12c47a346b
dericom02: quote matterbridge booleans
...
ci/lysergic/push/pipeline Pipeline was successful
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:13:03 +01:00
1aacd3f340
dericom02: manage matterbridge media
...
ci/lysergic/push/pipeline Pipeline was successful
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:59 +01:00
77c50cf53f
matterbridge: add role pillar
...
ci/lysergic/push/pipeline Pipeline was successful
Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-09 22:56:28 +01:00
03a4aec0f3
Merge pull request 'Import Matterbridge configuration' ( #10 ) from import-dericom02 into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #10
2023-02-09 21:02:02 +01:00
2d06de94ca
Enable keepalived-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:30:52 +01:00
07d325d777
dericom02: import Matterbridge configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
a3ec351b70
Add onion-router role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:21:32 +01:00
687473b919
Enable tor-formula
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 23:00:47 +01:00
70ca4fabc8
Set webirc backend to https
...
ci/lysergic/push/pipeline Pipeline was successful
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:20:19 +01:00
82cad3b099
Include libertacasa for liberta.casa
...
ci/lysergic/push/pipeline Pipeline was successful
Fallout from 77fa39e59c
- libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:10:14 +01:00
df3eeede1d
Repair liberta.casa TLS include
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:01:23 +01:00
92f01888af
web-proxy: include mime.types
...
ci/lysergic/push/pipeline Pipeline was successful
Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:10:57 +01:00
e369c53a4c
web-proxy: common includes
...
ci/lysergic/push/pipeline Pipeline was successful
Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:09:05 +01:00
12ce134559
web-proxy: common nginx.conf
...
ci/lysergic/push/pipeline Pipeline was successful
Import default nginx.conf contents from our custom packaged file into
Salt.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 19:59:04 +01:00
e3e4caaabe
web-proxy: IPv6 listener brackets
...
ci/lysergic/push/pipeline Pipeline was successful
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 19:19:27 +01:00
5e02090bc6
web-proxy: add firewall configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 14:29:25 +01:00
1b619358a8
deriweb01: import nginx configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 11:56:27 +01:00
98ea861c13
web-proxy: add common TLS configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 10:05:20 +01:00
4581bd4a6a
Add nginx crtkeypair macro
...
For use in nginx pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 10:04:09 +01:00
3f2b8d2ee7
Add cluster pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 09:36:23 +01:00
2e4d350c7f
Add web-proxy role
...
- web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-04 11:47:09 +01:00
bb252c1d47
Set default saltenv
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-01 23:23:43 +01:00
ba6522ce5b
Refactor map/macro sourcing
...
ci/lysergic/push/pipeline Pipeline was successful
- move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 05:43:53 +01:00
096bb24769
Enable nginx-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 03:23:48 +01:00
83f698e18c
Manage Salt roleproxy
...
ci/lysergic/push/pipeline Pipeline was successful
Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 00:39:33 +01:00
d2bc7b0785
Set firewalld short zone names
...
ci/lysergic/push/pipeline Pipeline was successful
To match the SUSE defaults deployed by our AutoYaST configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:50:37 +01:00
84c1d63776
Allow IPv6-only interfaces + fixup
...
ci/lysergic/push/pipeline Pipeline was successful
- interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:38:29 +01:00
824baf386b
Firewall interface mapping logic
...
ci/lysergic/push/pipeline Pipeline was successful
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:27:58 +01:00
c8aa6c6157
Mine interfaces
...
Needed for firewall interface-zone mapping logic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 16:37:07 +01:00
7600e631d3
salt.master: extra quotes around API listener
...
ci/lysergic/push/pipeline Pipeline was successful
State would print the colons unquoted into the file, causing the YAML to
not parse.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 16:11:01 +01:00
45b53f8392
salt.master: add firewalld rules
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:50:11 +01:00
e395f7f0a3
Manage common firewalld rules
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:49:48 +01:00
4ece021122
Enable firewalld-formula
...
ci/lysergic/push/pipeline Pipeline was successful
... and sort list entries alphabetically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:12:52 +01:00
880f6796c5
salt.master: enable API IPv6 listener
...
ci/lysergic/push/pipeline Pipeline was successful
No individual listeners can be configured, hence global dual stack
listener it is.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:59:35 +01:00
7b808efdb5
Enable SSH banner
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:15:40 +01:00
bd7fe25eb0
Listeners macro: skip on empty mine
...
ci/lysergic/push/pipeline Pipeline was successful
Don't fail if mine does not contain information about the queried
minion.
In the future it would be nice to add another conditional to allow such
minions to fall-back to the locally executed network module for
masterless setups.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 02:14:37 +01:00
bd166cbb42
salt.master: set rootgroup
...
Needed for formula to not nuke Syndic key permissions. Little bit ugly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 02:14:36 +01:00
08f23700c9
Listeners macro: use mined addresses
...
ci/lysergic/push/pipeline Pipeline failed
The network module run on the Salt master, but the macro should fetch
minion addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 01:32:23 +01:00
0ea6f8c62d
Mine IPv6 addresses
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 01:13:21 +01:00
975fa89abc
Mine IP addresses
...
ci/lysergic/push/pipeline Pipeline was successful
Add Salt mine configuration to collect minion IP addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 01:06:44 +01:00
e8b905cd0b
salt.master: increase LDAP scope
...
ci/lysergic/push/pipeline Pipeline was successful
Likely needed as it does not support searching a more fine grained base
DN.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:19:42 +01:00
a831a25701
salt.master: switch to CherryPy
...
ci/lysergic/push/pipeline Pipeline was successful
Tornado does not support all the features.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:17:39 +01:00
570522176a
salt.master: add LDAP configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 20:01:01 +01:00
85bfe2cac4
salt.master: add Salt API configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 19:25:21 +01:00
950b308546
Relay via static zz0.email host
...
ci/lysergic/push/pipeline Pipeline was successful
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 12:45:01 +01:00
698234c040
Manage common SSH server
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 23:05:21 +01:00
f949c0aba0
mta.postfix->global.mta pillar; remove mta profile
...
ci/lysergic/push/pipeline Pipeline was successful
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
56a1e11ef6
Move common to global pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
d627582075
Read formulas from central file
...
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
68939f8054
Postfix: configure alias_database
...
ci/lysergic/push/pipeline Pipeline was successful
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:39:35 +01:00
9fd56e7640
Allow local system mail in Postfix
...
- correct mydestination to allow lysergic.dev to be sent through the
relay
- correct relayhost to use SMTPS port
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:29:16 +01:00
4bf9ac9413
Include Postfix pillar via role
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 23:16:56 +01:00
7b9f184c6b
Revert "Split to OS specific common pillar"
...
This reverts commit 4863396938
.
2023-01-24 23:03:20 +01:00
4c6b221dad
Include role.salt.common in master
...
ci/lysergic/push/pipeline Pipeline was successful
Needed to allow individual apply's of salt.master without breaking
common configuration options.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:46:18 +01:00
70036d224f
Manage aliases
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:18:08 +01:00
5f9a74c612
Enable postfix-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:18:08 +01:00
6c7aaa08e1
Manage common Postfix
...
Add configuration for global client MTA's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Enable Postfix management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:17:55 +01:00
4863396938
Split to OS specific common pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 18:03:15 +01:00
0457625204
Enforce ID and roles in top
...
ci/lysergic/push/pipeline Pipeline was successful
Adapt to current private pillar top:
- match ID grain for inclusion of ID files
- move roles under conditional
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 22:39:14 +01:00
48c9e05de1
Enable users-formula
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:37:45 +01:00
a3583e25a5
Wrap zypper pillar in OS check
...
ci/lysergic/push/pipeline Pipeline was successful
Zypper pillar data is not needed on non-SUSE systems.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:33:27 +01:00
e8f19191eb
Disable refreshdb_force
...
ci/lysergic/push/pipeline Pipeline was successful
Speed up state.apply's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:02:44 +01:00
cce6cce594
Use central machine-roles endpoint
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:55:55 +01:00
0efd688151
Use http.query instead of nbroles module
...
ci/lysergic/push/pipeline Pipeline was successful
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:32:57 +01:00
5ab1c4f854
salt.master: manage formulas
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:49:30 +01:00
f7bb83bd75
salt.master: move file_roots to production
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:40:21 +01:00
d593cbeae5
salt.master: move gpg_keydir to master
...
ci/lysergic/push/pipeline Pipeline was successful
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
928809b267
salt.master: manage extension modules
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
bcac69683b
Update salt.master role pillar
...
- add missing settings needed for use in production
- correct existing settings with new advancements
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:36 +01:00
5d60fe6a34
Set Salt log level to info
...
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
ad4c6af852
Add salt.syndic role + pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
a42961e982
Update mocking base
...
- adapt preparation script to new environment
- add sample mocking pillar including README
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
8c72e7c63a
Add id/role pillar README's
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
12f0a7bce0
Target roles without grains in tops
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:26:31 +01:00
bf0dfeb941
Use nbroles instead of grains
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
2181a4999f
Remove common secret include
...
File was only used for testing secrets and is no longer in use.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:09:50 +01:00
69aa808f3d
Add secret variables
...
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:03:43 +01:00
fed1e35c88
Init master role w/ pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 18:47:54 +01:00
e26039e920
Re-order minion profile
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:51:44 +01:00
546508c7de
Use custom minion master configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:16 +01:00
fe2a1a21b9
Use traditional grains management
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:01 +01:00
eb1731e7a1
Move managed grains to minion pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:59 +01:00
11620c863c
Init salted salt + minion pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:31 +01:00
ba563b6bb1
Ignore missing ID's
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:37:11 +01:00
f31c05171e
Include common secret pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:03:03 +01:00
4b08299e0c
Init pillar
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 11:41:05 +01:00