Peter Palfrader [Fri, 29 Jul 2016 22:50:21 +0000 (22:50 +0000)]
Turn apache2_security_mirror into a security_mirror role
Peter Palfrader [Fri, 29 Jul 2016 20:05:06 +0000 (20:05 +0000)]
rebuild onion website if things change
Peter Palfrader [Fri, 29 Jul 2016 19:56:46 +0000 (19:56 +0000)]
fix sort order
Peter Palfrader [Fri, 29 Jul 2016 19:56:21 +0000 (19:56 +0000)]
add onion.d.o
Peter Palfrader [Fri, 29 Jul 2016 19:52:01 +0000 (19:52 +0000)]
export onion list to dillon
Peter Palfrader [Fri, 29 Jul 2016 18:17:55 +0000 (18:17 +0000)]
onion for release
Peter Palfrader [Fri, 29 Jul 2016 18:14:02 +0000 (18:14 +0000)]
move metadata.ftp-debian.org to a default with extra
Peter Palfrader [Fri, 29 Jul 2016 18:12:14 +0000 (18:12 +0000)]
move bits to a default with extra
Peter Palfrader [Fri, 29 Jul 2016 18:12:04 +0000 (18:12 +0000)]
Make common-static-vhost-ssl-with-extra a thing
Peter Palfrader [Fri, 29 Jul 2016 18:05:32 +0000 (18:05 +0000)]
more onion serivces
Peter Palfrader [Fri, 29 Jul 2016 18:05:22 +0000 (18:05 +0000)]
onion for www.ports.debian.org
Peter Palfrader [Fri, 29 Jul 2016 17:49:38 +0000 (17:49 +0000)]
onions for standard static vhosts
Peter Palfrader [Fri, 29 Jul 2016 17:35:46 +0000 (17:35 +0000)]
re-write how static vhosts with extra config work
Peter Palfrader [Fri, 29 Jul 2016 17:24:49 +0000 (17:24 +0000)]
onion for lintian
Peter Palfrader [Fri, 29 Jul 2016 17:15:21 +0000 (17:15 +0000)]
add planet.d.o onionbalance and web
Peter Palfrader [Fri, 29 Jul 2016 17:03:32 +0000 (17:03 +0000)]
add planet.d.o onion
Peter Palfrader [Fri, 29 Jul 2016 16:52:39 +0000 (16:52 +0000)]
the other vhost
Peter Palfrader [Fri, 29 Jul 2016 16:49:59 +0000 (16:49 +0000)]
onion for www
Peter Palfrader [Fri, 29 Jul 2016 16:09:07 +0000 (16:09 +0000)]
Merge branch 'master' of file:///srv/puppet.debian.org/git/dsa-puppet
* 'master' of file:///srv/puppet.debian.org/git/dsa-puppet:
use busoni instead of mirror-anu for tor static
Peter Palfrader [Fri, 29 Jul 2016 16:09:05 +0000 (18:09 +0200)]
use busoni instead of mirror-anu for tor static
Peter Palfrader [Fri, 29 Jul 2016 15:49:16 +0000 (15:49 +0000)]
add comments
Peter Palfrader [Fri, 29 Jul 2016 15:49:06 +0000 (15:49 +0000)]
fix ports
Peter Palfrader [Fri, 29 Jul 2016 15:38:35 +0000 (15:38 +0000)]
Add onion services for a bunch of static things
Peter Palfrader [Fri, 29 Jul 2016 15:02:15 +0000 (15:02 +0000)]
Transfer onion hostname info to puppet master
Peter Palfrader [Fri, 29 Jul 2016 14:00:24 +0000 (14:00 +0000)]
rename onion facts
Peter Palfrader [Fri, 29 Jul 2016 07:18:11 +0000 (07:18 +0000)]
remove .onion from configured address for onionbalance
Peter Palfrader [Fri, 29 Jul 2016 06:36:24 +0000 (08:36 +0200)]
fix a typo in the onionbalance config file
Peter Palfrader [Fri, 29 Jul 2016 06:33:01 +0000 (08:33 +0200)]
use correct config filename for onionbalance
Peter Palfrader [Fri, 29 Jul 2016 06:30:30 +0000 (08:30 +0200)]
use fqdn in storedconf name
Peter Palfrader [Fri, 29 Jul 2016 06:24:40 +0000 (08:24 +0200)]
use correct config filename for onionbalance
Peter Palfrader [Thu, 28 Jul 2016 21:29:58 +0000 (21:29 +0000)]
and onionbalance module
Peter Palfrader [Thu, 28 Jul 2016 21:07:07 +0000 (21:07 +0000)]
Add an onionbalance service names facter
Peter Palfrader [Thu, 28 Jul 2016 20:32:47 +0000 (20:32 +0000)]
put an onion instance into a storedconf for onionbalance
Peter Palfrader [Thu, 28 Jul 2016 20:32:22 +0000 (20:32 +0000)]
move to stringifying our facts again
Peter Palfrader [Thu, 28 Jul 2016 19:45:51 +0000 (19:45 +0000)]
Add onion service facter to learn onion hostname
Peter Palfrader [Thu, 28 Jul 2016 19:34:38 +0000 (19:34 +0000)]
Start an onion module
Julien Cristau [Wed, 27 Jul 2016 17:31:17 +0000 (19:31 +0200)]
All www and static mirrors run jessie
Remove no longer needed apache 2.4 conditionals
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 17:26:54 +0000 (19:26 +0200)]
All security mirrors run jessie
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 17:20:55 +0000 (19:20 +0200)]
Use the ftp-archive apache macro for security mirrors
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 17:19:33 +0000 (19:19 +0200)]
Move the Cache-Control setting for package archives to a macro
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 16:39:48 +0000 (18:39 +0200)]
Set Cache-Control header for debian-debug and debian-ports archives
Set max-age to 2 minutes for dists, 30 days for by-hash and pool, to
match ftp.debian.org.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Wed, 27 Jul 2016 14:25:31 +0000 (16:25 +0200)]
Add olin
Julien Cristau [Wed, 27 Jul 2016 11:16:35 +0000 (13:16 +0200)]
Also pin hp-health on blades
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 11:14:17 +0000 (13:14 +0200)]
Also pin hp-health on HP G6
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 27 Jul 2016 11:07:08 +0000 (13:07 +0200)]
Pin older hp-health on DL3*0 G5
Latest hp-health doesn't seem to work on those boxes.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Tue, 26 Jul 2016 12:10:32 +0000 (14:10 +0200)]
apt: do not download norwegian and french translations
Peter Palfrader [Tue, 26 Jul 2016 11:31:31 +0000 (13:31 +0200)]
Add zprofile
Peter Palfrader [Tue, 26 Jul 2016 11:18:44 +0000 (13:18 +0200)]
Set TMOUT
Peter Palfrader [Mon, 25 Jul 2016 20:59:30 +0000 (22:59 +0200)]
remove dc16 access to pg on vittoria (re: RT#6355)
Aurelien Jarno [Sun, 24 Jul 2016 08:32:19 +0000 (10:32 +0200)]
setup-all-dchroots: create stretch chroots on mips64el
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Wed, 20 Jul 2016 17:07:22 +0000 (19:07 +0200)]
give jenkins-adm access to the jenkins user and to service jenkins on the jenkins host
Peter Palfrader [Wed, 20 Jul 2016 17:06:31 +0000 (19:06 +0200)]
sudoers: move voip stuff to other services
Peter Palfrader [Sun, 17 Jul 2016 10:12:34 +0000 (12:12 +0200)]
caballero is gone
Peter Palfrader [Sat, 16 Jul 2016 07:07:48 +0000 (09:07 +0200)]
ftp.au.debian.org is very slow from mirror-anu
Peter Palfrader [Sat, 16 Jul 2016 06:59:58 +0000 (08:59 +0200)]
mirror.linux.org.au has been down for maintenance for several days, with no clear estimate for return of service announced afaict
Julien Cristau [Mon, 4 Jul 2016 19:33:22 +0000 (21:33 +0200)]
Stop using SSLCertificateChainFile
It's deprecated since apache 2.4, the chain now lives with the
certificate.
Julien Cristau [Mon, 4 Jul 2016 15:49:56 +0000 (17:49 +0200)]
release.debian.org/proposed-updates/ wants the multiviews option
Julien Cristau [Mon, 4 Jul 2016 15:23:22 +0000 (17:23 +0200)]
Adjust release.d.o vhost
Julien Cristau [Mon, 4 Jul 2016 13:57:31 +0000 (15:57 +0200)]
Add coccia as static source
Julien Cristau [Mon, 4 Jul 2016 13:48:48 +0000 (15:48 +0200)]
Add static component for release.debian.org/proposed-updates
Julien Cristau [Mon, 4 Jul 2016 12:42:36 +0000 (14:42 +0200)]
Move and conditionalize release.d.o vhost
Julien Cristau [Mon, 4 Jul 2016 12:15:01 +0000 (14:15 +0200)]
Move release.d.o to static and letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Héctor Orón Martínez [Sat, 2 Jul 2016 18:56:14 +0000 (20:56 +0200)]
lucatelli: decomission
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Aurelien Jarno [Fri, 1 Jul 2016 20:56:02 +0000 (22:56 +0200)]
Switch wiki.debian.org to letsencrypt
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 1 Jul 2016 18:14:42 +0000 (20:14 +0200)]
No TLSA for wiki.debian.org for a while
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Wed, 29 Jun 2016 22:13:07 +0000 (00:13 +0200)]
Decommission merulo
Signed-off-by: Julien Cristau <jcristau@debian.org>
Aurelien Jarno [Wed, 29 Jun 2016 21:24:42 +0000 (23:24 +0200)]
Switch bits.d.o and lintian.d.o to letsencrypt
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 29 Jun 2016 19:45:53 +0000 (21:45 +0200)]
No TLSA for bits.d.o and lintian.d.o for a while
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 29 Jun 2016 19:25:47 +0000 (21:25 +0200)]
Switch people.debian.org to letsencrypt
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 29 Jun 2016 15:51:35 +0000 (17:51 +0200)]
Not TLSA for people.debian.org for a while
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Wed, 29 Jun 2016 14:46:36 +0000 (16:46 +0200)]
Replace self-signed veyepar.d.o cert with LE
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 29 Jun 2016 13:30:18 +0000 (15:30 +0200)]
Helps if I open the right port
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 29 Jun 2016 13:26:46 +0000 (15:26 +0200)]
Allow dc16 hosts to access postgres on vittoria
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Tue, 28 Jun 2016 20:40:59 +0000 (22:40 +0200)]
Add topinambour.cristau.org to DSA_IPS
Peter Palfrader [Tue, 28 Jun 2016 20:08:40 +0000 (22:08 +0200)]
Add people.do to DSA_IPs
Aurelien Jarno [Tue, 28 Jun 2016 19:09:44 +0000 (21:09 +0200)]
Add mips-manda-01 and mipsel-manda-03
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Maximiliano Curia [Fri, 24 Jun 2016 08:35:51 +0000 (10:35 +0200)]
schroot: add the new dbgsym mirrors
This allows the installation of the autogenerated dbgsym packages in the porterbox images.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 26 Jun 2016 15:48:08 +0000 (17:48 +0200)]
sudo: remove smetana and merulo from porterbox list
Aurelien Jarno [Sat, 25 Jun 2016 18:13:37 +0000 (20:13 +0200)]
nielsen has been decommissioned for a lot of time already
Also drop code that was only used by it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 25 Jun 2016 18:12:49 +0000 (20:12 +0200)]
mundy has been decommissioned for a lot of time already
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 25 Jun 2016 18:05:34 +0000 (20:05 +0200)]
beethoven has been decommissioned for a lot of time already
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 25 Jun 2016 17:57:06 +0000 (19:57 +0200)]
Remove more decommissioned hosts
allegri.debian.org
berlioz.debian.org
escher.debian.org
lamb.debian.org
lafayette.debian.org
locke.debian.org
malo.debian.org
samosa.debian.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 25 Jun 2016 15:13:02 +0000 (17:13 +0200)]
alkman has been decommissioned for a lot of time already
Also drop code that was only used by it.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 25 Jun 2016 09:47:31 +0000 (11:47 +0200)]
Fix a typo in powerpc-osuosl-01 host name
powerpc-ousosl-01 => powerpc-osuosl-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 24 Jun 2016 22:26:59 +0000 (00:26 +0200)]
mayr.debian.org has been decommissioned for a lot of time
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Fri, 24 Jun 2016 22:26:07 +0000 (00:26 +0200)]
Add mips-sil-01 and mipsel-sil-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Fri, 24 Jun 2016 16:36:29 +0000 (18:36 +0200)]
do not do anything with the buildd module until we have the buildd user from ldap
Peter Palfrader [Fri, 24 Jun 2016 16:18:38 +0000 (18:18 +0200)]
retire ia64-arm-01
Peter Palfrader [Fri, 24 Jun 2016 16:18:28 +0000 (18:18 +0200)]
no backups of arm-arm-04
Julien Cristau [Mon, 20 Jun 2016 10:58:40 +0000 (12:58 +0200)]
Switch appstream, qa, *.dgit to letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Mon, 20 Jun 2016 07:53:50 +0000 (09:53 +0200)]
Also temporarily remove TLSA records for *.dgit and appstream
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Mon, 20 Jun 2016 07:51:08 +0000 (09:51 +0200)]
No TLSA for qa.debian.org for a while
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Sun, 19 Jun 2016 22:03:18 +0000 (00:03 +0200)]
Deploy certs for blends, release, security-team and wnpp-by-tags
Peter Palfrader [Sun, 19 Jun 2016 22:02:52 +0000 (00:02 +0200)]
add more space
Peter Palfrader [Sun, 19 Jun 2016 22:02:34 +0000 (00:02 +0200)]
add comments
Peter Palfrader [Sun, 19 Jun 2016 22:38:07 +0000 (00:38 +0200)]
Do ssl for blends, security-team, and wnpp-by-tags
Paul Wise [Sun, 19 Jun 2016 03:04:33 +0000 (11:04 +0800)]
Stop trusting the SPI CA for debian.org services.
The SPI CA certificate is no longer used by debian.org services.
See-also:
5125ae620e16738e841813dd2f4135cb1eadb00e
Paul Wise [Sun, 19 Jun 2016 03:02:58 +0000 (11:02 +0800)]
Sync update-ca-certificates-dsa with stretch update-ca-certificates
Julien Cristau [Sat, 18 Jun 2016 16:55:41 +0000 (18:55 +0200)]
Delete openstack.bm.d.o ssl cert
It's not in use, and about to expire. And since this was the last user
of DEBIAN-CA, delete that too.
Peter Palfrader [Fri, 17 Jun 2016 19:40:37 +0000 (21:40 +0200)]
update (unused, commented-out) man-da upstream nameservers, re: RT#6279
projects / mirror / dsa-puppet.git / log