summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
AgeCommit message (Collapse)Author
2021-08-15Move http proxy_pass into location blockJan Dittberner
2021-08-15Move nginx http config to templateJan Dittberner
2021-08-15Remove misleading comment in sniproxy templateJan Dittberner
2021-08-15Fix parameter passingJan Dittberner
2021-08-15Use correct data typesJan Dittberner
2021-08-15Implement http redirect/proxy support for sniproxyJan Dittberner
2021-08-01Remove unwanted linebreaksJan Dittberner
2021-06-19Use infra02 as DNS resolver for infra03Jan Dittberner
Infra02 has information about all infrastructure hosts and can resolve names like puppet, proxyout, emailout. This commit changes the DNS resolver of infra03 to use infra02.
2021-05-24Add profile for LXC host for infra03Jan Dittberner
Setup ntp, dnsmasq and resolv.conf for LXC hosting
2021-05-08Use x509cert_common for cacert_boardvotingJan Dittberner
- add support for custom owner, group and mode for private key files managed by x509cert_common - use x509cert_common for cacert_boardvoting - remove key and certificate from old locations - add class1 (root) certificate to allowed client certificate roots for cacert_boardvoting
2021-04-29Manage svn Apache configurationJan Dittberner
This commit transforms the Apache httpd configuration on svn to the puppetlabs Apache module. Certificates are managed by x509cert_common.
2021-04-25Remove duplicate SSLCertificateFile directive for wikiJan Dittberner
2021-04-25Add certificate/apache httpd management for wikiJan Dittberner
2021-04-25Migrate wordpress profile to x509cert_commonJan Dittberner
* switch certificate management to x509cert_common * use templating for wordpress-ssl.conf * unify configuration of mantisbt on bugs with wordpress on blog
2021-04-25Move wordpress-ssl.conf to templatesJan Dittberner
2021-04-25Use x509cert_common for bugsJan Dittberner
2021-04-25Move mantis-ssl.conf to templatesJan Dittberner
2021-02-06Add IPv6 listener to the proxyin nginxJan Dittberner
2021-02-06Cleanup after switch from sniproxy to nginxJan Dittberner
2021-02-06Setup nginx to server SNI tls on port 8443Jan Dittberner
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
2021-01-23Manage ssh configurationJan Dittberner
- tighten sshd configuration and manage it - fix puppet-lint warnings
2020-06-21Replace custom Python webhook with packaged webhookJan Dittberner
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
2020-06-06Add proxy headers for name based virtual hostingJan Dittberner
2020-06-06Fix variable name in virtual host templateJan Dittberner
2020-06-06Fix template file nameJan Dittberner
The puppet template function expects templates to be named *.epp. This commit fixes this by renaming the template and using the .epp name explicitly.
2020-06-06Fix puppet parser, epp and puppet-lint issuesJan Dittberner
2020-06-06Add new profile nginx_revproxy and use it for emailJan Dittberner
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
2020-06-04Fix missing placeholder in templateJan Dittberner
2020-06-04Add new parameter for cacert-selfservice-api 0.3.0Jan Dittberner
2020-06-04Add new parameters for cacert-selfservice 0.2.0Jan Dittberner
2020-05-13Incorporate changes to the community RoundCubeJan Dittberner
- add dovecot_impersonate and twofactor_gauthenticator plugins - ensure that email.cacert.org is setup in /etc/hosts with its internal IP address - add certificate validation for smtp and imap
2019-08-18Add database configuration for roundcubeJan Dittberner
2019-08-17Fix template issueJan Dittberner
2019-08-17Syntax and template fixes for selfservice APIJan Dittberner
2019-08-17Add configuration for selfservice APIJan Dittberner
2019-08-17Fix line endings in configuration templateJan Dittberner
2019-08-17Add configuration for the community self serviceJan Dittberner
2019-08-16Configure Roundcube on communityJan Dittberner
- add clientcert_authentication plugin from internal repository - configure managesieve and clientcert_authentication plugins
2019-08-13Use Squid's include mechanismJan Dittberner
Squid provides an include mechanism now. Use this instead of managing the whole squid configuration file.
2019-08-13Incorporate rsyslog.conf changes from BusterJan Dittberner
2019-08-04Let cacert-boardvoting listen on all protocolsJan Dittberner
2019-08-04Setup automatic updates of icinga2/conf.d from gitJan Dittberner
* add git hook for icinga2 on monitor
2019-08-02Setup cacert-boardvoting configuration on motionJan Dittberner
- write config file - add certificate and private key for TLS - add trusted certificate - start cacert-boardvoting service
2019-08-02Trash the mini-dinstall setupJan Dittberner
I decided to replace mini-dinstall with a reprepro based setup to have support the modern Debian repository format.
2019-08-01Move template to the correct directoryJan Dittberner
2019-08-01Setup mini-dinstall under debarchive userJan Dittberner
2019-07-21Fix path to CA certificateJan Dittberner
2019-07-21Do not manage constants.confJan Dittberner
Let icinga2 node setup handle constants.conf, add global zone definitions to zones.conf.epp and remove explicit zone and cn parameters to node setup on master.
2019-07-21Add master key and certificatesJan Dittberner
icinga2 node setup on agents requires the master certificate, the CA certificate is not sufficient.
2019-07-21Prepare icinga2_agent installation on puppetJan Dittberner