b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
c75e31c145
denc-webcluster: add ModSecurity adjustments
...
ci/lysergic/push/pipeline Pipeline was successful
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 23:46:22 +01:00
37a1ec433a
denc-webcluster: nginx listen on HA addresses
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 17:42:31 +01:00
2d5da24ce5
denc-webcluster: nginx AppArmor rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:39:49 +01:00
eac227d120
denc-webcluster: nginx config fixup
...
ci/lysergic/push/pipeline Pipeline was successful
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:48:44 +01:00
533aedd864
denc-webcluster: enable keepalived script security
...
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
...
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
303b06ae8c
nemesis/hubris: import keepalived configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:43 +01:00
eed4945a9f
nemesis/hubris: import nginx configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:39 +01:00