mirror/dsa-puppet.git
9 months agoNote that exim contains tracker-specific configuration master
Adam D. Barratt [Fri, 18 Oct 2019 20:59:06 +0000 (21:59 +0100)]
Note that exim contains tracker-specific configuration

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoIndicate that ticharich needs trackermaster exim config
Adam D. Barratt [Fri, 18 Oct 2019 20:58:33 +0000 (21:58 +0100)]
Indicate that ticharich needs trackermaster exim config

RT#7283

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim: use a different local part suffix for tracker virtual users
Adam D. Barratt [Fri, 18 Oct 2019 20:58:03 +0000 (21:58 +0100)]
exim: use a different local part suffix for tracker virtual users

Part of RT#7283

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim: allow a host to indicate that it is the master for tracker.d.o
Adam D. Barratt [Fri, 18 Oct 2019 20:56:31 +0000 (21:56 +0100)]
exim: allow a host to indicate that it is the master for tracker.d.o

Part of RT#7283

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: add logging for Subject headers
Adam D. Barratt [Thu, 17 Oct 2019 19:37:34 +0000 (20:37 +0100)]
eximconf: add logging for Subject headers

For troubleshooting and to provide input to policy decisions

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoftp-master as historical_master (part of RT#7644)
Julien Cristau [Wed, 16 Oct 2019 14:46:25 +0000 (16:46 +0200)]
ftp-master as historical_master (part of RT#7644)

9 months agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Tue, 15 Oct 2019 16:47:20 +0000 (18:47 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

9 months agoyamlinfo: use different dir to list all nodes
Peter Palfrader [Tue, 15 Oct 2019 11:02:26 +0000 (13:02 +0200)]
yamlinfo: use different dir to list all nodes

We used Dir.entries('/var/lib/puppet/yaml/node/') to get a list of all
nodes.  That dir is now empty.  Switch to using
Dir.entries('/var/lib/puppet/yaml/facts/').

Both are probably bad, but yamlinfo() should be phased out in favor of
hiera/puppetdb anyhow, so for now this is a temporary fix.

9 months agoCatch empty *info when we get it from the functions in modules/deprecated
Peter Palfrader [Tue, 15 Oct 2019 11:01:35 +0000 (13:01 +0200)]
Catch empty *info when we get it from the functions in modules/deprecated

9 months agoCatch empty data arrays at start of entropy_provider function
Peter Palfrader [Tue, 15 Oct 2019 11:01:10 +0000 (13:01 +0200)]
Catch empty data arrays at start of entropy_provider function

9 months agoeximconf: include RBL response value in reject messages
Adam D. Barratt [Mon, 14 Oct 2019 21:25:04 +0000 (22:25 +0100)]
eximconf: include RBL response value in reject messages

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: reject bounces to "neversender" addresses
Adam D. Barratt [Mon, 14 Oct 2019 21:19:42 +0000 (22:19 +0100)]
eximconf: reject bounces to "neversender" addresses

If an address never originates mail then there is no reason for it to be
receiving NDRs

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agofail2ban: (strictly) ban hosts that are well over the ratelimit
Adam D. Barratt [Mon, 14 Oct 2019 20:24:38 +0000 (21:24 +0100)]
fail2ban: (strictly) ban hosts that are well over the ratelimit

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: more RBLs for the default set
Adam D. Barratt [Mon, 14 Oct 2019 20:08:33 +0000 (21:08 +0100)]
eximconf: more RBLs for the default set

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim_surbl.pl: enable DBL checks
Adam D. Barratt [Mon, 14 Oct 2019 19:54:08 +0000 (20:54 +0100)]
exim_surbl.pl: enable DBL checks

This should be safe enough to do by default

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: add more RBL config to the default options setup
Adam D. Barratt [Mon, 14 Oct 2019 19:44:38 +0000 (20:44 +0100)]
eximconf: add more RBL config to the default options setup

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: switch default options back to on
Adam D. Barratt [Mon, 14 Oct 2019 19:25:42 +0000 (20:25 +0100)]
eximconf: switch default options back to on

The ud-ldap change has been deployed, so the frontends now have access
to the full set of options.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agodebian_org: lint fixes
Julien Cristau [Mon, 14 Oct 2019 18:18:31 +0000 (20:18 +0200)]
debian_org: lint fixes

9 months agoFix yet another typo
Julien Cristau [Mon, 14 Oct 2019 18:00:08 +0000 (20:00 +0200)]
Fix yet another typo

9 months agoI should learn to type
Julien Cristau [Mon, 14 Oct 2019 17:54:52 +0000 (19:54 +0200)]
I should learn to type

9 months agoUse a pre-up script to turn off accept_ra
Julien Cristau [Mon, 14 Oct 2019 17:52:12 +0000 (19:52 +0200)]
Use a pre-up script to turn off accept_ra

Turns out the /all/ sysctl is a no-op.

9 months agoeximconf: only set "greylisting requested" flag for handled domains
Adam D. Barratt [Sun, 13 Oct 2019 19:12:06 +0000 (20:12 +0100)]
eximconf: only set "greylisting requested" flag for handled domains

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: skip greylisting for hosts with high dnswl.org trust
Adam D. Barratt [Sun, 13 Oct 2019 18:24:25 +0000 (19:24 +0100)]
eximconf: skip greylisting for hosts with high dnswl.org trust

It's unlikely to do anything other than delay mail in these cases

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim blacklist: remove escape protection
Adam D. Barratt [Sun, 13 Oct 2019 18:14:17 +0000 (19:14 +0100)]
exim blacklist: remove escape protection

It's only needed in lists within the configuration, not in files
used for searches.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim blacklist: simplify whole-domain entries
Adam D. Barratt [Sun, 13 Oct 2019 16:16:47 +0000 (17:16 +0100)]
exim blacklist: simplify whole-domain entries

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim blacklist: add more recent spammers
Adam D. Barratt [Sun, 13 Oct 2019 16:11:48 +0000 (17:11 +0100)]
exim blacklist: add more recent spammers

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: assume that unlisted recipients don't want default options
Adam D. Barratt [Sun, 13 Oct 2019 07:37:26 +0000 (08:37 +0100)]
eximconf: assume that unlisted recipients don't want default options

At least until mail-default-options.db lists all users.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim: add some RBLs for secretary@d.o (RT#5281)
Adam D. Barratt [Sat, 12 Oct 2019 21:55:58 +0000 (22:55 +0100)]
exim: add some RBLs for secretary@d.o (RT#5281)

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim: enable greylisting for secretary@d.o (RT#5281)
Adam D. Barratt [Sat, 12 Oct 2019 21:53:20 +0000 (22:53 +0100)]
exim: enable greylisting for secretary@d.o (RT#5281)

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: spacing fix
Adam D. Barratt [Sat, 12 Oct 2019 21:49:53 +0000 (22:49 +0100)]
eximconf: spacing fix

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: re-do "enable greylisting for users with default options"
Adam D. Barratt [Sat, 12 Oct 2019 21:05:07 +0000 (22:05 +0100)]
eximconf: re-do "enable greylisting for users with default options"

The previous attempt failed due to the fact that the right-hand-side
of match_* conditions is not expanded, for security reasons.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoRevert "eximconf: enable greylisting for users with default options"
Julien Cristau [Sat, 12 Oct 2019 20:03:07 +0000 (22:03 +0200)]
Revert "eximconf: enable greylisting for users with default options"

Seems to break with "missing } at end of condition inside "or" group"

This reverts commit 08a1906121670d960592fbbf6ec489ff54c8b64c.

9 months agovirtualdomains-mailrelay.erb: add tracker.debian.org
Adam D. Barratt [Sat, 12 Oct 2019 15:37:55 +0000 (16:37 +0100)]
virtualdomains-mailrelay.erb: add tracker.debian.org

This is required in order to allow spam filtering on the frontends for
the domain. Mail delivery (and thus alias checking) is still handled
by the tracker server itself.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: enable greylisting for users with default options
Adam D. Barratt [Sat, 12 Oct 2019 12:09:07 +0000 (13:09 +0100)]
eximconf: enable greylisting for users with default options

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: also use GREYLIST_LOCAL_PARTS for greylistd
Adam D. Barratt [Fri, 11 Oct 2019 19:54:25 +0000 (20:54 +0100)]
eximconf: also use GREYLIST_LOCAL_PARTS for greylistd

In addition to reducing duplication, this also brings the fixes applied
to postgrey support in 82efd346ca1500048366eac43d191c1a2a7d01fc to the
greylistd checks.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: add a macro to check if the user wants "default options"
Adam D. Barratt [Fri, 11 Oct 2019 18:23:25 +0000 (19:23 +0100)]
eximconf: add a macro to check if the user wants "default options"

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: remove "temporary weasel hack"
Adam D. Barratt [Fri, 11 Oct 2019 16:52:00 +0000 (17:52 +0100)]
eximconf: remove "temporary weasel hack"

The affected tickets have been closed since 2012, so that's probably
been temporary enough now. :)

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: migrate from CDB to BDB for ud-ldap generated files (RT#4648)
Adam D. Barratt [Thu, 10 Oct 2019 19:21:57 +0000 (20:21 +0100)]
eximconf: migrate from CDB to BDB for ud-ldap generated files (RT#4648)

The BDB files use keys that are not null-terminated, so we must use the
"dbmnz" lookup type, rather than the more generally obvious "dbm"

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoFix dependency loop in mirror_health when a service is set to absent: the file need...
Peter Palfrader [Fri, 11 Oct 2019 09:13:41 +0000 (11:13 +0200)]
Fix dependency loop in mirror_health when a service is set to absent:  the file need not notify the service as the service subscribes to the file if enable is present

9 months agomirror-health: don't (ab)use the proxy interface
Julien Cristau [Wed, 9 Oct 2019 13:56:26 +0000 (15:56 +0200)]
mirror-health: don't (ab)use the proxy interface

monkey-patch urllib3.util.connection.create_connection to override
address resolution, which is ugly but makes this work with https.

9 months agoRetire dsa-is-shutdown-scheduled in favor of test -e /run/systemd/shutdown/scheduled
Peter Palfrader [Wed, 9 Oct 2019 09:08:04 +0000 (11:08 +0200)]
Retire dsa-is-shutdown-scheduled in favor of test -e /run/systemd/shutdown/scheduled

9 months agoRemove local-scheduled-shutdown check
Peter Palfrader [Wed, 9 Oct 2019 08:53:52 +0000 (10:53 +0200)]
Remove local-scheduled-shutdown check

We had a cronjob that would run dsa-is-shutdown-scheduled every two
minutes and touch a file in /run that was then exposed via apache
as /shutdown-in-progress.  However, nothing appears to use this.
In particular, the fastly health checker uses /_health which is
backed by a service specific health service.

9 months agoIgnore doc and .yardoc directories created by the linter
Peter Palfrader [Wed, 9 Oct 2019 08:53:23 +0000 (10:53 +0200)]
Ignore doc and .yardoc directories created by the linter

9 months agolong options are king
Peter Palfrader [Tue, 8 Oct 2019 18:53:47 +0000 (20:53 +0200)]
long options are king

9 months agodbmaster: enable puppet-restricted-acl.conf apache snippet
Julien Cristau [Tue, 8 Oct 2019 17:53:07 +0000 (19:53 +0200)]
dbmaster: enable puppet-restricted-acl.conf apache snippet

9 months agodbmaster: make lint happy
Julien Cristau [Tue, 8 Oct 2019 15:18:38 +0000 (17:18 +0200)]
dbmaster: make lint happy

9 months agoMake the apt_restricted acl an apache macro
Julien Cristau [Tue, 8 Oct 2019 15:09:22 +0000 (17:09 +0200)]
Make the apt_restricted acl an apache macro

9 months agodebian_org::apt_restricted: fix fragment name
Julien Cristau [Tue, 8 Oct 2019 14:41:07 +0000 (16:41 +0200)]
debian_org::apt_restricted: fix fragment name

9 months agodebian_org::apt_restricted: base::public_addresses is an array
Julien Cristau [Tue, 8 Oct 2019 14:37:17 +0000 (16:37 +0200)]
debian_org::apt_restricted: base::public_addresses is an array

9 months agoGenerate the apache ACL for draghi's "restricted" repo (RT#7962)
Julien Cristau [Tue, 8 Oct 2019 14:14:14 +0000 (16:14 +0200)]
Generate the apache ACL for draghi's "restricted" repo (RT#7962)

9 months agoprefix coccia volumes at bm with OLD-
Julien Cristau [Tue, 8 Oct 2019 10:27:16 +0000 (12:27 +0200)]
prefix coccia volumes at bm with OLD-

9 months agoautofs: add debian-debug at ubc
Julien Cristau [Mon, 7 Oct 2019 19:57:45 +0000 (21:57 +0200)]
autofs: add debian-debug at ubc

9 months agoUpdate stdlib and concat to 6.1.0 both
Peter Palfrader [Tue, 8 Oct 2019 06:11:14 +0000 (08:11 +0200)]
Update stdlib and concat to 6.1.0 both

9 months agoSuggest different variables to use if we want to tunnel both v4 and v6
Peter Palfrader [Tue, 8 Oct 2019 06:01:53 +0000 (08:01 +0200)]
Suggest different variables to use if we want to tunnel both v4 and v6

9 months agodocument the ipsec::network and ipsec::peer manifests, change default address to...
Peter Palfrader [Tue, 8 Oct 2019 05:59:03 +0000 (07:59 +0200)]
document the ipsec::network and ipsec::peer manifests, change default address to the one in base::, and add proper prefixlengths to raw ip addresses in the networks list

9 months agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Mon, 7 Oct 2019 19:39:28 +0000 (21:39 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

9 months agococcia and usper no longer need access to projectb on bmdb1
Julien Cristau [Mon, 7 Oct 2019 19:38:06 +0000 (21:38 +0200)]
coccia and usper no longer need access to projectb on bmdb1

9 months agowuiet.d.o no longer needs access to projectb on bmdb1
Aurelien Jarno [Mon, 7 Oct 2019 19:34:38 +0000 (21:34 +0200)]
wuiet.d.o no longer needs access to projectb on bmdb1

9 months agoGive wuiet.d.o access to the ubc projectb replica
Aurelien Jarno [Mon, 7 Oct 2019 19:20:47 +0000 (21:20 +0200)]
Give wuiet.d.o access to the ubc projectb replica

9 months agoexim blacklist: also bounce@pro2aut2.com
Adam D. Barratt [Mon, 7 Oct 2019 19:18:56 +0000 (20:18 +0100)]
exim blacklist: also bounce@pro2aut2.com

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: log information about MIME parts
Adam D. Barratt [Mon, 7 Oct 2019 18:31:20 +0000 (19:31 +0100)]
eximconf: log information about MIME parts

This provides some useful debugging information. Initially it will be
used to survey the likelihood of legitimate attachments being blocked
if further rules are introduced. For this reason, we only log the
"extension", not the full filename.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoexim blacklist: add info@pro2aut2.com
Adam D. Barratt [Mon, 7 Oct 2019 18:29:20 +0000 (19:29 +0100)]
exim blacklist: add info@pro2aut2.com

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoautofs: add debian-buildd at ubc (RT#7993)
Julien Cristau [Mon, 7 Oct 2019 15:53:27 +0000 (17:53 +0200)]
autofs: add debian-buildd at ubc (RT#7993)

9 months agomove coccia to ubc
Julien Cristau [Mon, 7 Oct 2019 15:11:35 +0000 (17:11 +0200)]
move coccia to ubc

9 months agoMove has_static_component function to modules/staticsync
Peter Palfrader [Mon, 7 Oct 2019 11:12:31 +0000 (13:12 +0200)]
Move has_static_component function to modules/staticsync

9 months agovolumes for coccia at ubc
Julien Cristau [Mon, 7 Oct 2019 08:41:42 +0000 (10:41 +0200)]
volumes for coccia at ubc

9 months agoupdate lfilipoz email address for bacula reports
Luca Filipozzi [Mon, 7 Oct 2019 00:39:49 +0000 (17:39 -0700)]
update lfilipoz email address for bacula reports

9 months agoeximconf: put the escapes in the right places in RT_SUBJECT
Adam D. Barratt [Sat, 5 Oct 2019 11:32:33 +0000 (12:32 +0100)]
eximconf: put the escapes in the right places in RT_SUBJECT

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoeximconf: add explanatory comment for RT_SUBJECT's escaping
Adam D. Barratt [Thu, 3 Oct 2019 18:29:17 +0000 (19:29 +0100)]
eximconf: add explanatory comment for RT_SUBJECT's escaping

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
9 months agoThe nm user also wants lingering
Julien Cristau [Sat, 5 Oct 2019 10:10:42 +0000 (12:10 +0200)]
The nm user also wants lingering

9 months agoEnable lingering for the contributors user
Julien Cristau [Sat, 5 Oct 2019 10:04:42 +0000 (12:04 +0200)]
Enable lingering for the contributors user

Per enrico.

9 months agoAdd sudo entries for new nm-web, contributors, contributors-web users
Julien Cristau [Sat, 5 Oct 2019 09:40:54 +0000 (11:40 +0200)]
Add sudo entries for new nm-web, contributors, contributors-web users

9 months agonm.d.o no longer needs access to projectb on bmdb1
Julien Cristau [Fri, 4 Oct 2019 15:10:53 +0000 (17:10 +0200)]
nm.d.o no longer needs access to projectb on bmdb1

9 months agoGive nm.d.o access to the ubc projectb replica
Julien Cristau [Fri, 4 Oct 2019 15:01:25 +0000 (17:01 +0200)]
Give nm.d.o access to the ubc projectb replica

9 months agoIt doesn't look like udd actually uses projectb; remove its guest access
Julien Cristau [Fri, 4 Oct 2019 14:16:24 +0000 (16:16 +0200)]
It doesn't look like udd actually uses projectb; remove its guest access

9 months agoUse unique names for pg_hba.conf entries
Julien Cristau [Fri, 4 Oct 2019 13:47:55 +0000 (15:47 +0200)]
Use unique names for pg_hba.conf entries

9 months agoFix class name
Julien Cristau [Fri, 4 Oct 2019 13:45:40 +0000 (15:45 +0200)]
Fix class name

9 months agogive udd access to the projectb copy on danzi
Julien Cristau [Fri, 4 Oct 2019 13:39:47 +0000 (15:39 +0200)]
give udd access to the projectb copy on danzi

10 months agostaticsync: let's assume that IPv6 is not worse than IPv4
Aurelien Jarno [Thu, 3 Oct 2019 20:55:26 +0000 (22:55 +0200)]
staticsync: let's assume that IPv6 is not worse than IPv4

10 months agoeximconf: fix escaping in RT_SUBJECT macro
Adam D. Barratt [Thu, 3 Oct 2019 15:16:45 +0000 (16:16 +0100)]
eximconf: fix escaping in RT_SUBJECT macro

It's included in a doule-quoted string, which imposes extra escaping
requirements

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoTurn off accept_ra sysctl everywhere
Julien Cristau [Wed, 2 Oct 2019 20:03:15 +0000 (22:03 +0200)]
Turn off accept_ra sysctl everywhere

10 months agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Wed, 2 Oct 2019 20:00:13 +0000 (22:00 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

10 months agoeximconf: more comments
Adam D. Barratt [Wed, 2 Oct 2019 19:54:58 +0000 (20:54 +0100)]
eximconf: more comments

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoeximconf: reject mail based on SORBS's "no mail" / "no servers" lists
Adam D. Barratt [Wed, 2 Oct 2019 18:54:13 +0000 (19:54 +0100)]
eximconf: reject mail based on SORBS's "no mail" / "no servers" lists

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoexim/common/rhsbllist: Stop using the obsolete rfc-ignorant.org DNSBLs
Adam D. Barratt [Wed, 2 Oct 2019 18:21:40 +0000 (19:21 +0100)]
exim/common/rhsbllist: Stop using the obsolete rfc-ignorant.org DNSBLs

See https://web.archive.org/web/20121123184538/http://www.rfc-ignorant.org/endofanera.php

The mantle - and initially the dataset - has been taken over by
rfc-clueless.org. However, their DSN list contains (and it appears
will contain to contain), amongst others, Google, which makes it an
unsuitable choice for "default" role address filtering.

As such, the users of the "bogus MX" list are moved over to the new
domain, and the DSN list is dropped.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoFix /etc/exim4/submission-domains generation harder
Julien Cristau [Wed, 2 Oct 2019 07:22:12 +0000 (09:22 +0200)]
Fix /etc/exim4/submission-domains generation harder

10 months agoFix /etc/exim4/submission-domains generation
Julien Cristau [Wed, 2 Oct 2019 07:20:27 +0000 (09:20 +0200)]
Fix /etc/exim4/submission-domains generation

10 months agoMerge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet
Julien Cristau [Wed, 2 Oct 2019 07:12:12 +0000 (09:12 +0200)]
Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet

10 months agoRename exim::submission-domain.pp to drop the "-"
Adam D. Barratt [Wed, 2 Oct 2019 07:07:39 +0000 (08:07 +0100)]
Rename exim::submission-domain.pp to drop the "-"

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoexim blacklist: add more recent offenders
Adam D. Barratt [Tue, 1 Oct 2019 12:59:06 +0000 (13:59 +0100)]
exim blacklist: add more recent offenders

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoexim: build submission domain list dynamically
Adam D. Barratt [Tue, 1 Oct 2019 12:55:34 +0000 (13:55 +0100)]
exim: build submission domain list dynamically

and have the bugs_master role declare that it handles bugs.d.o

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoeximconf: only define RT_SUBJECT on RT master
Adam D. Barratt [Sun, 29 Sep 2019 21:10:26 +0000 (22:10 +0100)]
eximconf: only define RT_SUBJECT on RT master

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoeximconf: macroise RT Subject header replacement
Adam D. Barratt [Sun, 29 Sep 2019 20:17:05 +0000 (21:17 +0100)]
eximconf: macroise RT Subject header replacement

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoeximconf: unfold Subject headers before processing in RT routers
Adam D. Barratt [Sun, 29 Sep 2019 19:17:54 +0000 (20:17 +0100)]
eximconf: unfold Subject headers before processing in RT routers

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoexim blacklist: use simpler matches
Adam D. Barratt [Sun, 29 Sep 2019 19:14:19 +0000 (20:14 +0100)]
exim blacklist: use simpler matches

The regular expression versions are more specific, but don't appear
to want to actually match.

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoeximconf: use \N rather than double escaping
Adam D. Barratt [Sun, 29 Sep 2019 18:16:40 +0000 (19:16 +0100)]
eximconf: use \N rather than double escaping

Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
10 months agoUse ttyS1 on csail-node0[12]
Julien Cristau [Tue, 1 Oct 2019 18:16:28 +0000 (20:16 +0200)]
Use ttyS1 on csail-node0[12]

10 months agoupload hosts towards ftp-master need read access to the bm dak replica
Peter Palfrader [Tue, 1 Oct 2019 13:46:47 +0000 (15:46 +0200)]
upload hosts towards ftp-master need read access to the bm dak replica

10 months agoretire manual firewalling on bmdb1 for dak replica access
Peter Palfrader [Tue, 1 Oct 2019 13:24:17 +0000 (15:24 +0200)]
retire manual firewalling on bmdb1 for dak replica access

10 months agomanage bmdb1/dak pg_hba: fix common.yaml
Peter Palfrader [Tue, 1 Oct 2019 13:23:30 +0000 (15:23 +0200)]
manage bmdb1/dak pg_hba: fix common.yaml