salt.git/pillar/cluster, branch nsd Work in progress effort to automate the LibertaCasa infrastructure configuration using SaltStack denc-webcluster: add ModSecurity adjustments 2023-02-12T22:46:22+00:00 Georg Pfuetzenreuter 2023-02-12T22:46:22+00:00 c75e31c14542cd8db89e9b7616adb82e22e945ea With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
denc-webcluster: nginx listen on HA addresses 2023-02-12T16:42:31+00:00 Georg Pfuetzenreuter 2023-02-12T16:42:31+00:00 37a1ec433ac588e864de89e245bb84308d6ed4da Accidentally configured to listen only internally. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Accidentally configured to listen only internally.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
denc-webcluster: nginx AppArmor rules 2023-02-12T15:39:49+00:00 Georg Pfuetzenreuter 2023-02-12T15:28:19+00:00 2d5da24ce5d695b3f934ec06c654f7ae754b3fbf Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Allow access to client trust certificate and to static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
denc-webcluster: nginx config fixup 2023-02-12T14:48:44+00:00 Georg Pfuetzenreuter 2023-02-12T14:48:44+00:00 eac227d1204f7ab149c98360994951cdd94771b0 - remove keys duplicated by include - repair wrong snippets include directory - repair wrong ip_hash option syntax Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
denc-webcluster: enable keepalived script security 2023-02-12T13:37:45+00:00 Georg Pfuetzenreuter 2023-02-12T13:37:45+00:00 533aedd864fce377ee4cc543bad5edcf4ef6acf3 Prevent script tampering. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Prevent script tampering.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
denc-webcluster: allow http(s) publicly 2023-02-12T13:33:34+00:00 Georg Pfuetzenreuter 2023-02-12T13:33:34+00:00 7481741f95e591727b2dee0e58c31d68f58c5359 Public firewall rules were missing from initial import. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Public firewall rules were missing from initial import.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
nemesis/hubris: import keepalived configuration 2023-02-12T04:21:43+00:00 Georg Pfuetzenreuter 2023-02-08T19:52:57+00:00 303b06ae8cae4167bca6bafca71d226b32379941 Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
nemesis/hubris: import nginx configuration 2023-02-12T04:21:39+00:00 Georg Pfuetzenreuter 2023-02-07T23:10:17+00:00 eed4945a9f6981041260a593fde7bc54150c0740 Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Add cluster pillar 2023-02-05T08:36:23+00:00 Georg Pfuetzenreuter 2023-02-05T08:36:23+00:00 3f2b8d2ee79ba53027b60c932c0dc41a1a5cd3f5 Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>