ef0a931157
Correct BookStack group
...
ci/lysergic/push/pipeline Pipeline was successful
Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:27:35 +02:00
d8359f002d
Correct SAML realm capitalization
...
ci/lysergic/push/pipeline Pipeline was successful
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
938be46faf
Quote BookStack values
...
ci/lysergic/push/pipeline Pipeline was successful
Some strings contain spaces or special characters and should be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:20:54 +02:00
0a3d34d962
Adjust themis httpd directory options
...
ci/lysergic/push/pipeline Pipeline was successful
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
600a73a984
Merge pull request 'Add empty role.privatebin pillar' ( #49 ) from privatebin-role into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #49
2023-04-30 16:44:56 +02:00
b0613cf377
Add empty role.privatebin pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:41:22 +02:00
b7f34f8b9d
Merge pull request 'Add manage_firewall conditional' ( #48 ) from firewall-optional into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #48
2023-04-30 16:11:46 +02:00
b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
f90197f791
Merge pull request 'Add empty role.bookstack pillar' ( #47 ) from bookstack-pillar into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #47
2023-04-30 14:58:14 +02:00
e8107a3054
Add empty role.bookstack pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:54:43 +02:00
524c82cafa
Merge pull request 'Allow saltenv/pillarenv override' ( #45 ) from saltenv into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #45
2023-04-30 14:49:12 +02:00
d4f39e8e5f
Allow saltenv/pillarenv override
...
ci/lysergic/push/pipeline Pipeline was successful
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:43:59 +02:00
a7cd6609e6
Merge pull request 'Watch httpd service for snippets' ( #46 ) from httpd-service into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #46
2023-04-30 14:43:42 +02:00
d65cb9a43b
Watch httpd service for snippets
...
ci/lysergic/push/pipeline Pipeline was successful
The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:39:27 +02:00
b1249e69eb
Merge pull request 'Import themis / PrivateBin' ( #40 ) from privatebin into production
...
ci/lysergic/push/pipeline Pipeline failed
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
87bb69fa37
Merge pull request 'Split out salt.formulas state' ( #44 ) from profile-formulas into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #44
2023-04-29 19:07:32 +02:00
76d1da11d9
Split out salt.formulas state
...
ci/lysergic/push/pipeline Pipeline was successful
Allow formulas update on Salt master without applying the complete Salt
master profile.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:55:49 +02:00
f32d814658
id.themis: import backend firewall rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:39:30 +02:00
a6319da822
Merge pull request 'Add tg lucy channel mapping' ( #43 ) from mattertgbridge into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #43
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-14 17:07:49 +02:00
9d9e61d51d
Add tg lucy channel mapping
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-14 18:45:51 +05:30
8420bbdf6f
Merge pull request 'Add ChillNet matterbridge' ( #42 ) from chillnet into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #42
Reviewed-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-09 21:24:24 +02:00
508c0dc1b2
Add Chillnet to matterbridge
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:25:14 +05:30
6ebd02042f
Refactor matterbridge_media macro
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:18:59 +05:30
4ff7a39f0e
id.themis: import PrivateBin httpd vhost
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:21:32 +01:00
bf3aaa5ff1
id.themis: import PrivateBin configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:17 +01:00
96daffc979
Add privatebin profile+role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:00 +01:00
84c1cecf61
Merge pull request 'Import themis / BookStack' ( #35 ) from bookstack into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #35
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-03-11 22:11:32 +01:00
c932881cd7
profile.bookstack: quote keys
...
ci/lysergic/push/pipeline Pipeline was successful
Some keys needed quoting to pass the YAML parser.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-11 18:10:07 +01:00
a1ce36fd6c
Enable php-formula
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
c28a4f5a52
role.bookstack: include php-fpm
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
361e118b31
Add php-fpm role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:29 +01:00
f55e5363a0
Enable memcached-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
edbf9f3f20
role.bookstack: include memcached
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
f820978b78
Add memcached role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
4653655010
profile.apache-httpd: manage snippets
...
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
d8d848055f
id.themis: add BookStack configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
5e0c0e4bff
Add bookstack profile+role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:27 +01:00
906dd92d7e
Add web.apache-httpd role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:05 +01:00
e58c63decc
Enable apache-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 11:10:04 +01:00
cc007e6470
Merge pull request 'Import moni Prometheus configuration' ( #32 ) from prometheus-moni into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #32
2023-02-25 16:47:21 +01:00
c8c91269fd
Merge pull request 'pipeline.gommit: allow more characters in prefix' ( #38 ) from commit-lint into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #38
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-02-22 20:37:50 +01:00
ddb72f1cb3
Disable commit linting
...
ci/lysergic/push/pipeline Pipeline was successful
Temporary change until imports with existing messages are finished.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:08:27 +01:00
0730cbb4c2
Manage Prometheus firewall rules
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:04 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
...
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00
8016f86164
p.node_exporter->p.prometheus.node_exporter
...
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:01 +01:00
2bafbeedd7
Manage Prometheus targets
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:40 +01:00
979021f5c4
Import Prometheus server configuration
...
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:03 +01:00
cdd09ed524
pipeline.gommit: allow more characters in prefix
...
ci/lysergic/push/pipeline Pipeline was successful
- For profiles/roles with - or _ in their name
- In the future we should rename all - to _ and adjust the regex to forbid all -
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-20 20:09:14 +01:00
a705925aa6
Merge pull request 'Commmit lint: allow pipeline + more characters' ( #37 ) from commit-lint into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #37
2023-02-20 19:34:14 +01:00