summaryrefslogtreecommitdiff
path: root/hieradata/nodes
AgeCommit message (Collapse)Author
2021-05-14Rename hiera data file to .yamlJan Dittberner
Hiera doesn't look for .yml
2021-05-14Add base setup for infra03Jan Dittberner
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-29Manage svn Apache configurationJan Dittberner
This commit transforms the Apache httpd configuration on svn to the puppetlabs Apache module. Certificates are managed by x509cert_common.
2021-04-25Add certificate and key in wiki Hiera dataJan Dittberner
2021-04-25Migrate wordpress profile to x509cert_commonJan Dittberner
* switch certificate management to x509cert_common * use templating for wordpress-ssl.conf * unify configuration of mantisbt on bugs with wordpress on blog
2021-04-25Fix typo in certificate nameJan Dittberner
2021-04-25Fix indentationJan Dittberner
2021-04-25Use x509cert_common for bugsJan Dittberner
2021-04-25Add client certificate CA support to x509cert_commonJan Dittberner
This is a refactoring to move support for client certificate CA chain definition to the x509cert_common manifest. The idea is that certificate chain management is centralized in that module. Community is the first system that is modified to use the new mechanism for the Roundcube webmail system at webmail.cacert.org.
2021-04-24Implement certificate management for blog.cacert.orgJan Dittberner
2021-04-24Implement certificate management for bugs.cacert.orgJan Dittberner
2021-04-22Replace class3 CA in motion server cert chainJan Dittberner
2021-04-22Use new class3 certificateJan Dittberner
This commit adds the new class3 certificate and configuration for - community - email - motion - ocsp checks - selfservice - web - webmail (roundcube)
2021-02-06Add other infrastructure webservers to sniproxyJan Dittberner
This is a preparation to conserve public IPv4 addresses. DNS changes will come later.
2021-02-06Switch over to nginxJan Dittberner
This commit removes sniproxy and switches its functionality over to nginx.
2021-02-06Setup nginx to server SNI tls on port 8443Jan Dittberner
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
2021-01-17Renew certificates for jenkins and fundingJan Dittberner
2021-01-17Add management of SSL certificatesJan Dittberner
- certificates are added as is - keys have been eyaml encrypted
2021-01-17Add Apache httpd TLS parametersJan Dittberner
2021-01-17Fix typo in allow_encoded_slashesJan Dittberner
2021-01-17Add Apache VirtualHost config for web.cacert.orgJan Dittberner
2021-01-09Add missing s to motions URL pathJan Dittberner
2021-01-09Fix redirection for old motion deeplinksJan Dittberner
2021-01-02Add internal IP address of Puppet server to ACLJan Dittberner
2020-08-22Add mirror.gruenehoelle.nl to debjenkins ACLJan Dittberner
2020-08-22Add get.jenkins.io to jenkins package mirror listJan Dittberner
2020-07-08Grant dinoex access to issueJan Dittberner
Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489. This commit will make sure that he can access the issue system.
2020-07-04Update extmon client certificateJan Dittberner
2020-07-04Update monitor client certificateJan Dittberner
2020-06-21Fix yamllint warnings for hiera dataJan Dittberner
2020-06-21Replace custom Python webhook with packaged webhookJan Dittberner
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
2020-06-06Fix Content-Security-Policy for community.cacert.orgJan Dittberner
2020-06-06Switch roundcube to x509cert_common with webmail certificateJan Dittberner
I issued a new server certificate for webmail.cacert.org with community.cacert.org as subject alternative name. This commit adds the new key and certificate and switches the certificate management to the profiles::x509cert_common module added for nginx on email before. The ssl_cipher parameter has been split to multiple lines for better readability. I kept the old certificate management statements to allow a smooth transition to the new files. If everything works with the new files I will add another commit to remove the old files from the system.
2020-06-06Add new profile nginx_revproxy and use it for emailJan Dittberner
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
2020-06-06Add new profile x509cert_commonJan Dittberner
This commit adds a new profile that takes care of putting X.509 server certificates as well as their private keys and certificates at a common location. The hiera data for the email host have been adapted for this new profile which will be used by a new profile for managing nginx based reverse proxies.
2020-06-05Add vhost for community.cacert.org on webstaticJan Dittberner
This VirtualHost definition will be proxied from email.cacert.org that will terminate the TLS connection too. A git hook for publishing the content of the https://git.cacert.org/cacert-community-website.git repository will be added.
2020-06-04Add new parameters for cacert-selfservice 0.2.0Jan Dittberner
2020-05-17Add git container to PuppetJan Dittberner
2020-05-15Add ACL to allow nginx packages for wikiJan Dittberner
- add ACL debnginx for packages.nginx.org - add ACL wiki for wiki source IP addresses - add ACL to allow access from wiki to debnginx - sort ACLs
2020-05-13Add Apache configuration for community containerJan Dittberner
2020-04-30Add role and hiera data for wikiJan Dittberner
2020-04-29Remove wytze from blog adminsJan Dittberner
2020-04-29Define puppet configuration for blogJan Dittberner
- add new role blog - define account information for dirk and law
2020-03-29Add dirk@cacert.org to icingaweb2 adminsJan Dittberner
2020-03-22Add dirk to community sudo groupJan Dittberner
2019-08-18Define mail host for selfservice API as email.cacert.orgJan Dittberner
2019-08-17Syntax and template fixes for selfservice APIJan Dittberner
2019-08-17Add configuration for selfservice APIJan Dittberner
2019-08-17Forward https traffic for selfserviceJan Dittberner