summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-07-08Grant dinoex access to issueHEADmasterJan Dittberner
Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489. This commit will make sure that he can access the issue system.
2020-07-08Add the users for new infrastructure adminsJan Dittberner
This commit adds account information (names, uids, password hashes, ssh public keys) for new infrastructure admins: - Bruce Shuck - Dave van der Merwe - Dirk Meyer - Ed Kapitein - Hamish Gough Permissions to individual systems/containers will be granted on demand in separate commits.
2020-07-04Update extmon client certificateJan Dittberner
2020-07-04Update monitor client certificateJan Dittberner
2020-06-21Fix yamllint warnings for hiera dataJan Dittberner
2020-06-21Use /bin/systemctlJan Dittberner
2020-06-21Replace custom Python webhook with packaged webhookJan Dittberner
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
2020-06-06Fix Content-Security-Policy for community.cacert.orgJan Dittberner
2020-06-06Switch roundcube to x509cert_common with webmail certificateJan Dittberner
I issued a new server certificate for webmail.cacert.org with community.cacert.org as subject alternative name. This commit adds the new key and certificate and switches the certificate management to the profiles::x509cert_common module added for nginx on email before. The ssl_cipher parameter has been split to multiple lines for better readability. I kept the old certificate management statements to allow a smooth transition to the new files. If everything works with the new files I will add another commit to remove the old files from the system.
2020-06-06Add proxy headers for name based virtual hostingJan Dittberner
2020-06-06Fix variable name in virtual host templateJan Dittberner
2020-06-06Adapt permissions on /etc/ssl/privateJan Dittberner
This change adapts the ownership and permissions on /etc/ssl/private to the defaults that are set by Debian's ssl-cert package.
2020-06-06Fix require directiveJan Dittberner
The certificate chain constructed by the x509cert_common profile is of type Concat and needs to be referenced as such.
2020-06-06Fix template file nameJan Dittberner
The puppet template function expects templates to be named *.epp. This commit fixes this by renaming the template and using the .epp name explicitly.
2020-06-06Fix duplicate resource nameJan Dittberner
2020-06-06Fix puppet parser, epp and puppet-lint issuesJan Dittberner
2020-06-06Add new profile nginx_revproxy and use it for emailJan Dittberner
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
2020-06-06Add new profile x509cert_commonJan Dittberner
This commit adds a new profile that takes care of putting X.509 server certificates as well as their private keys and certificates at a common location. The hiera data for the email host have been adapted for this new profile which will be used by a new profile for managing nginx based reverse proxies.
2020-06-06Fix documentation block of apache_common profileJan Dittberner
2020-06-06Use current defaults for nginx configurationJan Dittberner
2020-06-05Remove rssh cleanups after they have been appliedJan Dittberner
2020-06-05Remove references to rsshJan Dittberner
2020-06-05Switch from rssh to sftponly for debarchiveJan Dittberner
rssh has been dropped in Debian Buster. This change removes rssh configuration from webstatic. The debarchive user is now restricted to sftp via sshd_config.
2020-06-05Add vhost for community.cacert.org on webstaticJan Dittberner
This VirtualHost definition will be proxied from email.cacert.org that will terminate the TLS connection too. A git hook for publishing the content of the https://git.cacert.org/cacert-community-website.git repository will be added.
2020-06-04Fix missing placeholder in templateJan Dittberner
2020-06-04Add new parameter for cacert-selfservice-api 0.3.0Jan Dittberner
2020-06-04Add new parameters for cacert-selfservice 0.2.0Jan Dittberner
2020-05-17Add git container to PuppetJan Dittberner
2020-05-16Add Markus Warg (credentials from git)Jan Dittberner
2020-05-15Add ACL to allow nginx packages for wikiJan Dittberner
- add ACL debnginx for packages.nginx.org - add ACL wiki for wiki source IP addresses - add ACL to allow access from wiki to debnginx - sort ACLs
2020-05-13Enable http/2 for RoundcubeJan Dittberner
2020-05-13Move mod_ssl parameters to class apache::mod::sslJan Dittberner
2020-05-13Fix parameter names for https VirtualHostJan Dittberner
2020-05-13Disable docroot management for httpJan Dittberner
2020-05-13Remove unneeded access_log_file, use redirect_destJan Dittberner
2020-05-13Fix Apache mod_php compatibilityJan Dittberner
2020-05-13Fix duplicate class definitionJan Dittberner
2020-05-13Fix syntax error in variable declarationsJan Dittberner
2020-05-13Fix syntax error in class usageJan Dittberner
2020-05-13Add Apache configuration for community containerJan Dittberner
2020-05-13Fix puppet URLs for RoundCube plugin archivesJan Dittberner
2020-05-13Fix paths for RoundCube plugin archivesJan Dittberner
2020-05-13Fix uniqueness of concat::fragment identifiersJan Dittberner
2020-05-13Incorporate changes to the community RoundCubeJan Dittberner
- add dovecot_impersonate and twofactor_gauthenticator plugins - ensure that email.cacert.org is setup in /etc/hosts with its internal IP address - add certificate validation for smtp and imap
2020-04-30Add role and hiera data for wikiJan Dittberner
2020-04-29Remove wytze from blog adminsJan Dittberner
2020-04-29Define puppet configuration for blogJan Dittberner
- add new role blog - define account information for dirk and law
2020-03-29Add dirk@cacert.org to icingaweb2 adminsJan Dittberner
2020-03-22Add dirk to community sudo groupJan Dittberner
2019-09-01Fix base URL for motion systemJan Dittberner