|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| | With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | from import-denc-webcluster-nginx-listen-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/29 | 
| |/  
|   
|   
|   
|   
| | Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | reload-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/28 | 
| |/  
|   
|   
|   
|   
| | Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27 | 
| | | 
| | 
| | 
| | 
| | 
| | | Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
|   
| | Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-iphash into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/26 | 
| |/  
|   
|   
|   
|   
|   
|   
| | - remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25 | 
| |/  
|   
|   
|   
|   
| | Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster-fw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24 | 
| | | 
| | 
| | 
| | 
| | 
| | | Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-denc-webcluster into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | | Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | (#23) from common-suse into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23 | 
| | | 
| | 
| | 
| | 
| | 
| | | Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | dericom02-webfw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22 | 
| |/  
|   
|   
|   
|   
|   
| | Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | lighttpd-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21 | 
| |/  
|   
|   
|   
|   
|   
| | - add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-xmpp-debug into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20 | 
| |/  
|   
|   
|   
|   
| | It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19 | 
| |/  
|   
|   
|   
|   
|   
| | Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18 | 
| | | 
| | 
| | 
| | 
| | 
| | | Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | matterbridge-aithunder into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17 | 
| |/  
|   
|   
|   
|   
| | Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16 | 
| |/  
|   
|   
|   
|   
| | TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | - move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-pillar-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14 | 
| |/  
|   
|   
|   
|   
|   
| | Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-dericom02 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10 | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| | | 
| | | 
| | | 
| | | 
| | | | matterbridge-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11 | 
| | |/  
| |   
| |   
| |   
| |   
| |   
| |   
| | | - reduce pillar calls
- no longer define possible configuration options, apply settings from
  pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | keepalived-formula into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13 | 
| | | 
| | 
| | 
| | 
| | 
| | | Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| | Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> |