Compare commits

...

3 Commits

Author SHA1 Message Date
c4728bc96d
Address salt-lint errors/warnings
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
- remove trailing whitespaces
- format octal modes correctly

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:15:25 +01:00
cd93d792ff
Address yamllint errors/warnings
- remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:15:25 +01:00
36b1fbffb2
Add linting pipeline
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-15 23:15:25 +01:00
9 changed files with 30 additions and 13 deletions

View File

@ -1,9 +1,22 @@
---
# yamllint disable rule:line-length
skip_clone: true
pipeline:
lint:
image: registry.opensuse.org/home/crameleon/libertacasa/containers/containerfile/libertacasa/pipeline-lint:latest
secrets: [ci_netrc_username, ci_netrc_password, ci_netrc_machine]
when:
event: [push]
commands:
- git clone --single-branch -b $CI_COMMIT_BRANCH $CI_REPO_LINK ../salt-libertacasa-linting
- cd ../salt-libertacasa-linting
- find . -type f \( -name '*.yaml' -o -name '*.yml' \) -exec yamllint -f colored -s {} +
- find . -name '*.sls' -exec salt-lint --severity -x 204 {} +
check:
image: registry.opensuse.org/home/crameleon/libertacasa/containers/containerfile/libertacasa/pipeline:latest
secrets: [ ci_netrc_username, ci_netrc_password, ci_netrc_machine ]
secrets: [ci_netrc_username, ci_netrc_password, ci_netrc_machine]
when:
event: [push]
commands:
@ -29,5 +42,5 @@ pipeline:
event: [push]
instance: woodpecker-orpheus.intranet.squirrelcube.com
commands:
#- rolesyncer
# - rolesyncer
- bin/rolesyncer.py

View File

@ -78,6 +78,7 @@ nginx:
- X-Forwarded-Proto $scheme
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
tls:
# yamllint disable-line rule:line-length
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}

View File

@ -1,3 +1,4 @@
---
- firewalld
- keepalived
- nginx

View File

@ -23,7 +23,7 @@ profile:
NickServNick: viaduct
NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'}
ColorNicks: 'true'
Charset: utf8
Charset: utf8
MessageSplit: 'true'
MessageQueue: 60
UseRelayMsg: 'true'

View File

@ -412,12 +412,12 @@ nginx:
- location /:
- proxy_pass: http://media.takahe.rigel.lysergic.dev:8001
{{ takaheresolver }}
{#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #}
{#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #}
- server:
{{ takahe_includes() }}
- server_name: despair.life
{{ takahe_gohome() }}
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #}
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
{%- for talopath in ['auth', 'saml2'] %}
- location /{{ talopath }}:
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
@ -436,7 +436,7 @@ nginx:
- snippets/error
- server_name: exhausted.life
{{ takahe_gohome() }}
- location /.well-known/:
- location /.well-known/:
- proxy_pass: {{ backend.takahe }}
- sub_filter_types: application/xml
- sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life

View File

@ -46,7 +46,7 @@ matterbridge_{{ instance }}_mediadir:
- user: matterbridge
{#- to-do: implement some shared group #}
- group: lighttpd
- mode: 750
- mode: '0750'
- makedirs: True
{%- endif %}

View File

@ -5,6 +5,6 @@ include:
file.managed:
- user: keepalived_script
- group: wheel
- mode: 750
- mode: '0750'
- template: jinja
- source: salt://{{ slspath }}/files/failover.sh.j2

View File

@ -17,7 +17,7 @@ salt_master_extension_modules_dirs:
{%- endfor %}
- user: root
- group: salt
- mode: 0755
- mode: '0755'
salt_master_extension_modules_bins:
file.managed:
@ -30,7 +30,7 @@ salt_master_extension_modules_bins:
{%- endfor %}
- user: root
- group: salt
- mode: 0640
- mode: '0640'
- require:
- file: salt_master_extension_modules_dirs
@ -72,7 +72,7 @@ salt_master_extra_packages:
- requirepass {{ master_pillar['cache.redis.password'] }}
- user: root
- group: redis
- mode: 0640
- mode: '0640'
- require:
- pkg: redis
@ -80,7 +80,7 @@ salt_master_extra_packages:
file.directory:
- user: redis
- group: redis
- mode: 0750
- mode: '0750'
- require:
- pkg: redis

View File

@ -1,5 +1,7 @@
{%- set netbox_pillar = salt['pillar.get']('netbox') -%}
{%- if 'custom_fields' in netbox_pillar and netbox_pillar['custom_fields']['salt_roles'] is not none and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
{%- if 'custom_fields' in netbox_pillar
and netbox_pillar['custom_fields']['salt_roles'] is not none
and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
{%- set master = salt['pillar.get']('salt:master:syndic_master') -%}
{%- elif 'config_context' in netbox_pillar -%}
{%- set master = netbox_pillar['config_context']['salt_master'] -%}