90abdc179b
bridge ircdevchan tgdevchan
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-08-10 04:08:34 +05:30
29ceb78cde
Add http(s) to thetrip public zone
...
Forgotten in fffbaf46988d89b9f56578ba0d97c07ea056f513.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-01 22:21:39 +02:00
8519dfec68
Manage firewall on thetrip
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-07-01 22:12:14 +02:00
080002e642
Manage firewall on derutil01
...
Configuration should be imported already.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-06-28 22:10:58 +02:00
ddf1c03dbb
remove backslash
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-28 23:10:34 +05:30
7145ae4481
update mediapath for matterbridge
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-27 23:47:53 +05:30
667646a295
Add chillnet matterbridge uploads
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-06-25 01:46:13 +05:30
97045b5f12
Used /RENAME for #fightclub
2023-05-03 19:38:05 +02:00
c1fcf5f3b1
Init psyched.dev
...
Add pillar IDs for theia/orpheus/selene to disable sshd
management on them (machines use custom configurations
for historic reasons, and we like to preserve history).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 21:00:45 +02:00
b6b129c41f
Init dencpod01.lysergic.dev
...
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:40:09 +02:00
d89138e2a7
Import moni firewall configuration
...
Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:02:21 +02:00
55acb1dea4
Init phoebe.lysergic.dev
...
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:48:22 +02:00
409016ea75
Disable manage_sshd for philia
...
Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:32:36 +02:00
841317e0f4
Repair BookStack httpd configuration
...
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 00:00:31 +02:00
f56ed6f64e
Merge pull request 'Adjust themis httpd directory options' ( #50 ) from themis-httpd-fixup into production
...
Reviewed-on: #50
2023-04-30 20:04:42 +02:00
d8359f002d
Correct SAML realm capitalization
...
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
0a3d34d962
Adjust themis httpd directory options
...
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
b685f16c91
Add manage_firewall conditional
...
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
b1249e69eb
Merge pull request 'Import themis / PrivateBin' ( #40 ) from privatebin into production
...
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
f32d814658
id.themis: import backend firewall rules
...
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:39:30 +02:00
9d9e61d51d
Add tg lucy channel mapping
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-14 18:45:51 +05:30
508c0dc1b2
Add Chillnet to matterbridge
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:25:14 +05:30
6ebd02042f
Refactor matterbridge_media macro
...
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
2023-04-10 00:18:59 +05:30
4ff7a39f0e
id.themis: import PrivateBin httpd vhost
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:21:32 +01:00
bf3aaa5ff1
id.themis: import PrivateBin configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-03-12 17:01:17 +01:00
d8d848055f
id.themis: add BookStack configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
e36d40dbc3
id.themis: add BookStack httpd configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-26 13:14:28 +01:00
cade9c0aca
Moni: Read Blackbox targets as JSON
...
Use uniform JSON target files instead of a JSON/YAML mix.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:06:03 +01:00
979021f5c4
Import Prometheus server configuration
...
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-21 19:05:03 +01:00
18d28c3b7f
Address salt-lint errors/warnings
...
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:18:54 +01:00
a0a21a17db
nemesis/hubris: include denc.web-proxy
...
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 05:21:42 +01:00
1f8d8b642c
dericom02: manage web firewall zone
...
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 03:49:40 +01:00
16c8cd3dd5
dericom02: disable matterbridge XMPP debug
...
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:53:04 +01:00
1302e06486
Disable "aithunder" Discord bridge
...
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:25:55 +01:00
12c47a346b
dericom02: quote matterbridge booleans
...
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 02:13:03 +01:00
1aacd3f340
dericom02: manage matterbridge media
...
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-12 00:51:59 +01:00
07d325d777
dericom02: import Matterbridge configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 22:29:02 +01:00
f678de8560
derimisc01: import Tor configuration
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-07 18:35:40 +01:00
70ca4fabc8
Set webirc backend to https
...
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:20:19 +01:00
82cad3b099
Include libertacasa for liberta.casa
...
Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:10:14 +01:00
df3eeede1d
Repair liberta.casa TLS include
...
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-06 14:01:23 +01:00
1b619358a8
deriweb01: import nginx configuration
...
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-05 11:56:27 +01:00
8c72e7c63a
Add id/role pillar README's
...
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
