summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update nsd pillar role confignsdPratyush Desai2023-02-201-2/+2
| | | | | | | - add database disable switch under `config_data` - remove `ip4-only` switch under `config_data` (it is host dependent) Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Add pillar ids for nsdPratyush Desai2023-02-204-0/+22
| | | | | | - add config data for nsd. Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* add nsd pillarPratyush Desai2023-02-193-0/+38
|
* Address salt-lint errors/warningsGeorg Pfuetzenreuter2023-02-156-10/+12
| | | | | | | - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Address yamllint errors/warningsGeorg Pfuetzenreuter2023-02-152-2/+5
| | | | | | | - remove spaces, add headers - add ignore for line-lengths in .pipeline.yml Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add linting pipelineGeorg Pfuetzenreuter2023-02-151-0/+11
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Enable prometheus-formula' (#31) from prometheus-formula ↵Georg Pfuetzenreuter2023-02-151-0/+1
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/31
| * Enable prometheus-formulaGeorg Pfuetzenreuter2023-02-151-0/+1
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'denc-webcluster: add ModSecurity adjustments' (#30) from ↵Georg Pfuetzenreuter2023-02-131-0/+9
|\ | | | | | | | | | | import-denc-webcluster-nginx-modsec into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30
| * denc-webcluster: add ModSecurity adjustmentsGeorg Pfuetzenreuter2023-02-121-0/+9
|/ | | | | | | | With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'denc-webcluster: nginx listen on HA addresses' (#29) ↵Georg Pfuetzenreuter2023-02-121-5/+5
|\ | | | | | | | | | | from import-denc-webcluster-nginx-listen-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/29
| * denc-webcluster: nginx listen on HA addressesGeorg Pfuetzenreuter2023-02-121-5/+5
|/ | | | | | Accidentally configured to listen only internally. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'AppArmor: reload on drop-in changes' (#28) from ↵Georg Pfuetzenreuter2023-02-121-0/+13
|\ | | | | | | | | | | reload-apparmor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/28
| * AppArmor: reload on drop-in changesGeorg Pfuetzenreuter2023-02-121-0/+13
|/ | | | | | Self-explanatory. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Manage AppArmor on web-proxie's' (#27) from ↵Georg Pfuetzenreuter2023-02-123-0/+17
|\ | | | | | | | | | | import-denc-webcluster-apparmor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27
| * denc-webcluster: nginx AppArmor rulesGeorg Pfuetzenreuter2023-02-121-0/+7
| | | | | | | | | | | | Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * web-proxy: include apparmor.localGeorg Pfuetzenreuter2023-02-121-0/+1
| | | | | | | | | | | | | | Some web proxy servers need additional AppArmor drop-ins, for example for serving static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add AppArmor profileGeorg Pfuetzenreuter2023-02-121-0/+9
|/ | | | | | | Simple profile to allow for management of local profile drop-ins using pillar values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'denc-webcluster: nginx config fixup' (#26) from ↵Georg Pfuetzenreuter2023-02-121-5/+2
|\ | | | | | | | | | | import-denc-webcluster-iphash into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/26
| * denc-webcluster: nginx config fixupGeorg Pfuetzenreuter2023-02-121-5/+2
|/ | | | | | | | - remove keys duplicated by include - repair wrong snippets include directory - repair wrong ip_hash option syntax Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'ha-node: vrrp is a protocol' (#25) from vrrp-fixup into ↵Georg Pfuetzenreuter2023-02-121-1/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25
| * ha-node: vrrp is a protocolGeorg Pfuetzenreuter2023-02-121-1/+1
|/ | | | | | Accidentally added as a service. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'denc-webcluster: allow http(s) publicly' (#24) from ↵Georg Pfuetzenreuter2023-02-121-0/+8
|\ | | | | | | | | | | import-denc-webcluster-fw into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24
| * denc-webcluster: enable keepalived script securityGeorg Pfuetzenreuter2023-02-121-0/+1
| | | | | | | | | | | | Prevent script tampering. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * denc-webcluster: allow http(s) publiclyGeorg Pfuetzenreuter2023-02-121-0/+7
|/ | | | | | Public firewall rules were missing from initial import. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import denc webcluster (nemesis/hubris)' (#12) from ↵Georg Pfuetzenreuter2023-02-1211-0/+367
|\ | | | | | | | | | | import-denc-webcluster into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12
| * Manage backend firewall zoneimport-denc-webclusterGeorg Pfuetzenreuter2023-02-122-0/+7
| | | | | | | | | | | | | | Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * ha-node: allow vrrp in firewallGeorg Pfuetzenreuter2023-02-122-0/+7
| | | | | | | | | | | | Needed for keepalived operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add ha-netcup roleGeorg Pfuetzenreuter2023-02-121-0/+3
| | | | | | | | | | | | | | Role managing the Netcup IP failover script plus keepalived. Requires ha-node role introduced via a8bbe056f1. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add keepalived_script_user profileGeorg Pfuetzenreuter2023-02-121-0/+7
| | | | | | | | | | | | | | Short profile source from other profiles requiring the keepalived_script user to be present. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add netcup_failover profileGeorg Pfuetzenreuter2023-02-123-0/+133
| | | | | | | | | | | | | | Profile managing a Netcup IP address failover script for use with keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * nemesis/hubris: import keepalived configurationGeorg Pfuetzenreuter2023-02-121-4/+61
| | | | | | | | | | | | Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * nemesis/hubris: include denc.web-proxyGeorg Pfuetzenreuter2023-02-122-0/+4
| | | | | | | | | | | | Add shared nginx configuration to nemesis/hubris HA pair nodes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * nemesis/hubris: import nginx configurationGeorg Pfuetzenreuter2023-02-121-0/+149
|/ | | | | | Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'common-suse: add qemu-guest-agent + remove AutoYaST' ↵Georg Pfuetzenreuter2023-02-121-1/+22
|\ | | | | | | | | | | (#23) from common-suse into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23
| * common.suse: manage qemu-guest-agentGeorg Pfuetzenreuter2023-02-121-0/+9
| | | | | | | | | | | | Ensure qemu-guest-agent is active on all KVM guests. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * common.suse: remove AutoYaSTGeorg Pfuetzenreuter2023-02-121-1/+13
| | | | | | | | | | | | | | We only use AutoYaST for the OS deployment and don't need the packages afterwards. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'dericom02: manage web firewall zone' (#22) from ↵Georg Pfuetzenreuter2023-02-121-0/+8
|\ \ | |/ |/| | | | | | | dericom02-webfw into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22
| * dericom02: manage web firewall zoneGeorg Pfuetzenreuter2023-02-121-0/+8
|/ | | | | | | Import locally configured web zone into Salt. This zone allows the web proxy to reach http for serving Matterbridge media. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'lighttpd: improve dependencies' (#21) from ↵Georg Pfuetzenreuter2023-02-121-0/+5
|\ | | | | | | | | | | lighttpd-watch into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21
| * lighttpd: improve dependenciesGeorg Pfuetzenreuter2023-02-121-0/+5
|/ | | | | | | - add more explicit Salt ID dependencies - reload service on configuration changes Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'dericom02: disable matterbridge XMPP debug' (#20) from ↵Georg Pfuetzenreuter2023-02-121-1/+1
|\ | | | | | | | | | | matterbridge-xmpp-debug into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20
| * dericom02: disable matterbridge XMPP debugGeorg Pfuetzenreuter2023-02-121-1/+1
|/ | | | | | It's very noisy - one can enable it on demand if needed. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'matterbridge: restart on changes' (#19) from ↵Georg Pfuetzenreuter2023-02-121-0/+4
|\ | | | | | | | | | | matterbridge-watch into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19
| * matterbridge: restart on changesGeorg Pfuetzenreuter2023-02-121-0/+4
|/ | | | | | | Matterbridge does detect file changes, but seems to only apply them on a service restart. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'matterbridge: quote numbers' (#18) from ↵Georg Pfuetzenreuter2023-02-121-1/+1
|\ | | | | | | | | | | matterbridge-booleans into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18
| * matterbridge: quote numbersGeorg Pfuetzenreuter2023-02-121-1/+1
| | | | | | | | | | | | Needed to make the TOML configuration format happy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Disable "aithunder" Discord bridge' (#17) from ↵Georg Pfuetzenreuter2023-02-121-1/+3
|\ \ | |/ |/| | | | | | | matterbridge-aithunder into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17
| * Disable "aithunder" Discord bridgeGeorg Pfuetzenreuter2023-02-121-1/+3
|/ | | | | | Discord room does not exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'dericom02: quote matterbridge booleans' (#16) from ↵Georg Pfuetzenreuter2023-02-121-31/+31
|\ | | | | | | | | | | matterbridge-booleans into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16
| * dericom02: quote matterbridge booleansGeorg Pfuetzenreuter2023-02-121-31/+31
|/ | | | | | TOML configuration format needs lowercase boolean values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Matterbridge media' (#15) from matterbridge-media into ↵Pratyush Desai2023-02-122-2/+24
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15
| * dericom02: manage matterbridge mediaGeorg Pfuetzenreuter2023-02-121-2/+13
| | | | | | | | | | | | | | - move base media directory to variable - add lighttpd vhosts to pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * matterbridge: manage media directoriesGeorg Pfuetzenreuter2023-02-121-0/+11
|/ | | | | | Create media directories if defined in the pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'matterbridge: add role pillar' (#14) from ↵Pratyush Desai2023-02-091-0/+1
|\ | | | | | | | | | | matterbridge-pillar-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14
| * matterbridge: add role pillarGeorg Pfuetzenreuter2023-02-091-0/+1
|/ | | | | | | Empty for now, adding for future reference and because we enforce role pillars to exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import Matterbridge configuration' (#10) from ↵Pratyush Desai2023-02-091-0/+221
|\ | | | | | | | | | | import-dericom02 into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10
| * dericom02: import Matterbridge configurationGeorg Pfuetzenreuter2023-02-071-0/+221
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Refactor Matterbridge profile' (#11) from ↵Pratyush Desai2023-02-092-23/+26
|\ \ | | | | | | | | | | | | | | | matterbridge-refactor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
| * | Refactor matterbridge profileGeorg Pfuetzenreuter2023-02-072-23/+26
| |/ | | | | | | | | | | | | | | - reduce pillar calls - no longer define possible configuration options, apply settings from pillar 1:1 Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Add ha-node role + enable keepalived formula' (#13) from ↵Georg Pfuetzenreuter2023-02-082-0/+3
|\ \ | |/ |/| | | | | | | keepalived-formula into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13
| * Add ha-node roleGeorg Pfuetzenreuter2023-02-081-0/+2
| | | | | | | | | | | | Add ha-node role for machines in a HA pair using keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Enable keepalived-formulaGeorg Pfuetzenreuter2023-02-081-0/+1