Peter Palfrader [Thu, 2 Sep 2010 15:05:37 +0000 (17:05 +0200)]
Revert "We use "keyinfo" in all kinda of places. Rename it to something more generic"
This reverts commit
d7475f90c56697e9589e1386ced135498df68c81.
Peter Palfrader [Thu, 2 Sep 2010 15:05:34 +0000 (17:05 +0200)]
Revert "We use "keyinfo" in all kinda of places. Rename it to something more generic, II"
This reverts commit
e6859bc74154e89b4996313992cc58c1f002be5e.
Peter Palfrader [Thu, 2 Sep 2010 15:01:14 +0000 (17:01 +0200)]
We use "keyinfo" in all kinda of places. Rename it to something more generic, II
Peter Palfrader [Thu, 2 Sep 2010 14:59:44 +0000 (16:59 +0200)]
We use "keyinfo" in all kinda of places. Rename it to something more generic
Peter Palfrader [Thu, 2 Sep 2010 14:48:43 +0000 (16:48 +0200)]
Slightly modify ldapinfo, let's see what blows up
Peter Palfrader [Thu, 2 Sep 2010 14:25:36 +0000 (16:25 +0200)]
A reordering that should not matter
Peter Palfrader [Thu, 2 Sep 2010 14:05:21 +0000 (16:05 +0200)]
No point in giving albeniz and goetz a local ntp server too - they are too broken to keep proper time anyway
Stephen Gran [Tue, 31 Aug 2010 07:30:09 +0000 (08:30 +0100)]
fix whitelist macro
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Tue, 31 Aug 2010 00:31:59 +0000 (01:31 +0100)]
this should make whitelist, greylist and callout work as expected for virtual domains
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Mon, 30 Aug 2010 07:11:56 +0000 (09:11 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Joerg Jaspert [Sun, 29 Aug 2010 22:20:32 +0000 (00:20 +0200)]
Add njabl.org list for a set of addresses
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Joerg Jaspert [Sun, 29 Aug 2010 22:19:12 +0000 (00:19 +0200)]
Remove dsbl.org, its dead
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Stephen Gran [Fri, 27 Aug 2010 08:28:06 +0000 (09:28 +0100)]
ries not a recursor
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 27 Aug 2010 07:40:10 +0000 (08:40 +0100)]
Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Stephen Gran [Fri, 27 Aug 2010 07:40:03 +0000 (08:40 +0100)]
ries no longer heavy exim
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Thu, 26 Aug 2010 23:04:01 +0000 (01:04 +0200)]
Revert "Revert "byebye ries""
This reverts commit
92457b979065ae6bd02ddde3f001db2cb7f74b43.
Martin Zobel-Helas [Thu, 26 Aug 2010 22:55:50 +0000 (00:55 +0200)]
Revert "byebye ries"
This reverts commit
6218c7c72655ea8a332fc634727efc3188d5502b.
Martin Zobel-Helas [Thu, 26 Aug 2010 22:10:54 +0000 (00:10 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Martin Zobel-Helas [Thu, 26 Aug 2010 22:10:37 +0000 (00:10 +0200)]
byebye ries
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 25 Aug 2010 09:35:08 +0000 (11:35 +0200)]
Try adding more stuff to the motd
Peter Palfrader [Tue, 24 Aug 2010 12:31:08 +0000 (14:31 +0200)]
Do not prevent paganini from getting updated firewall configs
Peter Palfrader [Tue, 24 Aug 2010 11:05:13 +0000 (13:05 +0200)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
no more puccini here
bye bye byrd(ie)
make http_limit opt-in rather than out
actually reload ferm when the Ferm::Rules change
only add limit rules where they are going to be used
Peter Palfrader [Tue, 24 Aug 2010 11:04:57 +0000 (13:04 +0200)]
allow enclosure check on franck
Stephen Gran [Mon, 23 Aug 2010 09:04:37 +0000 (10:04 +0100)]
no more puccini here
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 18 Aug 2010 22:13:24 +0000 (23:13 +0100)]
bye bye byrd(ie)
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 18 Aug 2010 21:50:31 +0000 (22:50 +0100)]
make http_limit opt-in rather than out
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 18 Aug 2010 21:46:03 +0000 (22:46 +0100)]
actually reload ferm when the Ferm::Rules change
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 18 Aug 2010 21:29:51 +0000 (22:29 +0100)]
Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Stephen Gran [Wed, 18 Aug 2010 21:29:34 +0000 (22:29 +0100)]
only add limit rules where they are going to be used
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 16 Aug 2010 10:29:20 +0000 (12:29 +0200)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
slow down some more search spiders
move all files to explicit new-style module/ paths
and apache module
convert exim module to new syntax - why it needs to change, I don't know
these settings seem to break samhain on wolkenstein - how odd
ignore bind stuff on geo servers as well
libdns66 can be ignored as well - pesky sonames
The geo's no longer have a local geoip set of packages
Peter Palfrader [Mon, 16 Aug 2010 10:29:09 +0000 (12:29 +0200)]
varnish for snapshot on stabile
Stephen Gran [Mon, 16 Aug 2010 07:12:10 +0000 (08:12 +0100)]
slow down some more search spiders
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Aug 2010 15:45:39 +0000 (16:45 +0100)]
move all files to explicit new-style module/ paths
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Aug 2010 15:36:34 +0000 (16:36 +0100)]
and apache module
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Aug 2010 15:34:34 +0000 (15:34 +0000)]
convert exim module to new syntax - why it needs to change, I don't know
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Aug 2010 11:41:16 +0000 (12:41 +0100)]
these settings seem to break samhain on wolkenstein - how odd
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 14 Aug 2010 13:12:41 +0000 (14:12 +0100)]
ignore bind stuff on geo servers as well
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 14 Aug 2010 12:35:00 +0000 (13:35 +0100)]
libdns66 can be ignored as well - pesky sonames
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 14 Aug 2010 12:34:25 +0000 (13:34 +0100)]
The geo's no longer have a local geoip set of packages
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sat, 14 Aug 2010 11:01:22 +0000 (13:01 +0200)]
Add 2607:f8f0:0610:4000::/64 reverse zone
Peter Palfrader [Fri, 13 Aug 2010 20:29:14 +0000 (22:29 +0200)]
copy/paste error
Peter Palfrader [Fri, 13 Aug 2010 20:27:54 +0000 (22:27 +0200)]
names must be unique
Peter Palfrader [Fri, 13 Aug 2010 20:27:30 +0000 (22:27 +0200)]
syntax
Peter Palfrader [Fri, 13 Aug 2010 20:27:03 +0000 (22:27 +0200)]
Try some nat/redirect magic on sibelius
Peter Palfrader [Fri, 13 Aug 2010 20:16:00 +0000 (22:16 +0200)]
ferm: support more than just the filter table
Martin Zobel-Helas [Thu, 12 Aug 2010 20:03:32 +0000 (22:03 +0200)]
typo?
Martin Zobel-Helas [Thu, 12 Aug 2010 20:02:01 +0000 (22:02 +0200)]
add cilea
Martin Zobel-Helas [Thu, 12 Aug 2010 16:30:42 +0000 (18:30 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Martin Zobel-Helas [Thu, 12 Aug 2010 16:30:17 +0000 (18:30 +0200)]
remove purcell
Peter Palfrader [Tue, 10 Aug 2010 18:25:31 +0000 (20:25 +0200)]
the dl585 hosts have their smartarray in slot9
Peter Palfrader [Tue, 10 Aug 2010 18:16:48 +0000 (20:16 +0200)]
add contrib and non-free to sources.list
Peter Palfrader [Tue, 10 Aug 2010 18:03:26 +0000 (20:03 +0200)]
Dedication and mailroute for rossini, salieri, traetta
Peter Palfrader [Tue, 10 Aug 2010 15:38:39 +0000 (17:38 +0200)]
nagios also gets to contact mail and munin on freebsd hosts
Peter Palfrader [Tue, 10 Aug 2010 15:35:10 +0000 (17:35 +0200)]
tidy up http related ferm rules
Peter Palfrader [Tue, 10 Aug 2010 15:29:37 +0000 (17:29 +0200)]
Try to tidy up forward ferm rules
Peter Palfrader [Tue, 10 Aug 2010 15:27:00 +0000 (17:27 +0200)]
ferm on rautavaara
Peter Palfrader [Tue, 10 Aug 2010 15:25:24 +0000 (17:25 +0200)]
nagios gets to port 22 on freebsd hosts
Peter Palfrader [Tue, 10 Aug 2010 15:23:13 +0000 (17:23 +0200)]
Different quote chars, II
Peter Palfrader [Tue, 10 Aug 2010 15:21:07 +0000 (17:21 +0200)]
Different quote chars
Peter Palfrader [Tue, 10 Aug 2010 15:19:20 +0000 (17:19 +0200)]
Try to limit forward
Peter Palfrader [Tue, 10 Aug 2010 15:08:56 +0000 (17:08 +0200)]
ferm on luchesi
Peter Palfrader [Tue, 10 Aug 2010 14:20:06 +0000 (16:20 +0200)]
Add kibi and aurel ssh client hosts for freebsd
Stephen Gran [Fri, 6 Aug 2010 16:27:10 +0000 (17:27 +0100)]
add master to carnet hosts
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Thu, 5 Aug 2010 13:32:38 +0000 (15:32 +0200)]
remove non-existing hosts
Martin Zobel-Helas [Thu, 5 Aug 2010 12:17:59 +0000 (14:17 +0200)]
try if we can have hightraffic rules
Peter Palfrader [Wed, 4 Aug 2010 23:23:42 +0000 (01:23 +0200)]
sudoers: update archvsync->snapshot triggers
Peter Palfrader [Sun, 1 Aug 2010 17:34:01 +0000 (19:34 +0200)]
krenek/vitry are buildds for archive rebuilds
Peter Palfrader [Fri, 30 Jul 2010 21:38:51 +0000 (23:38 +0200)]
alain, alwyn, antheil, arna are buildds
Peter Palfrader [Fri, 30 Jul 2010 16:35:52 +0000 (18:35 +0200)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
sibelius gets ferm
Peter Palfrader [Fri, 30 Jul 2010 16:18:15 +0000 (18:18 +0200)]
porter sudo for abel
Stephen Gran [Fri, 30 Jul 2010 08:09:06 +0000 (09:09 +0100)]
sibelius gets ferm
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 29 Jul 2010 19:12:54 +0000 (21:12 +0200)]
Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet
* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
make the range slightly more readable
maybe that works better with correct syntax
ensure correct path permissions, so nagios can read from it
Peter Palfrader [Thu, 29 Jul 2010 19:12:46 +0000 (21:12 +0200)]
etc/motd dedication fu works better if one spells the name right
Stephen Gran [Thu, 29 Jul 2010 08:23:58 +0000 (09:23 +0100)]
make the range slightly more readable
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Wed, 28 Jul 2010 20:52:30 +0000 (22:52 +0200)]
maybe that works better with correct syntax
Martin Zobel-Helas [Wed, 28 Jul 2010 20:42:32 +0000 (22:42 +0200)]
Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Martin Zobel-Helas [Wed, 28 Jul 2010 20:41:41 +0000 (22:41 +0200)]
ensure correct path permissions, so nagios can read from it
Peter Palfrader [Wed, 28 Jul 2010 11:45:14 +0000 (13:45 +0200)]
Add arm machines to smarthost
Peter Palfrader [Wed, 28 Jul 2010 11:44:33 +0000 (13:44 +0200)]
Add dedications
Peter Palfrader [Wed, 28 Jul 2010 11:14:13 +0000 (13:14 +0200)]
Try something for syslog fu, IV
Peter Palfrader [Wed, 28 Jul 2010 11:12:52 +0000 (13:12 +0200)]
Try something for syslog fu, III
Peter Palfrader [Wed, 28 Jul 2010 09:31:21 +0000 (11:31 +0200)]
Try something for syslog fu, II
Peter Palfrader [Wed, 28 Jul 2010 09:29:11 +0000 (11:29 +0200)]
Try something for syslog fu
Stephen Gran [Wed, 28 Jul 2010 08:13:57 +0000 (09:13 +0100)]
merikanto gets a firewall
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 28 Jul 2010 08:09:32 +0000 (09:09 +0100)]
now that nfs ports are locked down we no longer need this
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 28 Jul 2010 08:00:52 +0000 (09:00 +0100)]
beethoven is an nfs server
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 28 Jul 2010 07:56:40 +0000 (08:56 +0100)]
Change security's sudo entries
https://rt.debian.org/Ticket/Display.html?id=2420
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 27 Jul 2010 20:45:37 +0000 (22:45 +0200)]
security-master does rsync too..
Stephen Gran [Tue, 27 Jul 2010 09:29:05 +0000 (10:29 +0100)]
stabile seems to have rsync
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Tue, 27 Jul 2010 09:14:12 +0000 (10:14 +0100)]
ravel has rsync
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Tue, 27 Jul 2010 08:01:43 +0000 (09:01 +0100)]
copy and waste error
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Tue, 27 Jul 2010 08:00:39 +0000 (09:00 +0100)]
Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Stephen Gran [Tue, 27 Jul 2010 08:00:33 +0000 (09:00 +0100)]
put nfs-server in main manifest
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Tue, 27 Jul 2010 07:59:23 +0000 (08:59 +0100)]
Add nfs-server module. Still needs menu.lst modification manually for
moduleless kernels.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 27 Jul 2010 07:57:58 +0000 (09:57 +0200)]
%fossy to fossy ALL on vivaldi
Stephen Gran [Tue, 27 Jul 2010 07:45:26 +0000 (08:45 +0100)]
Merge branch 'master' of ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
Stephen Gran [Tue, 27 Jul 2010 07:44:55 +0000 (08:44 +0100)]
spohr has nfs that is able to be firewalled now
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 26 Jul 2010 23:49:09 +0000 (01:49 +0200)]
the fossy group may run /etc/init.d/fossology as root on vivaldi
Stephen Gran [Mon, 26 Jul 2010 20:20:01 +0000 (21:20 +0100)]
allow paganini to serve dhcp and tftp
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 26 Jul 2010 11:08:39 +0000 (12:08 +0100)]
samosa gets udd-stunnel
Signed-off-by: Stephen Gran <steve@lobefin.net>