summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
AgeCommit message (Collapse)Author
4 daysManage ssh configurationJan Dittberner
- tighten sshd configuration and manage it - fix puppet-lint warnings
2020-06-21Replace custom Python webhook with packaged webhookJan Dittberner
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
2020-06-06Add proxy headers for name based virtual hostingJan Dittberner
2020-06-06Fix variable name in virtual host templateJan Dittberner
2020-06-06Fix template file nameJan Dittberner
The puppet template function expects templates to be named *.epp. This commit fixes this by renaming the template and using the .epp name explicitly.
2020-06-06Fix puppet parser, epp and puppet-lint issuesJan Dittberner
2020-06-06Add new profile nginx_revproxy and use it for emailJan Dittberner
This commit adds a new profile nginx_revproxy to setup an nginx based reverse proxy. The commit contains configuration for such a proxy to forward traffic for community.cacert.org to the http virtual host on the webstatic system. It also contains custom nginx configuration to enable the redirects from old URLs to the motion and selfservice systems. The profile includes x509cert_common to install the certificate and private key required for the community.cacert.org virtual host. The new profile is assigned to email via the email role.
2020-06-04Fix missing placeholder in templateJan Dittberner
2020-06-04Add new parameter for cacert-selfservice-api 0.3.0Jan Dittberner
2020-06-04Add new parameters for cacert-selfservice 0.2.0Jan Dittberner
2020-05-13Incorporate changes to the community RoundCubeJan Dittberner
- add dovecot_impersonate and twofactor_gauthenticator plugins - ensure that email.cacert.org is setup in /etc/hosts with its internal IP address - add certificate validation for smtp and imap
2019-08-18Add database configuration for roundcubeJan Dittberner
2019-08-17Fix template issueJan Dittberner
2019-08-17Syntax and template fixes for selfservice APIJan Dittberner
2019-08-17Add configuration for selfservice APIJan Dittberner
2019-08-17Fix line endings in configuration templateJan Dittberner
2019-08-17Add configuration for the community self serviceJan Dittberner
2019-08-16Configure Roundcube on communityJan Dittberner
- add clientcert_authentication plugin from internal repository - configure managesieve and clientcert_authentication plugins
2019-08-13Use Squid's include mechanismJan Dittberner
Squid provides an include mechanism now. Use this instead of managing the whole squid configuration file.
2019-08-13Incorporate rsyslog.conf changes from BusterJan Dittberner
2019-08-04Let cacert-boardvoting listen on all protocolsJan Dittberner
2019-08-04Setup automatic updates of icinga2/conf.d from gitJan Dittberner
* add git hook for icinga2 on monitor
2019-08-02Setup cacert-boardvoting configuration on motionJan Dittberner
- write config file - add certificate and private key for TLS - add trusted certificate - start cacert-boardvoting service
2019-08-02Trash the mini-dinstall setupJan Dittberner
I decided to replace mini-dinstall with a reprepro based setup to have support the modern Debian repository format.
2019-08-01Move template to the correct directoryJan Dittberner
2019-08-01Setup mini-dinstall under debarchive userJan Dittberner
2019-07-21Fix path to CA certificateJan Dittberner
2019-07-21Do not manage constants.confJan Dittberner
Let icinga2 node setup handle constants.conf, add global zone definitions to zones.conf.epp and remove explicit zone and cn parameters to node setup on master.
2019-07-21Add master key and certificatesJan Dittberner
icinga2 node setup on agents requires the master certificate, the CA certificate is not sufficient.
2019-07-21Prepare icinga2_agent installation on puppetJan Dittberner
2019-07-21Do not manage API listener configJan Dittberner
2019-07-21Remove unused ido_* parametersJan Dittberner
2019-07-21Let dbconfig-common take care of the ido databaseJan Dittberner
2019-07-21Rework of icinga2 master setupJan Dittberner
- replace debconf calls with preseed config for icinga2-ido-pgsql package - remove host key and certificate from monitor (these will be setup later) - disable icinga2_agent installation on puppet
2019-07-20Fix syntax issues in agent setup scriptJan Dittberner
2019-07-20Add missing json parsing in agent setup scriptJan Dittberner
2019-07-20Qualify paths in scriptsJan Dittberner
2019-07-20Add icinga2_agent node setup scriptJan Dittberner
- generate /var/lib/icinga2/setup_agent.sh from template - execute script if setup has not been run before
2019-07-20Manage apt sources with apt moduleJan Dittberner
2019-07-19Fix hiera data and used fact for IP addressJan Dittberner
2019-07-19Add missing quotation sign in templateJan Dittberner
2019-07-19Fix template syntax errorJan Dittberner
2019-07-19Rename EPP templates to end with .eppJan Dittberner
2019-07-19Fix data type description for Icinga2 API user listJan Dittberner
2019-07-19Add Icinga2 master configuration filesJan Dittberner
2019-07-15Switch to Puppet 6Jan Dittberner
2019-02-17Add updates to sources.listJan Dittberner
2018-04-15Fix execution format error in update-crls jobJan Dittberner
2018-04-15Only setup CRL cron job if neededJan Dittberner
The CRL job is only needed if client certificates have to be verified. This commit adds parameters to the base profile to take care of conditional installation of the update-crls job and customizes the job based on a configurable list of services that need to be reloaded after CRL updates.
2018-04-14Add proper logging to git-pull-hookJan Dittberner