summaryrefslogtreecommitdiffstats
path: root/pillar/role
Commit message (Collapse)AuthorAgeFilesLines
* Optimize minionGeorg Pfuetzenreuter2023-07-161-0/+2
| | | | | | Cache jobs for later reference, disable unused hardware grains. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move backup_mode to minion dictGeorg Pfuetzenreuter2023-05-021-1/+1
| | | | | | Is a minion specific option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable minion file backupGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | https://docs.saltproject.io/en/latest/ref/states/backup_mode.html Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set ping_on_rotateGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | Enable option to ensure minions are immediately responsive after key rotations. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set env_orderGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | | Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the default environment seems to not be set to "production" without it being present. Adding it back until a better way is found. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add empty role.privatebin pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | For some reason Salt complains about the file missing, albeit us using "ignore_missing" in the top file. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add empty role.bookstack pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | For some reason Salt complains about the file missing (albeit us using having "ignore_missing" enabled in the pillar top). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Allow saltenv/pillarenv overrideGeorg Pfuetzenreuter2023-04-301-2/+2
| | | | | | | To ease development, allow saltenv=<branch>/pillarenv=<branch> instead of enforcing the production branch. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add php-fpm roleGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add memcached roleGeorg Pfuetzenreuter2023-02-261-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* profile.apache-httpd: manage snippetsGeorg Pfuetzenreuter2023-02-261-0/+10
| | | | | | | - add apache-httpd profile with snippets configuration - add TLS snippet to apache-httpd role pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add web.apache-httpd roleGeorg Pfuetzenreuter2023-02-261-0/+3
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage Prometheus firewall rulesGeorg Pfuetzenreuter2023-02-212-0/+15
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import Prometheus server configurationGeorg Pfuetzenreuter2023-02-213-0/+63
| | | | | | | | | | | * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* ha-node: vrrp is a protocolGeorg Pfuetzenreuter2023-02-121-1/+1
| | | | | | Accidentally added as a service. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage backend firewall zoneimport-denc-webclusterGeorg Pfuetzenreuter2023-02-121-0/+3
| | | | | | | Configure backend firewall zones if applicable. Allow all UDP for cluster traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* ha-node: allow vrrp in firewallGeorg Pfuetzenreuter2023-02-122-0/+7
| | | | | | Needed for keepalived operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* matterbridge: add role pillarGeorg Pfuetzenreuter2023-02-091-0/+1
| | | | | | | Empty for now, adding for future reference and because we enforce role pillars to exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add onion-router roleGeorg Pfuetzenreuter2023-02-071-0/+5
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: include mime.typesGeorg Pfuetzenreuter2023-02-051-0/+1
| | | | | | Always include mime.types on web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: common includesGeorg Pfuetzenreuter2023-02-051-1/+4
| | | | | | Always include files in conf.d and vhosts.d on web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: common nginx.confGeorg Pfuetzenreuter2023-02-051-0/+25
| | | | | | | Import default nginx.conf contents from our custom packaged file into Salt. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: IPv6 listener bracketsGeorg Pfuetzenreuter2023-02-051-3/+8
| | | | | | | Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx from failing to start. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: add firewall configurationGeorg Pfuetzenreuter2023-02-051-1/+6
| | | | | | | Allow internal http and https to pass on web proxies. To-do: logic for web proxies directly attached to the internet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: add common TLS configurationGeorg Pfuetzenreuter2023-02-051-0/+10
| | | | | | Add TLS configuration snippet shared between all web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add web-proxy roleGeorg Pfuetzenreuter2023-02-041-0/+21
| | | | | | | - web-proxy role to configure nginx - pillar with common nginx configuration Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set default saltenvGeorg Pfuetzenreuter2023-02-011-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage Salt roleproxyGeorg Pfuetzenreuter2023-01-301-0/+12
| | | | | | Add role, profile and pillar for roleproxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: extra quotes around API listenerGeorg Pfuetzenreuter2023-01-291-1/+1
| | | | | | | State would print the colons unquoted into the file, causing the YAML to not parse. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add firewalld rulesGeorg Pfuetzenreuter2023-01-291-0/+10
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: enable API IPv6 listenerGeorg Pfuetzenreuter2023-01-291-0/+1
| | | | | | | No individual listeners can be configured, hence global dual stack listener it is. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: set rootgroupGeorg Pfuetzenreuter2023-01-281-0/+1
| | | | | | Needed for formula to not nuke Syndic key permissions. Little bit ugly. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: increase LDAP scopeGeorg Pfuetzenreuter2023-01-281-1/+1
| | | | | | | Likely needed as it does not support searching a more fine grained base DN. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: switch to CherryPyGeorg Pfuetzenreuter2023-01-281-3/+3
| | | | | | Tornado does not support all the features. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add LDAP configurationGeorg Pfuetzenreuter2023-01-271-0/+11
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add Salt API configurationGeorg Pfuetzenreuter2023-01-271-0/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* mta.postfix->global.mta pillar; remove mta profileGeorg Pfuetzenreuter2023-01-261-28/+0
| | | | | | | This is more a MTA configuration for system email on all hosts instead of a dedicated email server role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Read formulas from central fileGeorg Pfuetzenreuter2023-01-261-1/+1
| | | | | | | | - add formulas.yaml file containing list of all enabled formulas - read formulas from said file in role.salt.master and prepare_minion.py - add symlink for easier tracking of the file Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Postfix: configure alias_databaseGeorg Pfuetzenreuter2023-01-251-0/+1
| | | | | | | Not needed, but the formula writes a hash:/ entry default, which might cause confusion in the future, since our alias_maps is using lmdb:/. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Allow local system mail in PostfixGeorg Pfuetzenreuter2023-01-251-1/+2
| | | | | | | | - correct mydestination to allow lysergic.dev to be sent through the relay - correct relayhost to use SMTPS port Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include Postfix pillar via roleGeorg Pfuetzenreuter2023-01-241-0/+26
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include role.salt.common in masterGeorg Pfuetzenreuter2023-01-241-0/+3
| | | | | | | Needed to allow individual apply's of salt.master without breaking common configuration options. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable postfix-formulaGeorg Pfuetzenreuter2023-01-241-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable users-formulaGeorg Pfuetzenreuter2023-01-221-2/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage formulasGeorg Pfuetzenreuter2023-01-221-1/+5
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: move file_roots to productionGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: move gpg_keydir to masterGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | | 'gpg_keydir' is a master specific setting, it does not work under the top level 'salt' key. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage extension modulesGeorg Pfuetzenreuter2023-01-221-1/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Update salt.master role pillarGeorg Pfuetzenreuter2023-01-221-2/+5
| | | | | | | - add missing settings needed for use in production - correct existing settings with new advancements Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set Salt log level to infoGeorg Pfuetzenreuter2023-01-221-0/+1
| | | | | | | Globally setting log level for easier initial setup. Later on we should consider removing it again, or moving it to the salt:master pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add salt.syndic role + pillarGeorg Pfuetzenreuter2023-01-221-0/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add id/role pillar README'sGeorg Pfuetzenreuter2023-01-211-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add secret variablesGeorg Pfuetzenreuter2023-01-201-0/+16
| | | | | | | Module should now replace ${...} variables during rendering. Pillar references need to be quoted. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init master role w/ pillarGeorg Pfuetzenreuter2023-01-151-0/+36
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Re-order minion profileGeorg Pfuetzenreuter2023-01-151-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use custom minion master configurationGeorg Pfuetzenreuter2023-01-151-1/+0
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use traditional grains managementGeorg Pfuetzenreuter2023-01-151-6/+0
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move managed grains to minion pillarGeorg Pfuetzenreuter2023-01-151-1/+7
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init salted salt + minion pillarGeorg Pfuetzenreuter2023-01-152-0/+7
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>