35 Commits

Author	SHA1	Message	Date
Georg Pfuetzenreuter	c1fcf5f3b1	Init psyched.dev ... Add pillar IDs for theia/orpheus/selene to disable sshd management on them (machines use custom configurations for historic reasons, and we like to preserve history). Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-02 21:00:45 +02:00
Georg Pfuetzenreuter	b6b129c41f	Init dencpod01.lysergic.dev ... Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-02 20:40:09 +02:00
Georg Pfuetzenreuter	d89138e2a7	Import moni firewall configuration ... Some ports not yet covered by a role. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-02 20:02:21 +02:00
Georg Pfuetzenreuter	55acb1dea4	Init phoebe.lysergic.dev ... Blank machine. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-02 19:48:22 +02:00
Georg Pfuetzenreuter	409016ea75	Disable manage_sshd for philia ... Machine uses a custom sshd configuration for $reasons. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-02 19:32:36 +02:00
Georg Pfuetzenreuter	841317e0f4	Repair BookStack httpd configuration ... - Replace wrong instances of RewriteCond with RewriteRule - Remove wrong quotes around rewrite conditions - Set correct options (seemingly our version of httpd does not set FollowSymLinks by default?) Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-05-01 00:00:31 +02:00
Georg Pfuetzenreuter	f56ed6f64e	Merge pull request 'Adjust themis httpd directory options' (#50) from themis-httpd-fixup into production ... Reviewed-on: #50	2023-04-30 20:04:42 +02:00
Georg Pfuetzenreuter	d8359f002d	Correct SAML realm capitalization ... The Keycloak realm is named "LibertaCasa", not "libertacasa". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-04-30 18:22:58 +02:00
Georg Pfuetzenreuter	0a3d34d962	Adjust themis httpd directory options ... Some directory options are not needed and were listed with syntax issues. Set to false to prevent "Options" from being added, which equals "Options +FollowSymLinks". Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-04-30 18:16:35 +02:00
Georg Pfuetzenreuter	b685f16c91	Add manage_firewall conditional ... Allow us to enroll machines in Salt which do not yet have their firewall configuration imported without having their rules overwritten. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-04-30 16:07:21 +02:00
Georg Pfuetzenreuter	b1249e69eb	Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into production ... Reviewed-on: #40	2023-04-30 14:37:12 +02:00
Georg Pfuetzenreuter	f32d814658	id.themis: import backend firewall rules ... Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-04-29 18:39:30 +02:00
Pratyush Desai	9d9e61d51d	Add tg lucy channel mapping ... Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>	2023-04-14 18:45:51 +05:30
Pratyush Desai	508c0dc1b2	Add Chillnet to matterbridge ... Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>	2023-04-10 00:25:14 +05:30
Pratyush Desai	6ebd02042f	Refactor matterbridge_media macro ... Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>	2023-04-10 00:18:59 +05:30
Georg Pfuetzenreuter	4ff7a39f0e	id.themis: import PrivateBin httpd vhost ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-03-12 17:21:32 +01:00
Georg Pfuetzenreuter	bf3aaa5ff1	id.themis: import PrivateBin configuration ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-03-12 17:01:17 +01:00
Georg Pfuetzenreuter	d8d848055f	id.themis: add BookStack configuration ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-26 13:14:28 +01:00
Georg Pfuetzenreuter	e36d40dbc3	id.themis: add BookStack httpd configuration ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-26 13:14:28 +01:00
Georg Pfuetzenreuter	cade9c0aca	Moni: Read Blackbox targets as JSON ... Use uniform JSON target files instead of a JSON/YAML mix. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-21 19:06:03 +01:00
Georg Pfuetzenreuter	979021f5c4	Import Prometheus server configuration ... * add new roles: - monitoring.prometheus - monitoring.prometheus-alertmanager - monitoring.prometheus-exporter-blackbox * add common Prometheus and Prometheus Alertmanager pillar data * add moni.lysergic.dev specific Prometheus pillar data Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-21 19:05:03 +01:00
Georg Pfuetzenreuter	18d28c3b7f	Address salt-lint errors/warnings ... - remove trailing whitespaces - format octal modes correctly Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-15 23:18:54 +01:00
Georg Pfuetzenreuter	a0a21a17db	nemesis/hubris: include denc.web-proxy ... Add shared nginx configuration to nemesis/hubris HA pair nodes. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 05:21:42 +01:00
Georg Pfuetzenreuter	1f8d8b642c	dericom02: manage web firewall zone ... Import locally configured web zone into Salt. This zone allows the web proxy to reach http for serving Matterbridge media. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 03:49:40 +01:00
Georg Pfuetzenreuter	16c8cd3dd5	dericom02: disable matterbridge XMPP debug ... It's very noisy - one can enable it on demand if needed. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 02:53:04 +01:00
Georg Pfuetzenreuter	1302e06486	Disable "aithunder" Discord bridge ... Discord room does not exist. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 02:25:55 +01:00
Georg Pfuetzenreuter	12c47a346b	dericom02: quote matterbridge booleans ... TOML configuration format needs lowercase boolean values. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 02:13:03 +01:00
Georg Pfuetzenreuter	1aacd3f340	dericom02: manage matterbridge media ... - move base media directory to variable - add lighttpd vhosts to pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-12 00:51:59 +01:00
Georg Pfuetzenreuter	07d325d777	dericom02: import Matterbridge configuration ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-07 22:29:02 +01:00
Georg Pfuetzenreuter	f678de8560	derimisc01: import Tor configuration ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-07 18:35:40 +01:00
Georg Pfuetzenreuter	70ca4fabc8	Set webirc backend to https ... Ergo rightfully does not accept plain text websocket connections. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-06 14:20:19 +01:00
Georg Pfuetzenreuter	82cad3b099	Include libertacasa for liberta.casa ... Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa nginx snippet needs to be included in liberta.casa server for main website to operate on the clearnet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-06 14:10:14 +01:00
Georg Pfuetzenreuter	df3eeede1d	Repair liberta.casa TLS include ... Accidentally mixed up the libertacasa with the libertacasa2 nginx TLS snippet. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-06 14:01:23 +01:00
Georg Pfuetzenreuter	1b619358a8	deriweb01: import nginx configuration ... Transfer local/manual nginx configuration structure into pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-02-05 11:56:27 +01:00
Georg Pfuetzenreuter	8c72e7c63a	Add id/role pillar README's ... Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-01-21 18:28:54 +01:00