Commit Graph

34 Commits

Author SHA1 Message Date
2e4d350c7f
Add web-proxy role
- web-proxy role to configure nginx
- pillar with common nginx configuration

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-04 11:47:09 +01:00
bb252c1d47
Set default saltenv
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-01 23:23:43 +01:00
83f698e18c
Manage Salt roleproxy
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add role, profile and pillar for roleproxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 00:39:33 +01:00
7600e631d3
salt.master: extra quotes around API listener
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
State would print the colons unquoted into the file, causing the YAML to
not parse.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 16:11:01 +01:00
45b53f8392
salt.master: add firewalld rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:50:11 +01:00
880f6796c5
salt.master: enable API IPv6 listener
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
No individual listeners can be configured, hence global dual stack
listener it is.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:59:35 +01:00
bd166cbb42
salt.master: set rootgroup
Needed for formula to not nuke Syndic key permissions. Little bit ugly.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 02:14:36 +01:00
e8b905cd0b
salt.master: increase LDAP scope
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Likely needed as it does not support searching a more fine grained base
DN.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:19:42 +01:00
a831a25701
salt.master: switch to CherryPy
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Tornado does not support all the features.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:17:39 +01:00
570522176a
salt.master: add LDAP configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 20:01:01 +01:00
85bfe2cac4
salt.master: add Salt API configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 19:25:21 +01:00
f949c0aba0
mta.postfix->global.mta pillar; remove mta profile
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
d627582075
Read formulas from central file
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
68939f8054
Postfix: configure alias_database
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:39:35 +01:00
9fd56e7640
Allow local system mail in Postfix
- correct mydestination to allow lysergic.dev to be sent through the
  relay
- correct relayhost to use SMTPS port

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:29:16 +01:00
4bf9ac9413
Include Postfix pillar via role
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 23:16:56 +01:00
4c6b221dad
Include role.salt.common in master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Needed to allow individual apply's of salt.master without breaking
common configuration options.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:46:18 +01:00
5f9a74c612
Enable postfix-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:18:08 +01:00
48c9e05de1
Enable users-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:37:45 +01:00
5ab1c4f854
salt.master: manage formulas
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:49:30 +01:00
f7bb83bd75
salt.master: move file_roots to production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:40:21 +01:00
d593cbeae5
salt.master: move gpg_keydir to master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
928809b267
salt.master: manage extension modules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
bcac69683b
Update salt.master role pillar
- add missing settings needed for use in production
- correct existing settings with new advancements

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:36 +01:00
5d60fe6a34
Set Salt log level to info
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
ad4c6af852
Add salt.syndic role + pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
8c72e7c63a
Add id/role pillar README's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
69aa808f3d
Add secret variables
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:03:43 +01:00
fed1e35c88
Init master role w/ pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 18:47:54 +01:00
e26039e920
Re-order minion profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:51:44 +01:00
546508c7de
Use custom minion master configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:16 +01:00
fe2a1a21b9
Use traditional grains management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:01 +01:00
eb1731e7a1
Move managed grains to minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:59 +01:00
11620c863c
Init salted salt + minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:31 +01:00