Commit Graph

16 Commits

Author SHA1 Message Date
32a0f8d653
denc-webcluster: include proxy in agola
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 21:25:28 +02:00
0df71b4331 Merge pull request 'Repair boolean' (#84) from fix/nginx/boolean into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #84
Reviewed-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-07-31 21:15:42 +02:00
13d5e44baa
Repair boolean
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Follow up to b6e9f75352, forgot to quote
the string causing it to still be converted to a boolean.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 21:10:35 +02:00
fb981646e5
denc-webcluster: exclude 949110
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
ModSecurity rule blocked Bookstack from saving some pages while editing.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-31 20:44:52 +02:00
b6e9f75352
Repair boolean
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
```
nginx: [emerg] invalid value "True" in "proxy_ssl_verify" directive, it
must be "on" or "off" in /etc/nginx/vhosts.d/agola.conf:14
```

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 17:04:49 +02:00
24d6de3a5d
Add reverse proxy for Agola
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
New service behind ci.lysergic.dev / ci.git.com.de.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-21 16:27:50 +02:00
b685f16c91
Add manage_firewall conditional
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
c75e31c145
denc-webcluster: add ModSecurity adjustments
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 23:46:22 +01:00
37a1ec433a
denc-webcluster: nginx listen on HA addresses
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Accidentally configured to listen only internally.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 17:42:31 +01:00
2d5da24ce5
denc-webcluster: nginx AppArmor rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow access to client trust certificate and to static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:39:49 +01:00
eac227d120
denc-webcluster: nginx config fixup
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:48:44 +01:00
533aedd864
denc-webcluster: enable keepalived script security
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
303b06ae8c
nemesis/hubris: import keepalived configuration
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:43 +01:00
eed4945a9f
nemesis/hubris: import nginx configuration
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:39 +01:00
3f2b8d2ee7
Add cluster pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 09:36:23 +01:00