Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/python/psf-salt
PSF infrastructure configuration
https://github.com/python/psf-salt
use correct server_name
f965b0320f192cdae9b6f7f233252d673d5d0ed6 authored over 10 years ago
f965b0320f192cdae9b6f7f233252d673d5d0ed6 authored over 10 years ago
this should be a list
5131dab8455e5045da17fa98cdef87c0ae106d5c authored over 10 years ago
5131dab8455e5045da17fa98cdef87c0ae106d5c authored over 10 years ago
add support for redirects
6c3d1f0ea15963547b620fff8ef49bacc040afaf authored over 10 years ago
6c3d1f0ea15963547b620fff8ef49bacc040afaf authored over 10 years ago
just cd to the expected dir
9be1f67977a3b501368c3196afbbc7e0c85be267 authored over 10 years ago
9be1f67977a3b501368c3196afbbc7e0c85be267 authored over 10 years ago
put global arguments before command
8d0d081547cf7abacba7bbdd72bbeece7eb82ce5 authored over 10 years ago
8d0d081547cf7abacba7bbdd72bbeece7eb82ce5 authored over 10 years ago
make sure run-planet.sh gets templated
f275a84eea540ceb79abc89d251193f960404b37 authored over 10 years ago
f275a84eea540ceb79abc89d251193f960404b37 authored over 10 years ago
fix spelling
b1175c4bcdab3307cd7d9a3687f560c60f9df77e authored over 10 years ago
b1175c4bcdab3307cd7d9a3687f560c60f9df77e authored over 10 years ago
allow planet to write to /srv/planet/
5d3a10e21d2ec3cc570561487eab5dfa58980ff5 authored over 10 years ago
5d3a10e21d2ec3cc570561487eab5dfa58980ff5 authored over 10 years ago
add requirement
9c7476122552ce157665a604b504bdc2aceaba0b authored over 10 years ago
9c7476122552ce157665a604b504bdc2aceaba0b authored over 10 years ago
add missing colon
f9fb82086a7cb9047b7b93436e8d5d820b2d4da1 authored over 10 years ago
f9fb82086a7cb9047b7b93436e8d5d820b2d4da1 authored over 10 years ago
support for planet websites
2a1514deeadeae03031dd8939307e6ad4a10e83e authored over 10 years ago
2a1514deeadeae03031dd8939307e6ad4a10e83e authored over 10 years ago
remove unneeded import
a8512503673cc79dc0044191969af6cb4fb57f71 authored over 10 years ago
a8512503673cc79dc0044191969af6cb4fb57f71 authored over 10 years ago
Hardcode the device names
2deb942064407081496dd618cbf450ee8e654278 authored over 10 years ago
2deb942064407081496dd618cbf450ee8e654278 authored over 10 years ago
Properly configure things so that it'll work with two openvpns
7f54101274ab95288a629539c8ab37b870dcf091 authored over 10 years ago
7f54101274ab95288a629539c8ab37b870dcf091 authored over 10 years ago
Spin up a second OpenVPN on the HTTPS port
4ec4058846f64d9e96976db35281e423bcb46b38 authored over 10 years ago
4ec4058846f64d9e96976db35281e423bcb46b38 authored over 10 years ago
Use port 443 via TCP to bypass firewalls
ccee8f373392e7712d324c631bf11a01cec5677a authored over 10 years ago
ccee8f373392e7712d324c631bf11a01cec5677a authored over 10 years ago
Have openvpn listen on 443
08c20f4dca90b480fb803ed0c1135a6099227c7a authored over 10 years ago
08c20f4dca90b480fb803ed0c1135a6099227c7a authored over 10 years ago
Redirect port 443 to port 1194
fd8f36bbe94066baedc826668fb8a67d611ed817 authored over 10 years ago
fd8f36bbe94066baedc826668fb8a67d611ed817 authored over 10 years ago
Require duosec to SSH into the vpn server
c268eb01fe48e4449a037ab72f9553922cfbdb75 authored over 10 years ago
c268eb01fe48e4449a037ab72f9553922cfbdb75 authored over 10 years ago
Move into a unix integration group
8f13204b3b32bd89909e1c09ff687375ffe364ff authored over 10 years ago
8f13204b3b32bd89909e1c09ff687375ffe364ff authored over 10 years ago
Move the openvpn.routing state to be on everything but the vpn
641bd4c1f8a1ae6132181c24c4771e2c5703e8fd authored over 10 years ago
641bd4c1f8a1ae6132181c24c4771e2c5703e8fd authored over 10 years ago
apply some DRY to our openvpn configuration
fd24f2c51088196358895fb5916273d61c8d1935 authored over 10 years ago
fd24f2c51088196358895fb5916273d61c8d1935 authored over 10 years ago
I guess we can't reference other pillars at all!
5e5bcf0d764cb3b8fefe930424e28e2db1b098c2 authored over 10 years ago
5e5bcf0d764cb3b8fefe930424e28e2db1b098c2 authored over 10 years ago
Pillars are executed on the master, so this has to stay hardcoded
f3ac18fdfb63ce5bb3a93cf221e5779331fee6ed authored over 10 years ago
f3ac18fdfb63ce5bb3a93cf221e5779331fee6ed authored over 10 years ago
Ensure both directions are allowed in the firewall
26d7ad63db397a645c2b9bdd90c4f004d68e7b80 authored over 10 years ago
26d7ad63db397a645c2b9bdd90c4f004d68e7b80 authored over 10 years ago
parametrize the gateway
5c2f0ef749529b81fb596801ddae240d491fdb61 authored over 10 years ago
5c2f0ef749529b81fb596801ddae240d491fdb61 authored over 10 years ago
Ensure the interface is bounced after adding the route
b7dff505e9a4d0fd6d7ebbd0cc303be416d925ec authored over 10 years ago
b7dff505e9a4d0fd6d7ebbd0cc303be416d925ec authored over 10 years ago
fix more syntax
44ce47da485db5b0f9f0baae477c622c8781713b authored over 10 years ago
44ce47da485db5b0f9f0baae477c622c8781713b authored over 10 years ago
fix more syntax
05fce24e37f311edd694caa32f262820e391f8c0 authored over 10 years ago
05fce24e37f311edd694caa32f262820e391f8c0 authored over 10 years ago
Fix syntax
da2085d4d856fc769485eff0018e8f23c9ed0e3c authored over 10 years ago
da2085d4d856fc769485eff0018e8f23c9ed0e3c authored over 10 years ago
We only need the one route
73c62bb96957e3e1f29886a3d61e6ffac1fd0632 authored over 10 years ago
73c62bb96957e3e1f29886a3d61e6ffac1fd0632 authored over 10 years ago
Enable routing from the LBs to the VPN
e1bb6bc2ef61e7f2527d862c16136377a1254e24 authored over 10 years ago
e1bb6bc2ef61e7f2527d862c16136377a1254e24 authored over 10 years ago
Make it possible to add raw iptables rules
c949135509fea0337fda721f1bf70bffa2dbf69d authored over 10 years ago
c949135509fea0337fda721f1bf70bffa2dbf69d authored over 10 years ago
Move the sysctl control file into it's own item
c8c1238c1f8d1ff288ac2d7e9c346be64d877548 authored over 10 years ago
c8c1238c1f8d1ff288ac2d7e9c346be64d877548 authored over 10 years ago
Enable ipv4 forwarding
cadc3fa14e4e54ff7dfa423e826321f689ce60df authored over 10 years ago
cadc3fa14e4e54ff7dfa423e826321f689ce60df authored over 10 years ago
Rename dh2048.pem to dh.pem
4e0b6d7e974f3ae73d62cdb20aa1149b11c67078 authored over 10 years ago
4e0b6d7e974f3ae73d62cdb20aa1149b11c67078 authored over 10 years ago
Move around config values to make more sense
c4bc3898cd2a35f4a513e3ffd67110a7cfa2bf73 authored over 10 years ago
c4bc3898cd2a35f4a513e3ffd67110a7cfa2bf73 authored over 10 years ago
Add a pillar and use it to specify users
68d70c361931449a0566b39870e1a54618053abf authored over 10 years ago
68d70c361931449a0566b39870e1a54618053abf authored over 10 years ago
Actually save the configuration changes
a036b27cda281a97f4337abd5244d32a59016bc2 authored over 10 years ago
a036b27cda281a97f4337abd5244d32a59016bc2 authored over 10 years ago
Merge branch 'master' of github.com:python/psf-salt
40fe1cd40835fb750a96be1387cc58d8cea73c27 authored over 10 years ago
40fe1cd40835fb750a96be1387cc58d8cea73c27 authored over 10 years ago
Add a client-config-dir and require clients have an entry
fac047723b70a16239fed8362a629f1834e0926b authored over 10 years ago
fac047723b70a16239fed8362a629f1834e0926b authored over 10 years ago
increase backup retention for downloads
596641c3da38bdab1590b1ca8ae38837ff5e14e0 authored over 10 years ago
596641c3da38bdab1590b1ca8ae38837ff5e14e0 authored over 10 years ago
Configure OpenVPN to use duosec
f92279124e78df75966654038f78bbfa7cb06035 authored over 10 years ago
f92279124e78df75966654038f78bbfa7cb06035 authored over 10 years ago
Correctly format
f2c2ddd36058ce513ca9accfdfbedc402d911f7b authored over 10 years ago
f2c2ddd36058ce513ca9accfdfbedc402d911f7b authored over 10 years ago
Split duo-openvpn into it's own resource
d11535f9cd711107597edbe244797fc984afe397 authored over 10 years ago
d11535f9cd711107597edbe244797fc984afe397 authored over 10 years ago
Install the duo-openvpn plugin
66005d8f0cf6d7dd9f187efaf92a2f68601b72f6 authored over 10 years ago
66005d8f0cf6d7dd9f187efaf92a2f68601b72f6 authored over 10 years ago
We don't need to reload the server on a new CRL push
55e3bd8e4e7f39719b35f3f71441dc76684b0d12 authored over 10 years ago
55e3bd8e4e7f39719b35f3f71441dc76684b0d12 authored over 10 years ago
Use better permissions
9148918c9fcd8692bd9a87971ef565aeea79f769 authored over 10 years ago
9148918c9fcd8692bd9a87971ef565aeea79f769 authored over 10 years ago
Add a CRL to the OpenVPN configuration
e13e5ee8c679e3bab57523c1b8e93278a22750fe authored over 10 years ago
e13e5ee8c679e3bab57523c1b8e93278a22750fe authored over 10 years ago
Drop privs after initialization
4d43fed53b56cdf3d0d203046d8a5c8c2edf46ea authored over 10 years ago
4d43fed53b56cdf3d0d203046d8a5c8c2edf46ea authored over 10 years ago
Enable the use of the tls-auth key
316cafa7b261c29143362abd8268cec5f0759afc authored over 10 years ago
316cafa7b261c29143362abd8268cec5f0759afc authored over 10 years ago
Hardcode what ciphers we'l use to ensure PFS
585d2f67ba1f420647bed3a9015f146f400d5614 authored over 10 years ago
585d2f67ba1f420647bed3a9015f146f400d5614 authored over 10 years ago
Switch to AES-256-CBC for better compatability
faf325e22c55a2270b568e25fd2649ac0f6298f3 authored over 10 years ago
faf325e22c55a2270b568e25fd2649ac0f6298f3 authored over 10 years ago
Use AES 256 CBC with a SHA1 HMAC for VPN traffic
edc82f225b40ae9ee3dd486605150ca4c677861b authored over 10 years ago
edc82f225b40ae9ee3dd486605150ca4c677861b authored over 10 years ago
We no longer need or want easy-rsa installed
440cecb3459114b1089dc9f04c172368be76c3bf authored over 10 years ago
440cecb3459114b1089dc9f04c172368be76c3bf authored over 10 years ago
Rename bastion to vpn
92895829414ba77ab56ab1e2de838c1aa33af341 authored over 10 years ago
92895829414ba77ab56ab1e2de838c1aa33af341 authored over 10 years ago
Update to a new certificate
5a7230ea02cd83a4b3974939e0765b995213742f authored over 10 years ago
5a7230ea02cd83a4b3974939e0765b995213742f authored over 10 years ago
Correct the name of the file
f83f150f8128f7f50436d856b8371b3dab9182b9 authored over 10 years ago
f83f150f8128f7f50436d856b8371b3dab9182b9 authored over 10 years ago
Have more relaxed permissions
ffa1a744024c7fd995201db52ec962099171961b authored over 10 years ago
ffa1a744024c7fd995201db52ec962099171961b authored over 10 years ago
Require the keys directory
ec5ab15f37c109e973da5e970f9d2c37a297c73e authored over 10 years ago
ec5ab15f37c109e973da5e970f9d2c37a297c73e authored over 10 years ago
Add OpenVPN to the bastion host
0436e5649c81351bab839d03c758e776e1dbeda7 authored over 10 years ago
0436e5649c81351bab839d03c758e776e1dbeda7 authored over 10 years ago
set STS on hg.python.org
9f62e82a692f527de91ea89ef8a1069679d12ca8 authored over 10 years ago
9f62e82a692f527de91ea89ef8a1069679d12ca8 authored over 10 years ago
apache logrotation
841ef32dac18f9da0bfbd853b33dcaea2fbf46b5 authored over 10 years ago
841ef32dac18f9da0bfbd853b33dcaea2fbf46b5 authored over 10 years ago
Add (test.)pythonhosted.org
d742d1b942c10baeecac812abed83ee01f50c401 authored over 10 years ago
d742d1b942c10baeecac812abed83ee01f50c401 authored over 10 years ago
Merge branch 'master' of github.com:python/psf-salt
Conflicts:
salt/haproxy/config/haproxy.cfg.jinja
Just hardcode in the config
d7ab1cb3fba43a737d863e9995ca0fdb413cc2f2 authored over 10 years ago
d7ab1cb3fba43a737d863e9995ca0fdb413cc2f2 authored over 10 years ago
Add PyPI to the HAProxy config
4ed93ddfd9a938f897674232cfbe22590906dfea authored over 10 years ago
4ed93ddfd9a938f897674232cfbe22590906dfea authored over 10 years ago
Add some extra config options, thanks @mattrobenolt
2f5763fa5e54dc927c48dd6cad3c2c56e9714856 authored over 10 years ago
2f5763fa5e54dc927c48dd6cad3c2c56e9714856 authored over 10 years ago
remove pycs
2699b12d489b328fe9cc6b1a4d97cc8a0b0594fb authored over 10 years ago
2699b12d489b328fe9cc6b1a4d97cc8a0b0594fb authored over 10 years ago
don't require secrets to exist
6a519e09365902db72bf1448877aeeddf2b6a63d authored over 10 years ago
6a519e09365902db72bf1448877aeeddf2b6a63d authored over 10 years ago
open port
3a2007e1feeb15499cc671d094f13c3f6657d65c authored over 10 years ago
3a2007e1feeb15499cc671d094f13c3f6657d65c authored over 10 years ago
add dedicated backend for https redirection
5f8b94f87b68b5396af4319d3fcbf34b2b364ad5 authored over 10 years ago
5f8b94f87b68b5396af4319d3fcbf34b2b364ad5 authored over 10 years ago
Switch to use the OpenSSH mechanism to require two authentication methods
1c8b106b416cff5b38f6c8a3fb22693d726cd430 authored over 10 years ago
1c8b106b416cff5b38f6c8a3fb22693d726cd430 authored over 10 years ago
Add duosec login for a bastion host
6074ac0d71fb487165ed85583e0893498e5a0234 authored over 10 years ago
6074ac0d71fb487165ed85583e0893498e5a0234 authored over 10 years ago
Fix the firewall for the new EV TLS port
107249f026078f526340b35bc65df91248778b2f authored over 10 years ago
107249f026078f526340b35bc65df91248778b2f authored over 10 years ago
Fix secret syncing
47cf35cf7d86c72d82d2cbb006772d659704450f authored over 10 years ago
47cf35cf7d86c72d82d2cbb006772d659704450f authored over 10 years ago
Add data for the primary TLS frontend
b28302b0f5c9f62662422544becb6dce09d8407f authored over 10 years ago
b28302b0f5c9f62662422544becb6dce09d8407f authored over 10 years ago
Switch the HTTP port to a high numbered one
958c1b53c9baa3766c4bfbaffc91b9f2ad355f13 authored over 10 years ago
958c1b53c9baa3766c4bfbaffc91b9f2ad355f13 authored over 10 years ago
Remove the .pyc and ignore them
840d22a87c5e3d224246df95d5a78893a68cab1d authored over 10 years ago
840d22a87c5e3d224246df95d5a78893a68cab1d authored over 10 years ago
Add a task to bootstrap a new node
b8e349f6bcfdbcaae71de024e34532f243c74a8a authored over 10 years ago
b8e349f6bcfdbcaae71de024e34532f243c74a8a authored over 10 years ago
Use invoke to automate salt synchronization
7b25bee80e21aec6df36e88fab9b64bbf3193a7d authored over 10 years ago
7b25bee80e21aec6df36e88fab9b64bbf3193a7d authored over 10 years ago
Correct bind
fc85c687dba0d6fb9e8c790223568bdfa2f6484c authored over 10 years ago
fc85c687dba0d6fb9e8c790223568bdfa2f6484c authored over 10 years ago
Refactor the haproxy to work a little nicer
73cd886f11345b6fad8c69ed204284ee61c6bdd7 authored over 10 years ago
73cd886f11345b6fad8c69ed204284ee61c6bdd7 authored over 10 years ago
add hg ssh host keys
3cef329da683c6670ee0129b0f5abe41d7737605 authored over 10 years ago
3cef329da683c6670ee0129b0f5abe41d7737605 authored over 10 years ago
restart irker when the upstart file changes
76f7b1e425c7f5880225391af7468d08931e1c28 authored over 10 years ago
76f7b1e425c7f5880225391af7468d08931e1c28 authored over 10 years ago
more pythonesque
d857f159db5e5ffb5a277ee62d818d43d9f1a58c authored over 10 years ago
d857f159db5e5ffb5a277ee62d818d43d9f1a58c authored over 10 years ago
Use mode 600 on the TLS certificate
90f8e913ab16e9c67a9487a33acc64a88e46c6b3 authored over 10 years ago
90f8e913ab16e9c67a9487a33acc64a88e46c6b3 authored over 10 years ago
Upgrade our ciphers
5c803824d790fe29c6153582609eefe8030ee7c4 authored over 10 years ago
5c803824d790fe29c6153582609eefe8030ee7c4 authored over 10 years ago
Setup HAProxy to terminate SSL
33bd46eb09b6c0b1056c72587c9d0a998d519cf5 authored over 10 years ago
33bd46eb09b6c0b1056c72587c9d0a998d519cf5 authored over 10 years ago
Use contents_pillar to avoid newline issues
b021c1173b84cb5ac2edd728b53ca31d2cac2bbf authored over 10 years ago
b021c1173b84cb5ac2edd728b53ca31d2cac2bbf authored over 10 years ago
Merge branch 'master' of https://github.com/python/psf-salt
436f0d505ed4bb9faf5fc05c374d9a3f71ea50f1 authored over 10 years ago
436f0d505ed4bb9faf5fc05c374d9a3f71ea50f1 authored over 10 years ago
variable name is pillar not salt["pillar"]
1ffe8aaa08a3d5dc7ae18a9f8ea96ca3addad749 authored over 10 years ago
1ffe8aaa08a3d5dc7ae18a9f8ea96ca3addad749 authored over 10 years ago
add irkerd
c94d99ca1b4d87110d70fd35d6abca36196ab958 authored over 10 years ago
c94d99ca1b4d87110d70fd35d6abca36196ab958 authored over 10 years ago
Fix the declaration of the tls certificate
cf025e9c9cca3c49b60f6524fbd642393880e988 authored over 10 years ago
cf025e9c9cca3c49b60f6524fbd642393880e988 authored over 10 years ago
Install the TLS certificate on the server
5245da651d2001d0256c25634b607bc2c7ca38fe authored over 10 years ago
5245da651d2001d0256c25634b607bc2c7ca38fe authored over 10 years ago
switch to psf-internal
944bc5771fb3e8d27d73db3c90b874543a5f42db authored over 10 years ago
944bc5771fb3e8d27d73db3c90b874543a5f42db authored over 10 years ago
Talk to port 9000
1cedd6ace624c8c35acff97e0e5277b389c84e76 authored over 10 years ago
1cedd6ace624c8c35acff97e0e5277b389c84e76 authored over 10 years ago
Switch Apache to listen on psf-internal
3ff7c1c578f863147afe7a969fff61e83367c0ed authored over 10 years ago
3ff7c1c578f863147afe7a969fff61e83367c0ed authored over 10 years ago
Require the haproxy package
9aa12fea73208caa6b09dcda8c658e052be24019 authored over 10 years ago
9aa12fea73208caa6b09dcda8c658e052be24019 authored over 10 years ago
Setup a Loadbalancer using HAProxy
4a64aaabdecef47d4f73641c184df257b08a7a1c authored over 10 years ago
4a64aaabdecef47d4f73641c184df257b08a7a1c authored over 10 years ago