AgeCommit message (Collapse)Author
5 daysRename hiera data file to .yamlHEADmasterJan Dittberner
Hiera doesn't look for .yml
5 daysAdd base setup for infra03Jan Dittberner
8 daysAdd vim-nox to base packagesJan Dittberner
8 daysFix default file mode for private keysJan Dittberner
11 daysFix Puppet assignment syntaxJan Dittberner
11 daysAllow cacert_boardvoting user to access private keyJan Dittberner
11 daysFix unsupported variable reassignmentJan Dittberner
Use to workaround unsupported variable reassignment in the Puppet DSL.
11 daysAdd dependencies on certificate filesJan Dittberner
Subscribe the cacert-boardvoting service to the certificate and key files to trigger restarts on changes.
11 daysUse x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-29Fix puppet-lint and join errorsJan Dittberner
2021-04-29Implement workaround for MODULES-4182Jan Dittberner
2021-04-29Revert "Add dependency module mod_dav"Jan Dittberner
This reverts commit 4cfdf40c6367bc7a7abc0d85b4641e5e86fcac7f.
2021-04-29Add dependency module mod_davJan Dittberner
2021-04-29Manage svn Apache configurationJan Dittberner
This commit transforms the Apache httpd configuration on svn to the puppetlabs Apache module. Certificates are managed by x509cert_common.
2021-04-25Remove duplicate SSLCertificateFile directive for wikiJan Dittberner
2021-04-25Add certificate and key in wiki Hiera dataJan Dittberner
2021-04-25Add certificate/apache httpd management for wikiJan Dittberner
2021-04-25Migrate wordpress profile to x509cert_commonJan Dittberner
* switch certificate management to x509cert_common * use templating for wordpress-ssl.conf * unify configuration of mantisbt on bugs with wordpress on blog
2021-04-25Move wordpress-ssl.conf to templatesJan Dittberner
2021-04-25Use proper Concat class for server and client CA filesJan Dittberner
2021-04-25Fix typo in certificate nameJan Dittberner
2021-04-25Fix indentationJan Dittberner
2021-04-25Use x509cert_common for bugsJan Dittberner
2021-04-25Move mantis-ssl.conf to templatesJan Dittberner
2021-04-25Ensure that the old certificate directory is removedJan Dittberner
2021-04-25Add client certificate CA support to x509cert_commonJan Dittberner
This is a refactoring to move support for client certificate CA chain definition to the x509cert_common manifest. The idea is that certificate chain management is centralized in that module. Community is the first system that is modified to use the new mechanism for the Roundcube webmail system at
2021-04-24Fix path for sites-available/blog-ssl.confJan Dittberner
2021-04-24Implement certificate management for blog.cacert.orgJan Dittberner
2021-04-24Implement certificate management for bugs.cacert.orgJan Dittberner
2021-04-22Replace class3 CA in motion server cert chainJan Dittberner
2021-04-22Fix source path for class3 CA certificateJan Dittberner
2021-04-22Use new class3 certificateJan Dittberner
This commit adds the new class3 certificate and configuration for - community - email - motion - ocsp checks - selfservice - web - webmail (roundcube)
2021-04-22Add new class3 certificate with serial 0x14e228Jan Dittberner
The class3 certificate has been renewed during a visit at BIT in EDE on April 19th 2021.
2021-02-06Fix broken descriptionJan Dittberner
2021-02-06Manage global-templates directory for Icinga2Jan Dittberner
2021-02-06Move external command config to global zoneJan Dittberner
2021-02-06Add IPv6 listener to the proxyin nginxJan Dittberner
2021-02-06Add other infrastructure webservers to sniproxyJan Dittberner
This is a preparation to conserve public IPv4 addresses. DNS changes will come later.
2021-02-06Cleanup after switch from sniproxy to nginxJan Dittberner
2021-02-06Remove remains of sniproxy after applying it to proxyinJan Dittberner
2021-02-06Switch over to nginxJan Dittberner
This commit removes sniproxy and switches its functionality over to nginx.
2021-02-06Fix module loading and include orderJan Dittberner
2021-02-06Fix nginx dependency orderJan Dittberner
2021-02-06Setup nginx to server SNI tls on port 8443Jan Dittberner
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
2021-02-06Remove unneeded profiles and apt preferences from proxyinJan Dittberner
2021-01-24Install command configuration on extmonJan Dittberner
2021-01-24Add check_ocsp command on external monitoring systemJan Dittberner
The original script vom Wytze has been adapted for Debian and shellcheck warnings have been fixed. The package ca-cacert is now installed unconditionaly.
2021-01-23Manage ssh configurationJan Dittberner
- tighten sshd configuration and manage it - fix puppet-lint warnings
2021-01-17Renew certificates for jenkins and fundingJan Dittberner
2021-01-17Add backslashes to ciphers to make them a single lineJan Dittberner