mirror/dsa-puppet.git
7 years agoRevert "Revert nrpe dsa2_shutdown command to its state before dsa-is-shutdown-scheduled"
Aurelien Jarno [Sat, 12 Aug 2017 15:54:26 +0000 (17:54 +0200)]
Revert "Revert nrpe dsa2_shutdown command to its state before dsa-is-shutdown-scheduled"

This reverts commit 971573de556cd68ce1ada54f7a07c366c69ed953.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agodsa-is-shutdown-scheduled: rewrite the systemd-shutdownd test using pgrep
Aurelien Jarno [Sat, 12 Aug 2017 15:52:00 +0000 (17:52 +0200)]
dsa-is-shutdown-scheduled: rewrite the systemd-shutdownd test using pgrep

Otherwise we end up detecting the command started by dsa-is-shutdown-scheduled
when the script is launched twice or more at the same time.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoThe ACL file is not actually a template, so do this with puppet instead
Tollef Fog Heen [Sat, 12 Aug 2017 14:27:48 +0000 (16:27 +0200)]
The ACL file is not actually a template, so do this with puppet instead

Just use two files for now and logic in the puppet recipe.

7 years agoAdd function to emit the correct geoip format for bind versions
Tollef Fog Heen [Sat, 12 Aug 2017 14:21:08 +0000 (16:21 +0200)]
Add function to emit the correct geoip format for bind versions

BIND 9.9 and BIND 9.10 have different formats for geoip.  Add a
function that DTRT, and test it slightly before doing it to all countries.

7 years agoRevert nrpe dsa2_shutdown command to its state before dsa-is-shutdown-scheduled
Julien Cristau [Fri, 11 Aug 2017 23:12:03 +0000 (19:12 -0400)]
Revert nrpe dsa2_shutdown command to its state before dsa-is-shutdown-scheduled

Let's try if that restores some sanity to mini-nag.

7 years agomilanollo on stretch, no more experimental apache
Julien Cristau [Fri, 11 Aug 2017 20:49:39 +0000 (16:49 -0400)]
milanollo on stretch, no more experimental apache

7 years agoDo not backup the other Apache disk cache
Paul Wise [Thu, 10 Aug 2017 13:30:22 +0000 (09:30 -0400)]
Do not backup the other Apache disk cache

Avoids warnings due to races when it is cleaned/backed up at the same time:

    Could not stat "/srv/apache-cache/mod_cache_disk/r/k/txeIh19LMLMAVeQKsKcg.header": ERR=No such file or directory

7 years agosshd_config: remove protocol version 1 specific options
Aurelien Jarno [Wed, 9 Aug 2017 01:12:31 +0000 (03:12 +0200)]
sshd_config: remove protocol version 1 specific options

These options are useless as they only apply to protocol version 1,
while we explicitely force the protocol to version 2. They have started
to fill logs with deprecation warnings on stretch hosts.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoFix dell harder
Julien Cristau [Tue, 8 Aug 2017 23:10:27 +0000 (19:10 -0400)]
Fix dell harder

Their packages need libssl1.0.0 which is only in jessie, and don't
depend on it.

7 years agoraid/dell: rename aptrepo declaration to avoid conflict with raid/proliant
Julien Cristau [Tue, 8 Aug 2017 22:43:48 +0000 (18:43 -0400)]
raid/dell: rename aptrepo declaration to avoid conflict with raid/proliant

7 years agoAdd dell srvadmin tool to try and improve health monitoring
Julien Cristau [Tue, 8 Aug 2017 22:29:35 +0000 (18:29 -0400)]
Add dell srvadmin tool to try and improve health monitoring

7 years ago/etc/default/grub: fix serial console on arm64 VMs
Aurelien Jarno [Tue, 8 Aug 2017 22:36:34 +0000 (00:36 +0200)]
/etc/default/grub: fix serial console on arm64 VMs

arm64 VMs do not have a graphical card and have their serial device
named ttyAMA0.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoAdd a wrapper to call qemu-system-aarch64 from ganeti
Aurelien Jarno [Tue, 8 Aug 2017 22:04:37 +0000 (00:04 +0200)]
Add a wrapper to call qemu-system-aarch64 from ganeti

... until things get integrated upstream.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoAdd codesign bits for secure boot
Julien Cristau [Mon, 8 May 2017 08:59:39 +0000 (10:59 +0200)]
Add codesign bits for secure boot

7 years agoRemove busoni from static
Julien Cristau [Tue, 8 Aug 2017 00:36:27 +0000 (20:36 -0400)]
Remove busoni from static

7 years agoFix update-fastly-ips cron job
Julien Cristau [Tue, 8 Aug 2017 00:03:48 +0000 (20:03 -0400)]
Fix update-fastly-ips cron job

/usr/local/bin is not in PATH

7 years agoAnd fixup cron job
Julien Cristau [Mon, 7 Aug 2017 22:57:36 +0000 (18:57 -0400)]
And fixup cron job

7 years agoMove shutdown marker around
Julien Cristau [Mon, 7 Aug 2017 22:56:01 +0000 (18:56 -0400)]
Move shutdown marker around

7 years agoOne day I'll be able to rename things in all places rather than forgetting half of...
Julien Cristau [Mon, 7 Aug 2017 22:36:23 +0000 (18:36 -0400)]
One day I'll be able to rename things in all places rather than forgetting half of them

7 years agoExport scheduled shutdowns to the web
Julien Cristau [Mon, 7 Aug 2017 20:31:03 +0000 (16:31 -0400)]
Export scheduled shutdowns to the web

Move logic from dsa2_shutdown nrpe command to a separate script, and use
it to let http(s) clients know a shutdown is scheduled.

7 years agoRename cron.d entry to make it clear it comes from puppet
Julien Cristau [Mon, 7 Aug 2017 20:03:33 +0000 (16:03 -0400)]
Rename cron.d entry to make it clear it comes from puppet

7 years agoBase lvm-conova-ganeti.conf on the stretch lvm.conf
Aurelien Jarno [Mon, 7 Aug 2017 17:18:25 +0000 (19:18 +0200)]
Base lvm-conova-ganeti.conf on the stretch lvm.conf

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoAdd missing file from previous commit
Aurelien Jarno [Mon, 7 Aug 2017 16:34:22 +0000 (18:34 +0200)]
Add missing file from previous commit

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoSetup aagaard/acker as a ganeti cluster
Aurelien Jarno [Mon, 7 Aug 2017 16:32:07 +0000 (18:32 +0200)]
Setup aagaard/acker as a ganeti cluster

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoFix typo
Tollef Fog Heen [Mon, 7 Aug 2017 16:32:17 +0000 (18:32 +0200)]
Fix typo

7 years agoAllow traffic from Fastly to 5141 instead and set up syslog-ng rules
Tollef Fog Heen [Mon, 7 Aug 2017 16:30:18 +0000 (18:30 +0200)]
Allow traffic from Fastly to 5141 instead and set up syslog-ng rules

7 years agoFix getfastlyranges harder
Julien Cristau [Sun, 6 Aug 2017 22:51:09 +0000 (18:51 -0400)]
Fix getfastlyranges harder

7 years agoFix cron job
Julien Cristau [Sun, 6 Aug 2017 22:29:43 +0000 (18:29 -0400)]
Fix cron job

/srv/puppet.debian.org/puppet-facts is root only

7 years agoUpdate IPs for tfheen
Tollef Fog Heen [Sun, 6 Aug 2017 22:28:27 +0000 (00:28 +0200)]
Update IPs for tfheen

7 years agoFix template syntax
Julien Cristau [Sun, 6 Aug 2017 22:25:37 +0000 (18:25 -0400)]
Fix template syntax

7 years agoHandle exceptions from reading fastly IP ranges
Julien Cristau [Sun, 6 Aug 2017 22:23:15 +0000 (18:23 -0400)]
Handle exceptions from reading fastly IP ranges

7 years agoferm: accept syslog from fastly IPs
Julien Cristau [Sun, 6 Aug 2017 19:45:09 +0000 (15:45 -0400)]
ferm: accept syslog from fastly IPs

7 years agoKeep a list of fastly IPs
Julien Cristau [Sun, 6 Aug 2017 19:16:27 +0000 (15:16 -0400)]
Keep a list of fastly IPs

7 years agoupdate-buildd-schroots: shift chroot build time by 1 hour
Aurelien Jarno [Sun, 6 Aug 2017 22:00:26 +0000 (00:00 +0200)]
update-buildd-schroots: shift chroot build time by 1 hour

So we don't try to recreate chroots exactly when the mirrors are being
updated. dak is faster those days and debootstrap still doesn't use
by-hash.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoRemove mirror-conova from experimental-apache as it is being upgraded to stretch
Aurelien Jarno [Sun, 6 Aug 2017 00:30:42 +0000 (02:30 +0200)]
Remove mirror-conova from experimental-apache as it is being upgraded to stretch

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agodecomission praetorius rt#6714
Héctor Orón Martínez [Sat, 5 Aug 2017 20:42:36 +0000 (22:42 +0200)]
decomission praetorius rt#6714

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
7 years agodecommission porpora
Aurelien Jarno [Sat, 5 Aug 2017 16:04:06 +0000 (18:04 +0200)]
decommission porpora

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agofor DC17, permit another IPv4 address to access vittoria:5432
Luca Filipozzi [Thu, 3 Aug 2017 22:10:37 +0000 (22:10 +0000)]
for DC17, permit another IPv4 address to access vittoria:5432

7 years agotypo
Luca Filipozzi [Thu, 3 Aug 2017 20:41:22 +0000 (20:41 +0000)]
typo

7 years agoallow DC17 machine(s) to access postgres on vittoria
Luca Filipozzi [Thu, 3 Aug 2017 20:36:30 +0000 (20:36 +0000)]
allow DC17 machine(s) to access postgres on vittoria

7 years agoDebian SSO rebuilt their CA certificate
Luca Filipozzi [Thu, 3 Aug 2017 15:36:09 +0000 (15:36 +0000)]
Debian SSO rebuilt their CA certificate

7 years agoAt least on lobos we no longer seem to require running a 10.0.* hp-health package...
Peter Palfrader [Wed, 2 Aug 2017 16:44:49 +0000 (18:44 +0200)]
At least on lobos we no longer seem to require running a 10.0.* hp-health package.  Remove the pin everywhere and see how that goes

7 years agoRemove lobos from experimental-apache as it is being upgraded to stretch
Peter Palfrader [Wed, 2 Aug 2017 15:49:55 +0000 (17:49 +0200)]
Remove lobos from experimental-apache as it is being upgraded to stretch

7 years agomirror-anu is on stretch, remove from experimental_apache
Julien Cristau [Wed, 2 Aug 2017 13:43:47 +0000 (15:43 +0200)]
mirror-anu is on stretch, remove from experimental_apache

7 years agosamhain: disable SUID/SGID checks
Aurelien Jarno [Sun, 30 Jul 2017 12:08:50 +0000 (14:08 +0200)]
samhain: disable SUID/SGID checks

The SUID/SGID checks have been enabled in our configuration file
since the beginning, but have been actually active only for stretch
hosts as the jessie version of samhain is built without SUID/SGID
check support.

These checks are not very flexible, as it's only possible to specify a
single excluded directory, while we want to avoid walking both /srv and
/home. However they are also not very useful in our use case, as files
which get a SUID/SGID bit flipped will appear as changed.

Therefore simply disable the SUID/SGID checks.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoDo not backup the Apache disk cache
Paul Wise [Sun, 30 Jul 2017 03:58:40 +0000 (23:58 -0400)]
Do not backup the Apache disk cache

Avoids warnings due to races when it is cleaned/backed up at the same time:

Could not stat "/var/cache/apache2/mod_cache_disk/r/k/txeIh19LMLMAVeQKsKcg.header": ERR=No such file or directory

7 years agoupdatemotd exec is not used anywhere anymore. Remove.
Peter Palfrader [Wed, 26 Jul 2017 09:13:22 +0000 (11:13 +0200)]
updatemotd exec is not used anywhere anymore.  Remove.

7 years ago/var/run/motd no longer exists on stretch, link /etc/motd to /run/motd.dynamic instead
Peter Palfrader [Wed, 26 Jul 2017 09:12:02 +0000 (11:12 +0200)]
/var/run/motd no longer exists on stretch, link /etc/motd to /run/motd.dynamic instead

7 years agoThese host_blacklist entries seem to not be effective, but the envelope sender entry...
Peter Palfrader [Mon, 24 Jul 2017 14:48:20 +0000 (16:48 +0200)]
These host_blacklist entries seem to not be effective, but the envelope sender entry in blacklist does the job

7 years agoAlso add the dnsname healthtorpedo.com to the blacklist
Peter Palfrader [Mon, 24 Jul 2017 11:11:33 +0000 (13:11 +0200)]
Also add the dnsname healthtorpedo.com to the blacklist

7 years agoenvelope from is double-bounce@healthtorpedo.com for the crap we are seeing
Peter Palfrader [Mon, 24 Jul 2017 11:07:04 +0000 (13:07 +0200)]
envelope from is double-bounce@healthtorpedo.com for the crap we are seeing

7 years agoextend blacklist to 155.133.38.0/24 for sending us backscatter
Peter Palfrader [Sun, 23 Jul 2017 18:34:04 +0000 (20:34 +0200)]
extend blacklist to 155.133.38.0/24 for sending us backscatter

7 years agoblacklist 155.133.38.26 for sending us backscatter
Peter Palfrader [Sun, 23 Jul 2017 17:58:25 +0000 (19:58 +0200)]
blacklist 155.133.38.26 for sending us backscatter

7 years agonew network space for weasel
Peter Palfrader [Sat, 22 Jul 2017 19:06:54 +0000 (21:06 +0200)]
new network space for weasel

7 years agoremove senfter from experimental_apache
Julien Cristau [Sat, 22 Jul 2017 18:35:49 +0000 (20:35 +0200)]
remove senfter from experimental_apache

It's on stretch now.

7 years agowieck is on stretch, remove from experimental_apache
Julien Cristau [Sat, 22 Jul 2017 16:17:41 +0000 (18:17 +0200)]
wieck is on stretch, remove from experimental_apache

7 years agoAdd https://release.d.o/oldstable-proposed-updates as an alias to /proposed-updates
Julien Cristau [Sat, 22 Jul 2017 11:18:39 +0000 (13:18 +0200)]
Add https://release.d.o/oldstable-proposed-updates as an alias to /proposed-updates

Signed-off-by: Julien Cristau <jcristau@debian.org>
7 years agoBlacklist MAILER-DAEMON@healthtorpedo.com
Paul Wise [Sat, 22 Jul 2017 04:12:53 +0000 (14:12 +1000)]
Blacklist MAILER-DAEMON@healthtorpedo.com

It is continuing to mail postmaster@debian.com with this output:

Transcript of session follows.

 Out: 220 healthtorpedo.com ESMTP Postfix (Ubuntu)
 In:  EHLO cash-miner.com
 Out: 250-healthtorpedo.com
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-STARTTLS
 Out: 250-ENHANCEDSTATUSCODES
 Out: 250-8BITMIME
 Out: 250 DSN
 In:  MAIL FROM:<postmaster@healthtorpedo.com>
 Out: 452 4.3.1 Insufficient system storage
 Out: 421 4.7.0 healthtorpedo.com Error: too many errors

Session aborted, reason: too many errors

For other details, see the local mail logfile

7 years agoBypass web caches for the NetworkManager connection tests
Daniel Aleksandersen [Thu, 20 Jul 2017 00:16:22 +0000 (10:16 +1000)]
Bypass web caches for the NetworkManager connection tests

Ensures users are testing their network instead of their cache/proxy.

Reported-in: https://ctrl.blog/entry/network-connection-http-checks
Suggested-in: <1500474664.14216.2.camel@daniel.priv.no>
Signed-off-by: Paul Wise <pabs@debian.org>
7 years agoUse full path to bconsole more
Paul Wise [Thu, 20 Jul 2017 00:07:47 +0000 (10:07 +1000)]
Use full path to bconsole more

The upgrade to stretch removed a compat symlink leading to tracebacks:

Traceback (most recent call last):
  File "/etc/bacula/scripts/volumes-delete-old", line 118, in <module>
    p = subprocess.Popen(['bconsole'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  File "/usr/lib/python3.5/subprocess.py", line 676, in __init__
    restore_signals, start_new_session)
  File "/usr/lib/python3.5/subprocess.py", line 1282, in _execute_child
    raise child_exception_type(errno_num, err_msg)
FileNotFoundError: [Errno 2] No such file or directory: 'bconsole'

Fixes: commit 1abd64e991921cfbc61cf769141e519510d1b671

7 years agoUse full path to bconsole
Paul Wise [Wed, 19 Jul 2017 02:11:34 +0000 (12:11 +1000)]
Use full path to bconsole

The upgrade to stretch removed a compat symlink leading to tracebacks:

Traceback (most recent call last):
  File "/etc/bacula/scripts/volumes-delete-old", line 118, in <module>
    p = subprocess.Popen(['bconsole'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  File "/usr/lib/python3.5/subprocess.py", line 676, in __init__
    restore_signals, start_new_session)
  File "/usr/lib/python3.5/subprocess.py", line 1282, in _execute_child
    raise child_exception_type(errno_num, err_msg)
FileNotFoundError: [Errno 2] No such file or directory: 'bconsole'

7 years agosetup-dchroot: don't create an lts alias
Aurelien Jarno [Tue, 18 Jul 2017 08:50:42 +0000 (10:50 +0200)]
setup-dchroot: don't create an lts alias

squeeze-lts is gone and wheezy uses the security suite for lts.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
7 years agoUse systemd::override instead of manual bacula-fd.service.d/user.conf
Peter Palfrader [Mon, 17 Jul 2017 13:22:23 +0000 (15:22 +0200)]
Use systemd::override instead of manual bacula-fd.service.d/user.conf

7 years agoonly notify service if defined
Peter Palfrader [Mon, 17 Jul 2017 13:13:31 +0000 (15:13 +0200)]
only notify service if defined

7 years agoActually pass-through $ensure
Peter Palfrader [Mon, 17 Jul 2017 13:12:08 +0000 (15:12 +0200)]
Actually pass-through $ensure

7 years agoAdd haveged service override to work around #858134
Peter Palfrader [Mon, 17 Jul 2017 13:10:34 +0000 (15:10 +0200)]
Add haveged service override to work around #858134

7 years agoonly notify service if defined
Peter Palfrader [Mon, 17 Jul 2017 13:09:59 +0000 (15:09 +0200)]
only notify service if defined

7 years agoAdd haveged facter
Peter Palfrader [Mon, 17 Jul 2017 13:02:41 +0000 (15:02 +0200)]
Add haveged facter

7 years agoignore libssl1.0.0 postgresql-client-9.4 on storace and backuphost
Peter Palfrader [Mon, 17 Jul 2017 09:51:26 +0000 (11:51 +0200)]
ignore libssl1.0.0 postgresql-client-9.4 on storace and backuphost

7 years agoignore libssl1.0.0 postgresql-client-9.4 on storace and backuphost
Peter Palfrader [Mon, 17 Jul 2017 09:50:06 +0000 (11:50 +0200)]
ignore libssl1.0.0 postgresql-client-9.4 on storace and backuphost

7 years agobacula-director needs DNS to launch
Peter Palfrader [Mon, 17 Jul 2017 09:48:12 +0000 (09:48 +0000)]
bacula-director needs DNS to launch

7 years agooverride for bacula-sd: set group and supplementary group
Peter Palfrader [Mon, 17 Jul 2017 09:47:07 +0000 (09:47 +0000)]
override for bacula-sd: set group and supplementary group

7 years agosyntax fix
Peter Palfrader [Mon, 17 Jul 2017 09:46:48 +0000 (09:46 +0000)]
syntax fix

7 years agoand restart service in question
Peter Palfrader [Mon, 17 Jul 2017 09:45:24 +0000 (09:45 +0000)]
and restart service in question

7 years agofix notify for systemd::override absent case
Peter Palfrader [Mon, 17 Jul 2017 09:44:37 +0000 (09:44 +0000)]
fix notify for systemd::override absent case

7 years agoAdd systemd override unit
Peter Palfrader [Mon, 17 Jul 2017 09:29:35 +0000 (11:29 +0200)]
Add systemd override unit

7 years agoAdd 2017 DNS root key
Peter Palfrader [Wed, 12 Jul 2017 14:33:17 +0000 (16:33 +0200)]
Add 2017 DNS root key

7 years agoMaybe also support shutdown check on stretch
Peter Palfrader [Sat, 15 Jul 2017 21:09:43 +0000 (23:09 +0200)]
Maybe also support shutdown check on stretch

7 years agoRevert "Don't push incoming to klecker"
Julien Cristau [Wed, 12 Jul 2017 12:38:44 +0000 (14:38 +0200)]
Revert "Don't push incoming to klecker"

This reverts commit 8518814d3c5330902bd83d12055f43babc293255.

7 years agonew rsync option from stretch rsync clients
Peter Palfrader [Wed, 12 Jul 2017 12:12:00 +0000 (14:12 +0200)]
new rsync option from stretch rsync clients

7 years agoNew ipv6 addresses for klecker
Julien Cristau [Wed, 5 Jul 2017 18:12:41 +0000 (20:12 +0200)]
New ipv6 addresses for klecker

7 years agosuchon is an upload host (*.security.upload.debian.org)
Julien Cristau [Wed, 5 Jul 2017 16:31:30 +0000 (18:31 +0200)]
suchon is an upload host (*.security.upload.debian.org)

7 years agoAdd suchon
Julien Cristau [Wed, 5 Jul 2017 16:09:32 +0000 (18:09 +0200)]
Add suchon

7 years agoexim: postgrey in stretch handles host to network address translation
Julien Cristau [Tue, 4 Jul 2017 18:59:29 +0000 (20:59 +0200)]
exim: postgrey in stretch handles host to network address translation

Rather than using ${mask:...} in the exim config, we can let postgrey do
this on its own.  Otherwise, it gets confused with ipv6 addresses using
dots instead of colons as separators, and crashes
(https://bugs.debian.org/867201).

7 years agoOne bconsole run per truncate run
Peter Palfrader [Tue, 4 Jul 2017 13:36:13 +0000 (15:36 +0200)]
One bconsole run per truncate run

7 years agostring stuff for py3
Peter Palfrader [Tue, 4 Jul 2017 09:39:19 +0000 (11:39 +0200)]
string stuff for py3

7 years agovolumes-delete-old update
Peter Palfrader [Tue, 4 Jul 2017 09:28:15 +0000 (11:28 +0200)]
volumes-delete-old update

7 years agodelete old volumes daily
Peter Palfrader [Tue, 4 Jul 2017 09:21:29 +0000 (11:21 +0200)]
delete old volumes daily

7 years agomove crontab to file
Peter Palfrader [Tue, 4 Jul 2017 09:21:18 +0000 (11:21 +0200)]
move crontab to file

7 years agorename get-deleteable-volumes -> volumes-delete-old
Peter Palfrader [Tue, 4 Jul 2017 09:20:14 +0000 (11:20 +0200)]
rename get-deleteable-volumes -> volumes-delete-old

7 years agoAdd script to find deletable volumes
Peter Palfrader [Tue, 4 Jul 2017 09:14:07 +0000 (11:14 +0200)]
Add script to find deletable volumes

7 years agoMake volume-purge-action learn about mediatypes from the DB
Peter Palfrader [Tue, 4 Jul 2017 09:10:35 +0000 (11:10 +0200)]
Make volume-purge-action learn about mediatypes from the DB

7 years agoAllow thijs tcpdump on klecker
Tollef Fog Heen [Mon, 3 Jul 2017 09:58:37 +0000 (11:58 +0200)]
Allow thijs tcpdump on klecker

7 years agofix a link
Peter Palfrader [Sun, 2 Jul 2017 18:48:28 +0000 (20:48 +0200)]
fix a link

7 years agoUpdate apache2 cipher preferences from https://mozilla.github.io/server-side-tls...
Peter Palfrader [Sun, 2 Jul 2017 18:45:35 +0000 (20:45 +0200)]
Update apache2 cipher preferences from https://mozilla.github.io/server-side-tls/ssl-config-generator/

7 years agoRevert "redirect linux updates to security-cdn"
Aurelien Jarno [Sat, 1 Jul 2017 19:57:58 +0000 (21:57 +0200)]
Revert "redirect linux updates to security-cdn"

This reverts commit b6f21532b07dfcb35d059d46913c306ea19c50e8.

7 years agoSend stderr from dpkg-query to /dev/null to avoid cron spam
Tollef Fog Heen [Sat, 1 Jul 2017 13:18:48 +0000 (15:18 +0200)]
Send stderr from dpkg-query to /dev/null to avoid cron spam

7 years agoFix up tor fact to not complain if the package has been purged
Tollef Fog Heen [Sat, 1 Jul 2017 07:42:04 +0000 (09:42 +0200)]
Fix up tor fact to not complain if the package has been purged

`dpkg -l $package` will return 0 if the package has been purged, so a
proper test for it instead.  Also add a pair of quotes to make `dpkg
--compare-versions` not complain.

7 years agoDon't push incoming to klecker
Julien Cristau [Wed, 28 Jun 2017 16:55:56 +0000 (09:55 -0700)]
Don't push incoming to klecker

klecker is already out of static rotation in auto-dns, and we're having
connectivity issues from fasolo, so this should be safe until we get
that resolved.

7 years agoRevert "Don't push incoming to klecker"
Julien Cristau [Wed, 28 Jun 2017 16:58:05 +0000 (09:58 -0700)]
Revert "Don't push incoming to klecker"

This reverts commit 3c6303312627c8662f12ca1431e81c12186847f9.

Turns out incoming and incoming.ports aren't the same thing.