Commit Graph

216 Commits

Author SHA1 Message Date
533aedd864
denc-webcluster: enable keepalived script security
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
8c21d250c3 Merge pull request 'Import denc webcluster (nemesis/hubris)' (#12) from import-denc-webcluster into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #12
2023-02-12 14:25:55 +01:00
c5ce94d7b5
Manage backend firewall zone
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 06:04:16 +01:00
bef66c1f8a
ha-node: allow vrrp in firewall
Needed for keepalived operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:54:20 +01:00
0581510c10
Add ha-netcup role
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
af2c5b0061
Add keepalived_script_user profile
Short profile source from other profiles requiring the keepalived_script
user to be present.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
f08bda4256
Add netcup_failover profile
Profile managing a Netcup IP address failover script for use with
keepalived.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
303b06ae8c
nemesis/hubris: import keepalived configuration
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:43 +01:00
a0a21a17db
nemesis/hubris: include denc.web-proxy
Add shared nginx configuration to nemesis/hubris HA pair nodes.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:42 +01:00
eed4945a9f
nemesis/hubris: import nginx configuration
Add shared configuration to cluster.denc.web-proxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:39 +01:00
1b0965943f Merge pull request 'common-suse: add qemu-guest-agent + remove AutoYaST' (#23) from common-suse into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #23
2023-02-12 04:13:50 +01:00
8e1436d4af
common.suse: manage qemu-guest-agent
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Ensure qemu-guest-agent is active on all KVM guests.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 04:11:14 +01:00
b6b7ff1e33
common.suse: remove AutoYaST
We only use AutoYaST for the OS deployment and don't need the packages
afterwards.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 04:11:14 +01:00
95248fd374 Merge pull request 'dericom02: manage web firewall zone' (#22) from dericom02-webfw into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #22
2023-02-12 03:52:41 +01:00
1f8d8b642c
dericom02: manage web firewall zone
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:49:40 +01:00
9043634123 Merge pull request 'lighttpd: improve dependencies' (#21) from lighttpd-watch into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #21
2023-02-12 03:06:20 +01:00
9a0c210b87
lighttpd: improve dependencies
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- add more explicit Salt ID dependencies
- reload service on configuration changes

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:03:09 +01:00
5da0bfe798 Merge pull request 'dericom02: disable matterbridge XMPP debug' (#20) from matterbridge-xmpp-debug into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #20
2023-02-12 02:56:22 +01:00
16c8cd3dd5
dericom02: disable matterbridge XMPP debug
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
It's very noisy - one can enable it on demand if needed.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:53:04 +01:00
1eb10e4687 Merge pull request 'matterbridge: restart on changes' (#19) from matterbridge-watch into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #19
2023-02-12 02:42:29 +01:00
b446afcc49
matterbridge: restart on changes
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Matterbridge does detect file changes, but seems to only apply them on
a service restart.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:39:47 +01:00
82e8ce4eb2 Merge pull request 'matterbridge: quote numbers' (#18) from matterbridge-booleans into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #18
2023-02-12 02:33:30 +01:00
586c7e3bc7 Merge pull request 'Disable "aithunder" Discord bridge' (#17) from matterbridge-aithunder into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #17
2023-02-12 02:31:48 +01:00
b061265885
matterbridge: quote numbers
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Needed to make the TOML configuration format happy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:30:56 +01:00
1302e06486
Disable "aithunder" Discord bridge
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Discord room does not exist.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:25:55 +01:00
8fbfd38ec3 Merge pull request 'dericom02: quote matterbridge booleans' (#16) from matterbridge-booleans into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #16
2023-02-12 02:18:19 +01:00
12c47a346b
dericom02: quote matterbridge booleans
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
TOML configuration format needs lowercase boolean values.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:13:03 +01:00
c9a157833b Merge pull request 'Matterbridge media' (#15) from matterbridge-media into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #15
2023-02-12 00:55:49 +01:00
1aacd3f340
dericom02: manage matterbridge media
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- move base media directory to variable
- add lighttpd vhosts to pillar

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:59 +01:00
ab47eb5485
matterbridge: manage media directories
Create media directories if defined in the pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:26 +01:00
e2560f0dd6 Merge pull request 'matterbridge: add role pillar' (#14) from matterbridge-pillar-fixup into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #14
2023-02-09 23:00:18 +01:00
77c50cf53f
matterbridge: add role pillar
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Empty for now, adding for future reference and because we enforce role
pillars to exist.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-09 22:56:28 +01:00
03a4aec0f3 Merge pull request 'Import Matterbridge configuration' (#10) from import-dericom02 into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #10
2023-02-09 21:02:02 +01:00
dee3e035c2 Merge pull request 'Refactor Matterbridge profile' (#11) from matterbridge-refactor into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #11
2023-02-09 20:44:03 +01:00
f7893a980e Merge pull request 'Add ha-node role + enable keepalived formula' (#13) from keepalived-formula into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #13
2023-02-08 22:55:45 +01:00
a8bbe056f1
Add ha-node role
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add ha-node role for machines in a HA pair using keepalived.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:31:27 +01:00
2d06de94ca
Enable keepalived-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:30:52 +01:00
650854fa27
Refactor matterbridge profile
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- reduce pillar calls
- no longer define possible configuration options, apply settings from
  pillar 1:1

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:37:37 +01:00
07d325d777
dericom02: import Matterbridge configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
a3ec351b70
Add onion-router role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:21:32 +01:00
687473b919
Enable tor-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 23:00:47 +01:00
70ca4fabc8
Set webirc backend to https
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Ergo rightfully does not accept plain text websocket connections.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:20:19 +01:00
82cad3b099
Include libertacasa for liberta.casa
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Fallout from 77fa39e59c - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:10:14 +01:00
df3eeede1d
Repair liberta.casa TLS include
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:01:23 +01:00
92f01888af
web-proxy: include mime.types
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Always include mime.types on web-proxies.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:10:57 +01:00
e369c53a4c
web-proxy: common includes
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Always include files in conf.d and vhosts.d on web-proxies.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:09:05 +01:00
7dc481c996 Merge pull request 'web-proxy: common nginx.conf' (#9) from nginxconf into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #9
2023-02-05 20:03:18 +01:00
12ce134559
web-proxy: common nginx.conf
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Import default nginx.conf contents from our custom packaged file into
Salt.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 19:59:04 +01:00