0df71b4331
Merge pull request 'Repair boolean' ( #84 ) from fix/nginx/boolean into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #84
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-07-31 21:15:42 +02:00
13d5e44baa
Repair boolean
...
ci/lysergic/push/pipeline Pipeline was successful
Follow up to b6e9f75352
, forgot to quote
the string causing it to still be converted to a boolean.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 21:10:35 +02:00
fb981646e5
denc-webcluster: exclude 949110
...
ci/lysergic/push/pipeline Pipeline was successful
ModSecurity rule blocked Bookstack from saving some pages while editing.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 20:44:52 +02:00
b6e9f75352
Repair boolean
...
ci/lysergic/push/pipeline Pipeline was successful
```
nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it
must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14
```
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 17:04:49 +02:00
24d6de3a5d
Add reverse proxy for Agola
...
ci/lysergic/push/pipeline Pipeline was successful
New service behind ci.lysergic.dev / ci.git.com.de.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 16:27:50 +02:00
b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
c75e31c145
denc-webcluster: add ModSecurity adjustments
...
ci/lysergic/push/pipeline Pipeline was successful
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 23:46:22 +01:00
37a1ec433a
denc-webcluster: nginx listen on HA addresses
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 17:42:31 +01:00
2d5da24ce5
denc-webcluster: nginx AppArmor rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:39:49 +01:00
eac227d120
denc-webcluster: nginx config fixup
...
ci/lysergic/push/pipeline Pipeline was successful
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:48:44 +01:00
533aedd864
denc-webcluster: enable keepalived script security
...
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
...
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
303b06ae8c
nemesis/hubris: import keepalived configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:43 +01:00
eed4945a9f
nemesis/hubris: import nginx configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:39 +01:00
3f2b8d2ee7
Add cluster pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 09:36:23 +01:00