Age | Commit message (Collapse) | Author |
|
* master: (97 commits)
Add ftp.belnet.be Jenkins mirror, remove sun1 rule
Allow sun1 access to Debian mirrors
Remove ledgersmb
Fix user name in hier data
Gnupg is now an implicit dependency of the apt module
Add role, profile and node config for ledgersmb
Add role, profile and node config for pgsql
Add user for Wacłav Schiller
Move http proxy_pass into location block
Move nginx http config to template
Remove misleading comment in sniproxy template
Fix parameter passing
Use correct data types
Implement http redirect/proxy support for sniproxy
Add host ingress03
Lower critical value for next_update to 60 minutes
Switch CRL check to seconds for proper perf data
Add cacert_crl CheckCommand definition
Do not install monitoring-plugins-contrib on stretch hosts
Add check plugin for checking CRL updates
...
|
|
The sun1 rule is not needed because localnet contains 172.16.0.0/12
ftp.belnet.be has been added to the Jenkins mirror network
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Add Sascha Ternes as sat
- Add roles and profiles for nextcloud and mariadb
- Add basic node configuration in hieradata
|
|
|
|
Hiera doesn't look for .yml
|
|
|
|
- add support for custom owner, group and mode for private key files
managed by x509cert_common
- use x509cert_common for cacert_boardvoting
- remove key and certificate from old locations
- add class1 (root) certificate to allowed client certificate roots for
cacert_boardvoting
|
|
This commit transforms the Apache httpd configuration on svn to the
puppetlabs Apache module. Certificates are managed by x509cert_common.
|
|
|
|
* switch certificate management to x509cert_common
* use templating for wordpress-ssl.conf
* unify configuration of mantisbt on bugs with wordpress on blog
|
|
|
|
|
|
|
|
This is a refactoring to move support for client certificate CA
chain definition to the x509cert_common manifest. The idea is that
certificate chain management is centralized in that module.
Community is the first system that is modified to use the new mechanism
for the Roundcube webmail system at webmail.cacert.org.
|
|
|
|
|
|
|
|
This commit adds the new class3 certificate and configuration for
- community
- email
- motion
- ocsp checks
- selfservice
- web
- webmail (roundcube)
|
|
This is a preparation to conserve public IPv4 addresses. DNS changes
will come later.
|
|
This commit removes sniproxy and switches its functionality over to
nginx.
|
|
This commit is the first step to migrate away from sniproxy and use
nginx only. Nginx now handles port 80 directly and should provide the
same forwarding that sniproxy is doing on port 8443 (will be switched to
443 in a later commit if it turns out to work).
|
|
|
|
- certificates are added as is
- keys have been eyaml encrypted
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489.
This commit will make sure that he can access the issue system.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This commit adds the training instances on infra-lx to the Puppet
repository. I removed DSA keys that should not be used anymore.
|
|
This commit replaces the custom Python webhook for puppet environment
deployment with the go based webhook from the Debian package with the
same name.
The puppet-deploy script only takes care of pulling from git and running
r10k now. The web requests are now handled by webhook.
|
|
|
|
I issued a new server certificate for webmail.cacert.org with
community.cacert.org as subject alternative name. This commit adds the
new key and certificate and switches the certificate management to the
profiles::x509cert_common module added for nginx on email before.
The ssl_cipher parameter has been split to multiple lines for better
readability.
I kept the old certificate management statements to allow a smooth
transition to the new files. If everything works with the new files I
will add another commit to remove the old files from the system.
|