mirror/dsa-puppet.git
9 years agosystem shutdown check with systemd
Peter Palfrader [Wed, 11 Feb 2015 13:22:00 +0000 (14:22 +0100)]
system shutdown check with systemd

9 years agoDrop no longer in use office network
Tollef Fog Heen [Wed, 11 Feb 2015 12:51:18 +0000 (13:51 +0100)]
Drop no longer in use office network

9 years agoReplace a tab with spaces in python code
Peter Palfrader [Tue, 10 Feb 2015 10:38:40 +0000 (11:38 +0100)]
Replace a tab with spaces in python code

9 years agoKill evil spaces
Peter Palfrader [Tue, 10 Feb 2015 10:38:20 +0000 (11:38 +0100)]
Kill evil spaces

9 years agoMake ud-replicated depend on syslog.service
Peter Palfrader [Mon, 9 Feb 2015 18:22:01 +0000 (19:22 +0100)]
Make ud-replicated depend on syslog.service

9 years agomake dsa-check-libs +x
Peter Palfrader [Mon, 9 Feb 2015 12:01:14 +0000 (13:01 +0100)]
make dsa-check-libs +x

9 years agoFix path
Peter Palfrader [Mon, 9 Feb 2015 09:30:18 +0000 (10:30 +0100)]
Fix path

9 years agoShip dsa-check-libs via puppet for now
Peter Palfrader [Mon, 9 Feb 2015 09:28:16 +0000 (10:28 +0100)]
Ship dsa-check-libs via puppet for now

9 years agoapache 2.4 config for default vhost
Peter Palfrader [Sun, 8 Feb 2015 13:01:55 +0000 (14:01 +0100)]
apache 2.4 config for default vhost

9 years agorossini out of ekey
Peter Palfrader [Sun, 8 Feb 2015 07:58:55 +0000 (08:58 +0100)]
rossini out of ekey

9 years agoremove villa from no-backup
Peter Palfrader [Sat, 7 Feb 2015 18:58:31 +0000 (19:58 +0100)]
remove villa from no-backup

9 years agoset listen=NO in vsftpd
Peter Palfrader [Sat, 7 Feb 2015 18:31:53 +0000 (19:31 +0100)]
set listen=NO in vsftpd

9 years agoapache 2.4 compatbile security.d.o
Peter Palfrader [Sat, 7 Feb 2015 18:20:42 +0000 (19:20 +0100)]
apache 2.4 compatbile security.d.o

9 years agoMake a template out of the security.d.o apache conf
Peter Palfrader [Sat, 7 Feb 2015 18:19:19 +0000 (19:19 +0100)]
Make a template out of the security.d.o apache conf

9 years agosyntax fix
Peter Palfrader [Sat, 7 Feb 2015 18:12:14 +0000 (19:12 +0100)]
syntax fix

9 years agoapache 2.4 sites stuff
Peter Palfrader [Sat, 7 Feb 2015 18:11:28 +0000 (19:11 +0100)]
apache 2.4 sites stuff

9 years agopostmasterish is not a spam trap, put that after host and sender address blacklist
Tollef Fog Heen [Wed, 4 Feb 2015 19:32:03 +0000 (20:32 +0100)]
postmasterish is not a spam trap, put that after host and sender address blacklist

9 years agomove entropy key from salieri to rossini
Luca Filipozzi [Mon, 2 Feb 2015 03:16:26 +0000 (03:16 +0000)]
move entropy key from salieri to rossini

9 years agoGet rid of always broken http.d.net
Peter Palfrader [Wed, 28 Jan 2015 17:30:31 +0000 (18:30 +0100)]
Get rid of always broken http.d.net

9 years agoIgnore /etc/nagios/check-libs.conf
Peter Palfrader [Wed, 28 Jan 2015 13:24:31 +0000 (14:24 +0100)]
Ignore /etc/nagios/check-libs.conf

9 years agoPush nagios check-libs.conf via puppet
Peter Palfrader [Wed, 28 Jan 2015 13:16:40 +0000 (14:16 +0100)]
Push nagios check-libs.conf via puppet

9 years agoAdd nagios plugins to root's PATH
Peter Palfrader [Wed, 28 Jan 2015 13:09:30 +0000 (14:09 +0100)]
Add nagios plugins to root's PATH

9 years agoAllow nagios to run dsa-check-libs under sudo
Peter Palfrader [Tue, 27 Jan 2015 23:15:52 +0000 (00:15 +0100)]
Allow nagios to run dsa-check-libs under sudo

9 years agoAdd minkus to porterboxes
Peter Palfrader [Mon, 26 Jan 2015 20:37:27 +0000 (21:37 +0100)]
Add minkus to porterboxes

9 years agoBlacklist hatemshaheen21@yahoo.com
Peter Palfrader [Thu, 22 Jan 2015 09:37:49 +0000 (10:37 +0100)]
Blacklist hatemshaheen21@yahoo.com

9 years agoMake buildd-schroot-aptitude-kill work on jessie
Peter Palfrader [Thu, 15 Jan 2015 22:36:56 +0000 (23:36 +0100)]
Make buildd-schroot-aptitude-kill work on jessie

9 years agoI think we want to ignore errors here
Peter Palfrader [Wed, 14 Jan 2015 21:56:32 +0000 (22:56 +0100)]
I think we want to ignore errors here

9 years agoTry porting torproject changes: support excluding mirror for a single static component
Peter Palfrader [Wed, 14 Jan 2015 21:43:28 +0000 (22:43 +0100)]
Try porting torproject changes: support excluding mirror for a single static component

9 years agoAdd root ssh key for jcristau
Julien Cristau [Sat, 10 Jan 2015 15:18:33 +0000 (16:18 +0100)]
Add root ssh key for jcristau

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoNew leap second
Peter Palfrader [Fri, 9 Jan 2015 19:00:44 +0000 (20:00 +0100)]
New leap second

9 years agort-mailgate needs the ca-debian workaround too
Paul Wise [Wed, 7 Jan 2015 15:12:58 +0000 (23:12 +0800)]
rt-mailgate needs the ca-debian workaround too

9 years agoThe snakeoil key is handled by puppet also.
Paul Wise [Wed, 7 Jan 2015 07:06:52 +0000 (15:06 +0800)]
The snakeoil key is handled by puppet also.

9 years agoWe still have some debian.org certs signed by SPI and USERFirst
Paul Wise [Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)]
We still have some debian.org certs signed by SPI and USERFirst

9 years agoTrailing line ending characters are sometimes nice
Paul Wise [Wed, 7 Jan 2015 06:11:01 +0000 (14:11 +0800)]
Trailing line ending characters are sometimes nice

9 years agoFix typo
Paul Wise [Wed, 7 Jan 2015 06:09:14 +0000 (14:09 +0800)]
Fix typo

9 years agoEnforce SSL configuration using puppet, add dirs for debian and global CAs
Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs

9 years agoRemove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)

9 years agoFix typo
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo

9 years agoSkip processes that no longer exist
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist

9 years agocdn.debian.net has been deprecated, replace it with http.debian.net
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net

https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com

9 years agoWork around service(8) not reloading syslog-ng correctly
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly

It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing.  Just call systemctl directly if we're
running systemd to work around this.

9 years agodd-schroot-cmd: Relax session name check
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check

As per schroot.conf(5):

  A  number  of characters or words are not permitted in a chroot name,
  session name or configuration filename.  The name may not contain a
  leading period (‘.’).  The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
  (forward slash) are not permitted anywhere in the name.  The name may
  also not contain  a  trailing  tilde  (‘~’).

Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.

Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
9 years agorun ntp everywhere again
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoRevert "disable oyens for now"
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"

This reverts commit 57a38b9f3f9858c0619de09d7b3d01e86c599f9c.

9 years agodisable oyens for now
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoFix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks

9 years agoFirst attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie

9 years agoUpdate security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly

9 years agos/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/

9 years agoAdd stunnel for search
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search

9 years agoautofs: ensure nfsv4 module is loaded
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agostable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again

9 years agoUpdate leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list.  Not that any new ones have been added.

9 years agoAnd another loghost-grnet-01 fix
Peter Palfrader [Sat, 20 Dec 2014 17:07:39 +0000 (18:07 +0100)]
And another loghost-grnet-01 fix

9 years agoNew cert for db
Peter Palfrader [Sat, 20 Dec 2014 15:51:20 +0000 (16:51 +0100)]
New cert for db

9 years agoNew cert for piuparts
Peter Palfrader [Sat, 20 Dec 2014 13:58:19 +0000 (14:58 +0100)]
New cert for piuparts

9 years agoNew cert for packages
Peter Palfrader [Sat, 20 Dec 2014 13:57:47 +0000 (14:57 +0100)]
New cert for packages

9 years agoNew cert for bugs-master
Peter Palfrader [Sat, 20 Dec 2014 13:56:52 +0000 (14:56 +0100)]
New cert for bugs-master

9 years agoNew cert for rtc
Peter Palfrader [Sat, 20 Dec 2014 13:56:26 +0000 (14:56 +0100)]
New cert for rtc

9 years agoNew cert for sip-ws
Peter Palfrader [Sat, 20 Dec 2014 13:55:55 +0000 (14:55 +0100)]
New cert for sip-ws

9 years agoNew cert for bugs
Peter Palfrader [Sat, 20 Dec 2014 13:55:17 +0000 (14:55 +0100)]
New cert for bugs

9 years agoDo not run ntpd for now
Peter Palfrader [Sat, 20 Dec 2014 13:30:48 +0000 (13:30 +0000)]
Do not run ntpd for now

9 years agonew vote cert
Peter Palfrader [Wed, 17 Dec 2014 15:59:21 +0000 (16:59 +0100)]
new vote cert

9 years agonew release cert
Peter Palfrader [Wed, 17 Dec 2014 15:57:34 +0000 (16:57 +0100)]
new release cert

9 years agonew nagios cert
Peter Palfrader [Wed, 17 Dec 2014 15:56:42 +0000 (16:56 +0100)]
new nagios cert

9 years agonew munin cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:54 +0000 (16:55 +0100)]
new munin cert

9 years agonew ftp-master cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:21 +0000 (16:55 +0100)]
new ftp-master cert

9 years agonew www cert
Peter Palfrader [Wed, 17 Dec 2014 15:42:08 +0000 (16:42 +0100)]
new www cert

9 years agonew dsa cert
Peter Palfrader [Wed, 17 Dec 2014 15:41:30 +0000 (16:41 +0100)]
new dsa cert

9 years agonew contributors cert
Peter Palfrader [Wed, 17 Dec 2014 14:50:02 +0000 (15:50 +0100)]
new contributors cert

9 years agonew sso cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:52 +0000 (15:48 +0100)]
new sso cert

9 years agonew security-tracker cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:28 +0000 (15:48 +0100)]
new security-tracker cert

9 years agonew rt cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:53 +0000 (15:47 +0100)]
new rt cert

9 years agonew nm cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:14 +0000 (15:47 +0100)]
new nm cert

9 years agoUpdate buildd CA TA to new gandi cert for jessie hosts
Peter Palfrader [Wed, 17 Dec 2014 09:26:23 +0000 (10:26 +0100)]
Update buildd CA TA to new gandi cert for jessie hosts

9 years agoRemove unneeded variable
Peter Palfrader [Wed, 17 Dec 2014 09:25:39 +0000 (10:25 +0100)]
Remove unneeded variable

9 years agonew buildd cert
Peter Palfrader [Tue, 16 Dec 2014 13:57:53 +0000 (14:57 +0100)]
new buildd cert

9 years agonew lists cert
Peter Palfrader [Tue, 16 Dec 2014 13:33:11 +0000 (14:33 +0100)]
new lists cert

9 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:31:11 +0000 (14:31 +0100)]
new udd cert

9 years agonew udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:14:11 +0000 (14:14 +0100)]
new udd cert

9 years agonagios needs to be able to run systemctl as root otherwise dbus is needed
Paul Wise [Mon, 15 Dec 2014 22:46:45 +0000 (06:46 +0800)]
nagios needs to be able to run systemctl as root otherwise dbus is needed

9 years agoand different names for v6 rules
Martin Zobel-Helas [Sat, 13 Dec 2014 10:26:36 +0000 (11:26 +0100)]
and different names for v6 rules

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoadd IPv6 range (second try)
Martin Zobel-Helas [Sat, 13 Dec 2014 10:24:42 +0000 (11:24 +0100)]
add IPv6 range (second try)

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoRevert "add IPv6 range"
Martin Zobel-Helas [Sat, 13 Dec 2014 10:18:06 +0000 (11:18 +0100)]
Revert "add IPv6 range"

This reverts commit fc978e2bb512bf85d82d054d6086b926a3769bd5.

9 years agoadd IPv6 range
Martin Zobel-Helas [Sat, 13 Dec 2014 10:14:47 +0000 (11:14 +0100)]
add IPv6 range

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agoUse ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball
Paul Wise [Thu, 11 Dec 2014 03:54:10 +0000 (11:54 +0800)]
Use ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball

More info: https://lists.debian.org/1418271834.28231.36.camel@debian.org

9 years agoBetter with a newline
Peter Palfrader [Wed, 10 Dec 2014 19:54:28 +0000 (20:54 +0100)]
Better with a newline

9 years agoAdd /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if...
Peter Palfrader [Wed, 10 Dec 2014 19:52:53 +0000 (20:52 +0100)]
Add /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if /srv/buildd exists

9 years agoenable ud-replicated.service
Peter Palfrader [Tue, 9 Dec 2014 21:11:33 +0000 (22:11 +0100)]
enable ud-replicated.service

9 years agoFix regex in bacula-backup-dirs
Peter Palfrader [Tue, 9 Dec 2014 20:47:56 +0000 (21:47 +0100)]
Fix regex in bacula-backup-dirs

9 years agoAdd minkus
Peter Palfrader [Tue, 9 Dec 2014 18:17:00 +0000 (19:17 +0100)]
Add minkus

9 years agoFix several dedication lines (format violations)
Peter Palfrader [Tue, 9 Dec 2014 18:16:16 +0000 (19:16 +0100)]
Fix several dedication lines (format violations)

9 years agoMake sure geoip-database is installed on geo nameservers
Peter Palfrader [Sun, 7 Dec 2014 18:43:33 +0000 (19:43 +0100)]
Make sure geoip-database is installed on geo nameservers

9 years agoferm: allow debsources access
Héctor Orón Martínez [Sun, 7 Dec 2014 17:10:41 +0000 (18:10 +0100)]
ferm: allow debsources access

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoMake setup-buildd not fail when there is nothing wrong
Peter Palfrader [Sun, 7 Dec 2014 16:46:53 +0000 (17:46 +0100)]
Make setup-buildd not fail when there is nothing wrong

9 years agoautofs: add bm sor
Héctor Orón Martínez [Sun, 7 Dec 2014 16:10:42 +0000 (17:10 +0100)]
autofs: add bm sor

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoStop using always-broken http.debian.net
Peter Palfrader [Sun, 7 Dec 2014 10:02:28 +0000 (11:02 +0100)]
Stop using always-broken http.debian.net

9 years agofix variable use
Peter Palfrader [Sun, 7 Dec 2014 09:43:23 +0000 (10:43 +0100)]
fix variable use

9 years agoEnable ssh_host_ed25519_key if it exists
Peter Palfrader [Sun, 7 Dec 2014 09:41:51 +0000 (10:41 +0100)]
Enable ssh_host_ed25519_key if it exists

9 years agoMove ServerKeyBits to 1024, the new default in jessie - this only affects version...
Peter Palfrader [Sun, 7 Dec 2014 09:41:36 +0000 (10:41 +0100)]
Move ServerKeyBits to 1024, the new default in jessie - this only affects version 1 anyhow, but still