cacert-puppet.git
3 months agoFix syntax errors and package dependency
Jan Dittberner [Fri, 16 Aug 2019 08:28:27 +0000 (10:28 +0200)] 
Fix syntax errors and package dependency

3 months agoConfigure Roundcube on community
Jan Dittberner [Fri, 16 Aug 2019 08:24:26 +0000 (10:24 +0200)] 
Configure Roundcube on community

- add clientcert_authentication plugin from internal repository
- configure managesieve and clientcert_authentication plugins

3 months agoAdd profile for roundcube and use it for community
Jan Dittberner [Thu, 15 Aug 2019 07:29:45 +0000 (09:29 +0200)] 
Add profile for roundcube and use it for community

3 months agoFix path to Squid conf.d directory
Jan Dittberner [Tue, 13 Aug 2019 12:02:01 +0000 (14:02 +0200)] 
Fix path to Squid conf.d directory

3 months agoUse Squid's include mechanism
Jan Dittberner [Tue, 13 Aug 2019 11:51:50 +0000 (13:51 +0200)] 
Use Squid's include mechanism

Squid provides an include mechanism now. Use this instead of managing
the whole squid configuration file.

3 months agoAdd missing slash
Jan Dittberner [Tue, 13 Aug 2019 10:19:07 +0000 (12:19 +0200)] 
Add missing slash

3 months agoDefine a postrun command for puppet runs
Jan Dittberner [Tue, 13 Aug 2019 10:17:48 +0000 (12:17 +0200)] 
Define a postrun command for puppet runs

3 months agoUninstall udev in lxc containers
Jan Dittberner [Tue, 13 Aug 2019 09:45:46 +0000 (11:45 +0200)] 
Uninstall udev in lxc containers

3 months agoInstall sniproxy from Buster
Jan Dittberner [Tue, 13 Aug 2019 08:32:50 +0000 (10:32 +0200)] 
Install sniproxy from Buster

3 months agoIncorporate rsyslog.conf changes from Buster
Jan Dittberner [Tue, 13 Aug 2019 05:53:41 +0000 (07:53 +0200)] 
Incorporate rsyslog.conf changes from Buster

3 months agoAdd base configuration for community
Jan Dittberner [Mon, 12 Aug 2019 21:57:59 +0000 (23:57 +0200)] 
Add base configuration for community

3 months agoUse correct service/package name
Jan Dittberner [Mon, 12 Aug 2019 20:19:07 +0000 (22:19 +0200)] 
Use correct service/package name

3 months agoInstall cacert_selfservice_api on email
Jan Dittberner [Mon, 12 Aug 2019 20:13:05 +0000 (22:13 +0200)] 
Install cacert_selfservice_api on email

3 months agoFix CA certificate filename
Jan Dittberner [Mon, 12 Aug 2019 19:42:46 +0000 (21:42 +0200)] 
Fix CA certificate filename

3 months agoAdd CAcert CA certificates
Jan Dittberner [Mon, 12 Aug 2019 19:37:19 +0000 (21:37 +0200)] 
Add CAcert CA certificates

3 months agoFix profile name
Jan Dittberner [Mon, 12 Aug 2019 19:29:57 +0000 (21:29 +0200)] 
Fix profile name

3 months agoMove CAcert repository setup to includeable profile
Jan Dittberner [Mon, 12 Aug 2019 19:27:56 +0000 (21:27 +0200)] 
Move CAcert repository setup to includeable profile

3 months agoAdd prodjenkinsreleases.blob.core.windows.net Jenkins mirror
Jan Dittberner [Mon, 12 Aug 2019 11:24:52 +0000 (13:24 +0200)] 
Add prodjenkinsreleases.blob.core.windows.net Jenkins mirror

3 months agoAdd pkg.jenkins.io to debjenkins ACL
Jan Dittberner [Mon, 12 Aug 2019 11:18:21 +0000 (13:18 +0200)] 
Add pkg.jenkins.io to debjenkins ACL

3 months agoSet release to empty string to avoid wrong interpolation
Jan Dittberner [Mon, 12 Aug 2019 11:16:48 +0000 (13:16 +0200)] 
Set release to empty string to avoid wrong interpolation

3 months agoSetup Jenkins repository on jenkins
Jan Dittberner [Mon, 12 Aug 2019 11:08:48 +0000 (13:08 +0200)] 
Setup Jenkins repository on jenkins

4 months agoAdd puppetlabs/translate that is needed by puppetlabs/apt
Jan Dittberner [Mon, 5 Aug 2019 19:11:57 +0000 (21:11 +0200)] 
Add puppetlabs/translate that is needed by puppetlabs/apt

4 months agoRename to .yaml to make hiera happy
Jan Dittberner [Mon, 5 Aug 2019 19:09:37 +0000 (21:09 +0200)] 
Rename to .yaml to make hiera happy

4 months agoFix role name
Jan Dittberner [Mon, 5 Aug 2019 19:03:46 +0000 (21:03 +0200)] 
Fix role name

4 months agoAdd basic puppet role for email
Jan Dittberner [Mon, 5 Aug 2019 19:00:26 +0000 (21:00 +0200)] 
Add basic puppet role for email

4 months agoLet cacert-boardvoting listen on all protocols
Jan Dittberner [Sun, 4 Aug 2019 21:51:22 +0000 (23:51 +0200)] 
Let cacert-boardvoting listen on all protocols

4 months agoSetup automatic updates of icinga2/conf.d from git
Jan Dittberner [Sun, 4 Aug 2019 21:35:10 +0000 (23:35 +0200)] 
Setup automatic updates of icinga2/conf.d from git

* add git hook for icinga2 on monitor

4 months agoMove icinga master API users to api.conf
Jan Dittberner [Sun, 4 Aug 2019 09:42:06 +0000 (11:42 +0200)] 
Move icinga master API users to api.conf

4 months agoInstall nagios-plugins-contrib on Icinga2 nodes
Jan Dittberner [Sun, 4 Aug 2019 08:25:15 +0000 (10:25 +0200)] 
Install nagios-plugins-contrib on Icinga2 nodes

The ssl_cert check command will be used to monitor local certificate
files and is provided in the nagios-plugins-contrib package.

4 months agoFix indentation of extmon hiera data
Jan Dittberner [Sun, 4 Aug 2019 07:44:05 +0000 (09:44 +0200)] 
Fix indentation of extmon hiera data

4 months agoEnsure parent directory for icinga2 certificates
Jan Dittberner [Sun, 4 Aug 2019 07:40:17 +0000 (09:40 +0200)] 
Ensure parent directory for icinga2 certificates

4 months agoAdd client certificates for monitoring
Jan Dittberner [Sun, 4 Aug 2019 07:37:48 +0000 (09:37 +0200)] 
Add client certificates for monitoring

- provide new profile profiles::icinga2_certificates
- add extmon_client on extmon
- add monitor_client on monitor

4 months agoSetup cacert-boardvoting configuration on motion
Jan Dittberner [Fri, 2 Aug 2019 18:19:14 +0000 (20:19 +0200)] 
Setup cacert-boardvoting configuration on motion

- write config file
- add certificate and private key for TLS
- add trusted certificate
- start cacert-boardvoting service

4 months agoUse http source, not a keyserver
Jan Dittberner [Fri, 2 Aug 2019 17:25:27 +0000 (19:25 +0200)] 
Use http source, not a keyserver

4 months agoAdd CAcert APT repository on motion
Jan Dittberner [Fri, 2 Aug 2019 17:22:53 +0000 (19:22 +0200)] 
Add CAcert APT repository on motion

4 months agoRemove old boardvoting attempt from motion
Jan Dittberner [Fri, 2 Aug 2019 17:12:35 +0000 (19:12 +0200)] 
Remove old boardvoting attempt from motion

4 months agoExport archive signing key as debarchive user
Jan Dittberner [Fri, 2 Aug 2019 16:53:41 +0000 (18:53 +0200)] 
Export archive signing key as debarchive user

4 months agoAdd Apache VirtualHost for package repository
Jan Dittberner [Fri, 2 Aug 2019 16:37:43 +0000 (18:37 +0200)] 
Add Apache VirtualHost for package repository

4 months agoSetup Apache httpd on webstatic
Jan Dittberner [Fri, 2 Aug 2019 16:19:45 +0000 (18:19 +0200)] 
Setup Apache httpd on webstatic

4 months agoAdd rssh add-shell command, fix dependency
Jan Dittberner [Fri, 2 Aug 2019 14:16:38 +0000 (16:16 +0200)] 
Add rssh add-shell command, fix dependency

4 months agoFix reprepro invocation
Jan Dittberner [Fri, 2 Aug 2019 14:08:39 +0000 (16:08 +0200)] 
Fix reprepro invocation

- fix inoticoming command line to work in foreground mode
- fix uploaders configuration that was missing a newline at the end

4 months agoFix service file
Jan Dittberner [Fri, 2 Aug 2019 14:00:55 +0000 (16:00 +0200)] 
Fix service file

- use absolute path in ExecStart
- fix WantedBy syntax

4 months agoFix dependency declaration for service
Jan Dittberner [Fri, 2 Aug 2019 13:59:10 +0000 (15:59 +0200)] 
Fix dependency declaration for service

4 months agoSetup inoticoming service and trusted keyring
Jan Dittberner [Fri, 2 Aug 2019 13:57:28 +0000 (15:57 +0200)] 
Setup inoticoming service and trusted keyring

4 months agoRename dist */cacert to *-cacert
Jan Dittberner [Fri, 2 Aug 2019 12:07:09 +0000 (14:07 +0200)] 
Rename dist */cacert to *-cacert

Rationale: sbuild does not allow */* as distribution name.

4 months agoRe-add key grip needed for private key
Jan Dittberner [Fri, 2 Aug 2019 08:27:01 +0000 (10:27 +0200)] 
Re-add key grip needed for private key

4 months agoRemove unused scripts directory
Jan Dittberner [Fri, 2 Aug 2019 08:20:15 +0000 (10:20 +0200)] 
Remove unused scripts directory

4 months agoUpdate trustdb to match signing key
Jan Dittberner [Fri, 2 Aug 2019 08:17:27 +0000 (10:17 +0200)] 
Update trustdb to match signing key

4 months agoRemove passphrase from signing key
Jan Dittberner [Fri, 2 Aug 2019 08:13:02 +0000 (10:13 +0200)] 
Remove passphrase from signing key

4 months agoFix ensure for concat
Jan Dittberner [Fri, 2 Aug 2019 07:24:42 +0000 (09:24 +0200)] 
Fix ensure for concat

4 months agoFix typo s/content::fragment/concat::fragment/
Jan Dittberner [Fri, 2 Aug 2019 07:23:42 +0000 (09:23 +0200)] 
Fix typo s/content::fragment/concat::fragment/

4 months agoFix syntax error in concat::fragment definitions
Jan Dittberner [Fri, 2 Aug 2019 07:22:23 +0000 (09:22 +0200)] 
Fix syntax error in concat::fragment definitions

4 months agoDefine reprepro distributions
Jan Dittberner [Fri, 2 Aug 2019 07:21:12 +0000 (09:21 +0200)] 
Define reprepro distributions

4 months agoFix variable interpolation
Jan Dittberner [Fri, 2 Aug 2019 06:45:26 +0000 (08:45 +0200)] 
Fix variable interpolation

4 months agoRemove duplicate package definition
Jan Dittberner [Fri, 2 Aug 2019 06:44:13 +0000 (08:44 +0200)] 
Remove duplicate package definition

4 months agoUse variables for paths, install reprepro
Jan Dittberner [Fri, 2 Aug 2019 06:37:48 +0000 (08:37 +0200)] 
Use variables for paths, install reprepro

4 months agoClean /etc/passwd in upload chroot
Jan Dittberner [Fri, 2 Aug 2019 06:10:54 +0000 (08:10 +0200)] 
Clean /etc/passwd in upload chroot

4 months agoManage chroot for debarchive uploads
Jan Dittberner [Fri, 2 Aug 2019 06:00:26 +0000 (08:00 +0200)] 
Manage chroot for debarchive uploads

4 months agoUse double quotes to allow newline
Jan Dittberner [Fri, 2 Aug 2019 05:24:00 +0000 (07:24 +0200)] 
Use double quotes to allow newline

4 months agoFix rssh line syntax
Jan Dittberner [Fri, 2 Aug 2019 05:22:04 +0000 (07:22 +0200)] 
Fix rssh line syntax

4 months agoFix source path for rssh.global.conf
Jan Dittberner [Fri, 2 Aug 2019 05:18:48 +0000 (07:18 +0200)] 
Fix source path for rssh.global.conf

4 months agoSetup rssh to restrict uploads to sftp and scp
Jan Dittberner [Fri, 2 Aug 2019 05:16:08 +0000 (07:16 +0200)] 
Setup rssh to restrict uploads to sftp and scp

4 months agoTrash the mini-dinstall setup
Jan Dittberner [Fri, 2 Aug 2019 04:43:49 +0000 (06:43 +0200)] 
Trash the mini-dinstall setup

I decided to replace mini-dinstall with a reprepro based setup to have
support the modern Debian repository format.

4 months agoLet debarchive run in its own directory
Jan Dittberner [Thu, 1 Aug 2019 20:42:50 +0000 (22:42 +0200)] 
Let debarchive run in its own directory

You need to use a bind mount in /etc/fstab

/srv/debarchive/archive/mini-dinstall/incoming /srv/upload/incoming - bind 0 0

4 months agoFix typo
Jan Dittberner [Thu, 1 Aug 2019 20:10:23 +0000 (22:10 +0200)] 
Fix typo

4 months agoFix dependency declaration for debarchive service
Jan Dittberner [Thu, 1 Aug 2019 20:09:06 +0000 (22:09 +0200)] 
Fix dependency declaration for debarchive service

4 months agoAdd intermediate directory /srv/upload
Jan Dittberner [Thu, 1 Aug 2019 20:07:49 +0000 (22:07 +0200)] 
Add intermediate directory /srv/upload

4 months agoMove uploads to /srv/upload/incoming
Jan Dittberner [Thu, 1 Aug 2019 20:06:04 +0000 (22:06 +0200)] 
Move uploads to /srv/upload/incoming

To make this setup work you should have the following in
/etc/ssh/sshd_config:

  Match User debarchive
      ForceCommand internal-sftp
      ChrootDirectory /srv/upload
      AllowTcpForwarding no

4 months agoMove template to the correct directory
Jan Dittberner [Thu, 1 Aug 2019 19:48:50 +0000 (21:48 +0200)] 
Move template to the correct directory

4 months agoSetup mini-dinstall under debarchive user
Jan Dittberner [Thu, 1 Aug 2019 19:46:50 +0000 (21:46 +0200)] 
Setup mini-dinstall under debarchive user

4 months agoUse gid instead of non-existing group
Jan Dittberner [Thu, 1 Aug 2019 13:50:47 +0000 (15:50 +0200)] 
Use gid instead of non-existing group

4 months agoAdd new profile debarchive for webstatic
Jan Dittberner [Thu, 1 Aug 2019 13:47:54 +0000 (15:47 +0200)] 
Add new profile debarchive for webstatic

4 months agoRe-enable mail alias handling
Jan Dittberner [Tue, 30 Jul 2019 10:24:03 +0000 (12:24 +0200)] 
Re-enable mail alias handling

A fix for https://github.com/puppetlabs/puppet/pull/7632 came with
Puppet 6.7.1.

4 months agoApply base profile to extmon
Jan Dittberner [Tue, 30 Jul 2019 10:17:04 +0000 (12:17 +0200)] 
Apply base profile to extmon

4 months agoFix class name
Jan Dittberner [Tue, 30 Jul 2019 10:07:31 +0000 (12:07 +0200)] 
Fix class name

4 months agoAdd external monitoring host role and config
Jan Dittberner [Tue, 30 Jul 2019 10:04:31 +0000 (12:04 +0200)] 
Add external monitoring host role and config

4 months agoPurge nrpe_agent from icinga2 agent nodes
Jan Dittberner [Mon, 29 Jul 2019 14:35:09 +0000 (16:35 +0200)] 
Purge nrpe_agent from icinga2 agent nodes

4 months agoRemove arbitration from sniproxy
Jan Dittberner [Mon, 29 Jul 2019 11:29:54 +0000 (13:29 +0200)] 
Remove arbitration from sniproxy

4 months agoEnable icinga2 agent on test3
Jan Dittberner [Mon, 29 Jul 2019 09:57:34 +0000 (11:57 +0200)] 
Enable icinga2 agent on test3

4 months agoEnable icinga2 agent on webstatic
Jan Dittberner [Mon, 29 Jul 2019 09:53:30 +0000 (11:53 +0200)] 
Enable icinga2 agent on webstatic

4 months agoEnable icinga2 agent on translations
Jan Dittberner [Mon, 29 Jul 2019 09:47:32 +0000 (11:47 +0200)] 
Enable icinga2 agent on translations

4 months agoEnable icinga2 agent on svn
Jan Dittberner [Mon, 29 Jul 2019 09:44:57 +0000 (11:44 +0200)] 
Enable icinga2 agent on svn

4 months agoEnable icinga2 agent on proxyout
Jan Dittberner [Mon, 29 Jul 2019 09:41:31 +0000 (11:41 +0200)] 
Enable icinga2 agent on proxyout

4 months agoEnable icinga2 agent on proxyin
Jan Dittberner [Mon, 29 Jul 2019 09:36:48 +0000 (11:36 +0200)] 
Enable icinga2 agent on proxyin

4 months agoAdd apt.puppet.com to debpuppet ACL
Jan Dittberner [Sun, 28 Jul 2019 22:01:54 +0000 (00:01 +0200)] 
Add apt.puppet.com to debpuppet ACL

4 months agoFix Apt::Update order for icinga2 packages
Jan Dittberner [Sun, 28 Jul 2019 20:30:14 +0000 (22:30 +0200)] 
Fix Apt::Update order for icinga2 packages

4 months agoAdd icinga2 agent on Jenkins
Jan Dittberner [Sun, 28 Jul 2019 17:50:08 +0000 (19:50 +0200)] 
Add icinga2 agent on Jenkins

4 months agoTry to improve icinga agent profile
Jan Dittberner [Sun, 28 Jul 2019 17:48:59 +0000 (19:48 +0200)] 
Try to improve icinga agent profile

Enforce order of master certificate installation to avoid issues with
certificate enrollment during API activation.

4 months agoAdd Icinga2 agent on ircserver
Jan Dittberner [Sun, 28 Jul 2019 17:10:13 +0000 (19:10 +0200)] 
Add Icinga2 agent on ircserver

4 months agoSetup icinga2 agent on web
Jan Dittberner [Sun, 28 Jul 2019 13:24:14 +0000 (15:24 +0200)] 
Setup icinga2 agent on web

4 months agoAllow access to wordpress domains from blog
Jan Dittberner [Sun, 28 Jul 2019 11:55:21 +0000 (13:55 +0200)] 
Allow access to wordpress domains from blog

4 months agoAdd icinga2_agent on bugs
Jan Dittberner [Wed, 24 Jul 2019 22:11:12 +0000 (00:11 +0200)] 
Add icinga2_agent on bugs

4 months agoAssign correct role to issue
Jan Dittberner [Wed, 24 Jul 2019 21:48:18 +0000 (23:48 +0200)] 
Assign correct role to issue

4 months agoAdd icinga2_agent to issue
Jan Dittberner [Wed, 24 Jul 2019 21:42:57 +0000 (23:42 +0200)] 
Add icinga2_agent to issue

4 months agoUpdate copyright years
Jan Dittberner [Wed, 24 Jul 2019 21:42:51 +0000 (23:42 +0200)] 
Update copyright years

4 months agoInstall icinga2 agent on emailout
Jan Dittberner [Wed, 24 Jul 2019 21:14:01 +0000 (23:14 +0200)] 
Install icinga2 agent on emailout

4 months agoDisable mailalias handling due to Puppet regression
Jan Dittberner [Wed, 24 Jul 2019 21:13:07 +0000 (23:13 +0200)] 
Disable mailalias handling due to Puppet regression

4 months agoEnable icinga2 notifications
Jan Dittberner [Wed, 24 Jul 2019 20:57:00 +0000 (22:57 +0200)] 
Enable icinga2 notifications

4 months agoUse correct ticket for motion.infra.cacert.org
Jan Dittberner [Tue, 23 Jul 2019 20:01:18 +0000 (22:01 +0200)] 
Use correct ticket for motion.infra.cacert.org

4 months agoAdd icinga2 agent on motion
Jan Dittberner [Tue, 23 Jul 2019 19:57:35 +0000 (21:57 +0200)] 
Add icinga2 agent on motion