32a0f8d653
denc-webcluster: include proxy in agola
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 21:25:28 +02:00
0df71b4331
Merge pull request 'Repair boolean' ( #84 ) from fix/nginx/boolean into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #84
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-07-31 21:15:42 +02:00
13d5e44baa
Repair boolean
...
ci/lysergic/push/pipeline Pipeline was successful
Follow up to b6e9f75352
, forgot to quote
the string causing it to still be converted to a boolean.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 21:10:35 +02:00
fb981646e5
denc-webcluster: exclude 949110
...
ci/lysergic/push/pipeline Pipeline was successful
ModSecurity rule blocked Bookstack from saving some pages while editing.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 20:44:52 +02:00
b6e9f75352
Repair boolean
...
ci/lysergic/push/pipeline Pipeline was successful
```
nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it
must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14
```
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 17:04:49 +02:00
24d6de3a5d
Add reverse proxy for Agola
...
ci/lysergic/push/pipeline Pipeline was successful
New service behind ci.lysergic.dev / ci.git.com.de.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 16:27:50 +02:00
dc3cbea053
Optimize minion
...
ci/lysergic/push/pipeline Pipeline was successful
Cache jobs for later reference, disable unused hardware grains.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-16 20:04:26 +02:00
29ceb78cde
Add http(s) to thetrip public zone
...
ci/lysergic/push/pipeline Pipeline was successful
Forgotten in fffbaf4698
.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-01 22:21:39 +02:00
8519dfec68
Manage firewall on thetrip
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-01 22:12:14 +02:00
080002e642
Manage firewall on derutil01
...
ci/lysergic/push/pipeline Pipeline was successful
Configuration should be imported already.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-06-28 22:10:58 +02:00
ddf1c03dbb
remove backslash
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-28 23:10:34 +05:30
7145ae4481
update mediapath for matterbridge
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-27 23:47:53 +05:30
667646a295
Add chillnet matterbridge uploads
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-25 01:46:13 +05:30
97045b5f12
Used /RENAME for #fightclub
ci/lysergic/push/pipeline Pipeline was successful
2023-05-03 19:38:05 +02:00
c1fcf5f3b1
Init psyched.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Add pillar IDs for theia/orpheus/selene to disable sshd
management on them (machines use custom configurations
for historic reasons, and we like to preserve history).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 21:00:45 +02:00
b6b129c41f
Init dencpod01.lysergic.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:40:09 +02:00
2ce85f172e
Move backup_mode to minion dict
...
ci/lysergic/push/pipeline Pipeline was successful
Is a minion specific option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:25:33 +02:00
c4532b4686
Enable minion file backup
...
ci/lysergic/push/pipeline Pipeline was successful
https://docs.saltproject.io/en/latest/ref/states/backup_mode.html
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:13:24 +02:00
d89138e2a7
Import moni firewall configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:02:21 +02:00
55acb1dea4
Init phoebe.lysergic.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:48:22 +02:00
409016ea75
Disable manage_sshd for philia
...
ci/lysergic/push/pipeline Pipeline was successful
Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:32:36 +02:00
2a9a5cf394
Set ping_on_rotate
...
ci/lysergic/push/pipeline Pipeline was successful
Enable option to ensure minions are immediately responsive after key
rotations.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 20:24:13 +02:00
1089146801
Set env_order
...
ci/lysergic/push/pipeline Pipeline was successful
Option was removed in d4f39e8e5f
, but the
default environment seems to not be set to "production" without
it being present. Adding it back until a better way is found.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 20:20:32 +02:00
841317e0f4
Repair BookStack httpd configuration
...
ci/lysergic/push/pipeline Pipeline was successful
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 00:00:31 +02:00
f56ed6f64e
Merge pull request 'Adjust themis httpd directory options' ( #50 ) from themis-httpd-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #50
2023-04-30 20:04:42 +02:00
d8359f002d
Correct SAML realm capitalization
...
ci/lysergic/push/pipeline Pipeline was successful
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
0a3d34d962
Adjust themis httpd directory options
...
ci/lysergic/push/pipeline Pipeline was successful
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
600a73a984
Merge pull request 'Add empty role.privatebin pillar' ( #49 ) from privatebin-role into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #49
2023-04-30 16:44:56 +02:00
b0613cf377
Add empty role.privatebin pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:41:22 +02:00
b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
e8107a3054
Add empty role.bookstack pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:54:43 +02:00
d4f39e8e5f
Allow saltenv/pillarenv override
...
ci/lysergic/push/pipeline Pipeline was successful
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:43:59 +02:00
b1249e69eb
Merge pull request 'Import themis / PrivateBin' ( #40 ) from privatebin into production
...
ci/lysergic/push/pipeline Pipeline failed
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
f32d814658
id.themis: import backend firewall rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:39:30 +02:00
9d9e61d51d
Add tg lucy channel mapping
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-14 18:45:51 +05:30
508c0dc1b2
Add Chillnet to matterbridge
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:25:14 +05:30
6ebd02042f
Refactor matterbridge_media macro
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:18:59 +05:30
4ff7a39f0e
id.themis: import PrivateBin httpd vhost
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:21:32 +01:00
bf3aaa5ff1
id.themis: import PrivateBin configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:17 +01:00
a1ce36fd6c
Enable php-formula
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
361e118b31
Add php-fpm role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
f55e5363a0
Enable memcached-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
f820978b78
Add memcached role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
4653655010
profile.apache-httpd: manage snippets
...
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
d8d848055f
id.themis: add BookStack configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
906dd92d7e
Add web.apache-httpd role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:05 +01:00
e58c63decc
Enable apache-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:04 +01:00
0730cbb4c2
Manage Prometheus firewall rules
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:04 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
...
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00