summaryrefslogtreecommitdiffstats
path: root/pillar/id
Commit message (Collapse)AuthorAgeFilesLines
* Used /RENAME for #fightclubPratyush Desai2023-05-031-2/+2
|
* Init psyched.devGeorg Pfuetzenreuter2023-05-023-0/+3
| | | | | | | | Add pillar IDs for theia/orpheus/selene to disable sshd management on them (machines use custom configurations for historic reasons, and we like to preserve history). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init dencpod01.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import moni firewall configurationGeorg Pfuetzenreuter2023-05-021-0/+11
| | | | | | Some ports not yet covered by a role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init phoebe.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Disable manage_sshd for philiaGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Machine uses a custom sshd configuration for $reasons. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair BookStack httpd configurationGeorg Pfuetzenreuter2023-05-011-9/+9
| | | | | | | | | - Replace wrong instances of RewriteCond with RewriteRule - Remove wrong quotes around rewrite conditions - Set correct options (seemingly our version of httpd does not set FollowSymLinks by default?) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Adjust themis httpd directory options' (#50) from ↵Georg Pfuetzenreuter2023-04-301-1/+1
|\ | | | | | | | | | | themis-httpd-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50
| * Adjust themis httpd directory optionsGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | | | | | Some directory options are not needed and were listed with syntax issues. Set to false to prevent "Options" from being added, which equals "Options +FollowSymLinks". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Correct SAML realm capitalizationGeorg Pfuetzenreuter2023-04-301-3/+3
|/ | | | | | The Keycloak realm is named "LibertaCasa", not "libertacasa". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add manage_firewall conditionalGeorg Pfuetzenreuter2023-04-305-0/+7
| | | | | | | Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into ↵Georg Pfuetzenreuter2023-04-301-13/+85
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
| * id.themis: import backend firewall rulesprivatebinGeorg Pfuetzenreuter2023-04-291-0/+6
| | | | | | | | | | | | Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin httpd vhostGeorg Pfuetzenreuter2023-03-121-13/+37
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin configurationGeorg Pfuetzenreuter2023-03-121-0/+42
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Add tg lucy channel mappingPratyush Desai2023-04-141-0/+1
| | | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* | Add Chillnet to matterbridgePratyush Desai2023-04-102-0/+34
| | | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* | Refactor matterbridge_media macroPratyush Desai2023-04-101-6/+5
|/ | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* id.themis: add BookStack configurationGeorg Pfuetzenreuter2023-02-261-0/+41
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* id.themis: add BookStack httpd configurationGeorg Pfuetzenreuter2023-02-261-0/+36
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Moni: Read Blackbox targets as JSONGeorg Pfuetzenreuter2023-02-211-2/+2
| | | | | | Use uniform JSON target files instead of a JSON/YAML mix. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import Prometheus server configurationGeorg Pfuetzenreuter2023-02-211-0/+110
| | | | | | | | | | | * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Address salt-lint errors/warningsGeorg Pfuetzenreuter2023-02-152-3/+3
| | | | | | | - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* nemesis/hubris: include denc.web-proxyGeorg Pfuetzenreuter2023-02-122-0/+4
| | | | | | Add shared nginx configuration to nemesis/hubris HA pair nodes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* dericom02: manage web firewall zoneGeorg Pfuetzenreuter2023-02-121-0/+8
| | | | | | | Import locally configured web zone into Salt. This zone allows the web proxy to reach http for serving Matterbridge media. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* dericom02: disable matterbridge XMPP debugGeorg Pfuetzenreuter2023-02-121-1/+1
| | | | | | It's very noisy - one can enable it on demand if needed. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Disable "aithunder" Discord bridgeGeorg Pfuetzenreuter2023-02-121-1/+3
| | | | | | Discord room does not exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* dericom02: quote matterbridge booleansGeorg Pfuetzenreuter2023-02-121-31/+31
| | | | | | TOML configuration format needs lowercase boolean values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* dericom02: manage matterbridge mediaGeorg Pfuetzenreuter2023-02-121-2/+13
| | | | | | | - move base media directory to variable - add lighttpd vhosts to pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* dericom02: import Matterbridge configurationGeorg Pfuetzenreuter2023-02-071-0/+221
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* derimisc01: import Tor configurationGeorg Pfuetzenreuter2023-02-071-0/+14
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set webirc backend to httpsGeorg Pfuetzenreuter2023-02-061-1/+1
| | | | | | Ergo rightfully does not accept plain text websocket connections. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include libertacasa for liberta.casaGeorg Pfuetzenreuter2023-02-061-0/+1
| | | | | | | | Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa nginx snippet needs to be included in liberta.casa server for main website to operate on the clearnet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair liberta.casa TLS includeGeorg Pfuetzenreuter2023-02-061-1/+2
| | | | | | | Accidentally mixed up the libertacasa with the libertacasa2 nginx TLS snippet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* deriweb01: import nginx configurationGeorg Pfuetzenreuter2023-02-051-0/+441
| | | | | | Transfer local/manual nginx configuration structure into pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add id/role pillar README'sGeorg Pfuetzenreuter2023-01-211-0/+1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>