summaryrefslogtreecommitdiffstats
path: root/salt
Commit message (Collapse)AuthorAgeFilesLines
* Initialize OpenBSD supportGeorg Pfuetzenreuter2023-07-161-0/+1
| | | | | | No states assigned yet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Change redis to redis7Georg Pfuetzenreuter2023-06-281-6/+6
| | | | | | | Leap 15.5 renamed the package, "redis" will try to install Redis 6 and cause a conflict. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add manage_sshd conditionalGeorg Pfuetzenreuter2023-05-021-0/+2
| | | | | | | Allow sshd configuration to be skipped on "special" machines using an optional "manage_sshd: False" pillar option. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* No longer remove libX11Georg Pfuetzenreuter2023-05-021-5/+0
| | | | | | | Multiple packages need it as a dependency, maintaining an exclusion list is not feasible. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add users conditional for sssGeorg Pfuetzenreuter2023-05-011-0/+4
| | | | | | Skip failing local users management on machines using sssd. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair manage_firewall behaviorGeorg Pfuetzenreuter2023-05-011-1/+1
| | | | | | | | Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was outside of conditional - it didn't cause any errors, but did not work as expected either. :-) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair PrivateBin config quotingGeorg Pfuetzenreuter2023-04-301-2/+2
| | | | | | Ensure strings are quoted correctly. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair undefined idGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | Replace with call to grains dict. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Exclude libX11 removal for FPM hostsGeorg Pfuetzenreuter2023-04-301-0/+4
| | | | | | Needed for some PHP extensions. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair BookStack quotingGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | Re-order ending quote. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repair BookStack quotingGeorg Pfuetzenreuter2023-04-301-2/+2
| | | | | | | Attempt to repair quoting by correcting the if-condition grouping and by replacing the quote filter with manual quotes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Correct BookStack groupGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | | Environment file needs to be readable by the www, not the wwwrun, group for PHP-FPM to be able to access it. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Quote BookStack valuesGeorg Pfuetzenreuter2023-04-301-1/+1
| | | | | | Some strings contain spaces or special characters and should be quoted. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add manage_firewall conditionalGeorg Pfuetzenreuter2023-04-301-0/+3
| | | | | | | Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Watch httpd service for snippetsGeorg Pfuetzenreuter2023-04-301-4/+1
| | | | | | | The reload/restart module calls have been dropped from the formula. Watch the service.running state instead. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into ↵Georg Pfuetzenreuter2023-04-302-0/+59
|\ | | | | | | | | | | production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
| * Add privatebin profile+roleGeorg Pfuetzenreuter2023-03-122-0/+59
| | | | | | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Split out salt.formulas stateGeorg Pfuetzenreuter2023-04-292-7/+7
|/ | | | | | | Allow formulas update on Salt master without applying the complete Salt master profile. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* profile.bookstack: quote keysbookstackGeorg Pfuetzenreuter2023-03-111-2/+6
| | | | | | Some keys needed quoting to pass the YAML parser. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* role.bookstack: include php-fpmGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add php-fpm roleGeorg Pfuetzenreuter2023-02-261-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* role.bookstack: include memcachedGeorg Pfuetzenreuter2023-02-261-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add memcached roleGeorg Pfuetzenreuter2023-02-261-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* profile.apache-httpd: manage snippetsGeorg Pfuetzenreuter2023-02-262-1/+32
| | | | | | | - add apache-httpd profile with snippets configuration - add TLS snippet to apache-httpd role pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add bookstack profile+roleGeorg Pfuetzenreuter2023-02-262-0/+73
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add web.apache-httpd roleGeorg Pfuetzenreuter2023-02-261-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* p.node_exporter->p.prometheus.node_exporterGeorg Pfuetzenreuter2023-02-212-1/+1
| | | | | | | | Since the last commit introduced a new Prometheus targets profile, it makes sense to move node_exporter underneath the Prometheus tree as well. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage Prometheus targetsGeorg Pfuetzenreuter2023-02-214-2/+21
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import Prometheus server configurationGeorg Pfuetzenreuter2023-02-213-0/+6
| | | | | | | | | | | * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Address salt-lint errors/warningsGeorg Pfuetzenreuter2023-02-154-7/+9
| | | | | | | - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* AppArmor: reload on drop-in changesGeorg Pfuetzenreuter2023-02-121-0/+13
| | | | | | Self-explanatory. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* web-proxy: include apparmor.localGeorg Pfuetzenreuter2023-02-121-0/+1
| | | | | | | Some web proxy servers need additional AppArmor drop-ins, for example for serving static content. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add AppArmor profileGeorg Pfuetzenreuter2023-02-121-0/+9
| | | | | | | Simple profile to allow for management of local profile drop-ins using pillar values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add ha-netcup roleGeorg Pfuetzenreuter2023-02-121-0/+3
| | | | | | | Role managing the Netcup IP failover script plus keepalived. Requires ha-node role introduced via a8bbe056f1. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add keepalived_script_user profileGeorg Pfuetzenreuter2023-02-121-0/+7
| | | | | | | Short profile source from other profiles requiring the keepalived_script user to be present. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add netcup_failover profileGeorg Pfuetzenreuter2023-02-123-0/+133
| | | | | | | Profile managing a Netcup IP address failover script for use with keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* common.suse: manage qemu-guest-agentGeorg Pfuetzenreuter2023-02-121-0/+9
| | | | | | Ensure qemu-guest-agent is active on all KVM guests. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* common.suse: remove AutoYaSTGeorg Pfuetzenreuter2023-02-121-1/+13
| | | | | | | We only use AutoYaST for the OS deployment and don't need the packages afterwards. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* lighttpd: improve dependenciesGeorg Pfuetzenreuter2023-02-121-0/+5
| | | | | | | - add more explicit Salt ID dependencies - reload service on configuration changes Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* matterbridge: restart on changesGeorg Pfuetzenreuter2023-02-121-0/+4
| | | | | | | Matterbridge does detect file changes, but seems to only apply them on a service restart. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* matterbridge: quote numbersGeorg Pfuetzenreuter2023-02-121-1/+1
| | | | | | Needed to make the TOML configuration format happy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* matterbridge: manage media directoriesGeorg Pfuetzenreuter2023-02-121-0/+11
| | | | | | Create media directories if defined in the pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Merge pull request 'Refactor Matterbridge profile' (#11) from ↵Pratyush Desai2023-02-092-23/+26
|\ | | | | | | | | | | matterbridge-refactor into production Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
| * Refactor matterbridge profileGeorg Pfuetzenreuter2023-02-072-23/+26
| | | | | | | | | | | | | | | | - reduce pillar calls - no longer define possible configuration options, apply settings from pillar 1:1 Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* | Add ha-node roleGeorg Pfuetzenreuter2023-02-081-0/+2
|/ | | | | | Add ha-node role for machines in a HA pair using keepalived. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add onion-router roleGeorg Pfuetzenreuter2023-02-071-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Increase LC repository priorityGeorg Pfuetzenreuter2023-02-051-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Refresh LC repositoryGeorg Pfuetzenreuter2023-02-051-0/+1
| | | | | | Configure repository to be refreshed automatically. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add web-proxy roleGeorg Pfuetzenreuter2023-02-041-0/+5
| | | | | | | - web-proxy role to configure nginx - pillar with common nginx configuration Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add salt-keydiff packageGeorg Pfuetzenreuter2023-01-301-0/+1
| | | | | | Useful to accept new minions. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage Salt roleproxyGeorg Pfuetzenreuter2023-01-302-0/+36
| | | | | | Add role, profile and pillar for roleproxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.minion: no longer manage grainsGeorg Pfuetzenreuter2023-01-293-22/+0
| | | | | | | | | Grains have only been managed to track roles, however those have since been moved to the Role API. Hence the managed /etc/salt/grains file can safely be removed from management. Existing installations will be cleaned up by me. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage firewalldGeorg Pfuetzenreuter2023-01-291-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.minion: allow minions without rolesGeorg Pfuetzenreuter2023-01-291-1/+1
| | | | | | | If-clause to check for Syndic roles caused regression on minions without any assigned roles. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add ldap + completion packagesGeorg Pfuetzenreuter2023-01-271-0/+3
| | | | | | | - python-ldap is needed for authenticating with the API - shell completions are useful :-) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: add Salt API configurationGeorg Pfuetzenreuter2023-01-271-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Relay via static zz0.email hostGeorg Pfuetzenreuter2023-01-272-0/+10
| | | | | | | | Split horizon for the complete .email zone is not feasible for all sites, and TLS certificate currently does not cover any of the internal hostnames. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage common SSH serverGeorg Pfuetzenreuter2023-01-262-1/+13
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* mta.postfix->global.mta pillar; remove mta profileGeorg Pfuetzenreuter2023-01-262-4/+2
| | | | | | | This is more a MTA configuration for system email on all hosts instead of a dedicated email server role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Repository: remove comment, add priorityGeorg Pfuetzenreuter2023-01-251-2/+1
| | | | | | | | LibertaCasa RPM repsitory: - comment was not added by Salt, it attempted to re-add it every time - set lower priority Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include Postfix pillar via roleGeorg Pfuetzenreuter2023-01-242-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage common PostfixGeorg Pfuetzenreuter2023-01-242-0/+4
| | | | | | | | | | Add configuration for global client MTA's. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net> Enable Postfix management Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include users in common.suseGeorg Pfuetzenreuter2023-01-221-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add common_packages to common.suseGeorg Pfuetzenreuter2023-01-221-0/+6
| | | | | | | Add ID and initialize with fish and system-group wheel packages. More packages to be added later on. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Remove release from RPM key checkGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | | Release tag can be different from machine to machine. Checking for the version tag should be good enough. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage LC repository + ca-certificatesGeorg Pfuetzenreuter2023-01-221-0/+34
| | | | | | | | | manage - home:crameleon:LibertaCasa repository - ca-certificates-syscid in common SUSE state. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Connect syndic minions to syndic masterGeorg Pfuetzenreuter2023-01-221-1/+11
| | | | | | | | Syndics are generally the masters assigned to their region. We want the minions on syndics to connect to their upstream master ("master of masters") instead of to themselves. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add admins to redis group on mastersGeorg Pfuetzenreuter2023-01-221-10/+13
| | | | | | | Avoid permissions errors if Salt attempts to write to Redis during non-root state.apply calls. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use central machine-roles endpointGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use http.query instead of nbroles moduleGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | | | This is an attempt to remove the need for the custom nbroles module. If it works out, the localhost reference should be replaced with a global roles API endpoint. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: configure publisher_aclGeorg Pfuetzenreuter2023-01-221-0/+12
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Update symlink to nbroles.pyGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | Fallout from b112ee3131f82cf8b8bc09726b9088950f9dc6dc. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage formulasGeorg Pfuetzenreuter2023-01-221-0/+7
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move extmods to salt/Georg Pfuetzenreuter2023-01-222-0/+114
| | | | | | Allow for extension modules to be delivered using the Salt file server. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage extension modulesGeorg Pfuetzenreuter2023-01-221-1/+30
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Configure Redis for Salt masterGeorg Pfuetzenreuter2023-01-221-0/+65
| | | | | | | Add Redis configuration to salt.master profile for caching on Salt masters. To-Do: move configuration to a formula based approach. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add salt.syndic role + pillarGeorg Pfuetzenreuter2023-01-221-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add empty salt.common SLSGeorg Pfuetzenreuter2023-01-211-0/+1
| | | | | | | Roles under salt/ are enforced to be existent - adding "empty" file to match pillar/role/salt/. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Remove test-webserver roleGeorg Pfuetzenreuter2023-01-211-2/+0
| | | | | | | No longer used, referenced profile removed in a1782581bb5124ecee97baa86ef8a312ad4828d0. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Target roles without grains in topsGeorg Pfuetzenreuter2023-01-211-3/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use nbroles instead of grainsGeorg Pfuetzenreuter2023-01-212-2/+14
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init master role w/ pillarGeorg Pfuetzenreuter2023-01-152-0/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Re-order minion profileGeorg Pfuetzenreuter2023-01-151-4/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use custom minion master configurationGeorg Pfuetzenreuter2023-01-151-0/+9
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use traditional grains managementGeorg Pfuetzenreuter2023-01-153-8/+8
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move managed grains to minion pillarGeorg Pfuetzenreuter2023-01-151-1/+0
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init salted salt + minion pillarGeorg Pfuetzenreuter2023-01-152-1/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Cleanup after devel importGeorg Pfuetzenreuter2023-01-152-9/+0
| | | | | | | - remove RPM public key import - remove test-webserver profile Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Refactor common treeGeorg Pfuetzenreuter2023-01-153-3/+3
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import profiles/roles from salt-develGeorg Pfuetzenreuter2023-01-1521-1/+731
| | | | | | - + renaming baseline to common Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* InitGeorg Pfuetzenreuter2023-01-151-0/+11
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 09:21:00 +0000