c25a5c6e05
denc-webcluster: nginx AppArmor rules
...
ci/lysergic/push/pipeline Pipeline was successful
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:38:22 +01:00
1ac51ae11b
web-proxy: include apparmor.local
...
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:38:22 +01:00
0eca62f4ce
Add AppArmor profile
...
Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 16:20:44 +01:00
91089d5d98
Merge pull request 'denc-webcluster: nginx config fixup' ( #26 ) from import-denc-webcluster-iphash into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #26
2023-02-12 15:56:30 +01:00
eac227d120
denc-webcluster: nginx config fixup
...
ci/lysergic/push/pipeline Pipeline was successful
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:48:44 +01:00
f9341ad9fe
Merge pull request 'ha-node: vrrp is a protocol' ( #25 ) from vrrp-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #25
2023-02-12 15:25:53 +01:00
d017233a52
ha-node: vrrp is a protocol
...
ci/lysergic/push/pipeline Pipeline was successful
Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 15:22:08 +01:00
5fdbdc7462
Merge pull request 'denc-webcluster: allow http(s) publicly' ( #24 ) from import-denc-webcluster-fw into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #24
2023-02-12 14:44:20 +01:00
533aedd864
denc-webcluster: enable keepalived script security
...
ci/lysergic/push/pipeline Pipeline was successful
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:37:45 +01:00
7481741f95
denc-webcluster: allow http(s) publicly
...
ci/lysergic/push/pipeline Pipeline was successful
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 14:33:34 +01:00
8c21d250c3
Merge pull request 'Import denc webcluster (nemesis/hubris)' ( #12 ) from import-denc-webcluster into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #12
2023-02-12 14:25:55 +01:00
c5ce94d7b5
Manage backend firewall zone
...
ci/lysergic/push/pipeline Pipeline was successful
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 06:04:16 +01:00
bef66c1f8a
ha-node: allow vrrp in firewall
...
Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:54:20 +01:00
0581510c10
Add ha-netcup role
...
ci/lysergic/push/pipeline Pipeline was successful
Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
af2c5b0061
Add keepalived_script_user profile
...
Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
f08bda4256
Add netcup_failover profile
...
Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:24:27 +01:00
303b06ae8c
nemesis/hubris: import keepalived configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:43 +01:00
a0a21a17db
nemesis/hubris: include denc.web-proxy
...
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:42 +01:00
eed4945a9f
nemesis/hubris: import nginx configuration
...
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:39 +01:00
1b0965943f
Merge pull request 'common-suse: add qemu-guest-agent + remove AutoYaST' ( #23 ) from common-suse into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #23
2023-02-12 04:13:50 +01:00
8e1436d4af
common.suse: manage qemu-guest-agent
...
ci/lysergic/push/pipeline Pipeline was successful
Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 04:11:14 +01:00
b6b7ff1e33
common.suse: remove AutoYaST
...
We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 04:11:14 +01:00
95248fd374
Merge pull request 'dericom02: manage web firewall zone' ( #22 ) from dericom02-webfw into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #22
2023-02-12 03:52:41 +01:00
1f8d8b642c
dericom02: manage web firewall zone
...
ci/lysergic/push/pipeline Pipeline was successful
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:49:40 +01:00
9043634123
Merge pull request 'lighttpd: improve dependencies' ( #21 ) from lighttpd-watch into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #21
2023-02-12 03:06:20 +01:00
9a0c210b87
lighttpd: improve dependencies
...
ci/lysergic/push/pipeline Pipeline was successful
- add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:03:09 +01:00
5da0bfe798
Merge pull request 'dericom02: disable matterbridge XMPP debug' ( #20 ) from matterbridge-xmpp-debug into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #20
2023-02-12 02:56:22 +01:00
16c8cd3dd5
dericom02: disable matterbridge XMPP debug
...
ci/lysergic/push/pipeline Pipeline was successful
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:53:04 +01:00
1eb10e4687
Merge pull request 'matterbridge: restart on changes' ( #19 ) from matterbridge-watch into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #19
2023-02-12 02:42:29 +01:00
b446afcc49
matterbridge: restart on changes
...
ci/lysergic/push/pipeline Pipeline was successful
Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:39:47 +01:00
82e8ce4eb2
Merge pull request 'matterbridge: quote numbers' ( #18 ) from matterbridge-booleans into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #18
2023-02-12 02:33:30 +01:00
586c7e3bc7
Merge pull request 'Disable "aithunder" Discord bridge' ( #17 ) from matterbridge-aithunder into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #17
2023-02-12 02:31:48 +01:00
b061265885
matterbridge: quote numbers
...
ci/lysergic/push/pipeline Pipeline was successful
Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:30:56 +01:00
1302e06486
Disable "aithunder" Discord bridge
...
ci/lysergic/push/pipeline Pipeline was successful
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:25:55 +01:00
8fbfd38ec3
Merge pull request 'dericom02: quote matterbridge booleans' ( #16 ) from matterbridge-booleans into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #16
2023-02-12 02:18:19 +01:00
12c47a346b
dericom02: quote matterbridge booleans
...
ci/lysergic/push/pipeline Pipeline was successful
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:13:03 +01:00
c9a157833b
Merge pull request 'Matterbridge media' ( #15 ) from matterbridge-media into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #15
2023-02-12 00:55:49 +01:00
1aacd3f340
dericom02: manage matterbridge media
...
ci/lysergic/push/pipeline Pipeline was successful
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:59 +01:00
ab47eb5485
matterbridge: manage media directories
...
Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:26 +01:00
e2560f0dd6
Merge pull request 'matterbridge: add role pillar' ( #14 ) from matterbridge-pillar-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #14
2023-02-09 23:00:18 +01:00
77c50cf53f
matterbridge: add role pillar
...
ci/lysergic/push/pipeline Pipeline was successful
Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-09 22:56:28 +01:00
03a4aec0f3
Merge pull request 'Import Matterbridge configuration' ( #10 ) from import-dericom02 into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #10
2023-02-09 21:02:02 +01:00
dee3e035c2
Merge pull request 'Refactor Matterbridge profile' ( #11 ) from matterbridge-refactor into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #11
2023-02-09 20:44:03 +01:00
f7893a980e
Merge pull request 'Add ha-node role + enable keepalived formula' ( #13 ) from keepalived-formula into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #13
2023-02-08 22:55:45 +01:00
a8bbe056f1
Add ha-node role
...
ci/lysergic/push/pipeline Pipeline was successful
Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:31:27 +01:00
2d06de94ca
Enable keepalived-formula
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-08 20:30:52 +01:00
650854fa27
Refactor matterbridge profile
...
ci/lysergic/push/pipeline Pipeline was successful
- reduce pillar calls
- no longer define possible configuration options, apply settings from
pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:37:37 +01:00
07d325d777
dericom02: import Matterbridge configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
a3ec351b70
Add onion-router role
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:21:32 +01:00
