salt.git - Work in progress effort to automate the LibertaCasa infrastructure configuration using SaltStack

	Commit message (Collapse)	Author	Age	Files	Lines
*	denc-webcluster: nginx config fixup	Georg Pfuetzenreuter	2023-02-12	1	-5/+2
\| \| \| \| \| \| \| \|	- remove keys duplicated by include - repair wrong snippets include directory - repair wrong ip_hash option syntax Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'ha-node: vrrp is a protocol' (#25) from vrrp-fixup into ↵	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\|\ \| \| \| \| \| \| \| \| \| \|	production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25
\| *	ha-node: vrrp is a protocol	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\|/ \| \| \| \| \|	Accidentally added as a service. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'denc-webcluster: allow http(s) publicly' (#24) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-0/+8
\|\ \| \| \| \| \| \| \| \| \| \|	import-denc-webcluster-fw into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24
\| *	denc-webcluster: enable keepalived script security	Georg Pfuetzenreuter	2023-02-12	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Prevent script tampering. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	denc-webcluster: allow http(s) publicly	Georg Pfuetzenreuter	2023-02-12	1	-0/+7
\|/ \| \| \| \| \|	Public firewall rules were missing from initial import. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'Import denc webcluster (nemesis/hubris)' (#12) from ↵	Georg Pfuetzenreuter	2023-02-12	11	-0/+367
\|\ \| \| \| \| \| \| \| \| \| \|	import-denc-webcluster into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12
\| *	Manage backend firewall zoneimport-denc-webcluster	Georg Pfuetzenreuter	2023-02-12	2	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	ha-node: allow vrrp in firewall	Georg Pfuetzenreuter	2023-02-12	2	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \|	Needed for keepalived operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	Add ha-netcup role	Georg Pfuetzenreuter	2023-02-12	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Role managing the Netcup IP failover script plus keepalived. Requires ha-node role introduced via a8bbe056f1. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	Add keepalived_script_user profile	Georg Pfuetzenreuter	2023-02-12	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Short profile source from other profiles requiring the keepalived_script user to be present. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	Add netcup_failover profile	Georg Pfuetzenreuter	2023-02-12	3	-0/+133
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Profile managing a Netcup IP address failover script for use with keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	nemesis/hubris: import keepalived configuration	Georg Pfuetzenreuter	2023-02-12	1	-4/+61
\| \| \| \| \| \| \| \| \| \| \| \|	Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	nemesis/hubris: include denc.web-proxy	Georg Pfuetzenreuter	2023-02-12	2	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Add shared nginx configuration to nemesis/hubris HA pair nodes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	nemesis/hubris: import nginx configuration	Georg Pfuetzenreuter	2023-02-12	1	-0/+149
\|/ \| \| \| \| \|	Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'common-suse: add qemu-guest-agent + remove AutoYaST' ↵	Georg Pfuetzenreuter	2023-02-12	1	-1/+22
\|\ \| \| \| \| \| \| \| \| \| \|	(#23) from common-suse into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23
\| *	common.suse: manage qemu-guest-agent	Georg Pfuetzenreuter	2023-02-12	1	-0/+9
\| \| \| \| \| \| \| \| \| \| \| \|	Ensure qemu-guest-agent is active on all KVM guests. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	common.suse: remove AutoYaST	Georg Pfuetzenreuter	2023-02-12	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	We only use AutoYaST for the OS deployment and don't need the packages afterwards. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* \|	Merge pull request 'dericom02: manage web firewall zone' (#22) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-0/+8
\|\ \ \| \|/ \|/\| \| \| \| \| \| \|	dericom02-webfw into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22
\| *	dericom02: manage web firewall zone	Georg Pfuetzenreuter	2023-02-12	1	-0/+8
\|/ \| \| \| \| \| \|	Import locally configured web zone into Salt. This zone allows the web proxy to reach http for serving Matterbridge media. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'lighttpd: improve dependencies' (#21) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-0/+5
\|\ \| \| \| \| \| \| \| \| \| \|	lighttpd-watch into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21
\| *	lighttpd: improve dependencies	Georg Pfuetzenreuter	2023-02-12	1	-0/+5
\|/ \| \| \| \| \| \|	- add more explicit Salt ID dependencies - reload service on configuration changes Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'dericom02: disable matterbridge XMPP debug' (#20) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\|\ \| \| \| \| \| \| \| \| \| \|	matterbridge-xmpp-debug into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20
\| *	dericom02: disable matterbridge XMPP debug	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\|/ \| \| \| \| \|	It's very noisy - one can enable it on demand if needed. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'matterbridge: restart on changes' (#19) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-0/+4
\|\ \| \| \| \| \| \| \| \| \| \|	matterbridge-watch into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19
\| *	matterbridge: restart on changes	Georg Pfuetzenreuter	2023-02-12	1	-0/+4
\|/ \| \| \| \| \| \|	Matterbridge does detect file changes, but seems to only apply them on a service restart. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'matterbridge: quote numbers' (#18) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\|\ \| \| \| \| \| \| \| \| \| \|	matterbridge-booleans into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18
\| *	matterbridge: quote numbers	Georg Pfuetzenreuter	2023-02-12	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Needed to make the TOML configuration format happy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* \|	Merge pull request 'Disable "aithunder" Discord bridge' (#17) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-1/+3
\|\ \ \| \|/ \|/\| \| \| \| \| \| \|	matterbridge-aithunder into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17
\| *	Disable "aithunder" Discord bridge	Georg Pfuetzenreuter	2023-02-12	1	-1/+3
\|/ \| \| \| \| \|	Discord room does not exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'dericom02: quote matterbridge booleans' (#16) from ↵	Georg Pfuetzenreuter	2023-02-12	1	-31/+31
\|\ \| \| \| \| \| \| \| \| \| \|	matterbridge-booleans into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16
\| *	dericom02: quote matterbridge booleans	Georg Pfuetzenreuter	2023-02-12	1	-31/+31
\|/ \| \| \| \| \|	TOML configuration format needs lowercase boolean values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'Matterbridge media' (#15) from matterbridge-media into ↵	Pratyush Desai	2023-02-12	2	-2/+24
\|\ \| \| \| \| \| \| \| \| \| \|	production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15
\| *	dericom02: manage matterbridge media	Georg Pfuetzenreuter	2023-02-12	1	-2/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	- move base media directory to variable - add lighttpd vhosts to pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	matterbridge: manage media directories	Georg Pfuetzenreuter	2023-02-12	1	-0/+11
\|/ \| \| \| \| \|	Create media directories if defined in the pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'matterbridge: add role pillar' (#14) from ↵	Pratyush Desai	2023-02-09	1	-0/+1
\|\ \| \| \| \| \| \| \| \| \| \|	matterbridge-pillar-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14
\| *	matterbridge: add role pillar	Georg Pfuetzenreuter	2023-02-09	1	-0/+1
\|/ \| \| \| \| \| \|	Empty for now, adding for future reference and because we enforce role pillars to exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'Import Matterbridge configuration' (#10) from ↵	Pratyush Desai	2023-02-09	1	-0/+221
\|\ \| \| \| \| \| \| \| \| \| \|	import-dericom02 into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10
\| *	dericom02: import Matterbridge configuration	Georg Pfuetzenreuter	2023-02-07	1	-0/+221
\| \| \| \| \| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* \|	Merge pull request 'Refactor Matterbridge profile' (#11) from ↵	Pratyush Desai	2023-02-09	2	-23/+26
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	matterbridge-refactor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
\| * \|	Refactor matterbridge profile	Georg Pfuetzenreuter	2023-02-07	2	-23/+26
\| \|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- reduce pillar calls - no longer define possible configuration options, apply settings from pillar 1:1 Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* \|	Merge pull request 'Add ha-node role + enable keepalived formula' (#13) from ↵	Georg Pfuetzenreuter	2023-02-08	2	-0/+3
\|\ \ \| \|/ \|/\| \| \| \| \| \| \|	keepalived-formula into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13
\| *	Add ha-node role	Georg Pfuetzenreuter	2023-02-08	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Add ha-node role for machines in a HA pair using keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	Enable keepalived-formula	Georg Pfuetzenreuter	2023-02-08	1	-0/+1
\|/ \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	derimisc01: import Tor configuration	Georg Pfuetzenreuter	2023-02-07	1	-0/+14
\| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Add onion-router role	Georg Pfuetzenreuter	2023-02-07	2	-0/+7
\| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Enable tor-formula	Georg Pfuetzenreuter	2023-02-06	1	-0/+1
\| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Set webirc backend to https	Georg Pfuetzenreuter	2023-02-06	1	-1/+1
\| \| \| \| \| \|	Ergo rightfully does not accept plain text websocket connections. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Include libertacasa for liberta.casa	Georg Pfuetzenreuter	2023-02-06	1	-0/+1
\| \| \| \| \| \| \| \|	Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa nginx snippet needs to be included in liberta.casa server for main website to operate on the clearnet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Repair liberta.casa TLS include	Georg Pfuetzenreuter	2023-02-06	1	-1/+2
\| \| \| \| \| \| \|	Accidentally mixed up the libertacasa with the libertacasa2 nginx TLS snippet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	web-proxy: include mime.types	Georg Pfuetzenreuter	2023-02-05	1	-0/+1
\| \| \| \| \| \|	Always include mime.types on web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	web-proxy: common includes	Georg Pfuetzenreuter	2023-02-05	1	-1/+4
\| \| \| \| \| \|	Always include files in conf.d and vhosts.d on web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'web-proxy: common nginx.conf' (#9) from nginxconf into ↵	Georg Pfuetzenreuter	2023-02-05	1	-0/+25
\|\ \| \| \| \| \| \| \| \| \| \|	production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/9
\| *	web-proxy: common nginx.conf	Georg Pfuetzenreuter	2023-02-05	1	-0/+25
\|/ \| \| \| \| \| \|	Import default nginx.conf contents from our custom packaged file into Salt. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	web-proxy: IPv6 listener brackets	Georg Pfuetzenreuter	2023-02-05	2	-3/+12
\| \| \| \| \| \| \|	Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx from failing to start. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Increase LC repository priority	Georg Pfuetzenreuter	2023-02-05	1	-1/+1
\| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Merge pull request 'deriweb01: import nginx configuration' (#8) from ↵	Georg Pfuetzenreuter	2023-02-05	3	-1/+450
\|\ \| \| \| \| \| \| \| \| \| \|	import-deriweb01 into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/8
\| *	web-proxy: add firewall configuration	Georg Pfuetzenreuter	2023-02-05	1	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Allow internal http and https to pass on web proxies. To-do: logic for web proxies directly attached to the internet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	Enable syntax highlighting	Georg Pfuetzenreuter	2023-02-05	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Initially for .sls and .jinja/.j2 files - we can add others later on if needed. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
\| *	deriweb01: import nginx configuration	Georg Pfuetzenreuter	2023-02-05	1	-0/+441
\|/ \| \| \| \| \|	Transfer local/manual nginx configuration structure into pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	web-proxy: add common TLS configuration	Georg Pfuetzenreuter	2023-02-05	1	-0/+10
\| \| \| \| \| \|	Add TLS configuration snippet shared between all web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Add nginx crtkeypair macro	Georg Pfuetzenreuter	2023-02-05	2	-0/+9
\| \| \| \| \| \|	For use in nginx pillars. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Add cluster pillar	Georg Pfuetzenreuter	2023-02-05	1	-0/+2
\| \| \| \|	Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Refresh LC repository	Georg Pfuetzenreuter	2023-02-05	1	-0/+1
\| \| \| \| \| \|	Configure repository to be refreshed automatically. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*	Add web-proxy role	Georg Pfuetzenreuter	2023-02-04	2	-0/+26
\| \|