Peter Palfrader [Wed, 12 Oct 2016 12:37:14 +0000 (14:37 +0200)]
LE cert for nm, contributors
Peter Palfrader [Wed, 12 Oct 2016 12:29:49 +0000 (14:29 +0200)]
LE cert for rt
Peter Palfrader [Wed, 12 Oct 2016 12:28:03 +0000 (14:28 +0200)]
LE cert for security-tracker
Peter Palfrader [Wed, 12 Oct 2016 12:24:31 +0000 (14:24 +0200)]
LE cert for sso
Peter Palfrader [Wed, 12 Oct 2016 12:23:35 +0000 (14:23 +0200)]
LE cert for vote
Peter Palfrader [Wed, 12 Oct 2016 07:23:48 +0000 (09:23 +0200)]
set TLSA port to 0 in preparation of cert roll for buildd, contributors, ftp-master, munin, nagios, nm, rt, security-tracker, sso, vote
Julien Cristau [Sun, 9 Oct 2016 16:14:27 +0000 (18:14 +0200)]
Move udd.d.o cert to letsencrypt
Julien Cristau [Sun, 9 Oct 2016 16:07:43 +0000 (18:07 +0200)]
Switch lists.d.o to letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 9 Oct 2016 15:43:55 +0000 (17:43 +0200)]
Switch to letsencrypt for api.ftp-master.d.o
Peter Palfrader [Sun, 9 Oct 2016 11:31:21 +0000 (13:31 +0200)]
disable TLSA for api.ftp-master, lists, and udd
Peter Palfrader [Sun, 9 Oct 2016 11:12:07 +0000 (13:12 +0200)]
HPKP for dgit
Peter Palfrader [Sun, 9 Oct 2016 11:09:58 +0000 (13:09 +0200)]
HPKP for debtags
Peter Palfrader [Sun, 9 Oct 2016 11:03:30 +0000 (13:03 +0200)]
Enable HTTP PKP for syncproxy vhosts
Peter Palfrader [Sun, 9 Oct 2016 07:15:00 +0000 (09:15 +0200)]
raise life-time of HPKP to 3hrs
Luca Filipozzi [Fri, 7 Oct 2016 06:47:00 +0000 (06:47 +0000)]
remove fubar.emyr.net from luca's list of hosts
Julien Cristau [Thu, 6 Oct 2016 18:06:14 +0000 (20:06 +0200)]
Decommission pkgmirror-1and1
Luca Filipozzi [Wed, 5 Oct 2016 04:00:14 +0000 (04:00 +0000)]
add IPv4 address for luca's new jumphost
Julien Cristau [Tue, 4 Oct 2016 18:28:12 +0000 (20:28 +0200)]
Restrict vsftpd to the security.d.o IPs on mirror-anu
Peter Palfrader [Tue, 4 Oct 2016 06:35:52 +0000 (08:35 +0200)]
raise max-age for HTTP Public Key Pins from 5 min to 1 hour
Martin Zobel-Helas [Mon, 3 Oct 2016 09:58:59 +0000 (11:58 +0200)]
add addresses to blacklist
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Wed, 28 Sep 2016 17:13:30 +0000 (19:13 +0200)]
rsync on gretchaninov
Julien Cristau [Wed, 28 Sep 2016 16:52:50 +0000 (18:52 +0200)]
HPKP for jenkins
Julien Cristau [Tue, 27 Sep 2016 21:05:16 +0000 (23:05 +0200)]
Switch to LE cert for jenkins
Peter Palfrader [Tue, 27 Sep 2016 12:07:41 +0000 (14:07 +0200)]
no need to ignore these maskings
Peter Palfrader [Tue, 27 Sep 2016 06:44:46 +0000 (08:44 +0200)]
Mask proc-sys-fs-binfmt_misc.automount
Julien Cristau [Tue, 27 Sep 2016 06:10:29 +0000 (08:10 +0200)]
Temporarily disable tlsa for jenkins
Peter Palfrader [Mon, 26 Sep 2016 20:08:54 +0000 (22:08 +0200)]
samhain: also accept changes in etc/apache2/conf-available
Peter Palfrader [Mon, 26 Sep 2016 17:50:11 +0000 (19:50 +0200)]
ubc autofs update
Peter Palfrader [Mon, 26 Sep 2016 17:44:05 +0000 (19:44 +0200)]
It appears we do not use nameserver or searchpath info from hoster.yaml
Peter Palfrader [Mon, 26 Sep 2016 17:42:35 +0000 (19:42 +0200)]
Fix ubc searchpath: use priv.ubc instead of ubc.priv
Peter Palfrader [Mon, 26 Sep 2016 17:40:42 +0000 (19:40 +0200)]
Revert "why do we have two places for hosters?"
This reverts commit
8c754dd0bea9537082a5a71dcbb1367a45af4a94.
Peter Palfrader [Mon, 26 Sep 2016 17:38:59 +0000 (19:38 +0200)]
retire brainfood as hoster
Peter Palfrader [Mon, 26 Sep 2016 17:37:24 +0000 (19:37 +0200)]
why do we have two places for hosters?
Peter Palfrader [Mon, 26 Sep 2016 17:35:17 +0000 (19:35 +0200)]
replace ubc bl[268] with ubc-enc2bl{2,9,10} as recursors
Peter Palfrader [Mon, 26 Sep 2016 17:33:30 +0000 (19:33 +0200)]
remove ubcece as a hoster - the definition is identical to ubc
Peter Palfrader [Mon, 26 Sep 2016 17:13:58 +0000 (19:13 +0200)]
add ubc autofs rules
Peter Palfrader [Mon, 26 Sep 2016 17:07:53 +0000 (19:07 +0200)]
make pin macros conditional on mod_macro being present
Luca Filipozzi [Mon, 26 Sep 2016 01:40:10 +0000 (01:40 +0000)]
new cable modem
Aurelien Jarno [Sat, 24 Sep 2016 19:39:28 +0000 (21:39 +0200)]
Update buxtehude IP on sonntag firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 24 Sep 2016 19:17:11 +0000 (21:17 +0200)]
Update ullmann IPs on bmdb1 firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 24 Sep 2016 17:07:39 +0000 (19:07 +0200)]
Remove extra .conf from apache config file
apache2::config already adds .conf to the file name.
Peter Palfrader [Sat, 24 Sep 2016 09:52:51 +0000 (11:52 +0200)]
Enable HPKP for all static sites
Peter Palfrader [Sat, 24 Sep 2016 09:42:04 +0000 (11:42 +0200)]
ship keys for d-i, dsa, and rtc
Peter Palfrader [Sat, 24 Sep 2016 09:19:27 +0000 (11:19 +0200)]
replace certs for d-i, dsa, and rtc with LE
Peter Palfrader [Sat, 24 Sep 2016 09:05:22 +0000 (09:05 +0000)]
change pin thing
Peter Palfrader [Fri, 23 Sep 2016 20:42:53 +0000 (22:42 +0200)]
ignore changes to /etc/apache2/conf-available/puppet-ssl-key-pins.conf
Peter Palfrader [Fri, 23 Sep 2016 20:40:10 +0000 (20:40 +0000)]
set pins always
Peter Palfrader [Fri, 23 Sep 2016 20:37:27 +0000 (20:37 +0000)]
ship pin set for people.debian.org
Peter Palfrader [Fri, 23 Sep 2016 20:36:54 +0000 (20:36 +0000)]
reload apache2 on pinset change
Peter Palfrader [Fri, 23 Sep 2016 20:35:09 +0000 (20:35 +0000)]
A gen_hpkp_pin function
Peter Palfrader [Fri, 23 Sep 2016 20:33:37 +0000 (20:33 +0000)]
reload apache2 on pinset change
Peter Palfrader [Fri, 23 Sep 2016 19:59:14 +0000 (21:59 +0200)]
concat does not like empty things
Peter Palfrader [Fri, 23 Sep 2016 19:57:30 +0000 (21:57 +0200)]
puppet-ssl-key-pins.conf is a concat, cannot set it as source/content
Peter Palfrader [Fri, 23 Sep 2016 19:54:11 +0000 (21:54 +0200)]
puppet-ssl-key-pins.conf
Peter Palfrader [Fri, 23 Sep 2016 19:53:00 +0000 (21:53 +0200)]
Support nocontentok for apache2::config
Peter Palfrader [Fri, 23 Sep 2016 19:51:17 +0000 (21:51 +0200)]
Dedicated block for absent case
Peter Palfrader [Fri, 23 Sep 2016 19:48:52 +0000 (21:48 +0200)]
We have no lsbmajdistrelease <= 7 hosts anymore
Aurelien Jarno [Fri, 23 Sep 2016 14:31:04 +0000 (16:31 +0200)]
We don't need tftpd on jenko.d.o anymore
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 22:14:19 +0000 (00:14 +0200)]
Update buxtehude and glinka NFS firewall
Now that buxtehude is also on the private network, we can use it instead
of the public IP. For that split the buxtehude and glinka configuration.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 20:04:58 +0000 (22:04 +0200)]
Add volumes for buxtehude on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 19:45:31 +0000 (21:45 +0200)]
Temporarily allow NFS to buxtehude and glinka from ullmann
Until we move buxtehude and glinka to the new UBC network where buxtehude,
glinka and ullmann can talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 15:18:36 +0000 (17:18 +0200)]
Drop multipath mappings for tye.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 14:56:53 +0000 (16:56 +0200)]
Temporarily allow NFS to glinka from tye
Until we move glinka to the new UBC network where glinka and tye can
talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Thu, 22 Sep 2016 12:43:55 +0000 (14:43 +0200)]
Add volumes for tye and ullmann on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Thu, 22 Sep 2016 11:32:31 +0000 (13:32 +0200)]
nfs-server on gretchaninov
Julien Cristau [Thu, 22 Sep 2016 10:11:27 +0000 (12:11 +0200)]
Add gretchaninov
Aurelien Jarno [Wed, 21 Sep 2016 22:52:34 +0000 (00:52 +0200)]
Replace micronews.debian.net by micronews.debian.org
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 22:07:10 +0000 (00:07 +0200)]
Drop multipath mappings for geo2, lotti and tchaikovsky on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 21:51:35 +0000 (23:51 +0200)]
Temporarily allow NFS to buxtehude from sonntag
Until we move buxtehude to the new UBC network where buxtehude and
sonntag can talk through the private network.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 13:33:08 +0000 (15:33 +0200)]
Fix a stupid typo in ganeti2.ubc.d.o multipath.conf
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 12:33:52 +0000 (14:33 +0200)]
Add volumes for geo2, lotti, muffat, sonntag and tchaikovsky on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Wed, 21 Sep 2016 10:38:20 +0000 (12:38 +0200)]
Allow access to danzi from the new UBC network
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 19:09:57 +0000 (21:09 +0200)]
Add volumes for danzi on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 10:53:43 +0000 (12:53 +0200)]
Drop multipath mappings for diabelli.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Tue, 20 Sep 2016 10:05:04 +0000 (12:05 +0200)]
menotti has moved, update its IP
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Tue, 20 Sep 2016 07:40:12 +0000 (09:40 +0200)]
enable prefetch in unbound
Peter Palfrader [Tue, 20 Sep 2016 06:15:16 +0000 (08:15 +0200)]
Set bacula Heartbeat Interval = 300 for all hosts at brown, not just frank
Aurelien Jarno [Mon, 19 Sep 2016 22:10:15 +0000 (00:10 +0200)]
Drop multipath mappings for nono.d.o and reger.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 22:07:34 +0000 (00:07 +0200)]
Allow access to danzi.d.o from ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 21:26:42 +0000 (23:26 +0200)]
nono has moved, update its IP
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Mon, 19 Sep 2016 20:42:37 +0000 (22:42 +0200)]
Add volumes for diabelli, menotti, nono and reger on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 21:23:11 +0000 (23:23 +0200)]
Drop multipath mappings for elgar.d.o and gombert.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sun, 18 Sep 2016 21:00:16 +0000 (23:00 +0200)]
Add debconf.org virtual domain
Aurelien Jarno [Sun, 18 Sep 2016 20:31:11 +0000 (22:31 +0200)]
Add volumes for elgar and gombert on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sun, 18 Sep 2016 19:10:31 +0000 (21:10 +0200)]
fix IO redirection in acquire-reboot-lock
Aurelien Jarno [Sun, 18 Sep 2016 17:24:39 +0000 (19:24 +0200)]
Drop multipath mappings for fano.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 15:57:54 +0000 (17:57 +0200)]
Add volumes for fano on ganeti2.ubc.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 18 Sep 2016 14:35:08 +0000 (16:35 +0200)]
Drop multipath mappings for finzi.d.o on ganeti2.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 17 Sep 2016 16:05:34 +0000 (18:05 +0200)]
Sync unbound init script with current jessie
Aurelien Jarno [Sat, 17 Sep 2016 14:21:19 +0000 (16:21 +0200)]
Add volumes for finzi
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 12:24:57 +0000 (14:24 +0200)]
Remove babin
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 11:34:00 +0000 (13:34 +0200)]
no backups for x86-ubc-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 17 Sep 2016 09:26:50 +0000 (11:26 +0200)]
Add system volume for x86-ubc-01
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Luca Filipozzi [Fri, 16 Sep 2016 18:23:56 +0000 (18:23 +0000)]
add multipath alias for x86-ubc-01
Julien Cristau [Thu, 15 Sep 2016 17:55:11 +0000 (19:55 +0200)]
Add rachmaninoff
Julien Cristau [Thu, 15 Sep 2016 17:08:11 +0000 (19:08 +0200)]
Spelling
Julien Cristau [Thu, 15 Sep 2016 16:49:20 +0000 (18:49 +0200)]
Oops, helps if I commit all the things
Julien Cristau [Thu, 15 Sep 2016 16:47:00 +0000 (18:47 +0200)]
Add lvm and multipath config for ganeti2.ubc
Julien Cristau [Wed, 14 Sep 2016 20:39:06 +0000 (22:39 +0200)]
Add pkgmirror-csail
Luca Filipozzi [Sun, 11 Sep 2016 10:06:59 +0000 (10:06 +0000)]
ganeti2.ubc.debian.org is born
projects / mirror / dsa-puppet.git / log