Compare commits

..

1 Commits

Author SHA1 Message Date
52803b6f55
Init orpheus.psyched.dev
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add pillar ID for orpheus to disable sshd management (machine uses
custom configuration for $reasons).

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:57:40 +02:00
12 changed files with 39 additions and 66 deletions

View File

@ -127,7 +127,7 @@ nginx:
- client_max_body_size: 20M - client_max_body_size: 20M
- modsecurity_rules: |- - modsecurity_rules: |-
' '
SecRuleRemoveById 941160 949110 SecRuleRemoveById 941160
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'" SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
' '
@ -212,18 +212,6 @@ nginx:
- error_log: /var/log/nginx/libsso_public.error.log - error_log: /var/log/nginx/libsso_public.error.log
- access_log: /var/log/nginx/libsso_public.access.log combined - access_log: /var/log/nginx/libsso_public.access.log combined
agola.conf:
config:
- server:
- include:
- snippets/listen_ha
- snippets/tls_lysergic
- server_name: ci.lysergic.dev ci.git.com.de
- location /:
- proxy_pass: https://ci.lysergic.dev
- proxy_ssl_verify: 'on'
- include: snippets/proxy
manage_firewall: True manage_firewall: True
firewalld: firewalld:
zones: zones:

View File

@ -15,7 +15,6 @@ zypper:
refreshdb_force: False refreshdb_force: False
firewalld: firewalld:
FlushAllOnReload: 'yes'
zones: zones:
internal: internal:
short: Internal short: Internal

View File

@ -1,4 +1,4 @@
{%- set mediapath = '/var/lib/matterbridge/' -%} {%- set mediapath = '/srv/matterbridge/' -%}
{%- macro discord_common() -%} {%- macro discord_common() -%}
AutoWebhooks: 'true' AutoWebhooks: 'true'
@ -34,12 +34,12 @@ profile:
Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'} Password: ${'secret_matterbridge:general:accounts:xmpp.libertacasa:Password'}
Muc: muc.liberta.casa Muc: muc.liberta.casa
Nick: viaduct Nick: viaduct
RemoteNickFormat: '[{PROTOCOL}] <{NICK}> ' RemoteNickFormat: '[{PROTOCOL}] <{NICK}>'
Label: x Label: x
Debug: 'false' Debug: 'false'
telegram.libertacasa: telegram.libertacasa:
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'} Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
RemoteNickFormat: '[{PROTOCOL}] &lt;{NICK}&gt; ' RemoteNickFormat: '&lt;{NICK}&gt; '
MessageFormat: HTMLNick MessageFormat: HTMLNick
Label: tg Label: tg
DisableWebPagePreview: 'true' DisableWebPagePreview: 'true'
@ -47,7 +47,7 @@ profile:
Server: 192.168.0.110:2220 Server: 192.168.0.110:2220
Nick: LC Nick: LC
RemoteNickFormat: '{PROTOCOL}:<{NICK}> ' RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
Label: ssh Label: p
discord.23: discord.23:
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'} Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'} Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
@ -61,6 +61,7 @@ profile:
gateways: gateways:
libcasa: libcasa:
irc.libertacasa: '#libcasa' irc.libertacasa: '#libcasa'
sshchat.Psyched: sshchat
xmpp.libertacasa: libcasa xmpp.libertacasa: libcasa
dev: dev:
irc.libertacasa: '#dev' irc.libertacasa: '#dev'
@ -69,18 +70,22 @@ profile:
irc.libertacasa: '#lucy' irc.libertacasa: '#lucy'
xmpp.libertacasa: lucy xmpp.libertacasa: lucy
telegram.libertacasa: '-1001795702961' telegram.libertacasa: '-1001795702961'
sshchat.Psyched: sshchat
info: info:
irc.libertacasa: '#libcasa.info' irc.libertacasa: '#libcasa.info'
xmpp.libertacasa: libcasa.info xmpp.libertacasa: libcasa.info
#telegram.libertacasa: '-1001518274267'
chat: chat:
irc.libertacasa: '#chat' irc.libertacasa: '#chai'
discord.23: chat discord.23: chat
xmpp.libertacasa: chat xmpp.libertacasa: chat
petals: dota:
irc.libertacasa: '#Petals' irc.libertacasa: '#dotes'
telegram.libertacasa: '-1001971550949' discord.23: dotes
xmpp.libertacasa: dota
aithunder:
irc.libertacasa: '#aithunder'
# discord.aithunder: main-chat
xmpp.libertacasa: aithunder
libertacasa-irc: libertacasa-irc:
general: general:
@ -211,15 +216,20 @@ profile:
nerds: nerds:
irc.libertacasa: '#nerds' irc.libertacasa: '#nerds'
irc.nerds: '#nerds' irc.nerds: '#nerds'
chillops:
irc.libertacasa: '#chillops'
irc.chillnet: '#chillops'
irc.stardust: '#chillnet-test'
music: music:
irc.libertacasa: '#music' irc.libertacasa: '#music'
irc.chillnet: '#music' irc.chillnet: '#music'
irc.stardust: '#music' irc.stardust: '#music'
chillnet: chillnet:
general: general:
MediaDownloadSize: 1000000000 MediaDownloadSize: 1000000000
MediaDownloadPath: {{ mediapath }}chillnet MediaDownloadPath: {{ mediapath }}chillnet
MediaServerDownload: https://up.chillnet.org MediaServerDownload: https://uploads.chillnet.org
accounts: accounts:
irc.chillnet: irc.chillnet:
Server: irc.chillnet.org:6697 Server: irc.chillnet.org:6697
@ -240,30 +250,22 @@ profile:
MessageFormat: HTMLNick MessageFormat: HTMLNick
Label: tg Label: tg
DisableWebPagePreview: 'true' DisableWebPagePreview: 'true'
discord.23:
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
{{ discord_common() }}
gateways: gateways:
staff: fightclub:
irc.chillnet: '#chillstaff' irc.chillnet: '#fightclub'
telegram.chillnet: '-1001932699309' telegram.chillnet: '-1001932699309'
devs:
irc.chillnet: '#chilldevs'
telegram.chillnet: '-1001778806358'
discord.23: chilldevs
lighttpd: lighttpd:
vhosts: vhosts:
matterbridge-general: matterbridge-general:
host: 'libertacasa-general.matterbridge.dericom02.rigel.lysergic.dev' host: 'libertacasa-general\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
root: {{ mediapath }}libertacasa-general root: {{ mediapath }}libertacasa-general
matterbridge-irc: matterbridge-irc:
host: 'libertacasa-irc.matterbridge.dericom02.rigel.lysergic.dev' host: 'libertacasa-irc\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
root: {{ mediapath }}libertacasa-irc root: {{ mediapath }}libertacasa-irc
matterbridge-chillnet: matterbridge-chillnet:
host: 'chillnet.matterbridge.dericom02.rigel.lysergic.dev' host: 'chillnet\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
root: {{ mediapath }}chillnet root: {{ mediapath }}chill
manage_firewall: True manage_firewall: True
firewalld: firewalld:

View File

@ -1 +0,0 @@
manage_firewall: True

View File

@ -44,11 +44,11 @@
- proxy_set_header: Host $http_host - proxy_set_header: Host $http_host
- resolver: '{{ resolver }} ipv4=off valid=24h' - resolver: '{{ resolver }} ipv4=off valid=24h'
{%- endmacro -%} {%- endmacro -%}
{%- macro matterbridge_media(domain, name, tls='load') -%} {%- macro matterbridge_media(domain, name) -%}
- server: - server:
- include: - include:
- snippets/listen - snippets/listen
- snippets/tls_{{ tls }} - snippets/tls_load
- snippets/tls - snippets/tls
- server_name: {{ domain }} - server_name: {{ domain }}
- location /: - location /:
@ -71,7 +71,6 @@ nginx:
{{ nginx_crtkeypair('meet', 'meet.com.de') | indent }} {{ nginx_crtkeypair('meet', 'meet.com.de') | indent }}
{{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }} {{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }}
{{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }} {{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }}
{{ nginx_crtkeypair('up.chillnet.org', 'up.chillnet.org') | indent }}
{#- locations shared between clearnet and Tor LibertaCasa servers #} {#- locations shared between clearnet and Tor LibertaCasa servers #}
libertacasa: libertacasa:
@ -317,10 +316,9 @@ nginx:
matterbridge.conf: matterbridge.conf:
config: config:
{{ matterbridge_media('load.casa', 'libertacasa-general') }} {{ matterbridge_media('load.casa', 'libertacasa-general') }}
{{ matterbridge_media('irc.load.casa', 'libertacasa-irc') }} {{ matterbridge_media('irc.load.casa', 'libertacasa-irc') }}
{{ matterbridge_media('up.chillnet.org', 'chillnet', 'up.chillnet.org') }} {{ matterbridge_media('uploads.chillnet.org', 'chillnet') }}
meet.conf: meet.conf:
config: config:
- server: - server:

View File

@ -1 +0,0 @@
manage_firewall: True

View File

@ -1 +0,0 @@
manage_sshd: False

View File

@ -1 +0,0 @@
manage_sshd: False

View File

@ -1,7 +0,0 @@
manage_firewall: True
firewalld:
zones:
public:
services:
- http
- https

View File

@ -4,6 +4,4 @@ salt:
minion: minion:
master_type: str master_type: str
backup_mode: minion backup_mode: minion
cache_jobs: True
enable_gpu_grains: False
saltenv: production saltenv: production

View File

@ -1 +0,0 @@
# Nothing yet

View File

@ -41,7 +41,7 @@ salt_master_extra_packages:
- python3-ldap - python3-ldap
- python3-pynetbox - python3-pynetbox
- python3-redis - python3-redis
- redis7 - redis
- salt-bash-completion - salt-bash-completion
- salt-fish-completion - salt-fish-completion
- salt-keydiff - salt-keydiff
@ -68,7 +68,7 @@ salt_master_extra_packages:
- group: redis - group: redis
- mode: '0640' - mode: '0640'
- require: - require:
- pkg: redis7 - pkg: redis
/var/lib/redis/salt: /var/lib/redis/salt:
file.directory: file.directory:
@ -76,19 +76,19 @@ salt_master_extra_packages:
- group: redis - group: redis
- mode: '0750' - mode: '0750'
- require: - require:
- pkg: redis7 - pkg: redis
salt_redis_service_enable: salt_redis_service_enable:
service.enabled: service.enabled:
- name: {{ redis_service }} - name: {{ redis_service }}
- require: - require:
- pkg: redis7 - pkg: redis
salt_redis_service_start: salt_redis_service_start:
service.running: service.running:
- name: {{ redis_service }} - name: {{ redis_service }}
- require: - require:
- pkg: redis7 - pkg: redis
- watch: - watch:
- file: {{ redis_config }} - file: {{ redis_config }}
@ -96,7 +96,7 @@ salt_redis_membership:
group.present: group.present:
- name: redis - name: redis
- require: - require:
- pkg: redis7 - pkg: redis
- addusers: - addusers:
- {{ master_pillar['user'] }} - {{ master_pillar['user'] }}
{%- if pillar['secret_salt'] is defined %} {%- if pillar['secret_salt'] is defined %}