|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | prometheus-moni into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/32 | 
| | | 
| | 
| | 
| | 
| | 
| | | Temporary change until imports with existing messages are finished.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | * add new roles:
  - monitoring.prometheus
  - monitoring.prometheus-alertmanager
  - monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| |   
| | | from commit-lint into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/38
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa> | 
| |/  
|   
|   
|   
|   
|   
| | - For profiles/roles with - or _ in their name
- In the future we should rename all - to _ and adjust the regex to forbid all -
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | from commit-lint into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/37 | 
| |/  
|   
|   
|   
|   
|   
| | - allow pipeline.* prefix
- allow some special characters in summary
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | 
| | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/36
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
|   
| | - add gommit configuration
- add wrapper script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/33 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | - remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | - remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/31 | 
| |/  
|   
|   
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-nginx-modsec into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30 | 
| |/  
|   
|   
|   
|   
|   
|   
| | With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | from import-denc-webcluster-nginx-listen-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/29 | 
| |/  
|   
|   
|   
|   
| | Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | reload-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/28 | 
| |/  
|   
|   
|   
|   
| | Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27 | 
| | | 
| | 
| | 
| | 
| | 
| | | Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
|   
| | Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-iphash into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/26 | 
| |/  
|   
|   
|   
|   
|   
|   
| | - remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25 | 
| |/  
|   
|   
|   
|   
| | Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-fw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24 | 
| | | 
| | 
| | 
| | 
| | 
| | | Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | (#23) from common-suse into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23 | 
| | | 
| | 
| | 
| | 
| | 
| | | Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | dericom02-webfw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22 | 
| |/  
|   
|   
|   
|   
|   
| | Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | lighttpd-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21 | 
| |/  
|   
|   
|   
|   
|   
| | - add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-xmpp-debug into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20 | 
| |/  
|   
|   
|   
|   
| | It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19 |