Commits · production · tails / puppet-code

Jul 16, 2024
- Deploy fix for tailsbot dependency cycle · 8136715b
  Zen Fu authored Jul 16, 2024
```
refs sysadmin#18123
```
  8136715b
- Remove bogus submodule · 5aba6ca7
  Zen Fu authored Jul 16, 2024
```
Mistakenly introduced in parent commit.

refs sysadmin#18123
```
  5aba6ca7
- Deploy Errbot tails plugin from Puppet · 4fb968c4
  Zen Fu authored Jul 16, 2024
```
refs sysadmin#18123
```
  4fb968c4
Jul 09, 2024
- Give some Weblate reviewers permissions to resolve comments · 6cf2fefd
  Zen Fu authored Jul 09, 2024
```
refs sysadmin#18093
```
  6cf2fefd
Jul 03, 2024
- Remove public access to www2.chameleon SSH · 7927e2a8
  Zen Fu authored Jul 03, 2024
```
We now deploy the website using the private network and don't need a public SSH
port anymore.

refs sysadmin#17364
```
  7927e2a8
- Allow website deployment to www2 via private network · 48eae49f
  Zen Fu authored Jul 03, 2024
```
refs sysadmin#17364
```
  48eae49f
- Accept forwarding from Dragon/Iguana VMs to Chameleon VMs · 8701cbf1
  Zen Fu authored Jul 03, 2024
```
refs sysadmin#17364
```
  8701cbf1
- Deploy more fixes to Borg package name · 4f99a48d
  Zen Fu authored Jul 03, 2024
  
  4f99a48d
- Deploy fix of Borg package name · 763313c8
  Zen Fu authored Jul 03, 2024
  
  763313c8
- Use Borg instead of Restic for weblate backup snapshots · e7c69ebd
  Zen Fu authored Jul 03, 2024
```
Restic has been using to much disk space, let's see if Borg improves this.
```
  e7c69ebd
- Deploy Jenkins plugins upgrade · 35d9a4ef
  Zen Fu authored Jul 03, 2024
```
refs sysadmin#18072
```
  35d9a4ef
- Deploy Jenkins upgrade to version 2.452.2 · 22acc36b
  Zen Fu authored Jul 03, 2024
```
refs sysadmin#18072
```
  22acc36b
Jul 01, 2024
- monitor new pgp keys · 51624941
  groente authored Jul 01, 2024
  
  51624941
Jun 28, 2024
- Restrict images that can be used in our GitLab Runners · a0853c50
  Zen Fu authored Jun 28, 2024
```
refs sysadmin#17364 sysadmin#18084
```
  a0853c50
Jun 26, 2024
- Use available public port for SSH'ing into www.lizard · 3e500341
  Zen Fu authored Jun 26, 2024
```
The port we were previously attempting to use (3008) is already occupied by a
redirector to a isotester SSH.

refs sysadmin#17364
```
  3e500341
- Make the production website just another mirror · 60dda11b
  Zen Fu authored Jun 26, 2024
```
refs sysadmin#17364
```
  60dda11b
- Remove all CGI from www.lizard · 22ed435d
  Zen Fu authored Jun 26, 2024
```
Not needed anymore, the website will now be built via GitLab CI.

refs sysadmin#17364
```
  22ed435d
Jun 11, 2024

Deploy fix of name of defined type · 87536a3b
Zen Fu authored Jun 11, 2024
```
refs sysadmin#18084
```
87536a3b

Pin the GitLab registry IP in Runner nodes · 5588e4be

Zen Fu authored Jun 11, 2024

We want to give a lot of trust to our container images and one of the issues is
that there's no DNSSEC for *.tails.boum.org, which makes us succeptible to
attacks such as DNS poisoning. Let's then pin the registry IP in our GitLab
Runner nodes as a workaround.

refs sysadmin#18084

5588e4be

Jun 06, 2024

Re-register Docker-in-Docker runner · bdc93245

Zen Fu authored Jun 06, 2024

This time, lock the Runner to a specific project
(sysadmin-team/container-images, in this case) and only allow running tagged
jobs.

bdc93245

Jun 04, 2024
- Fix tag param for Docker-in-Docker runner · d25a2d81
  Zen Fu authored Jun 04, 2024
```
refs sysadmin#17364
```
  d25a2d81
- Tag the Docker-in-Docker GitLab Runner · 6ac5130e
  Zen Fu authored Jun 04, 2024
```
refs sysadmin#17364
```
  6ac5130e
- Add a privileged GitLab Runner · 46043172
  Zen Fu authored Jun 04, 2024
```
This is needed in order to build our own container images using
Docker-in-Docker.

refs sysadmin#17364
```
  46043172
May 31, 2024
- fix postfix/dovecot delivery · f71ff284
  groente authored May 31, 2024
  
  f71ff284
- Add default Weblate groups config · 6573757f
  Zen Fu authored May 31, 2024
```
refs sysadmin#18092
```
  6573757f
May 30, 2024
- implement spamcatcher data retention · 94fe6131
  groente authored May 30, 2024
  
  94fe6131
- mirror domain change · 76131f94
  groente authored May 30, 2024
  
  76131f94
May 27, 2024
- fix canonical senders · 638fab08
  groente authored May 27, 2024
  
  638fab08
- remove canonical senders · d13c15aa
  groente authored May 27, 2024
  
  d13c15aa
- add spamcatcher account · f6be7b1d
  groente authored May 27, 2024
  
  f6be7b1d
- fix stats permissions · 20357125
  groente authored May 27, 2024
  
  20357125
- add bcc recipient maps · 9e7278e3
  groente authored May 27, 2024
  
  9e7278e3
May 17, 2024
- Deploy restart of urlupd when service or script changes · 4dc09767
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  4dc09767
- Deploy timeout config for urlupd · 386e9b05
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  386e9b05
- Trick dns.lizard to think it can reach the website public IP · ea40e01a
  Zen Fu authored May 16, 2024
```
We need dns.lizard to be able to check if the website is up via IP, but right
now the VMs of lizard can't see the public IP of lizard.

Let's trick the VM into thining it's talking to the public IP, but redirect
requests to the private IP of www.lizard.

refs sysadmin#16956
```
  ea40e01a
- Deploy installation of missing dependency for urlupd · db72f313
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  db72f313
- Deploy more configuation params of ssl in website · 4749ed64
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  4749ed64
- Fix heredoc string interpolation · 6d3a5746
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  6d3a5746
- Fix: remove obsolete requirement · ea2ec8a6
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  ea2ec8a6
- Avoid unneeded changes to Python libdir · d24d758c
  Zen Fu authored May 16, 2024
```
refs sysadmin#16956
```
  d24d758c