puppet-tails merge requestshttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests2021-03-26T20:08:55Zhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/56add German reviewers lost during deployment2021-03-26T20:08:55Zemmapeeladd German reviewers lost during deploymentrelated to: https://gitlab.tails.boum.org/tails/sysadmin/-/issues/17338
they were quite active reviewers in weblate and before, i am not sure why we lost them during the updates. i propose we restore their reviewer privilegesrelated to: https://gitlab.tails.boum.org/tails/sysadmin/-/issues/17338
they were quite active reviewers in weblate and before, i am not sure why we lost them during the updates. i propose we restore their reviewer privilegeshttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/55new reviewer for weblate2021-03-26T20:08:54Zemmapeelnew reviewer for weblateplease merge this new reviewer (and reviewer language group) for weblate thx.please merge this new reviewer (and reviewer language group) for weblate thx.https://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/54tails::iso_builder: install faketime2021-03-23T09:33:06Zanonymtails::iso_builder: install faketimeFor tails#12557 the invocation of faketime is moved out from happening
inside the builder VM to its host, which on Jenkins is the
tails::iso_builder VM.
So in order to test the implementation (tails!381) on Jenkins, I need this deployed...For tails#12557 the invocation of faketime is moved out from happening
inside the builder VM to its host, which on Jenkins is the
tails::iso_builder VM.
So in order to test the implementation (tails!381) on Jenkins, I need this deployed on Jenkins.Tails_4.18anonymanonymhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/53Avoid integrating obsolete strings in Weblate (tails#17870)2021-03-22T12:03:12ZZen FuAvoid integrating obsolete strings in Weblate (tails#17870)Translation Platform in ProductionZen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/51jenkins-slave.service: clean up workspace as root2021-03-15T13:38:34Zintrigerijenkins-slave.service: clean up workspace as rootThis makes our CI setup robust against test suite jobs that abort
in a way they leave files owned by root in the workspace.
One of the branches I've been working on recently does this,
and as a result, since a few days, isotesters are r...This makes our CI setup robust against test suite jobs that abort
in a way they leave files owned by root in the workspace.
One of the branches I've been working on recently does this,
and as a result, since a few days, isotesters are regularly
left offline because jenkins-slave.service fails to start,
because it is not allowed to "/bin/rm -rf /var/lib/jenkins/workspace/"
as the "jenkins" user. Every time, I have to manually re-run
this command as root, then restart jenkins-slave.service.
Let's automate this :)Tails_4.17intrigeriintrigerihttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/52Add rss2email feed filtering (sysadmin#17378)2021-03-04T18:15:39ZZen FuAdd rss2email feed filtering (sysadmin#17378)Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/35Import email reminders2021-03-01T23:50:29ZintrigeriImport email remindersThis imports the last 3 email reminders that are currently run on sajolida's private infrastructure.
Closes tails/sysadmin#7763This imports the last 3 email reminders that are currently run on sajolida's private infrastructure.
Closes tails/sysadmin#7763Tails_4.15Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/50tails.git post-receive hook: notify Jenkins using the local Git remote URL it...2021-02-26T09:24:28Zintrigeritails.git post-receive hook: notify Jenkins using the local Git remote URL it's now usingThis reverts commit 1043093782fa650385027388b71604f0636fa149 aka. !8.
Closes tails/sysadmin#17715This reverts commit 1043093782fa650385027388b71604f0636fa149 aka. !8.
Closes tails/sysadmin#17715Tails_4.17intrigeriintrigerihttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/8Repair the "pushing to Git triggers a Jenkins build" CI feature2021-02-22T11:16:35ZintrigeriRepair the "pushing to Git triggers a Jenkins build" CI featureWe changed the Jenkins configuration to pull from GitLab while the mirroring to
Gitolite was not working: https://gitlab.tails.boum.org/tails/jenkins-jobs/-/commit/4db52b22a568f824c24b06a817008d6b1ebcccad
But we did not adjust this p...We changed the Jenkins configuration to pull from GitLab while the mirroring to
Gitolite was not working: https://gitlab.tails.boum.org/tails/jenkins-jobs/-/commit/4db52b22a568f824c24b06a817008d6b1ebcccad
But we did not adjust this post-receive hook accordingly,
so the "pushing to Git triggers a Jenkins build" behavior
is broken.
Let's repair this, until we make up our mind (tails/sysadmin#17715)
wrt. whether we should keep pointing Jenkins to GitLab's tails/tails,
or use the local mirror we have on puppet-git.lizard.Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/49Add support for rss2email notifications (sysadmin#17378)2021-02-18T12:45:34ZZen FuAdd support for rss2email notifications (sysadmin#17378)Many security notifications can be tracked using RSS, so here we add
support for periodically checking for notifications and sending them to
specific e-mail addresses.Many security notifications can be tracked using RSS, so here we add
support for periodically checking for notifications and sending them to
specific e-mail addresses.Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/48Weblate: Fix TLS configuration (sysadmin#17339)2021-02-10T11:57:57ZZen FuWeblate: Fix TLS configuration (sysadmin#17339) - Make Django interpret proxied requests as secure by setting
SECURE_PROXY_SSL_HEADER.
- Make Weblate generate URLs with https:// by setting ENABLE_HTTPS to
True.
- Make sure Django middleware will not attempt to redirect... - Make Django interpret proxied requests as secure by setting
SECURE_PROXY_SSL_HEADER.
- Make Weblate generate URLs with https:// by setting ENABLE_HTTPS to
True.
- Make sure Django middleware will not attempt to redirect to HTTPS,
as we do that in our proxy already.
- Explicitely set CSRF_COOKIE_SECURE as True instead of make it depend
on the value of another variable.
- Add comments mentioning our proxied config for a couple of
variables.Translation Platform in ProductionZen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/47Weblate Permissions: Add Viewers group to every user. (sysadmin#17802, sysadm...2021-02-04T14:30:31ZhefeeWeblate Permissions: Add Viewers group to every user. (sysadmin#17802, sysadmin#17338)Instead of removing Viewers group from every user we want to add it to
every user.Instead of removing Viewers group from every user we want to add it to
every user.https://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/44weblate permissions: switch to enforce mode.2021-01-28T18:53:10Zhefeeweblate permissions: switch to enforce mode.I'm not sure, if I'm allowed to change the description and command of puppet cron setting. From other systems I know, that they search only for the description string to know that they should change the command.I'm not sure, if I'm allowed to change the description and command of puppet cron setting. From other systems I know, that they search only for the description string to know that they should change the command.https://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/46Weblate permissions: Fix tests for Viewers group.2021-01-28T18:42:01ZhefeeWeblate permissions: Fix tests for Viewers group.As Viewers is now handled like all other groups, we have to define it in
our config file and need to set this group for users. Otherwise our
system would make users leave the Viewers group.As Viewers is now handled like all other groups, we have to define it in
our config file and need to set this group for users. Otherwise our
system would make users leave the Viewers group.https://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/45Weblate: Update permissions (sysadmin#17338)2021-01-28T18:24:22ZZen FuWeblate: Update permissions (sysadmin#17338)This is both a permission update and a test case for our permissions
update script.
See: https://gitlab.tails.boum.org/tails/sysadmin/-/issues/17338#note_164525This is both a permission update and a test case for our permissions
update script.
See: https://gitlab.tails.boum.org/tails/sysadmin/-/issues/17338#note_164525Translation Platform in ProductionZen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/43Weblate Permissions: set Viewers group for every user (sysadmin#17338)2021-01-28T12:29:50ZhefeeWeblate Permissions: set Viewers group for every user (sysadmin#17338)Weblate documentation tells, that every normal User is in Users
and Viewers group. This patch removes removes the GroupDBQuery, that was
only added to hide the unstrict usage of Viewers group for our userbase.
https://docs.weblate.org/e...Weblate documentation tells, that every normal User is in Users
and Viewers group. This patch removes removes the GroupDBQuery, that was
only added to hide the unstrict usage of Viewers group for our userbase.
https://docs.weblate.org/en/latest/admin/access.html#list-of-groups
https://docs.weblate.org/en/latest/admin/access.html#autogrouphttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/42Weblate Permissions: fix double logging for audit (sysadmin#17338).2021-01-28T12:29:48ZhefeeWeblate Permissions: fix double logging for audit (sysadmin#17338).https://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/36Add monitoring for the Celery service (sysadmin#17738)2021-01-26T12:17:59ZZen FuAdd monitoring for the Celery service (sysadmin#17738)Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/29Update Jenkins core and plugins 2020 Q42021-01-21T12:04:55ZZen FuUpdate Jenkins core and plugins 2020 Q4Upgrade:
- Jenkins to latest LTS currently available in their APT repository: 2.263.1
- Plugins (some for security needs, others just to run latest code)
Manually checked, for each plugin:
- [x] Expected hashes (from https://updates...Upgrade:
- Jenkins to latest LTS currently available in their APT repository: 2.263.1
- Plugins (some for security needs, others just to run latest code)
Manually checked, for each plugin:
- [x] Expected hashes (from https://updates.jenkins.io/download/plugins/).
- [x] Latest versions and dependencies (from https://plugins.jenkins.io/).
- [x] Changelogs for upgrades (from each package's GitHub page, when available).
- [x] Compatibility with Jenkins version.Zen FuZen Fuhttps://gitlab.tails.boum.org/tails/puppet-tails/-/merge_requests/40Remove all usage of the tails.git repo at immerda2021-01-15T15:02:16ZintrigeriRemove all usage of the tails.git repo at immerdai.e. https://git-tails.immerda.ch/tails aka. https://git.tails.boum.org/tails
refs tails/sysadmin#17605i.e. https://git-tails.immerda.ch/tails aka. https://git.tails.boum.org/tails
refs tails/sysadmin#17605Tails_4.15intrigeriintrigeri