summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bridge ircdevchan tgdevchanadd/matterbridge-chillnet-tgchanPratyush Desai2023-08-101-0/+3
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Merge pull request 'denc-webcluster: include proxy in agola' (#85) from ↵Pratyush Desai2023-07-311-0/+1
|\ | | | | | | | | | | fix/nginx/sslproxy into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/85
| * denc-webcluster: include proxy in agolaGeorg Pfuetzenreuter2023-07-311-0/+1
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair boolean' (#84) from fix/nginx/boolean into productionPratyush Desai2023-07-311-1/+1
|\ | | | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/84 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Repair booleanGeorg Pfuetzenreuter2023-07-311-1/+1
| | | | | | | | | | | | | | Follow up to b6e9f753521111919dfcf67e91e02b30fbc41b24, forgot to quote the string causing it to still be converted to a boolean. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'denc-webcluster: exclude 949110' (#83) from ↵Pratyush Desai2023-07-311-1/+1
|\ \ | |/ |/| | | | | | | fix/bookstack/400 into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/83
| * denc-webcluster: exclude 949110Georg Pfuetzenreuter2023-07-311-1/+1
|/ | | | | | ModSecurity rule blocked Bookstack from saving some pages while editing. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair boolean' (#82) from ci into productionGeorg Pfuetzenreuter2023-07-211-1/+1
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/82
| * Repair booleanGeorg Pfuetzenreuter2023-07-211-1/+1
|/ | | | | | | | | ``` nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14 ``` Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add reverse proxy for Agola' (#81) from ci into productionGeorg Pfuetzenreuter2023-07-211-0/+11
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/81
| * Add reverse proxy for AgolaGeorg Pfuetzenreuter2023-07-211-0/+11
|/ | | | | | New service behind ci.lysergic.dev / ci.git.com.de. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Initialize OpenBSD support' (#80) from OpenBSD into ↵Georg Pfuetzenreuter2023-07-161-0/+1
|\ | | | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/80 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Initialize OpenBSD supportGeorg Pfuetzenreuter2023-07-161-0/+1
| | | | | | | | | | | | No states assigned yet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Optimize minion' (#79) from minion-optimization into ↵Georg Pfuetzenreuter2023-07-161-0/+2
|\ \ | |/ |/| | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/79 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Optimize minionGeorg Pfuetzenreuter2023-07-161-0/+2
|/ | | | | | Cache jobs for later reference, disable unused hardware grains. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add http(s) to thetrip public zone' (#78) from ↵Georg Pfuetzenreuter2023-07-011-0/+6
|\ | | | | | | | | | | | | thetrip-firewall into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/78 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Add http(s) to thetrip public zoneGeorg Pfuetzenreuter2023-07-011-0/+6
|/ | | | | | Forgotten in fffbaf46988d89b9f56578ba0d97c07ea056f513. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Manage firewall on thetrip' (#77) from thetrip-firewall ↵Georg Pfuetzenreuter2023-07-011-0/+1
|\ | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/77 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Manage firewall on thetripGeorg Pfuetzenreuter2023-07-011-0/+1
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Manage firewall on derutil01' (#76) from derutil01-fw ↵Georg Pfuetzenreuter2023-06-281-0/+1
|\ | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/76 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Manage firewall on derutil01Georg Pfuetzenreuter2023-06-281-0/+1
|/ | | | | | Configuration should be imported already. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Change redis to redis7' (#75) from salt-redis7 into ↵Georg Pfuetzenreuter2023-06-281-6/+6
|\ | | | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/75 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Change redis to redis7Georg Pfuetzenreuter2023-06-281-6/+6
|/ | | | | | | Leap 15.5 renamed the package, "redis" will try to install Redis 6 and cause a conflict. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Remove backslashes in string' (#74) from ↵Pratyush Desai2023-06-281-3/+3
|\ | | | | | | | | | | | | fix-matterb-mediapath into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/74 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Merge branch 'production' into fix-matterb-mediapathPratyush Desai2023-06-280-0/+0
| |\ | |/ |/|
* | Merge pull request 'Update mediapath for matterbridge' (#73) from ↵Pratyush Desai2023-06-271-2/+2
|\ \ | | | | | | | | | | | | | | | | | | fix-matterb-mediapath into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/73 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| | * remove backslashPratyush Desai2023-06-281-3/+3
| |/ | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * update mediapath for matterbridgePratyush Desai2023-06-271-2/+2
|/ | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Merge pull request 'Add chillnet matterbridge uploads' (#72) from ↵Pratyush Desai2023-06-242-6/+8
|\ | | | | | | | | | | | | upload-matterbridge-chillnet into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/72 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add chillnet matterbridge uploadsPratyush Desai2023-06-252-6/+8
|/ | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Merge pull request 'Rename Chillnet staff channel' (#71) from matter_remap ↵Pratyush Desai2023-05-031-2/+2
|\ | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/71 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Used /RENAME for #fightclubPratyush Desai2023-05-031-2/+2
|/
* Merge pull request 'Init psyched.dev' (#70) from psyched into productionGeorg Pfuetzenreuter2023-05-023-0/+3
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/70
| * Init psyched.devGeorg Pfuetzenreuter2023-05-023-0/+3
|/ | | | | | | | Add pillar IDs for theia/orpheus/selene to disable sshd management on them (machines use custom configurations for historic reasons, and we like to preserve history). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Init dencpod01.lysergic.dev' (#68) from dencpod01 into ↵Georg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/68
| * Init dencpod01.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Move backup_mode to minion dict' (#67) from file-backup ↵Georg Pfuetzenreuter2023-05-021-1/+1
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/67
| * Move backup_mode to minion dictGeorg Pfuetzenreuter2023-05-021-1/+1
|/ | | | | | Is a minion specific option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Enable minion file backup' (#66) from file-backup into ↵Georg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/66
| * Enable minion file backupGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | https://docs.saltproject.io/en/latest/ref/states/backup_mode.html Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import moni firewall configuration' (#65) from moni into ↵Georg Pfuetzenreuter2023-05-021-0/+11
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/65
| * Import moni firewall configurationGeorg Pfuetzenreuter2023-05-021-0/+11
|/ | | | | | Some ports not yet covered by a role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Init phoebe.lysergic.dev' (#64) from phoebe into productionGeorg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/64
| * Init phoebe.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add manage_sshd conditional' (#63) from sshd-optional ↵Georg Pfuetzenreuter2023-05-022-0/+3
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/63
| * Disable manage_sshd for philiaGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | | | | | | | Machine uses a custom sshd configuration for $reasons. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add manage_sshd conditionalGeorg Pfuetzenreuter2023-05-021-0/+2
|/ | | | | | | Allow sshd configuration to be skipped on "special" machines using an optional "manage_sshd: False" pillar option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'No longer remove libX11' (#62) from libX11 into productionGeorg Pfuetzenreuter2023-05-021-5/+0
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/62
| * No longer remove libX11Georg Pfuetzenreuter2023-05-021-5/+0
|/ | | | | | | Multiple packages need it as a dependency, maintaining an exclusion list is not feasible. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add users conditional for sss' (#61) from ↵Georg Pfuetzenreuter2023-05-011-0/+4
|\ | | | | | | | | | | skip-users-if-sss into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/61
| * Add users conditional for sssGeorg Pfuetzenreuter2023-05-011-0/+4
|/ | | | | | Skip failing local users management on machines using sssd. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Check files in nbroles to grains script' (#60) from ↵Georg Pfuetzenreuter2023-05-011-1/+11
|\ | | | | | | | | | | nbroles-to-grains-refactor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/60
| * Check files in nbroles to grains scriptGeorg Pfuetzenreuter2023-05-011-1/+11
|/ | | | | | | Script is called in the Lysergic repository as well, where not all files exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair manage_firewall behavior' (#59) from ↵Georg Pfuetzenreuter2023-05-011-1/+1
|\ | | | | | | | | | | firewall-optional into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/59
| * Repair manage_firewall behaviorGeorg Pfuetzenreuter2023-05-011-1/+1
|/ | | | | | | | Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was outside of conditional - it didn't cause any errors, but did not work as expected either. :-) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Set env_order + ping_on_rotate' (#58) from saltenv into ↵Georg Pfuetzenreuter2023-05-011-0/+2
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/58
| * Set ping_on_rotateGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | | | | | | | | Enable option to ensure minions are immediately responsive after key rotations. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Set env_orderGeorg Pfuetzenreuter2023-05-011-0/+1
|/ | | | | | | | Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the default environment seems to not be set to "production" without it being present. Adding it back until a better way is found. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair BookStack httpd configuration' (#57) from ↵Georg Pfuetzenreuter2023-05-011-9/+9
|\ | | | | | | | | | | themis-httpd-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/57
| * Repair BookStack httpd configurationGeorg Pfuetzenreuter2023-05-011-9/+9
|/ | | | | | | | | - Replace wrong instances of RewriteCond with RewriteRule - Remove wrong quotes around rewrite conditions - Set correct options (seemingly our version of httpd does not set FollowSymLinks by default?) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair PrivateBin config quoting' (#56) from ↵Georg Pfuetzenreuter2023-04-301-2/+2
|\ | | | | | | | | | | privatebin-quoting into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/56
| * Repair PrivateBin config quotingGeorg Pfuetzenreuter2023-04-301</