Peter Palfrader [Mon, 26 Sep 2016 17:13:58 +0000 (19:13 +0200)]
add ubc autofs rules
Peter Palfrader [Mon, 26 Sep 2016 17:07:53 +0000 (19:07 +0200)]
make pin macros conditional on mod_macro being present
Luca Filipozzi [Mon, 26 Sep 2016 01:40:10 +0000 (01:40 +0000)]
new cable modem
Aurelien Jarno [Sat, 24 Sep 2016 19:39:28 +0000 (21:39 +0200)]
Update buxtehude IP on sonntag firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 24 Sep 2016 19:17:11 +0000 (21:17 +0200)]
Update ullmann IPs on bmdb1 firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 24 Sep 2016 17:07:39 +0000 (19:07 +0200)]
Remove extra .conf from apache config file
apache2::config already adds .conf to the file name.
Peter Palfrader [Sat, 24 Sep 2016 09:52:51 +0000 (11:52 +0200)]
Enable HPKP for all static sites
Peter Palfrader [Sat, 24 Sep 2016 09:42:04 +0000 (11:42 +0200)]
ship keys for d-i, dsa, and rtc
Peter Palfrader [Sat, 24 Sep 2016 09:19:27 +0000 (11:19 +0200)]
replace certs for d-i, dsa, and rtc with LE
Peter Palfrader [Sat, 24 Sep 2016 09:05:22 +0000 (09:05 +0000)]
change pin thing
Peter Palfrader [Fri, 23 Sep 2016 20:42:53 +0000 (22:42 +0200)]
ignore changes to /etc/apache2/conf-available/puppet-ssl-key-pins.conf
Peter Palfrader [Fri, 23 Sep 2016 20:40:10 +0000 (20:40 +0000)]
set pins always
Peter Palfrader [Fri, 23 Sep 2016 20:37:27 +0000 (20:37 +0000)]
ship pin set for people.debian.org
Peter Palfrader [Fri, 23 Sep 2016 20:36:54 +0000 (20:36 +0000)]
reload apache2 on pinset change
Peter Palfrader [Fri, 23 Sep 2016 20:35:09 +0000 (20:35 +0000)]
A gen_hpkp_pin function
Peter Palfrader [Fri, 23 Sep 2016 20:33:37 +0000 (20:33 +0000)]
reload apache2 on pinset change
Peter Palfrader [Fri, 23 Sep 2016 19:59:14 +0000 (21:59 +0200)]
concat does not like empty things
Peter Palfrader [Fri, 23 Sep 2016 19:57:30 +0000 (21:57 +0200)]
puppet-ssl-key-pins.conf is a concat, cannot set it as source/content
Peter Palfrader [Fri, 23 Sep 2016 19:54:11 +0000 (21:54 +0200)]
puppet-ssl-key-pins.conf
Peter Palfrader [Fri, 23 Sep 2016 19:53:00 +0000 (21:53 +0200)]
Support nocontentok for apache2::config
Peter Palfrader [Fri, 23 Sep 2016 19:51:17 +0000 (21:51 +0200)]
Dedicated block for absent case
Peter Palfrader [Fri, 23 Sep 2016 19:48:52 +0000 (21:48 +0200)]
We have no lsbmajdistrelease <= 7 hosts anymore
Aurelien Jarno [Fri, 23 Sep 2016 14:31:04 +0000 (16:31 +0200)]
We don't need tftpd on jenko.d.o anymore
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 22:14:19 +0000 (00:14 +0200)]
Update buxtehude and glinka NFS firewall
Now that buxtehude is also on the private network, we can use it instead
of the public IP. For that split the buxtehude and glinka configuration.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 20:04:58 +0000 (22:04 +0200)]
Add volumes for buxtehude on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 19:45:31 +0000 (21:45 +0200)]
Temporarily allow NFS to buxtehude and glinka from ullmann
Until we move buxtehude and glinka to the new UBC network where buxtehude,
glinka and ullmann can talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 15:18:36 +0000 (17:18 +0200)]
Drop multipath mappings for tye.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 14:56:53 +0000 (16:56 +0200)]
Temporarily allow NFS to glinka from tye
Until we move glinka to the new UBC network where glinka and tye can
talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 12:43:55 +0000 (14:43 +0200)]
Add volumes for tye and ullmann on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Thu, 22 Sep 2016 11:32:31 +0000 (13:32 +0200)]
nfs-server on gretchaninov
Julien Cristau [Thu, 22 Sep 2016 10:11:27 +0000 (12:11 +0200)]
Add gretchaninov
Aurelien Jarno [Wed, 21 Sep 2016 22:52:34 +0000 (00:52 +0200)]
Replace micronews.debian.net by micronews.debian.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 22:07:10 +0000 (00:07 +0200)]
Drop multipath mappings for geo2, lotti and tchaikovsky on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 21:51:35 +0000 (23:51 +0200)]
Temporarily allow NFS to buxtehude from sonntag
Until we move buxtehude to the new UBC network where buxtehude and
sonntag can talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 13:33:08 +0000 (15:33 +0200)]
Fix a stupid typo in ganeti2.ubc.d.o multipath.conf
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 12:33:52 +0000 (14:33 +0200)]
Add volumes for geo2, lotti, muffat, sonntag and tchaikovsky on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 10:38:20 +0000 (12:38 +0200)]
Allow access to danzi from the new UBC network
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 19:09:57 +0000 (21:09 +0200)]
Add volumes for danzi on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 10:53:43 +0000 (12:53 +0200)]
Drop multipath mappings for diabelli.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 10:05:04 +0000 (12:05 +0200)]
menotti has moved, update its IP
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Tue, 20 Sep 2016 07:40:12 +0000 (09:40 +0200)]
enable prefetch in unbound
Peter Palfrader [Tue, 20 Sep 2016 06:15:16 +0000 (08:15 +0200)]
Set bacula Heartbeat Interval = 300 for all hosts at brown, not just frank
Aurelien Jarno [Mon, 19 Sep 2016 22:10:15 +0000 (00:10 +0200)]
Drop multipath mappings for nono.d.o and reger.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 22:07:34 +0000 (00:07 +0200)]
Allow access to danzi.d.o from ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 21:26:42 +0000 (23:26 +0200)]
nono has moved, update its IP
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 20:42:37 +0000 (22:42 +0200)]
Add volumes for diabelli, menotti, nono and reger on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 21:23:11 +0000 (23:23 +0200)]
Drop multipath mappings for elgar.d.o and gombert.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sun, 18 Sep 2016 21:00:16 +0000 (23:00 +0200)]
Add debconf.org virtual domain
Aurelien Jarno [Sun, 18 Sep 2016 20:31:11 +0000 (22:31 +0200)]
Add volumes for elgar and gombert on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sun, 18 Sep 2016 19:10:31 +0000 (21:10 +0200)]
fix IO redirection in acquire-reboot-lock
Aurelien Jarno [Sun, 18 Sep 2016 17:24:39 +0000 (19:24 +0200)]
Drop multipath mappings for fano.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 15:57:54 +0000 (17:57 +0200)]
Add volumes for fano on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 14:35:08 +0000 (16:35 +0200)]
Drop multipath mappings for finzi.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 17 Sep 2016 16:05:34 +0000 (18:05 +0200)]
Sync unbound init script with current jessie
Aurelien Jarno [Sat, 17 Sep 2016 14:21:19 +0000 (16:21 +0200)]
Add volumes for finzi
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 12:24:57 +0000 (14:24 +0200)]
Remove babin
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 11:34:00 +0000 (13:34 +0200)]
no backups for x86-ubc-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 09:26:50 +0000 (11:26 +0200)]
Add system volume for x86-ubc-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Luca Filipozzi [Fri, 16 Sep 2016 18:23:56 +0000 (18:23 +0000)]
add multipath alias for x86-ubc-01
Julien Cristau [Thu, 15 Sep 2016 17:55:11 +0000 (19:55 +0200)]
Add rachmaninoff
Julien Cristau [Thu, 15 Sep 2016 17:08:11 +0000 (19:08 +0200)]
Spelling
Julien Cristau [Thu, 15 Sep 2016 16:49:20 +0000 (18:49 +0200)]
Oops, helps if I commit all the things
Julien Cristau [Thu, 15 Sep 2016 16:47:00 +0000 (18:47 +0200)]
Add lvm and multipath config for ganeti2.ubc
Julien Cristau [Wed, 14 Sep 2016 20:39:06 +0000 (22:39 +0200)]
Add pkgmirror-csail
Luca Filipozzi [Sun, 11 Sep 2016 10:06:59 +0000 (10:06 +0000)]
ganeti2.ubc.debian.org is born
Paul Wise [Thu, 8 Sep 2016 00:55:17 +0000 (08:55 +0800)]
Add some HTML for disabled services to use
Peter Palfrader [Sun, 4 Sep 2016 16:55:55 +0000 (18:55 +0200)]
bootstrap update
Peter Palfrader [Sun, 4 Sep 2016 14:47:10 +0000 (16:47 +0200)]
such a hard name
Peter Palfrader [Sun, 4 Sep 2016 14:44:44 +0000 (16:44 +0200)]
fixes
Peter Palfrader [Sun, 4 Sep 2016 14:37:01 +0000 (16:37 +0200)]
add bootstrap (no cert yet)
Peter Palfrader [Sun, 4 Sep 2016 14:32:39 +0000 (16:32 +0200)]
bootstrap static sudo
Peter Palfrader [Sun, 4 Sep 2016 14:31:09 +0000 (16:31 +0200)]
boott a static source
Luca Filipozzi [Sun, 4 Sep 2016 08:34:12 +0000 (08:34 +0000)]
add temporary rules to permit ssh from mnt and vpn networks
Luca Filipozzi [Sun, 4 Sep 2016 08:26:13 +0000 (08:26 +0000)]
enable some ipv6 stuff
Luca Filipozzi [Sat, 3 Sep 2016 22:03:29 +0000 (22:03 +0000)]
add rule to allow access from manlan
Luca Filipozzi [Sat, 3 Sep 2016 21:00:42 +0000 (21:00 +0000)]
get DNS working at ubc
Luca Filipozzi [Sat, 3 Sep 2016 20:45:29 +0000 (20:45 +0000)]
start integrating enc2 blades into puppet
Paul Wise [Sun, 28 Aug 2016 04:01:02 +0000 (12:01 +0800)]
Make SSL optional on debdeltas.debian.net.
debdelta-upgrade isn't able to handle redirects yet:
https://bugs.debian.org/835655
Peter Palfrader [Sat, 27 Aug 2016 16:45:27 +0000 (18:45 +0200)]
sort
Peter Palfrader [Sat, 27 Aug 2016 16:44:25 +0000 (18:44 +0200)]
ssl for debdetlta.d.n and incoming.d.o and incoming.ports.d.o
Peter Palfrader [Sat, 27 Aug 2016 16:36:13 +0000 (18:36 +0200)]
ssl for mozilla.debian.net
Peter Palfrader [Sat, 27 Aug 2016 16:34:52 +0000 (18:34 +0200)]
support https vhosts without redirects
Peter Palfrader [Sat, 27 Aug 2016 07:09:58 +0000 (09:09 +0200)]
easydns does not always get TSIG right
Aurelien Jarno [Fri, 26 Aug 2016 13:18:23 +0000 (15:18 +0200)]
Add eller.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Fri, 26 Aug 2016 10:07:50 +0000 (12:07 +0200)]
Add a couple of ACLs
Aurelien Jarno [Thu, 25 Aug 2016 14:43:39 +0000 (16:43 +0200)]
etler.d.o: decommission
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Wed, 24 Aug 2016 09:01:04 +0000 (11:01 +0200)]
sudo for bootstrap
Peter Palfrader [Tue, 23 Aug 2016 11:49:04 +0000 (13:49 +0200)]
whitespace changes
Peter Palfrader [Tue, 23 Aug 2016 11:47:40 +0000 (13:47 +0200)]
web for debconf16 static component
Peter Palfrader [Tue, 23 Aug 2016 11:42:26 +0000 (13:42 +0200)]
debconf16 static component
Peter Palfrader [Thu, 18 Aug 2016 07:57:08 +0000 (09:57 +0200)]
onion for tracker
Aurelien Jarno [Mon, 15 Aug 2016 19:53:26 +0000 (21:53 +0200)]
Update accumu nameservers
< maswan> Hm. Praetorious and possibly Pettersson might be affected too.
Forgot about those. We are migrating resolver away from 130.239.18.145
at acc, and just saw a denied query from praetorious. If you want to
query local resolvers at ACC, {130.239.18.,2001:6b0:e:2018::}{251,252}
is the current set
< aurel32> maswan: what about 130.239.1.90 and 130.239.4.100?
< maswan> aurel32: those should be available for all of campus (/16), so they
should work
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Tue, 9 Aug 2016 13:27:31 +0000 (15:27 +0200)]
fix path
Peter Palfrader [Tue, 9 Aug 2016 13:24:35 +0000 (15:24 +0200)]
people should be a direct onion service
Luca Filipozzi [Sun, 7 Aug 2016 16:06:28 +0000 (16:06 +0000)]
decision: leave debdeltas off busoni
Luca Filipozzi [Sun, 7 Aug 2016 15:58:52 +0000 (15:58 +0000)]
removed the exlusion of busoni from debdeltas
Luca Filipozzi [Sun, 7 Aug 2016 14:42:10 +0000 (14:42 +0000)]
exclude busoni from mirroring debdeltas
Peter Palfrader [Sat, 6 Aug 2016 17:43:19 +0000 (19:43 +0200)]
reload apache instead of restarting it
Peter Palfrader [Fri, 5 Aug 2016 18:10:18 +0000 (18:10 +0000)]
fix virtual host binds
Peter Palfrader [Fri, 5 Aug 2016 17:54:10 +0000 (19:54 +0200)]
move lintian to standard static setup
projects / mirror / dsa-puppet.git / log