summaryrefslogtreecommitdiff
path: root/hieradata
AgeCommit message (Collapse)Author
2021-10-31Merge branch 'master' into trainingJan Dittberner
* master: (97 commits) Add ftp.belnet.be Jenkins mirror, remove sun1 rule Allow sun1 access to Debian mirrors Remove ledgersmb Fix user name in hier data Gnupg is now an implicit dependency of the apt module Add role, profile and node config for ledgersmb Add role, profile and node config for pgsql Add user for Wacłav Schiller Move http proxy_pass into location block Move nginx http config to template Remove misleading comment in sniproxy template Fix parameter passing Use correct data types Implement http redirect/proxy support for sniproxy Add host ingress03 Lower critical value for next_update to 60 minutes Switch CRL check to seconds for proper perf data Add cacert_crl CheckCommand definition Do not install monitoring-plugins-contrib on stretch hosts Add check plugin for checking CRL updates ...
2021-09-19Add ftp.belnet.be Jenkins mirror, remove sun1 ruleJan Dittberner
The sun1 rule is not needed because localnet contains 172.16.0.0/12 ftp.belnet.be has been added to the Jenkins mirror network
2021-09-18Allow sun1 access to Debian mirrorsJan Dittberner
2021-09-07Remove ledgersmbJan Dittberner
2021-08-28Fix user name in hier dataJan Dittberner
2021-08-28Add role, profile and node config for ledgersmbJan Dittberner
2021-08-28Add role, profile and node config for pgsqlJan Dittberner
2021-08-28Add user for Wacłav SchillerJan Dittberner
2021-08-15Fix parameter passingJan Dittberner
2021-08-15Implement http redirect/proxy support for sniproxyJan Dittberner
2021-08-11Add host ingress03Jan Dittberner
2021-08-01Add Icinga2 CA tickets for mariadb and nextcloudJan Dittberner
2021-08-01Add configuration stubs for mariadb and nextcloudJan Dittberner
- Add Sascha Ternes as sat - Add roles and profiles for nextcloud and mariadb - Add basic node configuration in hieradata
2021-07-17Use renewed certificatesJan Dittberner
2021-06-19Use infra02 as DNS resolver for infra03Jan Dittberner
Infra02 has information about all infrastructure hosts and can resolve names like puppet, proxyout, emailout. This commit changes the DNS resolver of infra03 to use infra02.
2021-05-24Add profile for LXC host for infra03Jan Dittberner
Setup ntp, dnsmasq and resolv.conf for LXC hosting
2021-05-14Rename hiera data file to .yamlJan Dittberner
Hiera doesn't look for .yml
2021-05-14Add base setup for infra03Jan Dittberner
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-29Manage svn Apache configurationJan Dittberner
This commit transforms the Apache httpd configuration on svn to the puppetlabs Apache module. Certificates are managed by x509cert_common.
2021-04-25Add certificate and key in wiki Hiera dataJan Dittberner
2021-04-25Migrate wordpress profile to x509cert_commonJan Dittberner
* switch certificate management to x509cert_common * use templating for wordpress-ssl.conf * unify configuration of mantisbt on bugs with wordpress on blog
2021-04-25Fix typo in certificate nameJan Dittberner
2021-04-25Fix indentationJan Dittberner
2021-04-25Use x509cert_common for bugsJan Dittberner
2021-04-25Add client certificate CA support to x509cert_commonJan Dittberner
This is a refactoring to move support for client certificate CA chain definition to the x509cert_common manifest. The idea is that certificate chain management is centralized in that module. Community is the first system that is modified to use the new mechanism for the Roundcube webmail system at webmail.cacert.org.
2021-04-24Implement certificate management for blog.cacert.orgJan Dittberner
2021-04-24Implement certificate management for bugs.cacert.orgJan Dittberner
2021-04-22Replace class3 CA in motion server cert chainJan Dittberner
2021-04-22Use new class3 certificateJan Dittberner
This commit adds the new class3 certificate and configuration for - community - email - motion - ocsp checks - selfservice - web - webmail (roundcube)
2021-02-06Add other infrastructure webservers to sniproxyJan Dittberner
This is a preparation to conserve public IPv4 addresses. DNS changes will come later.
2021-02-06Switch over to nginxJan Dittberner
This commit removes sniproxy and switches its functionality over to nginx.
2021-02-06Setup nginx to server SNI tls on port 8443Jan Dittberner
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
2021-01-17Renew certificates for jenkins and fundingJan Dittberner
2021-01-17Add management of SSL certificatesJan Dittberner
- certificates are added as is - keys have been eyaml encrypted
2021-01-17Add Apache httpd TLS parametersJan Dittberner
2021-01-17Fix typo in allow_encoded_slashesJan Dittberner
2021-01-17Add Apache VirtualHost config for web.cacert.orgJan Dittberner
2021-01-09Add missing s to motions URL pathJan Dittberner
2021-01-09Fix redirection for old motion deeplinksJan Dittberner
2021-01-02Add internal IP address of Puppet server to ACLJan Dittberner
2020-08-22Add mirror.gruenehoelle.nl to debjenkins ACLJan Dittberner
2020-08-22Add get.jenkins.io to jenkins package mirror listJan Dittberner
2020-07-08Grant dinoex access to issueJan Dittberner
Dirk Meyer wants to work on https://bugs.cacert.org/view.php?id=1489. This commit will make sure that he can access the issue system.
2020-07-08Add the users for new infrastructure adminsJan Dittberner
This commit adds account information (names, uids, password hashes, ssh public keys) for new infrastructure admins: - Bruce Shuck - Dave van der Merwe - Dirk Meyer - Ed Kapitein - Hamish Gough Permissions to individual systems/containers will be granted on demand in separate commits.
2020-07-04Update extmon client certificateJan Dittberner
2020-07-04Update monitor client certificateJan Dittberner
2020-07-02Change password for Ed Kapiteined@kapitein.org
2020-07-02Change passwrd for Hamish GoughHamish Gough
2020-07-02Revert "Change password for Ed Kapitein"Jan Dittberner
This reverts commit ccbc02d3f60971e8c1205938f243be481a2059e9.