|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| | We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | lighttpd-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21 | 
| |/  
|   
|   
|   
|   
|   
| | - add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-xmpp-debug into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20 | 
| |/  
|   
|   
|   
|   
| | It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19 | 
| |/  
|   
|   
|   
|   
|   
| | Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18 | 
| | | 
| | 
| | 
| | 
| | 
| | | Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | matterbridge-aithunder into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17 | 
| |/  
|   
|   
|   
|   
| | Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16 | 
| |/  
|   
|   
|   
|   
| | TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | - move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | matterbridge-pillar-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14 | 
| |/  
|   
|   
|   
|   
|   
| | Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-dericom02 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10 | 
| | | 
| | 
| | 
| | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| | | 
| | | 
| | | 
| | | 
| | | | matterbridge-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11 | 
| | |/  
| |   
| |   
| |   
| |   
| |   
| |   
| | | - reduce pillar calls
- no longer define possible configuration options, apply settings from
  pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\ \  
| |/  
|/|   
| |   
| |   
| | | keepalived-formula into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13 | 
| | | 
| | 
| | 
| | 
| | 
| | | Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| | Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/9 | 
| |/  
|   
|   
|   
|   
|   
| | Import default nginx.conf contents from our custom packaged file into
Salt.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |\  
| | 
| | 
| | 
| | 
| | | import-deriweb01 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/8 | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | Initially for .sls and .jinja/.j2 files - we can add others later on if
needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| |/  
|   
|   
|   
|   
| | Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | For use in nginx pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Configure repository to be refreshed automatically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | - web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| | - move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Useful to accept new minions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Grains have only been managed to track roles, however those have since
been moved to the Role API. Hence the managed /etc/salt/grains file can
safely be removed from management.
Existing installations will be cleaned up by me.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | To match the SUSE defaults deployed by our AutoYaST configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | - interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Needed for firewall interface-zone mapping logic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | State would print the colons unquoted into the file, causing the YAML to
not parse.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Reflect production setting, allow pillar to merge from different roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | ... and sort list entries alphabetically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | No individual listeners can be configured, hence global dual stack
listener it is.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | If-clause to check for Syndic roles caused regression on minions without
any assigned roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Don't fail if mine does not contain information about the queried
minion.
In the future it would be nice to add another conditional to allow such
minions to fall-back to the locally executed network module for
masterless setups.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| | Needed for formula to not nuke Syndic key permissions. Little bit ugly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> | 
| | 
| 
| 
| 
| 
| 
| | The network module run on the Salt master, but the macro should fetch
minion add |