summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Repair BookStack quotingGeorg Pfuetzenreuter2023-04-301-2/+2
| | | | | | | Attempt to repair quoting by correcting the if-condition grouping and by replacing the quote filter with manual quotes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'BookStack fixups' (#51) from bookstack-fixup into productionGeorg Pfuetzenreuter2023-04-302-5/+5
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/51
| * Correct BookStack groupGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | | | Environment file needs to be readable by the www, not the wwwrun, group for PHP-FPM to be able to access it. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Correct SAML realm capitalizationGeorg Pfuetzenreuter2023-04-301-3/+3
| | | | | | | | | | | | The Keycloak realm is named "LibertaCasa", not "libertacasa". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Quote BookStack valuesGeorg Pfuetzenreuter2023-04-301-1/+1
|/ | | | | | Some strings contain spaces or special characters and should be quoted. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add empty role.privatebin pillar' (#49) from ↵Georg Pfuetzenreuter2023-04-301-0/+1
|\ | | | | | | | | | | privatebin-role into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49
| * Add empty role.privatebin pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | | | | | | | | For some reason Salt complains about the file missing, albeit us using "ignore_missing" in the top file. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Add manage_firewall conditional' (#48) from ↵Georg Pfuetzenreuter2023-04-307-0/+11
|\ \ | |/ |/| | | | | | | firewall-optional into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/48
| * Add manage_firewall conditionalGeorg Pfuetzenreuter2023-04-307-0/+11
|/ | | | | | | Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add empty role.bookstack pillar' (#47) from ↵Georg Pfuetzenreuter2023-04-301-0/+1
|\ | | | | | | | | | | bookstack-pillar into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/47
| * Add empty role.bookstack pillarGeorg Pfuetzenreuter2023-04-301-0/+1
|/ | | | | | | For some reason Salt complains about the file missing (albeit us using having "ignore_missing" enabled in the pillar top). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Allow saltenv/pillarenv override' (#45) from saltenv ↵Georg Pfuetzenreuter2023-04-301-2/+2
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/45
| * Allow saltenv/pillarenv overrideGeorg Pfuetzenreuter2023-04-301-2/+2
|/ | | | | | | To ease development, allow saltenv=<branch>/pillarenv=<branch> instead of enforcing the production branch. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Watch httpd service for snippets' (#46) from ↵Georg Pfuetzenreuter2023-04-301-4/+1
|\ | | | | | | | | | | httpd-service into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/46
| * Watch httpd service for snippetsGeorg Pfuetzenreuter2023-04-301-4/+1
|/ | | | | | | The reload/restart module calls have been dropped from the formula. Watch the service.running state instead. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into ↵Georg Pfuetzenreuter2023-04-303-13/+144
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
| * id.themis: import backend firewall rulesprivatebinGeorg Pfuetzenreuter2023-04-291-0/+6
| | | | | | | | | | | | Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin httpd vhostGeorg Pfuetzenreuter2023-03-121-13/+37
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin configurationGeorg Pfuetzenreuter2023-03-121-0/+42
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add privatebin profile+roleGeorg Pfuetzenreuter2023-03-122-0/+59
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Split out salt.formulas state' (#44) from ↵Georg Pfuetzenreuter2023-04-292-7/+7
|\ \ | | | | | | | | | | | | | | | profile-formulas into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/44
| * | Split out salt.formulas stateGeorg Pfuetzenreuter2023-04-292-7/+7
|/ / | | | | | | | | | | | | Allow formulas update on Salt master without applying the complete Salt master profile. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'Add tg lucy channel mapping' (#43) from mattertgbridge ↵Georg Pfuetzenreuter2023-04-141-0/+1
|\ \ | | | | | | | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/43 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * | Add tg lucy channel mappingPratyush Desai2023-04-141-0/+1
|/ / | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* | Merge pull request 'Add ChillNet matterbridge' (#42) from chillnet into ↵Georg Pfuetzenreuter2023-04-092-6/+39
|\ \ | |/ |/| | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/42 Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add Chillnet to matterbridgePratyush Desai2023-04-102-0/+34
| | | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Refactor matterbridge_media macroPratyush Desai2023-04-101-6/+5
|/ | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Merge pull request 'Import themis / BookStack' (#35) from bookstack into ↵Pratyush Desai2023-03-1111-0/+212
|\ | | | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/35 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * profile.bookstack: quote keysbookstackGeorg Pfuetzenreuter2023-03-111-2/+6
| | | | | | | | | | | | Some keys needed quoting to pass the YAML parser. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Enable php-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * role.bookstack: include php-fpmGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add php-fpm roleGeorg Pfuetzenreuter2023-02-262-0/+3
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Enable memcached-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * role.bookstack: include memcachedGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add memcached roleGeorg Pfuetzenreuter2023-02-262-0/+4
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * profile.apache-httpd: manage snippetsGeorg Pfuetzenreuter2023-02-263-1/+42
| | | | | | | | | | | | | | - add apache-httpd profile with snippets configuration - add TLS snippet to apache-httpd role pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: add BookStack configurationGeorg Pfuetzenreuter2023-02-261-0/+41
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: add BookStack httpd configurationGeorg Pfuetzenreuter2023-02-261-0/+36
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add bookstack profile+roleGeorg Pfuetzenreuter2023-02-262-0/+73
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add web.apache-httpd roleGeorg Pfuetzenreuter2023-02-262-0/+5
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Enable apache-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import moni Prometheus configuration' (#32) from ↵Georg Pfuetzenreuter2023-02-2511-10/+223
|\ | | | | | | | | | | prometheus-moni into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/32
| * Disable commit lintingGeorg Pfuetzenreuter2023-02-211-9/+9
| | | | | | | | | | | | Temporary change until imports with existing messages are finished. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Manage Prometheus firewall rulesGeorg Pfuetzenreuter2023-02-212-0/+15
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Moni: Read Blackbox targets as JSONGeorg Pfuetzenreuter2023-02-211-2/+2
| | | | | | | | | | | | Use uniform JSON target files instead of a JSON/YAML mix. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * p.node_exporter->p.prometheus.node_exporterGeorg Pfuetzenreuter2023-02-212-1/+1
| | | | | | | | | | | | | | | | Since the last commit introduced a new Prometheus targets profile, it makes sense to move node_exporter underneath the Prometheus tree as well. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Manage Prometheus targetsGeorg Pfuetzenreuter2023-02-214-2/+21
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Import Prometheus server configurationGeorg Pfuetzenreuter2023-02-217-0/+179
| | | | | | | | | | | | | | | | | | | | | | * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Merge pull request 'pipeline.gommit: allow more characters in prefix' (#38) ↵Pratyush Desai2023-02-221-1/+1
|\ \ | |/ |/| | | | | | | | | from commit-lint into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/38 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * pipeline.gommit: allow more characters in prefixGeorg Pfuetzenreuter2023-02-201-1/+1
|/ | | | | | | - For profiles/roles with - or _ in their name - In the future we should rename all - to _ and adjust the regex to forbid all - Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Commmit lint: allow pipeline + more characters' (#37) ↵Pratyush Desai2023-02-201-1/+1
|\ | | | | | | | | | | from commit-lint into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/37
| * pipeline.gommit: allow pipeline + more charactersGeorg Pfuetzenreuter2023-02-191-1/+1
|/ | | | | | | - allow pipeline.* prefix - allow some special characters in summary Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Enable commit message linting' (#36) from commit-lint ↵Pratyush Desai2023-02-193-1/+73
|\ | | | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/36 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Enable commit lintingGeorg Pfuetzenreuter2023-02-191-1/+11
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add commit lintingGeorg Pfuetzenreuter2023-02-192-0/+62
|/ | | | | | | - add gommit configuration - add wrapper script Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Linting' (#33) from linting into productionGeorg Pfuetzenreuter2023-02-158-12/+28
|\ | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/33
| * Address salt-lint errors/warningsGeorg Pfuetzenreuter2023-02-156-10/+12
| | | | | | | | | | | | | | - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Address yamllint errors/warningsGeorg Pfuetzenreuter2023-02-152-2/+5
| | | | | | | | | | | | | | - remove spaces, add headers - add ignore for line-lengths in .pipeline.yml Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * Add linting pipelineGeorg Pfuetzenreuter2023-02-151-0/+11
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Enable prometheus-formula' (#31) from prometheus-formula ↵Georg Pfuetzenreuter2023-02-151-0/+1
|\ | | | | | | | | | | into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/31
| * Enable prometheus-formulaGeorg Pfuetzenreuter2023-02-151-0/+1
|/ | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'denc-webcluster: add ModSecurity adjustments' (#30) from ↵Georg Pfuetzenreuter2023-02-131-0/+9
|\ | | | | | | | | | | import-denc-webcluster-nginx-modsec into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30
| * denc-webcluster: add ModSecurity adjustmentsGeorg Pfuetzenreuter2023-02-121-0/+9
|/ | | | | | | | With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*