Commit Graph

136 Commits

Author SHA1 Message Date
ab47eb5485
matterbridge: manage media directories
Create media directories if defined in the pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:26 +01:00
e2560f0dd6 Merge pull request 'matterbridge: add role pillar' (#14) from matterbridge-pillar-fixup into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #14
2023-02-09 23:00:18 +01:00
77c50cf53f
matterbridge: add role pillar
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Empty for now, adding for future reference and because we enforce role
pillars to exist.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-09 22:56:28 +01:00
03a4aec0f3 Merge pull request 'Import Matterbridge configuration' (#10) from import-dericom02 into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #10
2023-02-09 21:02:02 +01:00
dee3e035c2 Merge pull request 'Refactor Matterbridge profile' (#11) from matterbridge-refactor into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #11
2023-02-09 20:44:03 +01:00
f7893a980e Merge pull request 'Add ha-node role + enable keepalived formula' (#13) from keepalived-formula into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #13
2023-02-08 22:55:45 +01:00
a8bbe056f1
Add ha-node role
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add ha-node role for machines in a HA pair using keepalived.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:31:27 +01:00
2d06de94ca
Enable keepalived-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:30:52 +01:00
650854fa27
Refactor matterbridge profile
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- reduce pillar calls
- no longer define possible configuration options, apply settings from
  pillar 1:1

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:37:37 +01:00
07d325d777
dericom02: import Matterbridge configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
a3ec351b70
Add onion-router role
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:21:32 +01:00
687473b919
Enable tor-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 23:00:47 +01:00
70ca4fabc8
Set webirc backend to https
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Ergo rightfully does not accept plain text websocket connections.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:20:19 +01:00
82cad3b099
Include libertacasa for liberta.casa
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Fallout from 77fa39e59c - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:10:14 +01:00
df3eeede1d
Repair liberta.casa TLS include
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:01:23 +01:00
92f01888af
web-proxy: include mime.types
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Always include mime.types on web-proxies.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:10:57 +01:00
e369c53a4c
web-proxy: common includes
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Always include files in conf.d and vhosts.d on web-proxies.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 20:09:05 +01:00
7dc481c996 Merge pull request 'web-proxy: common nginx.conf' (#9) from nginxconf into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #9
2023-02-05 20:03:18 +01:00
12ce134559
web-proxy: common nginx.conf
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Import default nginx.conf contents from our custom packaged file into
Salt.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 19:59:04 +01:00
e3e4caaabe
web-proxy: IPv6 listener brackets
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 19:19:27 +01:00
119e97805d
Increase LC repository priority
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 18:47:17 +01:00
77fa39e59c Merge pull request 'deriweb01: import nginx configuration' (#8) from import-deriweb01 into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #8
2023-02-05 18:43:20 +01:00
5e02090bc6
web-proxy: add firewall configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 14:29:25 +01:00
785986d2ac
Enable syntax highlighting
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Initially for .sls and .jinja/.j2 files - we can add others later on if
needed.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 12:07:13 +01:00
1b619358a8
deriweb01: import nginx configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Transfer local/manual nginx configuration structure into pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 11:56:27 +01:00
98ea861c13
web-proxy: add common TLS configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add TLS configuration snippet shared between all web-proxies.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 10:05:20 +01:00
4581bd4a6a
Add nginx crtkeypair macro
For use in nginx pillars.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 10:04:09 +01:00
3f2b8d2ee7
Add cluster pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 09:36:23 +01:00
7ab3cb6c59
Refresh LC repository
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Configure repository to be refreshed automatically.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 01:01:56 +01:00
2e4d350c7f
Add web-proxy role
- web-proxy role to configure nginx
- pillar with common nginx configuration

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-04 11:47:09 +01:00
bb252c1d47
Set default saltenv
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-01 23:23:43 +01:00
ba6522ce5b
Refactor map/macro sourcing
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 05:43:53 +01:00
096bb24769
Enable nginx-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 03:23:48 +01:00
1a03ecc9db
salt.master: add salt-keydiff package
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Useful to accept new minions.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 02:14:22 +01:00
83f698e18c
Manage Salt roleproxy
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add role, profile and pillar for roleproxy.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-30 00:39:33 +01:00
81a37bf842
salt.minion: no longer manage grains
Grains have only been managed to track roles, however those have since
been moved to the Role API. Hence the managed /etc/salt/grains file can
safely be removed from management.
Existing installations will be cleaned up by me.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 23:33:40 +01:00
d2bc7b0785
Set firewalld short zone names
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
To match the SUSE defaults deployed by our AutoYaST configuration.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:50:37 +01:00
84c1d63776
Allow IPv6-only interfaces + fixup
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:38:29 +01:00
824baf386b
Firewall interface mapping logic
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 17:27:58 +01:00
c8aa6c6157
Mine interfaces
Needed for firewall interface-zone mapping logic.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 16:37:07 +01:00
7600e631d3
salt.master: extra quotes around API listener
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
State would print the colons unquoted into the file, causing the YAML to
not parse.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 16:11:01 +01:00
45b53f8392
salt.master: add firewalld rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:50:11 +01:00
e395f7f0a3
Manage common firewalld rules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:49:48 +01:00
e62080ae5b
Manage firewalld
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:30:37 +01:00
1660fb099e
Merge lists on test minions
Reflect production setting, allow pillar to merge from different roles.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:29:30 +01:00
4ece021122
Enable firewalld-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
... and sort list entries alphabetically.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 15:12:52 +01:00
880f6796c5
salt.master: enable API IPv6 listener
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
No individual listeners can be configured, hence global dual stack
listener it is.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:59:35 +01:00
7b808efdb5
Enable SSH banner
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:15:40 +01:00
002fad5f27
salt.minion: allow minions without roles
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
If-clause to check for Syndic roles caused regression on minions without
any assigned roles.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-29 14:09:49 +01:00