summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Init orpheus.psyched.devorpheusGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | | Add pillar ID for orpheus to disable sshd management (machine uses custom configuration for $reasons). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Init dencpod01.lysergic.dev' (#68) from dencpod01 into ↵Georg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/68
| * Init dencpod01.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Move backup_mode to minion dict' (#67) from file-backup ↵Georg Pfuetzenreuter2023-05-021-1/+1
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/67
| * Move backup_mode to minion dictGeorg Pfuetzenreuter2023-05-021-1/+1
|/ | | | | | Is a minion specific option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Enable minion file backup' (#66) from file-backup into ↵Georg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/66
| * Enable minion file backupGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | https://docs.saltproject.io/en/latest/ref/states/backup_mode.html Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import moni firewall configuration' (#65) from moni into ↵Georg Pfuetzenreuter2023-05-021-0/+11
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/65
| * Import moni firewall configurationGeorg Pfuetzenreuter2023-05-021-0/+11
|/ | | | | | Some ports not yet covered by a role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Init phoebe.lysergic.dev' (#64) from phoebe into productionGeorg Pfuetzenreuter2023-05-021-0/+1
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/64
| * Init phoebe.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
|/ | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add manage_sshd conditional' (#63) from sshd-optional ↵Georg Pfuetzenreuter2023-05-022-0/+3
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/63
| * Disable manage_sshd for philiaGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | | | | | | | Machine uses a custom sshd configuration for $reasons. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add manage_sshd conditionalGeorg Pfuetzenreuter2023-05-021-0/+2
|/ | | | | | | Allow sshd configuration to be skipped on "special" machines using an optional "manage_sshd: False" pillar option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'No longer remove libX11' (#62) from libX11 into productionGeorg Pfuetzenreuter2023-05-021-5/+0
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/62
| * No longer remove libX11Georg Pfuetzenreuter2023-05-021-5/+0
|/ | | | | | | Multiple packages need it as a dependency, maintaining an exclusion list is not feasible. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add users conditional for sss' (#61) from ↵Georg Pfuetzenreuter2023-05-011-0/+4
|\ | | | | | | | | | | skip-users-if-sss into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/61
| * Add users conditional for sssGeorg Pfuetzenreuter2023-05-011-0/+4
|/ | | | | | Skip failing local users management on machines using sssd. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Check files in nbroles to grains script' (#60) from ↵Georg Pfuetzenreuter2023-05-011-1/+11
|\ | | | | | | | | | | nbroles-to-grains-refactor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/60
| * Check files in nbroles to grains scriptGeorg Pfuetzenreuter2023-05-011-1/+11
|/ | | | | | | Script is called in the Lysergic repository as well, where not all files exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair manage_firewall behavior' (#59) from ↵Georg Pfuetzenreuter2023-05-011-1/+1
|\ | | | | | | | | | | firewall-optional into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/59
| * Repair manage_firewall behaviorGeorg Pfuetzenreuter2023-05-011-1/+1
|/ | | | | | | | Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was outside of conditional - it didn't cause any errors, but did not work as expected either. :-) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Set env_order + ping_on_rotate' (#58) from saltenv into ↵Georg Pfuetzenreuter2023-05-011-0/+2
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/58
| * Set ping_on_rotateGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | | | | | | | | Enable option to ensure minions are immediately responsive after key rotations. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Set env_orderGeorg Pfuetzenreuter2023-05-011-0/+1
|/ | | | | | | | Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the default environment seems to not be set to "production" without it being present. Adding it back until a better way is found. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair BookStack httpd configuration' (#57) from ↵Georg Pfuetzenreuter2023-05-011-9/+9
|\ | | | | | | | | | | themis-httpd-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/57
| * Repair BookStack httpd configurationGeorg Pfuetzenreuter2023-05-011-9/+9
|/ | | | | | | | | - Replace wrong instances of RewriteCond with RewriteRule - Remove wrong quotes around rewrite conditions - Set correct options (seemingly our version of httpd does not set FollowSymLinks by default?) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair PrivateBin config quoting' (#56) from ↵Georg Pfuetzenreuter2023-04-301-2/+2
|\ | | | | | | | | | | privatebin-quoting into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/56
| * Repair PrivateBin config quotingGeorg Pfuetzenreuter2023-04-301-2/+2
|/ | | | | | Ensure strings are quoted correctly. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair undefined id' (#55) from common-id-var into ↵Georg Pfuetzenreuter2023-04-301-1/+1
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/55
| * Repair undefined idGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | Replace with call to grains dict. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Adjust themis httpd directory options' (#50) from ↵Georg Pfuetzenreuter2023-04-301-1/+1
|\ \ | |/ |/| | | | | | | themis-httpd-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50
| * Adjust themis httpd directory optionsGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | | | | | Some directory options are not needed and were listed with syntax issues. Set to false to prevent "Options" from being added, which equals "Options +FollowSymLinks". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Exclude libX11 removal for FPM hosts' (#54) from ↵Georg Pfuetzenreuter2023-04-302-1/+5
|\ \ | | | | | | | | | | | | | | | libX11-php into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/54
| * | Exclude libX11 removal for FPM hostsGeorg Pfuetzenreuter2023-04-302-1/+5
|/ / | | | | | | | | | | Needed for some PHP extensions. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Repair BookStack quoting' (#53) from bookstack-quoting ↵Georg Pfuetzenreuter2023-04-301-1/+1
|\ \ | | | | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/53
| * | Repair BookStack quotingGeorg Pfuetzenreuter2023-04-301-1/+1
|/ / | | | | | | | | | | Re-order ending quote. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Repair BookStack quoting' (#52) from bookstack-quoting ↵Georg Pfuetzenreuter2023-04-301-2/+2
|\ \ | | | | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/52
| * | Repair BookStack quotingGeorg Pfuetzenreuter2023-04-301-2/+2
|/ / | | | | | | | | | | | | Attempt to repair quoting by correcting the if-condition grouping and by replacing the quote filter with manual quotes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'BookStack fixups' (#51) from bookstack-fixup into productionGeorg Pfuetzenreuter2023-04-302-5/+5
|\ \ | |/ |/| | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/51
| * Correct BookStack groupGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | | | Environment file needs to be readable by the www, not the wwwrun, group for PHP-FPM to be able to access it. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Correct SAML realm capitalizationGeorg Pfuetzenreuter2023-04-301-3/+3
| | | | | | | | | | | | The Keycloak realm is named "LibertaCasa", not "libertacasa". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Quote BookStack valuesGeorg Pfuetzenreuter2023-04-301-1/+1
|/ | | | | | Some strings contain spaces or special characters and should be quoted. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add empty role.privatebin pillar' (#49) from ↵Georg Pfuetzenreuter2023-04-301-0/+1
|\ | | | | | | | | | | privatebin-role into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49
| * Add empty role.privatebin pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | | | | | | | | For some reason Salt complains about the file missing, albeit us using "ignore_missing" in the top file. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Add manage_firewall conditional' (#48) from ↵Georg Pfuetzenreuter2023-04-307-0/+11
|\ \ | |/ |/| | | | | | | firewall-optional into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/48
| * Add manage_firewall conditionalGeorg Pfuetzenreuter2023-04-307-0/+11
|/ | | | | | | Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add empty role.bookstack pillar' (#47) from ↵Georg Pfuetzenreuter2023-04-301-0/+1
|\ | | | | | | | | | | bookstack-pillar into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/47
| * Add empty role.bookstack pillarGeorg Pfuetzenreuter2023-04-301-0/+1
|/ | | | | | | For some reason Salt complains about the file missing (albeit us using having "ignore_missing" enabled in the pillar top). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Allow saltenv/pillarenv override' (#45) from saltenv ↵Georg Pfuetzenreuter2023-04-301-2/+2
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/45
| * Allow saltenv/pillarenv overrideGeorg Pfuetzenreuter2023-04-301-2/+2
|/ | | | | | | To ease development, allow saltenv=<branch>/pillarenv=<branch> instead of enforcing the production branch. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Watch httpd service for snippets' (#46) from ↵Georg Pfuetzenreuter2023-04-301-4/+1
|\ | | | | | | | | | | httpd-service into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/46
| * Watch httpd service for snippetsGeorg Pfuetzenreuter2023-04-301-4/+1
|/ | | | | | | The reload/restart module calls have been dropped from the formula. Watch the service.running state instead. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into ↵Georg Pfuetzenreuter2023-04-303-13/+144
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
| * id.themis: import backend firewall rulesprivatebinGeorg Pfuetzenreuter2023-04-291-0/+6
| | | | | | | | | | | | Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin httpd vhostGeorg Pfuetzenreuter2023-03-121-13/+37
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin configurationGeorg Pfuetzenreuter2023-03-121-0/+42
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add privatebin profile+roleGeorg Pfuetzenreuter2023-03-122-0/+59
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Split out salt.formulas state' (#44) from ↵Georg Pfuetzenreuter2023-04-292-7/+7
|\ \ | | | | | | | | | | | | | | | profile-formulas into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/44
| * | Split out salt.formulas stateGeorg Pfuetzenreuter2023-04-292-7/+7
|/ / | | | | | | | | | | | | Allow formulas update on Salt master without applying the complete Salt master profile. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Add tg lucy channel mapping' (#43) from mattertgbridge ↵Georg Pfuetzenreuter2023-04-141-0/+1
|\ \ | |