LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity
280 Commits 10 Branches 0 Tags 849 KiB
orpheus
Commit Graph

10 Commits

Author SHA1 Message Date
Georg Pfuetzenreuter
b685f16c91
Add manage_firewall conditional
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-04-30 16:07:21 +02:00
Georg Pfuetzenreuter
c75e31c145
denc-webcluster: add ModSecurity adjustments
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 23:46:22 +01:00
Georg Pfuetzenreuter
37a1ec433a
denc-webcluster: nginx listen on HA addresses
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Accidentally configured to listen only internally.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 17:42:31 +01:00
Georg Pfuetzenreuter
2d5da24ce5
denc-webcluster: nginx AppArmor rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Allow access to client trust certificate and to static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 16:39:49 +01:00
Georg Pfuetzenreuter
eac227d120
denc-webcluster: nginx config fixup
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 15:48:44 +01:00
Georg Pfuetzenreuter
533aedd864
denc-webcluster: enable keepalived script security
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Prevent script tampering.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 14:37:45 +01:00
Georg Pfuetzenreuter
7481741f95
denc-webcluster: allow http(s) publicly
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Public firewall rules were missing from initial import.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 14:33:34 +01:00
Georg Pfuetzenreuter
303b06ae8c
nemesis/hubris: import keepalived configuration 
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 05:21:43 +01:00
Georg Pfuetzenreuter
eed4945a9f
nemesis/hubris: import nginx configuration 
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 05:21:39 +01:00
Georg Pfuetzenreuter
3f2b8d2ee7
Add cluster pillar 
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-05 09:36:23 +01:00