Commit Graph

291 Commits

Author SHA1 Message Date
ef0a931157
Correct BookStack group
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:27:35 +02:00
d8359f002d
Correct SAML realm capitalization
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
The Keycloak realm is named "LibertaCasa", not "libertacasa".

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
938be46faf
Quote BookStack values
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Some strings contain spaces or special characters and should be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:20:54 +02:00
0a3d34d962
Adjust themis httpd directory options
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
600a73a984 Merge pull request 'Add empty role.privatebin pillar' (#49) from privatebin-role into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #49
2023-04-30 16:44:56 +02:00
b0613cf377
Add empty role.privatebin pillar
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:41:22 +02:00
b7f34f8b9d Merge pull request 'Add manage_firewall conditional' (#48) from firewall-optional into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #48
2023-04-30 16:11:46 +02:00
b685f16c91
Add manage_firewall conditional
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
f90197f791 Merge pull request 'Add empty role.bookstack pillar' (#47) from bookstack-pillar into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #47
2023-04-30 14:58:14 +02:00
e8107a3054
Add empty role.bookstack pillar
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:54:43 +02:00
524c82cafa Merge pull request 'Allow saltenv/pillarenv override' (#45) from saltenv into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #45
2023-04-30 14:49:12 +02:00
d4f39e8e5f
Allow saltenv/pillarenv override
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:43:59 +02:00
a7cd6609e6 Merge pull request 'Watch httpd service for snippets' (#46) from httpd-service into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #46
2023-04-30 14:43:42 +02:00
d65cb9a43b
Watch httpd service for snippets
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:39:27 +02:00
b1249e69eb Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into production
Some checks failed
ci/lysergic/push/pipeline Pipeline failed
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
87bb69fa37 Merge pull request 'Split out salt.formulas state' (#44) from profile-formulas into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #44
2023-04-29 19:07:32 +02:00
76d1da11d9
Split out salt.formulas state
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow formulas update on Salt master without applying the complete Salt
master profile.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:55:49 +02:00
f32d814658
id.themis: import backend firewall rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow HTTPS traffic.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:39:30 +02:00
a6319da822 Merge pull request 'Add tg lucy channel mapping' (#43) from mattertgbridge into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #43
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-14 17:07:49 +02:00
9d9e61d51d
Add tg lucy channel mapping
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-14 18:45:51 +05:30
8420bbdf6f Merge pull request 'Add ChillNet matterbridge' (#42) from chillnet into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #42
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-09 21:24:24 +02:00
508c0dc1b2
Add Chillnet to matterbridge
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:25:14 +05:30
6ebd02042f
Refactor matterbridge_media macro
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:18:59 +05:30
4ff7a39f0e
id.themis: import PrivateBin httpd vhost
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:21:32 +01:00
bf3aaa5ff1
id.themis: import PrivateBin configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:17 +01:00
96daffc979
Add privatebin profile+role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:00 +01:00
84c1cecf61 Merge pull request 'Import themis / BookStack' (#35) from bookstack into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #35
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-03-11 22:11:32 +01:00
c932881cd7
profile.bookstack: quote keys
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Some keys needed quoting to pass the YAML parser.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-11 18:10:07 +01:00
a1ce36fd6c
Enable php-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
c28a4f5a52
role.bookstack: include php-fpm
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
361e118b31
Add php-fpm role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
f55e5363a0
Enable memcached-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
edbf9f3f20
role.bookstack: include memcached
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
f820978b78
Add memcached role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
4653655010
profile.apache-httpd: manage snippets
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
d8d848055f
id.themis: add BookStack configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
5e0c0e4bff
Add bookstack profile+role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:27 +01:00
906dd92d7e
Add web.apache-httpd role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:05 +01:00
e58c63decc
Enable apache-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:04 +01:00
cc007e6470 Merge pull request 'Import moni Prometheus configuration' (#32) from prometheus-moni into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #32
2023-02-25 16:47:21 +01:00
c8c91269fd Merge pull request 'pipeline.gommit: allow more characters in prefix' (#38) from commit-lint into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #38
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-02-22 20:37:50 +01:00
ddb72f1cb3
Disable commit linting
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Temporary change until imports with existing messages are finished.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:08:27 +01:00
0730cbb4c2
Manage Prometheus firewall rules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:04 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
Use uniform JSON target files instead of a JSON/YAML mix.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00
8016f86164
p.node_exporter->p.prometheus.node_exporter
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:01 +01:00
2bafbeedd7
Manage Prometheus targets
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:40 +01:00
979021f5c4
Import Prometheus server configuration
* add new roles:
  - monitoring.prometheus
  - monitoring.prometheus-alertmanager
  - monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:03 +01:00
cdd09ed524
pipeline.gommit: allow more characters in prefix
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- For profiles/roles with - or _ in their name
- In the future we should rename all - to _ and adjust the regex to forbid all -

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-20 20:09:14 +01:00
a705925aa6 Merge pull request 'Commmit lint: allow pipeline + more characters' (#37) from commit-lint into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #37
2023-02-20 19:34:14 +01:00