c28a4f5a52
role.bookstack: include php-fpm
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
361e118b31
Add php-fpm role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
f55e5363a0
Enable memcached-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
edbf9f3f20
role.bookstack: include memcached
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
f820978b78
Add memcached role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
4653655010
profile.apache-httpd: manage snippets
...
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
d8d848055f
id.themis: add BookStack configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
5e0c0e4bff
Add bookstack profile+role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:27 +01:00
906dd92d7e
Add web.apache-httpd role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:05 +01:00
e58c63decc
Enable apache-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:04 +01:00
cc007e6470
Merge pull request 'Import moni Prometheus configuration' ( #32 ) from prometheus-moni into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #32
2023-02-25 16:47:21 +01:00
c8c91269fd
Merge pull request 'pipeline.gommit: allow more characters in prefix' ( #38 ) from commit-lint into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #38
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-02-22 20:37:50 +01:00
ddb72f1cb3
Disable commit linting
...
ci/lysergic/push/pipeline Pipeline was successful
Temporary change until imports with existing messages are finished.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:08:27 +01:00
0730cbb4c2
Manage Prometheus firewall rules
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:04 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
...
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00
8016f86164
p.node_exporter->p.prometheus.node_exporter
...
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:01 +01:00
2bafbeedd7
Manage Prometheus targets
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:40 +01:00
979021f5c4
Import Prometheus server configuration
...
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:03 +01:00
cdd09ed524
pipeline.gommit: allow more characters in prefix
...
ci/lysergic/push/pipeline Pipeline was successful
- For profiles/roles with - or _ in their name
- In the future we should rename all - to _ and adjust the regex to forbid all -
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-20 20:09:14 +01:00
a705925aa6
Merge pull request 'Commmit lint: allow pipeline + more characters' ( #37 ) from commit-lint into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #37
2023-02-20 19:34:14 +01:00
0c8e3159d3
pipeline.gommit: allow pipeline + more characters
...
ci/lysergic/push/pipeline Pipeline was successful
- allow pipeline.* prefix
- allow some special characters in summary
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 22:18:43 +01:00
6e43bbbe44
Merge pull request 'Enable commit message linting' ( #36 ) from commit-lint into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #36
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-02-19 20:54:59 +01:00
68e41ceab8
Enable commit linting
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 20:43:10 +01:00
d082729a66
Add commit linting
...
- add gommit configuration
- add wrapper script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 20:43:09 +01:00
51da14de69
Merge pull request 'Linting' ( #33 ) from linting into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #33
2023-02-15 23:22:08 +01:00
18d28c3b7f
Address salt-lint errors/warnings
...
ci/lysergic/push/pipeline Pipeline was successful
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:18:54 +01:00
cd93d792ff
Address yamllint errors/warnings
...
- remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:15:25 +01:00
36b1fbffb2
Add linting pipeline
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:15:25 +01:00
6096be0f81
Merge pull request 'Enable prometheus-formula' ( #31 ) from prometheus-formula into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #31
2023-02-15 19:09:12 +01:00
2674d21efc
Enable prometheus-formula
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 18:57:18 +01:00
2c2a37ef8b
Merge pull request 'denc-webcluster: add ModSecurity adjustments' ( #30 ) from import-denc-webcluster-nginx-modsec into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #30
2023-02-13 01:06:56 +01:00
c75e31c145
denc-webcluster: add ModSecurity adjustments
...
ci/lysergic/push/pipeline Pipeline was successful
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 23:46:22 +01:00
f69cd00888
Merge pull request 'denc-webcluster: nginx listen on HA addresses' ( #29 ) from import-denc-webcluster-nginx-listen-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #29
2023-02-12 17:43:59 +01:00
37a1ec433a
denc-webcluster: nginx listen on HA addresses
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 17:42:31 +01:00
29435f6fc3
Merge pull request 'AppArmor: reload on drop-in changes' ( #28 ) from reload-apparmor into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #28
2023-02-12 17:37:56 +01:00
75f105a6aa
AppArmor: reload on drop-in changes
...
ci/lysergic/push/pipeline Pipeline was successful
Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 17:35:09 +01:00
0a00f3ea93
Merge pull request 'Manage AppArmor on web-proxie's' ( #27 ) from import-denc-webcluster-apparmor into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #27
2023-02-12 17:14:41 +01:00
2d5da24ce5
denc-webcluster: nginx AppArmor rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:39:49 +01:00
7e73f6b1a4
web-proxy: include apparmor.local
...
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:39:48 +01:00
0eca62f4ce
Add AppArmor profile
...
Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:20:44 +01:00
91089d5d98
Merge pull request 'denc-webcluster: nginx config fixup' ( #26 ) from import-denc-webcluster-iphash into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #26
2023-02-12 15:56:30 +01:00
eac227d120
denc-webcluster: nginx config fixup
...
ci/lysergic/push/pipeline Pipeline was successful
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:48:44 +01:00
f9341ad9fe
Merge pull request 'ha-node: vrrp is a protocol' ( #25 ) from vrrp-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #25
2023-02-12 15:25:53 +01:00
d017233a52
ha-node: vrrp is a protocol
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:22:08 +01:00
5fdbdc7462
Merge pull request 'denc-webcluster: allow http(s) publicly' ( #24 ) from import-denc-webcluster-fw into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #24
2023-02-12 14:44:20 +01:00
533aedd864
denc-webcluster: enable keepalived script security
...
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
...
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
8c21d250c3
Merge pull request 'Import denc webcluster (nemesis/hubris)' ( #12 ) from import-denc-webcluster into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #12
2023-02-12 14:25:55 +01:00
c5ce94d7b5
Manage backend firewall zone
...
ci/lysergic/push/pipeline Pipeline was successful
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 06:04:16 +01:00