|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| | Allow local MTA management to be disabled for hosts which need a custom
configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/70 | 
| |/  
|   
|   
|   
|   
|   
|   
| | Add pillar IDs for theia/orpheus/selene to disable sshd
management on them (machines use custom configurations
for historic reasons, and we like to preserve history).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/68 | 
| |/  
|   
|   
|   
|   
| | Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/67 | 
| |/  
|   
|   
|   
|   
| | Is a minion specific option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/66 | 
| |/  
|   
|   
|   
|   
| | https://docs.saltproject.io/en/latest/ref/states/backup_mode.html
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/65 | 
| |/  
|   
|   
|   
|   
| | Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/64 | 
| |/  
|   
|   
|   
|   
| | Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/63 | 
| | | 
| | 
| | 
| | 
| | 
| | | Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
|   
| | Allow sshd configuration to be skipped on "special" machines using
an optional "manage_sshd: False" pillar option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/62 | 
| |/  
|   
|   
|   
|   
|   
| | Multiple packages need it as a dependency, maintaining an exclusion list
is not feasible.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | skip-users-if-sss into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/61 | 
| |/  
|   
|   
|   
|   
| | Skip failing local users management on machines using sssd.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | nbroles-to-grains-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/60 | 
| |/  
|   
|   
|   
|   
|   
| | Script is called in the Lysergic repository as well, where not all files
exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | firewall-optional into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/59 | 
| |/  
|   
|   
|   
|   
|   
|   
| | Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was
outside of conditional - it didn't cause any errors, but did not work as
expected either. :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/58 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Enable option to ensure minions are immediately responsive after key
rotations.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
|   
|   
| | Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the
default environment seems to not be set to "production" without
it being present. Adding it back until a better way is found.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | themis-httpd-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/57 | 
| |/  
|   
|   
|   
|   
|   
|   
|   
| | - Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
  FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | privatebin-quoting into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/56 | 
| |/  
|   
|   
|   
|   
| | Ensure strings are quoted correctly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/55 | 
| | | 
| | 
| | 
| | 
| | 
| | | Replace with call to grains dict.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | themis-httpd-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| | | 
| | | 
| | | 
| | | 
| | | | libX11-php into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/54 | 
| |/ /  
| |   
| |   
| |   
| |   
| | | Needed for some PHP extensions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| | | 
| | | 
| | | 
| | | 
| | | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/53 | 
| |/ /  
| |   
| |   
| |   
| |   
| | | Re-order ending quote.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| | | 
| | | 
| | | 
| | | 
| | | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/52 | 
| |/ /  
| |   
| |   
| |   
| |   
| |   
| | | Attempt to repair quoting by correcting the if-condition grouping and by
replacing the quote filter with manual quotes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/51 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Some strings contain spaces or special characters and should be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | privatebin-role into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | firewall-optional into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/48 | 
| |/  
|   
|   
|   
|   
|   
| | Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | bookstack-pillar into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/47 | 
| |/  
|   
|   
|   
|   
|   
| | For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/45 | 
| |/  
|   
|   
|   
|   
|   
| | To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | httpd-service into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/46 | 
| |/  
|   
|   
|   
|   
|   
| | The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40 | 
| | | 
| | 
| | 
| | 
| | 
| | | Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> |