021-10-31Marge back changes from training branchJan Dittberner
* training: Remove dependency on ca-cacert package Fix puppet-lint warnings Add support for Debian 11 security repository Change password for Ed Kapitein Change passwrd for Hamish Gough Revert "Change password for Ed Kapitein" Change password for Ed Kapitein Change password for Dave van der Merwe Add training system account for Hamish Gough Change password for Dirk Meyer Change password for Bruce Schuck Fix yamllint warnings for hiera data Assign Bruce, Dave, Dirk m. and Ed to training systems Add users for infrastructure team volunteers Add training instances
2021-10-31Remove dependency on ca-cacert packageJan Dittberner
The ca-cacert package did not make it into bullseye. This change replaces the package dependency with an installation of the root and class3 certificate via Puppet.
2021-10-31Merge branch 'master' into trainingJan Dittberner
* master: (97 commits) Add ftp.belnet.be Jenkins mirror, remove sun1 rule Allow sun1 access to Debian mirrors Remove ledgersmb Fix user name in hier data Gnupg is now an implicit dependency of the apt module Add role, profile and node config for ledgersmb Add role, profile and node config for pgsql Add user for Wacłav Schiller Move http proxy_pass into location block Move nginx http config to template Remove misleading comment in sniproxy template Fix parameter passing Use correct data types Implement http redirect/proxy support for sniproxy Add host ingress03 Lower critical value for next_update to 60 minutes Switch CRL check to seconds for proper perf data Add cacert_crl CheckCommand definition Do not install monitoring-plugins-contrib on stretch hosts Add check plugin for checking CRL updates ...
2021-10-31Fix puppet-lint warningsJan Dittberner
2021-10-31Add support for Debian 11 security repositoryJan Dittberner
2021-09-19Add ftp.belnet.be Jenkins mirror, remove sun1 ruleJan Dittberner
The sun1 rule is not needed because localnet contains 172.16.0.0/12 ftp.belnet.be has been added to the Jenkins mirror network
2021-09-18Allow sun1 access to Debian mirrorsJan Dittberner
2021-09-07Remove ledgersmbJan Dittberner
2021-08-28Fix user name in hier dataJan Dittberner
2021-08-28Gnupg is now an implicit dependency of the apt moduleJan Dittberner
2021-08-28Add role, profile and node config for ledgersmbJan Dittberner
2021-08-28Add role, profile and node config for pgsqlJan Dittberner
2021-08-28Add user for Wacłav SchillerJan Dittberner
2021-08-15Move http proxy_pass into location blockJan Dittberner
2021-08-15Move nginx http config to templateJan Dittberner
2021-08-15Remove misleading comment in sniproxy templateJan Dittberner
2021-08-15Fix parameter passingJan Dittberner
2021-08-15Use correct data typesJan Dittberner
2021-08-15Implement http redirect/proxy support for sniproxyJan Dittberner
2021-08-11Add host ingress03Jan Dittberner
2021-08-03Lower critical value for next_update to 60 minutesJan Dittberner
2021-08-03Switch CRL check to seconds for proper perf dataJan Dittberner
2021-08-03Add cacert_crl CheckCommand definitionJan Dittberner
2021-08-03Do not install monitoring-plugins-contrib on stretch hostsJan Dittberner
2021-08-03Add check plugin for checking CRL updatesJan Dittberner
2021-08-01Add essential packages to base profileJan Dittberner
2021-08-01Add Icinga2 CA tickets for mariadb and nextcloudJan Dittberner
2021-08-01Add configuration stubs for mariadb and nextcloudJan Dittberner
- Add Sascha Ternes as sat - Add roles and profiles for nextcloud and mariadb - Add basic node configuration in hieradata
2021-08-01Remove unwanted linebreaksJan Dittberner
2021-07-17Use renewed certificatesJan Dittberner
2021-07-16Ensure external command definitionJan Dittberner
2021-06-19Use infra02 as DNS resolver for infra03Jan Dittberner
Infra02 has information about all infrastructure hosts and can resolve names like puppet, proxyout, emailout. This commit changes the DNS resolver of infra03 to use infra02.
2021-05-24Fix type in dnsmasq service nameJan Dittberner
2021-05-24Add profile for LXC host for infra03Jan Dittberner
Setup ntp, dnsmasq and resolv.conf for LXC hosting
2021-05-24Make ssl_cert_cacert available on extmonJan Dittberner
This adds the ssl_cert_cacert CheckCommand definition globally.
2021-05-14Rename hiera data file to .yamlJan Dittberner
Hiera doesn't look for .yml
2021-05-14Add base setup for infra03Jan Dittberner
2021-05-11Add vim-nox to base packagesJan Dittberner
2021-05-11Fix default file mode for private keysJan Dittberner
2021-05-08Fix Puppet assignment syntaxJan Dittberner
2021-05-08Allow cacert_boardvoting user to access private keyJan Dittberner
2021-05-08Fix unsupported variable reassignmentJan Dittberner
Use https://forge.puppet.com/modules/puppetlabs/stdlib/7.0.1/reference#pick-1 to workaround unsupported variable reassignment in the Puppet DSL.
2021-05-08Add dependencies on certificate filesJan Dittberner
Subscribe the cacert-boardvoting service to the certificate and key files to trigger restarts on changes.
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting