Compare commits
54 Commits
orpheus
...
production
Author | SHA1 | Date | |
---|---|---|---|
8231c71927 | |||
00e7832e9d | |||
47c7b56e86 | |||
f46758fe53 | |||
b7ffc08af9 | |||
6d931c54cb | |||
46f5fd365c | |||
931403de64 | |||
f26bace747 | |||
3c1cb027ba | |||
95edd4bcb4 | |||
b454b5f5b9 | |||
b2aa0317e5 | |||
10e380c3c1 | |||
0e3300bb49 | |||
fd68a06188 | |||
f0a2afc714 | |||
14109af928 | |||
e91ce0f58f | |||
e8a5ec5594 | |||
90abdc179b | |||
4df811c834 | |||
32a0f8d653 | |||
0df71b4331 | |||
13d5e44baa | |||
beec7cde28 | |||
fb981646e5 | |||
5d4350aed3 | |||
b6e9f75352 | |||
40b7913d32 | |||
24d6de3a5d | |||
8b735d45e2 | |||
e03e939bf9 | |||
4778c43503 | |||
dc3cbea053 | |||
c7e590843f | |||
29ceb78cde | |||
fffbaf4698 | |||
8519dfec68 | |||
b73c0805cd | |||
080002e642 | |||
1bd2f39312 | |||
58c100acc1 | |||
47a364290c | |||
b36dc960c8 | |||
ddf1c03dbb | |||
f4f7f93583 | |||
7145ae4481 | |||
937b3c99b7 | |||
667646a295 | |||
36c70f4016 | |||
97045b5f12 | |||
ffbd2dc4c3 | |||
c1fcf5f3b1 |
@ -127,7 +127,7 @@ nginx:
|
|||||||
- client_max_body_size: 20M
|
- client_max_body_size: 20M
|
||||||
- modsecurity_rules: |-
|
- modsecurity_rules: |-
|
||||||
'
|
'
|
||||||
SecRuleRemoveById 941160
|
SecRuleRemoveById 941160 949110
|
||||||
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
|
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
|
||||||
'
|
'
|
||||||
|
|
||||||
@ -212,6 +212,18 @@ nginx:
|
|||||||
- error_log: /var/log/nginx/libsso_public.error.log
|
- error_log: /var/log/nginx/libsso_public.error.log
|
||||||
- access_log: /var/log/nginx/libsso_public.access.log combined
|
- access_log: /var/log/nginx/libsso_public.access.log combined
|
||||||
|
|
||||||
|
agola.conf:
|
||||||
|
config:
|
||||||
|
- server:
|
||||||
|
- include:
|
||||||
|
- snippets/listen_ha
|
||||||
|
- snippets/tls_lysergic
|
||||||
|
- server_name: ci.lysergic.dev ci.git.com.de
|
||||||
|
- location /:
|
||||||
|
- proxy_pass: https://ci.lysergic.dev
|
||||||
|
- proxy_ssl_verify: 'on'
|
||||||
|
- include: snippets/proxy
|
||||||
|
|
||||||
manage_firewall: True
|
manage_firewall: True
|
||||||
firewalld:
|
firewalld:
|
||||||
zones:
|
zones:
|
||||||
|
@ -15,6 +15,7 @@ zypper:
|
|||||||
refreshdb_force: False
|
refreshdb_force: False
|
||||||
|
|
||||||
firewalld:
|
firewalld:
|
||||||
|
FlushAllOnReload: 'yes'
|
||||||
zones:
|
zones:
|
||||||
internal:
|
internal:
|
||||||
short: Internal
|
short: Internal
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{%- set mediapath = '/srv/matterbridge/' -%}
|
{%- set mediapath = '/var/lib/matterbridge/' -%}
|
||||||
|
|
||||||
{%- macro discord_common() -%}
|
{%- macro discord_common() -%}
|
||||||
AutoWebhooks: 'true'
|
AutoWebhooks: 'true'
|
||||||
@ -34,12 +34,12 @@ profile:
|
|||||||
Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'}
|
Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'}
|
||||||
Muc: muc.liberta.casa
|
Muc: muc.liberta.casa
|
||||||
Nick: viaduct
|
Nick: viaduct
|
||||||
RemoteNickFormat: '[{PROTOCOL}] <{NICK}>'
|
RemoteNickFormat: '[{PROTOCOL}] <{NICK}> '
|
||||||
Label: x
|
Label: x
|
||||||
Debug: 'false'
|
Debug: 'false'
|
||||||
telegram.libertacasa:
|
telegram.libertacasa:
|
||||||
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
|
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
|
||||||
RemoteNickFormat: '<{NICK}> '
|
RemoteNickFormat: '[{PROTOCOL}] <{NICK}> '
|
||||||
MessageFormat: HTMLNick
|
MessageFormat: HTMLNick
|
||||||
Label: tg
|
Label: tg
|
||||||
DisableWebPagePreview: 'true'
|
DisableWebPagePreview: 'true'
|
||||||
@ -47,7 +47,7 @@ profile:
|
|||||||
Server: 192.168.0.110:2220
|
Server: 192.168.0.110:2220
|
||||||
Nick: LC
|
Nick: LC
|
||||||
RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
|
RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
|
||||||
Label: p
|
Label: ssh
|
||||||
discord.23:
|
discord.23:
|
||||||
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
||||||
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
||||||
@ -61,7 +61,6 @@ profile:
|
|||||||
gateways:
|
gateways:
|
||||||
libcasa:
|
libcasa:
|
||||||
irc.libertacasa: '#libcasa'
|
irc.libertacasa: '#libcasa'
|
||||||
sshchat.Psyched: sshchat
|
|
||||||
xmpp.libertacasa: libcasa
|
xmpp.libertacasa: libcasa
|
||||||
dev:
|
dev:
|
||||||
irc.libertacasa: '#dev'
|
irc.libertacasa: '#dev'
|
||||||
@ -70,22 +69,18 @@ profile:
|
|||||||
irc.libertacasa: '#lucy'
|
irc.libertacasa: '#lucy'
|
||||||
xmpp.libertacasa: lucy
|
xmpp.libertacasa: lucy
|
||||||
telegram.libertacasa: '-1001795702961'
|
telegram.libertacasa: '-1001795702961'
|
||||||
|
sshchat.Psyched: sshchat
|
||||||
info:
|
info:
|
||||||
irc.libertacasa: '#libcasa.info'
|
irc.libertacasa: '#libcasa.info'
|
||||||
xmpp.libertacasa: libcasa.info
|
xmpp.libertacasa: libcasa.info
|
||||||
#telegram.libertacasa: '-1001518274267'
|
|
||||||
chat:
|
chat:
|
||||||
irc.libertacasa: '#chai'
|
irc.libertacasa: '#chat'
|
||||||
discord.23: chat
|
discord.23: chat
|
||||||
xmpp.libertacasa: chat
|
xmpp.libertacasa: chat
|
||||||
dota:
|
petals:
|
||||||
irc.libertacasa: '#dotes'
|
irc.libertacasa: '#Petals'
|
||||||
discord.23: dotes
|
telegram.libertacasa: '-1001971550949'
|
||||||
xmpp.libertacasa: dota
|
|
||||||
aithunder:
|
|
||||||
irc.libertacasa: '#aithunder'
|
|
||||||
# discord.aithunder: main-chat
|
|
||||||
xmpp.libertacasa: aithunder
|
|
||||||
|
|
||||||
libertacasa-irc:
|
libertacasa-irc:
|
||||||
general:
|
general:
|
||||||
@ -216,20 +211,15 @@ profile:
|
|||||||
nerds:
|
nerds:
|
||||||
irc.libertacasa: '#nerds'
|
irc.libertacasa: '#nerds'
|
||||||
irc.nerds: '#nerds'
|
irc.nerds: '#nerds'
|
||||||
chillops:
|
|
||||||
irc.libertacasa: '#chillops'
|
|
||||||
irc.chillnet: '#chillops'
|
|
||||||
irc.stardust: '#chillnet-test'
|
|
||||||
music:
|
music:
|
||||||
irc.libertacasa: '#music'
|
irc.libertacasa: '#music'
|
||||||
irc.chillnet: '#music'
|
irc.chillnet: '#music'
|
||||||
irc.stardust: '#music'
|
irc.stardust: '#music'
|
||||||
|
|
||||||
chillnet:
|
chillnet:
|
||||||
general:
|
general:
|
||||||
MediaDownloadSize: 1000000000
|
MediaDownloadSize: 1000000000
|
||||||
MediaDownloadPath: {{ mediapath }}chillnet
|
MediaDownloadPath: {{ mediapath }}chillnet
|
||||||
MediaServerDownload: https://uploads.chillnet.org
|
MediaServerDownload: https://up.chillnet.org
|
||||||
accounts:
|
accounts:
|
||||||
irc.chillnet:
|
irc.chillnet:
|
||||||
Server: irc.chillnet.org:6697
|
Server: irc.chillnet.org:6697
|
||||||
@ -250,22 +240,30 @@ profile:
|
|||||||
MessageFormat: HTMLNick
|
MessageFormat: HTMLNick
|
||||||
Label: tg
|
Label: tg
|
||||||
DisableWebPagePreview: 'true'
|
DisableWebPagePreview: 'true'
|
||||||
|
discord.23:
|
||||||
|
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
||||||
|
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
||||||
|
{{ discord_common() }}
|
||||||
gateways:
|
gateways:
|
||||||
fightclub:
|
staff:
|
||||||
irc.chillnet: '#fightclub'
|
irc.chillnet: '#chillstaff'
|
||||||
telegram.chillnet: '-1001932699309'
|
telegram.chillnet: '-1001932699309'
|
||||||
|
devs:
|
||||||
|
irc.chillnet: '#chilldevs'
|
||||||
|
telegram.chillnet: '-1001778806358'
|
||||||
|
discord.23: chilldevs
|
||||||
|
|
||||||
lighttpd:
|
lighttpd:
|
||||||
vhosts:
|
vhosts:
|
||||||
matterbridge-general:
|
matterbridge-general:
|
||||||
host: 'libertacasa-general\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
host: 'libertacasa-general.matterbridge.dericom02.rigel.lysergic.dev'
|
||||||
root: {{ mediapath }}libertacasa-general
|
root: {{ mediapath }}libertacasa-general
|
||||||
matterbridge-irc:
|
matterbridge-irc:
|
||||||
host: 'libertacasa-irc\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
host: 'libertacasa-irc.matterbridge.dericom02.rigel.lysergic.dev'
|
||||||
root: {{ mediapath }}libertacasa-irc
|
root: {{ mediapath }}libertacasa-irc
|
||||||
matterbridge-chillnet:
|
matterbridge-chillnet:
|
||||||
host: 'chillnet\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
host: 'chillnet.matterbridge.dericom02.rigel.lysergic.dev'
|
||||||
root: {{ mediapath }}chill
|
root: {{ mediapath }}chillnet
|
||||||
|
|
||||||
manage_firewall: True
|
manage_firewall: True
|
||||||
firewalld:
|
firewalld:
|
||||||
|
1
pillar/id/derigsm01_rigel_lysergic_dev.sls
Normal file
1
pillar/id/derigsm01_rigel_lysergic_dev.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
manage_firewall: True
|
@ -44,11 +44,11 @@
|
|||||||
- proxy_set_header: Host $http_host
|
- proxy_set_header: Host $http_host
|
||||||
- resolver: '{{ resolver }} ipv4=off valid=24h'
|
- resolver: '{{ resolver }} ipv4=off valid=24h'
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
{%- macro matterbridge_media(domain, name) -%}
|
{%- macro matterbridge_media(domain, name, tls='load') -%}
|
||||||
- server:
|
- server:
|
||||||
- include:
|
- include:
|
||||||
- snippets/listen
|
- snippets/listen
|
||||||
- snippets/tls_load
|
- snippets/tls_{{ tls }}
|
||||||
- snippets/tls
|
- snippets/tls
|
||||||
- server_name: {{ domain }}
|
- server_name: {{ domain }}
|
||||||
- location /:
|
- location /:
|
||||||
@ -71,6 +71,7 @@ nginx:
|
|||||||
{{ nginx_crtkeypair('meet', 'meet.com.de') | indent }}
|
{{ nginx_crtkeypair('meet', 'meet.com.de') | indent }}
|
||||||
{{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }}
|
{{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }}
|
||||||
{{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }}
|
{{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }}
|
||||||
|
{{ nginx_crtkeypair('up.chillnet.org', 'up.chillnet.org') | indent }}
|
||||||
|
|
||||||
{#- locations shared between clearnet and Tor LibertaCasa servers #}
|
{#- locations shared between clearnet and Tor LibertaCasa servers #}
|
||||||
libertacasa:
|
libertacasa:
|
||||||
@ -318,7 +319,8 @@ nginx:
|
|||||||
config:
|
config:
|
||||||
{{ matterbridge_media('load.casa', 'libertacasa-general') }}
|
{{ matterbridge_media('load.casa', 'libertacasa-general') }}
|
||||||
{{ matterbridge_media('irc.load.casa', 'libertacasa-irc') }}
|
{{ matterbridge_media('irc.load.casa', 'libertacasa-irc') }}
|
||||||
{{ matterbridge_media('uploads.chillnet.org', 'chillnet') }}
|
{{ matterbridge_media('up.chillnet.org', 'chillnet', 'up.chillnet.org') }}
|
||||||
|
|
||||||
meet.conf:
|
meet.conf:
|
||||||
config:
|
config:
|
||||||
- server:
|
- server:
|
||||||
|
1
pillar/id/derutil01_rigel_lysergic_dev.sls
Normal file
1
pillar/id/derutil01_rigel_lysergic_dev.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
manage_firewall: True
|
1
pillar/id/orpheus_psyched_dev.sls
Normal file
1
pillar/id/orpheus_psyched_dev.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
manage_sshd: False
|
1
pillar/id/selene_psyched_dev.sls
Normal file
1
pillar/id/selene_psyched_dev.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
manage_sshd: False
|
1
pillar/id/theia_psyched_dev.sls
Normal file
1
pillar/id/theia_psyched_dev.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
manage_sshd: False
|
7
pillar/id/thetrip_lysergic_dev.sls
Normal file
7
pillar/id/thetrip_lysergic_dev.sls
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
manage_firewall: True
|
||||||
|
firewalld:
|
||||||
|
zones:
|
||||||
|
public:
|
||||||
|
services:
|
||||||
|
- http
|
||||||
|
- https
|
@ -4,4 +4,6 @@ salt:
|
|||||||
minion:
|
minion:
|
||||||
master_type: str
|
master_type: str
|
||||||
backup_mode: minion
|
backup_mode: minion
|
||||||
|
cache_jobs: True
|
||||||
|
enable_gpu_grains: False
|
||||||
saltenv: production
|
saltenv: production
|
||||||
|
1
salt/common/openbsd.sls
Normal file
1
salt/common/openbsd.sls
Normal file
@ -0,0 +1 @@
|
|||||||
|
# Nothing yet
|
@ -41,7 +41,7 @@ salt_master_extra_packages:
|
|||||||
- python3-ldap
|
- python3-ldap
|
||||||
- python3-pynetbox
|
- python3-pynetbox
|
||||||
- python3-redis
|
- python3-redis
|
||||||
- redis
|
- redis7
|
||||||
- salt-bash-completion
|
- salt-bash-completion
|
||||||
- salt-fish-completion
|
- salt-fish-completion
|
||||||
- salt-keydiff
|
- salt-keydiff
|
||||||
@ -68,7 +68,7 @@ salt_master_extra_packages:
|
|||||||
- group: redis
|
- group: redis
|
||||||
- mode: '0640'
|
- mode: '0640'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis7
|
||||||
|
|
||||||
/var/lib/redis/salt:
|
/var/lib/redis/salt:
|
||||||
file.directory:
|
file.directory:
|
||||||
@ -76,19 +76,19 @@ salt_master_extra_packages:
|
|||||||
- group: redis
|
- group: redis
|
||||||
- mode: '0750'
|
- mode: '0750'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis7
|
||||||
|
|
||||||
salt_redis_service_enable:
|
salt_redis_service_enable:
|
||||||
service.enabled:
|
service.enabled:
|
||||||
- name: {{ redis_service }}
|
- name: {{ redis_service }}
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis7
|
||||||
|
|
||||||
salt_redis_service_start:
|
salt_redis_service_start:
|
||||||
service.running:
|
service.running:
|
||||||
- name: {{ redis_service }}
|
- name: {{ redis_service }}
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis7
|
||||||
- watch:
|
- watch:
|
||||||
- file: {{ redis_config }}
|
- file: {{ redis_config }}
|
||||||
|
|
||||||
@ -96,7 +96,7 @@ salt_redis_membership:
|
|||||||
group.present:
|
group.present:
|
||||||
- name: redis
|
- name: redis
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis7
|
||||||
- addusers:
|
- addusers:
|
||||||
- {{ master_pillar['user'] }}
|
- {{ master_pillar['user'] }}
|
||||||
{%- if pillar['secret_salt'] is defined %}
|
{%- if pillar['secret_salt'] is defined %}
|
||||||
|
Loading…
Reference in New Issue
Block a user