080002e642
Manage firewall on derutil01
...
ci/lysergic/push/pipeline Pipeline was successful
Configuration should be imported already.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-06-28 22:10:58 +02:00
ddf1c03dbb
remove backslash
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-28 23:10:34 +05:30
7145ae4481
update mediapath for matterbridge
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-27 23:47:53 +05:30
667646a295
Add chillnet matterbridge uploads
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-25 01:46:13 +05:30
97045b5f12
Used /RENAME for #fightclub
ci/lysergic/push/pipeline Pipeline was successful
2023-05-03 19:38:05 +02:00
c1fcf5f3b1
Init psyched.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Add pillar IDs for theia/orpheus/selene to disable sshd
management on them (machines use custom configurations
for historic reasons, and we like to preserve history).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 21:00:45 +02:00
b6b129c41f
Init dencpod01.lysergic.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:40:09 +02:00
d89138e2a7
Import moni firewall configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:02:21 +02:00
55acb1dea4
Init phoebe.lysergic.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:48:22 +02:00
409016ea75
Disable manage_sshd for philia
...
ci/lysergic/push/pipeline Pipeline was successful
Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:32:36 +02:00
841317e0f4
Repair BookStack httpd configuration
...
ci/lysergic/push/pipeline Pipeline was successful
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 00:00:31 +02:00
f56ed6f64e
Merge pull request 'Adjust themis httpd directory options' ( #50 ) from themis-httpd-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #50
2023-04-30 20:04:42 +02:00
d8359f002d
Correct SAML realm capitalization
...
ci/lysergic/push/pipeline Pipeline was successful
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
0a3d34d962
Adjust themis httpd directory options
...
ci/lysergic/push/pipeline Pipeline was successful
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
b1249e69eb
Merge pull request 'Import themis / PrivateBin' ( #40 ) from privatebin into production
...
ci/lysergic/push/pipeline Pipeline failed
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
f32d814658
id.themis: import backend firewall rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:39:30 +02:00
9d9e61d51d
Add tg lucy channel mapping
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-14 18:45:51 +05:30
508c0dc1b2
Add Chillnet to matterbridge
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:25:14 +05:30
6ebd02042f
Refactor matterbridge_media macro
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:18:59 +05:30
4ff7a39f0e
id.themis: import PrivateBin httpd vhost
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:21:32 +01:00
bf3aaa5ff1
id.themis: import PrivateBin configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:17 +01:00
d8d848055f
id.themis: add BookStack configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
...
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00
979021f5c4
Import Prometheus server configuration
...
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:03 +01:00
18d28c3b7f
Address salt-lint errors/warnings
...
ci/lysergic/push/pipeline Pipeline was successful
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:18:54 +01:00
a0a21a17db
nemesis/hubris: include denc.web-proxy
...
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:42 +01:00
1f8d8b642c
dericom02: manage web firewall zone
...
ci/lysergic/push/pipeline Pipeline was successful
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:49:40 +01:00
16c8cd3dd5
dericom02: disable matterbridge XMPP debug
...
ci/lysergic/push/pipeline Pipeline was successful
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:53:04 +01:00
1302e06486
Disable "aithunder" Discord bridge
...
ci/lysergic/push/pipeline Pipeline was successful
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:25:55 +01:00
12c47a346b
dericom02: quote matterbridge booleans
...
ci/lysergic/push/pipeline Pipeline was successful
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:13:03 +01:00
1aacd3f340
dericom02: manage matterbridge media
...
ci/lysergic/push/pipeline Pipeline was successful
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:59 +01:00
07d325d777
dericom02: import Matterbridge configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
70ca4fabc8
Set webirc backend to https
...
ci/lysergic/push/pipeline Pipeline was successful
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:20:19 +01:00
82cad3b099
Include libertacasa for liberta.casa
...
ci/lysergic/push/pipeline Pipeline was successful
Fallout from 77fa39e59c
- libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:10:14 +01:00
df3eeede1d
Repair liberta.casa TLS include
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:01:23 +01:00
1b619358a8
deriweb01: import nginx configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 11:56:27 +01:00
8c72e7c63a
Add id/role pillar README's
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00