| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/84
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
| |
| |
| |
| |
| |
| | |
Follow up to b6e9f753521111919dfcf67e91e02b30fbc41b24, forgot to quote
the string causing it to still be converted to a boolean.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
ModSecurity rule blocked Bookstack from saving some pages while editing.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
```
nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it
must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14
```
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
New service behind ci.lysergic.dev / ci.git.com.de.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Cache jobs for later reference, disable unused hardware grains.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Forgotten in fffbaf46988d89b9f56578ba0d97c07ea056f513.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Configuration should be imported already.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
|
|
|
|
|
|
|
|
| |
Add pillar IDs for theia/orpheus/selene to disable sshd
management on them (machines use custom configurations
for historic reasons, and we like to preserve history).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Is a minion specific option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
https://docs.saltproject.io/en/latest/ref/states/backup_mode.html
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Enable option to ensure minions are immediately responsive after key
rotations.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the
default environment seems to not be set to "production" without
it being present. Adding it back until a better way is found.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
themis-httpd-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50
|
| |
| |
| |
| |
| |
| |
| |
| | |
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
privatebin-role into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49
|
| |
| |
| |
| |
| |
| |
| | |
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
| |
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
|
| |
| |
| |
| |
| |
| | |
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
| |
| |
| | |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|/
|
|
| |
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
|
| |
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-dericom02 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Import default nginx.conf contents from our custom packaged file into
Salt.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
For use in nginx pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
To match the SUSE defaults deployed by our AutoYaST configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for firewall interface-zone mapping logic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
State would print the colons unquoted into the file, causing the YAML to
not parse.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
... and sort list entries alphabetically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
No individual listeners can be configured, hence global dual stack
listener it is.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
| |
Don't fail if mine does not contain information about the queried
minion.
In the future it would be nice to add another conditional to allow such
minions to fall-back to the locally executed network module for
masterless setups.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for formula to not nuke Syndic key permissions. Little bit ugly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
The network module run on the Salt master, but the macro should fetch
minion addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add Salt mine configuration to collect minion IP addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Likely needed as it does not support searching a more fine grained base
DN.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Tornado does not support all the features.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- correct mydestination to allow lysergic.dev to be sent through the
relay
- correct relayhost to use SMTPS port
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
This reverts commit 4863396938c7c638517cbefc3a2773c9eb29bc69.
|
|
|
|
|
|
|
| |
Needed to allow individual apply's of salt.master without breaking
common configuration options.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
| |
Add configuration for global client MTA's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Enable Postfix management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Adapt to current private pillar top:
- match ID grain for inclusion of ID files
- move roles under conditional
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Zypper pillar data is not needed on non-SUSE systems.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Speed up state.apply's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- add missing settings needed for use in production
- correct existing settings with new advancements
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- adapt preparation script to new environment
- add sample mocking pillar including README
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
File was only used for testing secrets and is no longer in use.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|