summaryrefslogtreecommitdiffstats
path: root/pillar
Commit message (Collapse)AuthorAgeFilesLines
* Use consistent quotesPratyush Desai2025-04-241-1/+1
| | | | | | switched to single quotes Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Fix missing RemoteNickFormatPratyush Desai2025-04-231-0/+1
| | | | | | | maybe something cool could be done to show users less dry on the other side of irc. Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Join the music rooms a bitPratyush Desai2025-04-231-0/+4
| | | | | | | Added discord.23 music and xmpp music into the mix. hopefully snoringhastly will not be annoyed about it. ;) Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* cleanup interprotocol bridgesPratyush Desai2024-09-011-13/+5
| | | | | | | | | | | | | | | | | Updating sshchat label Remote nick formatting fixes Remove some redundant linkages: Remove commented out tg for #libcasa.info as it is not being utilised Remove stale dota related bridge Removed keytomb stuff as it is stale and didn't work anyway. Reroute bridges: Rerouting sshchat from #libcasa to #lucy as there isn't much conversation on #libcasa atm. So if it will be getting used, it's likely only to communicate on #lucy. Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* fix firewalld not updating interfacesPratyush Desai2024-06-191-0/+1
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* enroll derigsm01Pratyush Desai2024-01-091-0/+1
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* attempt disc-chilldevirc connectPratyush Desai2023-10-041-1/+5
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* remove chillops gateway matterbPratyush Desai2023-10-031-4/+0
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* link keytomb irclc<->tgPratyush Desai2023-08-201-0/+3
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* attempt at fixing the irc-tg linkPratyush Desai2023-08-191-1/+1
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* add petals irccasa<->tgPratyush Desai2023-08-151-4/+4
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* fix syntax error in pull 86Pratyush Desai2023-08-101-1/+1
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* bridge ircdevchan tgdevchanadd/matterbridge-chillnet-tgchanPratyush Desai2023-08-101-0/+3
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* denc-webcluster: include proxy in agolaGeorg Pfuetzenreuter2023-07-311-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Repair boolean' (#84) from fix/nginx/boolean into productionPratyush Desai2023-07-311-1/+1
|\ | | | | | | | | Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/84 Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
| * Repair booleanGeorg Pfuetzenreuter2023-07-311-1/+1
| | | | | | | | | | | | | | Follow up to b6e9f753521111919dfcf67e91e02b30fbc41b24, forgot to quote the string causing it to still be converted to a boolean. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | denc-webcluster: exclude 949110Georg Pfuetzenreuter2023-07-311-1/+1
|/ | | | | | ModSecurity rule blocked Bookstack from saving some pages while editing. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair booleanGeorg Pfuetzenreuter2023-07-211-1/+1
| | | | | | | | | ``` nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14 ``` Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add reverse proxy for AgolaGeorg Pfuetzenreuter2023-07-211-0/+11
| | | | | | New service behind ci.lysergic.dev / ci.git.com.de. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Optimize minionGeorg Pfuetzenreuter2023-07-161-0/+2
| | | | | | Cache jobs for later reference, disable unused hardware grains. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add http(s) to thetrip public zoneGeorg Pfuetzenreuter2023-07-011-0/+6
| | | | | | Forgotten in fffbaf46988d89b9f56578ba0d97c07ea056f513. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage firewall on thetripGeorg Pfuetzenreuter2023-07-011-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage firewall on derutil01Georg Pfuetzenreuter2023-06-281-0/+1
| | | | | | Configuration should be imported already. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* remove backslashPratyush Desai2023-06-281-3/+3
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* update mediapath for matterbridgePratyush Desai2023-06-271-2/+2
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Add chillnet matterbridge uploadsPratyush Desai2023-06-252-6/+8
| | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Used /RENAME for #fightclubPratyush Desai2023-05-031-2/+2
|
* Init psyched.devGeorg Pfuetzenreuter2023-05-023-0/+3
| | | | | | | | Add pillar IDs for theia/orpheus/selene to disable sshd management on them (machines use custom configurations for historic reasons, and we like to preserve history). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init dencpod01.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move backup_mode to minion dictGeorg Pfuetzenreuter2023-05-021-1/+1
| | | | | | Is a minion specific option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable minion file backupGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | https://docs.saltproject.io/en/latest/ref/states/backup_mode.html Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import moni firewall configurationGeorg Pfuetzenreuter2023-05-021-0/+11
| | | | | | Some ports not yet covered by a role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init phoebe.lysergic.devGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Disable manage_sshd for philiaGeorg Pfuetzenreuter2023-05-021-0/+1
| | | | | | Machine uses a custom sshd configuration for $reasons. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set ping_on_rotateGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | Enable option to ensure minions are immediately responsive after key rotations. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set env_orderGeorg Pfuetzenreuter2023-05-011-0/+1
| | | | | | | | Option was removed in d4f39e8e5f807169b790d5380c10872d1ba31710, but the default environment seems to not be set to "production" without it being present. Adding it back until a better way is found. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair BookStack httpd configurationGeorg Pfuetzenreuter2023-05-011-9/+9
| | | | | | | | | - Replace wrong instances of RewriteCond with RewriteRule - Remove wrong quotes around rewrite conditions - Set correct options (seemingly our version of httpd does not set FollowSymLinks by default?) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Adjust themis httpd directory options' (#50) from ↵Georg Pfuetzenreuter2023-04-301-1/+1
|\ | | | | | | | | | | themis-httpd-fixup into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/50
| * Adjust themis httpd directory optionsGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | | | | | | | | | | Some directory options are not needed and were listed with syntax issues. Set to false to prevent "Options" from being added, which equals "Options +FollowSymLinks". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Correct SAML realm capitalizationGeorg Pfuetzenreuter2023-04-301-3/+3
|/ | | | | | The Keycloak realm is named "LibertaCasa", not "libertacasa". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Add empty role.privatebin pillar' (#49) from ↵Georg Pfuetzenreuter2023-04-301-0/+1
|\ | | | | | | | | | | privatebin-role into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/49
| * Add empty role.privatebin pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | | | | | | | | For some reason Salt complains about the file missing, albeit us using "ignore_missing" in the top file. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Add manage_firewall conditionalGeorg Pfuetzenreuter2023-04-306-0/+8
|/ | | | | | | Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add empty role.bookstack pillarGeorg Pfuetzenreuter2023-04-301-0/+1
| | | | | | | For some reason Salt complains about the file missing (albeit us using having "ignore_missing" enabled in the pillar top). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Allow saltenv/pillarenv overrideGeorg Pfuetzenreuter2023-04-301-2/+2
| | | | | | | To ease development, allow saltenv=<branch>/pillarenv=<branch> instead of enforcing the production branch. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into ↵Georg Pfuetzenreuter2023-04-301-13/+85
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
| * id.themis: import backend firewall rulesprivatebinGeorg Pfuetzenreuter2023-04-291-0/+6
| | | | | | | | | | | | Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin httpd vhostGeorg Pfuetzenreuter2023-03-121-13/+37
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| * id.themis: import PrivateBin configurationGeorg Pfuetzenreuter2023-03-121-0/+42
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Add tg lucy channel mappingPratyush Desai2023-04-141-0/+1
| | | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* | Add Chillnet to matterbridgePratyush Desai2023-04-102-0/+34
| | | | | | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* | Refactor matterbridge_media macroPratyush Desai2023-04-101-6/+5
|/ | | | Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
* Enable php-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add php-fpm roleGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable memcached-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add memcached roleGeorg Pfuetzenreuter2023-02-261-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* profile.apache-httpd: manage snippetsGeorg Pfuetzenreuter2023-02-261-0/+10
| | | | | | | - add apache-httpd profile with snippets configuration - add TLS snippet to apache-httpd role pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* id.themis: add BookStack configurationGeorg Pfuetzenreuter2023-02-261-0/+41
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* id.themis: add BookStack httpd configurationGeorg Pfuetzenreuter2023-02-261-0/+36
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add web.apache-httpd roleGeorg Pfuetzenreuter2023-02-261-0/+3
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable apache-formulaGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage Prometheus firewall rulesGeorg Pfuetzenreuter2023-02-212-0/+15
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Moni: Read Blackbox targets as JSONGeorg Pfuetzenreuter2023-02-211-2/+2
| | | | | | Use uniform JSON target files instead of a JSON/YAML mix. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import Prometheus server configurationGeorg Pfuetzenreuter2023-02-214-0/+173
| | | | | | | | | | | * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Address salt-lint errors/warningsGeorg Pfuetzenreuter2023-02-152-3/+3
| | | | | | | - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Address yamllint errors/warningsGeorg Pfuetzenreuter2023-02-151-0/+1
| | | | | | | - remove spaces, add headers - add ignore for line-lengths in .pipeline.yml Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable prometheus-formulaGeorg Pfuetzenreuter2023-02-151-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* denc-webcluster: add ModSecurity adjustmentsGeorg Pfuetzenreuter2023-02-121-0/+9
| | | | | | | | With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* denc-webcluster: nginx listen on HA addressesGeorg Pfuetzenreuter2023-02-121-5/+5
| | | | | | Accidentally configured to listen only internally. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* denc-webcluster: nginx AppArmor rulesGeorg Pfuetzenreuter2023-02-121-0/+7
| | | | | | Allow access to client trust certificate and to static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* denc-webcluster: nginx config fixupGeorg Pfuetzenreuter2023-02-121-5/+2
| | | | | | | | - remove keys duplicated by include - repair wrong snippets include directory - repair wrong ip_hash option syntax Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* ha-node: vrrp is a protocolGeorg Pfuetzenreuter2023-02-121-1/+1
| | | | | | Accidentally added as a service. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* denc-webcluster: enable keepalived script securityGeorg Pfuetzenreuter2023-02-121-0/+1
| | | | | | Prevent script tampering. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
*