summaryrefslogtreecommitdiff
path: root/hieradata/nodes
AgeCommit message (Collapse)Author
2021-10-31Merge branch 'master' into trainingJan Dittberner
* master: (97 commits) Add ftp.belnet.be Jenkins mirror, remove sun1 rule Allow sun1 access to Debian mirrors Remove ledgersmb Fix user name in hier data Gnupg is now an implicit dependency of the apt module Add role, profile and node config for ledgersmb Add role, profile and node config for pgsql Add user for Wacłav Schiller Move http proxy_pass into location block Move nginx http config to template Remove misleading comment in sniproxy template Fix parameter passing Use correct data types Implement http redirect/proxy support for sniproxy Add host ingress03 Lower critical value for next_update to 60 minutes Switch CRL check to seconds for proper perf data Add cacert_crl CheckCommand definition Do not install monitoring-plugins-contrib on stretch hosts Add check plugin for checking CRL updates ...
2021-09-19Add ftp.belnet.be Jenkins mirror, remove sun1 ruleJan Dittberner
The sun1 rule is not needed because localnet contains 172.16.0.0/12 ftp.belnet.be has been added to the Jenkins mirror network
2021-09-18Allow sun1 access to Debian mirrorsJan Dittberner
2021-09-07Remove ledgersmbJan Dittberner
2021-08-28Add role, profile and node config for ledgersmbJan Dittberner
2021-08-28Add role, profile and node config for pgsqlJan Dittberner
2021-08-15Fix parameter passingJan Dittberner
2021-08-15Implement http redirect/proxy support for sniproxyJan Dittberner
2021-08-11Add host ingress03Jan Dittberner
2021-08-01Add Icinga2 CA tickets for mariadb and nextcloudJan Dittberner
2021-08-01Add configuration stubs for mariadb and nextcloudJan Dittberner
- Add Sascha Ternes as sat - Add roles and profiles for nextcloud and mariadb - Add basic node configuration in hieradata
2021-07-17Use renewed certificatesJan Dittberner
2021-05-14Rename hiera data file to .yamlJan Dittberner
Hiera doesn't look for .yml
2021-05-14Add base setup for infra03Jan Dittberner
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-29Manage svn Apache configurationJan Dittberner
This commit transforms the Apache httpd configuration on svn to the puppetlabs Apache module. Certificates are managed by x509cert_common.
2021-04-25Add certificate and key in wiki Hiera dataJan Dittberner
2021-04-25Migrate wordpress profile to x509cert_commonJan Dittberner
* switch certificate management to x509cert_common * use templating for wordpress-ssl.conf * unify configuration of mantisbt on bugs with wordpress on blog
2021-04-25Fix typo in certificate nameJan Dittberner
2021-04-25Fix indentationJan Dittberner
2021-04-25Use x509cert_common for bugsJan Dittberner
2021-04-25Add client certificate CA support to x509cert_commonJan Dittberner
This is a refactoring to move support for client certificate CA chain definition to the x509cert_common manifest. The idea is that certificate chain management is centralized in that module. Community is the first system that is modified to use the new mechanism for the Roundcube webmail system at webmail.cacert.org.
2021-04-24Implement certificate management for blog.cacert.orgJan Dittberner
2021-04-24Implement certificate management for bugs.cacert.orgJan Dittberner
2021-04-22Replace class3 CA in motion server cert chainJan Dittberner
2021-04-22Use new class3 certificateJan Dittberner
This commit adds the new class3 certificate and configuration for - community - email - motion - ocsp checks - selfservice - web - webmail (roundcube)
2021-02-06Add other infrastructure webservers to sniproxyJan Dittberner
This is a preparation to conserve public IPv4 addresses. DNS changes will come later.
2021-02-06Switch over to nginxJan Dittberner
This commit removes sniproxy and switches its functionality over to nginx.
2021-02-06Setup nginx to server SNI tls on port 8443Jan Dittberner
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
2021-01-17Renew certificates for jenkins and fundingJan Dittberner
2021-01-17Add management of SSL certificatesJan Dittberner
- certificates are added as is - keys have been eyaml encrypted
2021-01-17Add Apache httpd TLS parametersJan Dittberner
2021-01-17Fix typo in allow_encoded_slashesJan Dittberner
2021-01-17Add Apache VirtualHost config for web.cacert.orgJan Dittberner
2021-01-09Add missing s to motions URL pathJan Dittberner
2021-01-09Fix redirection for old motion deeplinksJan Dittberner
2021-01-02Add internal IP address of Puppet server to ACLJan Dittberner
2020-08-22Add mirror.gruenehoelle.nl to debjenkins ACLJan Dittberner
2020-08-22Add get.jenkins.io to jenkins package mirror listJan Dittberner
2020-07-08Grant dinoex access to issueJan Dittberner
Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489. This commit will make sure that he can access the issue system.
2020-07-04Update extmon client certificateJan Dittberner
2020-07-04Update monitor client certificateJan Dittberner
2020-07-01Add training system account for Hamish GoughJan Dittberner
2020-06-21Fix yamllint warnings for hiera dataJan Dittberner
2020-06-21Fix yamllint warnings for hiera dataJan Dittberner
2020-06-21Assign Bruce, Dave, Dirk m. and Ed to training systemsJan Dittberner
2020-06-21Add training instancesJan Dittberner
This commit adds the training instances on infra-lx to the Puppet repository. I removed DSA keys that should not be used anymore.
2020-06-21Replace custom Python webhook with packaged webhookJan Dittberner
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
2020-06-06Fix Content-Security-Policy for community.cacert.orgJan Dittberner
2020-06-06Switch roundcube to x509cert_common with webmail certificateJan Dittberner
I issued a new server certificate for webmail.cacert.org with community.cacert.org as subject alternative name. This commit adds the new key and certificate and switches the certificate management to the profiles::x509cert_common module added for nginx on email before. The ssl_cipher parameter has been split to multiple lines for better readability. I kept the old certificate management statements to allow a smooth transition to the new files. If everything works with the new files I will add another commit to remove the old files from the system.