| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 3 days | Grant dinoex access to issueHEADmaster | Jan Dittberner | |
| Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489. This commit will make sure that he can access the issue system. | |||
| 3 days | Add the users for new infrastructure admins | Jan Dittberner | |
| This commit adds account information (names, uids, password hashes, ssh public keys) for new infrastructure admins: - Bruce Shuck - Dave van der Merwe - Dirk Meyer - Ed Kapitein - Hamish Gough Permissions to individual systems/containers will be granted on demand in separate commits. | |||
| 7 days | Update extmon client certificate | Jan Dittberner | |
| 7 days | Update monitor client certificate | Jan Dittberner | |
| 2020-06-21 | Fix yamllint warnings for hiera data | Jan Dittberner | |
| 2020-06-21 | Use /bin/systemctl | Jan Dittberner | |
| 2020-06-21 | Replace custom Python webhook with packaged webhook | Jan Dittberner | |
| This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook. | |||
| 2020-06-06 | Fix Content-Security-Policy for community.cacert.org | Jan Dittberner | |
| 2020-06-06 | Switch roundcube to x509cert_common with webmail certificate | Jan Dittberner | |
| I issued a new server certificate for webmail.cacert.org with community.cacert.org as subject alternative name. This commit adds the new key and certificate and switches the certificate management to the profiles::x509cert_common module added for nginx on email before. The ssl_cipher parameter has been split to multiple lines for better readability. I kept the old certificate management statements to allow a smooth transition to the new files. If everything works with the new files I will add another commit to remove the old files from the system. | |||
| 2020-06-06 | Add proxy headers for name based virtual hosting | Jan Dittberner | |
| 2020-06-06 | Fix variable name in virtual host template | Jan Dittberner | |
| 2020-06-06 | Adapt permissions on /etc/ssl/private | Jan Dittberner | |
| This change adapts the ownership and permissions on /etc/ssl/private to the defaults that are set by Debian's ssl-cert package. | |||
| 2020-06-06 | Fix require directive | Jan Dittberner | |
| The certificate chain constructed by the x509cert_common profile is of type Concat and needs to be referenced as such. | |||
| 2020-06-06 | Fix template file name | Jan Dittberner | |
| The puppet template function expects templates to be named *.epp. This commit fixes this by renaming the template and using the .epp name explicitly. | |||
| 2020-06-06 | Fix duplicate resource name | Jan Dittberner | |
| 2020-06-06 | Fix puppet parser, epp and puppet-lint issues | Jan Dittberner | |
| 2020-06-06 | Add new profile nginx_revproxy and use it for email | Jan Dittberner | |
| This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role. | |||
| 2020-06-06 | Add new profile x509cert_common | Jan Dittberner | |
| This commit adds a new profile that takes care of putting X.509 server certificates as well as their private keys and certificates at a common location. The hiera data for the email host have been adapted for this new profile which will be used by a new profile for managing nginx based reverse proxies. | |||
| 2020-06-06 | Fix documentation block of apache_common profile | Jan Dittberner | |
| 2020-06-06 | Use current defaults for nginx configuration | Jan Dittberner | |
| 2020-06-05 | Remove rssh cleanups after they have been applied | Jan Dittberner | |
| 2020-06-05 | Remove references to rssh | Jan Dittberner | |
| 2020-06-05 | Switch from rssh to sftponly for debarchive | Jan Dittberner | |
| rssh has been dropped in Debian Buster. This change removes rssh configuration from webstatic. The debarchive user is now restricted to sftp via sshd_config. | |||
| 2020-06-05 | Add vhost for community.cacert.org on webstatic | Jan Dittberner | |
| This VirtualHost definition will be proxied from email.cacert.org that will terminate the TLS connection too. A git hook for publishing the content of the https://git.cacert.org/cacert-community-website.git repository will be added. | |||
| 2020-06-04 | Fix missing placeholder in template | Jan Dittberner | |
| 2020-06-04 | Add new parameter for cacert-selfservice-api 0.3.0 | Jan Dittberner | |
| 2020-06-04 | Add new parameters for cacert-selfservice 0.2.0 | Jan Dittberner | |
| 2020-05-17 | Add git container to Puppet | Jan Dittberner | |
| 2020-05-16 | Add Markus Warg (credentials from git) | Jan Dittberner | |
| 2020-05-15 | Add ACL to allow nginx packages for wiki | Jan Dittberner | |
| - add ACL debnginx for packages.nginx.org - add ACL wiki for wiki source IP addresses - add ACL to allow access from wiki to debnginx - sort ACLs | |||
| 2020-05-13 | Enable http/2 for Roundcube | Jan Dittberner | |
| 2020-05-13 | Move mod_ssl parameters to class apache::mod::ssl | Jan Dittberner | |
| 2020-05-13 | Fix parameter names for https VirtualHost | Jan Dittberner | |
| 2020-05-13 | Disable docroot management for http | Jan Dittberner | |
| 2020-05-13 | Remove unneeded access_log_file, use redirect_dest | Jan Dittberner | |
| 2020-05-13 | Fix Apache mod_php compatibility | Jan Dittberner | |
| 2020-05-13 | Fix duplicate class definition | Jan Dittberner | |
| 2020-05-13 | Fix syntax error in variable declarations | Jan Dittberner | |
| 2020-05-13 | Fix syntax error in class usage | Jan Dittberner | |
| 2020-05-13 | Add Apache configuration for community container | Jan Dittberner | |
| 2020-05-13 | Fix puppet URLs for RoundCube plugin archives | Jan Dittberner | |
| 2020-05-13 | Fix paths for RoundCube plugin archives | Jan Dittberner | |
| 2020-05-13 | Fix uniqueness of concat::fragment identifiers | Jan Dittberner | |
| 2020-05-13 | Incorporate changes to the community RoundCube | Jan Dittberner | |
| - add dovecot_impersonate and twofactor_gauthenticator plugins - ensure that email.cacert.org is setup in /etc/hosts with its internal IP address - add certificate validation for smtp and imap | |||
| 2020-04-30 | Add role and hiera data for wiki | Jan Dittberner | |
| 2020-04-29 | Remove wytze from blog admins | Jan Dittberner | |
| 2020-04-29 | Define puppet configuration for blog | Jan Dittberner | |
| - add new role blog - define account information for dirk and law | |||
| 2020-03-29 | Add dirk@cacert.org to icingaweb2 admins | Jan Dittberner | |
| 2020-03-22 | Add dirk to community sudo group | Jan Dittberner | |
| 2019-09-01 | Fix base URL for motion system | Jan Dittberner | |
 |
index : cacert-puppet.git | |
| Puppet configuration for CAcert infrastructure | Infrastructure Admins |
| summaryrefslogtreecommitdiff |