| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Allow sshd configuration to be skipped on "special" machines using
an optional "manage_sshd: False" pillar option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/62
|
|/
|
|
|
|
|
| |
Multiple packages need it as a dependency, maintaining an exclusion list
is not feasible.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
skip-users-if-sss into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/61
|
|/
|
|
|
|
| |
Skip failing local users management on machines using sssd.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
nbroles-to-grains-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/60
|
|/
|
|
|
|
|
| |
Script is called in the Lysergic repository as well, where not all files
exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
firewall-optional into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/59
|
|/
|
|
|
|
|
|
| |
Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was
outside of conditional - it didn't cause any errors, but did not work as
expected either. :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/58
|
| |
| |
| |
| |
| |
| |
| | |
Enable option to ensure minions are immediately responsive after key
rotations.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
|
| |
Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the
default environment seems to not be set to "production" without
it being present. Adding it back until a better way is found.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
themis-httpd-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/57
|
|/
|
|
|
|
|
|
|
| |
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
privatebin-quoting into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/56
|
|/
|
|
|
|
| |
Ensure strings are quoted correctly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/55
|
| |
| |
| |
| |
| |
| | |
Replace with call to grains dict.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
themis-httpd-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50
|
| |
| |
| |
| |
| |
| |
| |
| | |
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
libX11-php into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/54
|
|/ /
| |
| |
| |
| |
| | |
Needed for some PHP extensions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/53
|
|/ /
| |
| |
| |
| |
| | |
Re-order ending quote.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/52
|
|/ /
| |
| |
| |
| |
| |
| | |
Attempt to repair quoting by correcting the if-condition grouping and by
replacing the quote filter with manual quotes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/51
|
| |
| |
| |
| |
| |
| |
| | |
Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Some strings contain spaces or special characters and should be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
privatebin-role into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49
|
| |
| |
| |
| |
| |
| |
| | |
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
firewall-optional into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/48
|
|/
|
|
|
|
|
| |
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
bookstack-pillar into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/47
|
|/
|
|
|
|
|
| |
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/45
|
|/
|
|
|
|
|
| |
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
httpd-service into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/46
|
|/
|
|
|
|
|
| |
The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
|
| |
| |
| |
| |
| |
| | |
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
profile-formulas into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/44
|
|/ /
| |
| |
| |
| |
| |
| | |
Allow formulas update on Salt master without applying the complete Salt
master profile.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/43
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/ /
| |
| |
| | |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/42
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|/
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|\
| |
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/35
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
| |
| |
| |
| |
| | |
Some keys needed quoting to pass the YAML parser.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
prometheus-moni into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/32
|
| |
| |
| |
| |
| |
| | |
Temporary change until imports with existing messages are finished.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
from commit-lint into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/38
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|/
|
|
|
|
|
| |
- For profiles/roles with - or _ in their name
- In the future we should rename all - to _ and adjust the regex to forbid all -
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
from commit-lint into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/37
|
|/
|
|
|
|
|
| |
- allow pipeline.* prefix
- allow some special characters in summary
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| |
| | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/36
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
| |
- add gommit configuration
- add wrapper script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/33
|
| |
| |
| |
| |
| |
| |
| | |
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
- remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/31
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-nginx-modsec into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30
|
|/
|
|
|
|
|
|
| |
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
from import-denc-webcluster-nginx-listen-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/29
|
|/
|
|
|
|
| |
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
reload-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/28
|
|/
|
|
|
|
| |
Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27
|
| |
| |
| |
| |
| |
| | |
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
| |
Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-iphash into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/26
|
|/
|
|
|
|
|
|
| |
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25
|
|/
|
|
|
|
| |
Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-fw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24
|
| |
| |
| |
| |
| |
| | |
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12
|
| |
| |
| |
| |
| |
| |
| | |
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
(#23) from common-suse into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23
|
| |
| |
| |
| |
| |
| | |
Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
dericom02-webfw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22
|
|/
|
|
|
|
|
| |
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
lighttpd-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21
|
|/
|
|
|
|
|
| |
- add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-xmpp-debug into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20
|
|/
|
|
|
|
| |
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19
|
|/
|
|
|
|
|
| |
Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18
|
| |
| |
| |
| |
| |
| | |
Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
matterbridge-aithunder into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17
|
|/
|
|
|
|
| |
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16
|
|/
|
|
|
|
| |
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15
|
| |
| |
| |
| |
| |
| |
| | |
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-pillar-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14
|
|/
|
|
|
|
|
| |
Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-dericom02 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
matterbridge-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
|
| |/
| |
| |
| |
| |
| |
| |
| | |
- reduce pillar calls
- no longer define possible configuration options, apply settings from
pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
keepalived-formula into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13
|
| |
| |
| |
| |
| |
| | |
Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/9
|
|/
|
|
|
|
|
| |
Import default nginx.conf contents from our custom packaged file into
Salt.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-deriweb01 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/8
|
| |
| |
| |
| |
| |
| |
| | |
Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Initially for .sls and .jinja/.j2 files - we can add others later on if
needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
For use in nginx pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Configure repository to be refreshed automatically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Useful to accept new minions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Grains have only been managed to track roles, however those have since
been moved to the Role API. Hence the managed /etc/salt/grains file can
safely be removed from management.
Existing installations will be cleaned up by me.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
To match the SUSE defaults deployed by our AutoYaST configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for firewall interface-zone mapping logic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
State would print the colons unquoted into the file, causing the YAML to
not parse.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Reflect production setting, allow pillar to merge from different roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
... and sort list entries alphabetically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
No individual listeners can be configured, hence global dual stack
listener it is.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
If-clause to check for Syndic roles caused regression on minions without
any assigned roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
| |
Don't fail if mine does not contain information about the queried
minion.
In the future it would be nice to add another conditional to allow such
minions to fall-back to the locally executed network module for
masterless setups.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for formula to not nuke Syndic key permissions. Little bit ugly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
The network module run on the Salt master, but the macro should fetch
minion addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add Salt mine configuration to collect minion IP addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Likely needed as it does not support searching a more fine grained base
DN.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Tornado does not support all the features.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- python-ldap is needed for authenticating with the API
- shell completions are useful :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/6
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
LibertaCasa RPM repsitory:
- comment was not added by Salt, it attempted to re-add it every time
- set lower priority
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- correct mydestination to allow lysergic.dev to be sent through the
relay
- correct relayhost to use SMTPS port
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|