Compare commits
No commits in common. "production" and "privatebin" have entirely different histories.
production
...
privatebin
@ -1,14 +1,4 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
# This rewrites top-files to fetch roles from grains instead of our custom roles API. Useful for testing outside of the LibertaCasa infrastructure, but not recommended for production.
|
# This rewrites top-files to fetch roles from grains instead of our custom roles API. Useful for testing outside of the LibertaCasa infrastructure, but not recommended for production.
|
||||||
|
|
||||||
potential_files=(*/top.sls salt/common/suse.sls)
|
sed -i "s/salt\['http.query'\].*/grains\['roles'\] -%}/" */top.sls
|
||||||
|
|
||||||
for file in ${potential_files[@]}
|
|
||||||
do
|
|
||||||
if [ -f "$file" ]
|
|
||||||
then
|
|
||||||
files+="$file "
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
sed -i "s/salt\['http.query'\].*/grains\['roles'\] -%}/" ${files[@]}
|
|
||||||
|
@ -127,7 +127,7 @@ nginx:
|
|||||||
- client_max_body_size: 20M
|
- client_max_body_size: 20M
|
||||||
- modsecurity_rules: |-
|
- modsecurity_rules: |-
|
||||||
'
|
'
|
||||||
SecRuleRemoveById 941160 949110
|
SecRuleRemoveById 941160
|
||||||
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
|
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
|
||||||
'
|
'
|
||||||
|
|
||||||
@ -212,19 +212,6 @@ nginx:
|
|||||||
- error_log: /var/log/nginx/libsso_public.error.log
|
- error_log: /var/log/nginx/libsso_public.error.log
|
||||||
- access_log: /var/log/nginx/libsso_public.access.log combined
|
- access_log: /var/log/nginx/libsso_public.access.log combined
|
||||||
|
|
||||||
agola.conf:
|
|
||||||
config:
|
|
||||||
- server:
|
|
||||||
- include:
|
|
||||||
- snippets/listen_ha
|
|
||||||
- snippets/tls_lysergic
|
|
||||||
- server_name: ci.lysergic.dev ci.git.com.de
|
|
||||||
- location /:
|
|
||||||
- proxy_pass: https://ci.lysergic.dev
|
|
||||||
- proxy_ssl_verify: 'on'
|
|
||||||
- include: snippets/proxy
|
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
firewalld:
|
firewalld:
|
||||||
zones:
|
zones:
|
||||||
public:
|
public:
|
||||||
|
@ -15,7 +15,6 @@ zypper:
|
|||||||
refreshdb_force: False
|
refreshdb_force: False
|
||||||
|
|
||||||
firewalld:
|
firewalld:
|
||||||
FlushAllOnReload: 'yes'
|
|
||||||
zones:
|
zones:
|
||||||
internal:
|
internal:
|
||||||
short: Internal
|
short: Internal
|
||||||
|
@ -1 +0,0 @@
|
|||||||
manage_firewall: True
|
|
@ -1,4 +1,4 @@
|
|||||||
{%- set mediapath = '/var/lib/matterbridge/' -%}
|
{%- set mediapath = '/srv/matterbridge/' -%}
|
||||||
|
|
||||||
{%- macro discord_common() -%}
|
{%- macro discord_common() -%}
|
||||||
AutoWebhooks: 'true'
|
AutoWebhooks: 'true'
|
||||||
@ -39,7 +39,7 @@ profile:
|
|||||||
Debug: 'false'
|
Debug: 'false'
|
||||||
telegram.libertacasa:
|
telegram.libertacasa:
|
||||||
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
|
Token: ${'secret_matterbridge:general:accounts:telegram.libertacasa:Token'}
|
||||||
RemoteNickFormat: '[{PROTOCOL}] <{NICK}> '
|
RemoteNickFormat: '<{NICK}> '
|
||||||
MessageFormat: HTMLNick
|
MessageFormat: HTMLNick
|
||||||
Label: tg
|
Label: tg
|
||||||
DisableWebPagePreview: 'true'
|
DisableWebPagePreview: 'true'
|
||||||
@ -47,7 +47,7 @@ profile:
|
|||||||
Server: 192.168.0.110:2220
|
Server: 192.168.0.110:2220
|
||||||
Nick: LC
|
Nick: LC
|
||||||
RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
|
RemoteNickFormat: '{PROTOCOL}:<{NICK}> '
|
||||||
Label: ssh
|
Label: p
|
||||||
discord.23:
|
discord.23:
|
||||||
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
||||||
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
||||||
@ -61,6 +61,7 @@ profile:
|
|||||||
gateways:
|
gateways:
|
||||||
libcasa:
|
libcasa:
|
||||||
irc.libertacasa: '#libcasa'
|
irc.libertacasa: '#libcasa'
|
||||||
|
sshchat.Psyched: sshchat
|
||||||
xmpp.libertacasa: libcasa
|
xmpp.libertacasa: libcasa
|
||||||
dev:
|
dev:
|
||||||
irc.libertacasa: '#dev'
|
irc.libertacasa: '#dev'
|
||||||
@ -68,19 +69,22 @@ profile:
|
|||||||
lucy:
|
lucy:
|
||||||
irc.libertacasa: '#lucy'
|
irc.libertacasa: '#lucy'
|
||||||
xmpp.libertacasa: lucy
|
xmpp.libertacasa: lucy
|
||||||
telegram.libertacasa: '-1001795702961'
|
|
||||||
sshchat.Psyched: sshchat
|
|
||||||
info:
|
info:
|
||||||
irc.libertacasa: '#libcasa.info'
|
irc.libertacasa: '#libcasa.info'
|
||||||
xmpp.libertacasa: libcasa.info
|
xmpp.libertacasa: libcasa.info
|
||||||
|
#telegram.libertacasa: '-1001518274267'
|
||||||
chat:
|
chat:
|
||||||
irc.libertacasa: '#chat'
|
irc.libertacasa: '#chai'
|
||||||
discord.23: chat
|
discord.23: chat
|
||||||
xmpp.libertacasa: chat
|
xmpp.libertacasa: chat
|
||||||
petals:
|
dota:
|
||||||
irc.libertacasa: '#Petals'
|
irc.libertacasa: '#dotes'
|
||||||
telegram.libertacasa: '-1001971550949'
|
discord.23: dotes
|
||||||
|
xmpp.libertacasa: dota
|
||||||
|
aithunder:
|
||||||
|
irc.libertacasa: '#aithunder'
|
||||||
|
# discord.aithunder: main-chat
|
||||||
|
xmpp.libertacasa: aithunder
|
||||||
|
|
||||||
libertacasa-irc:
|
libertacasa-irc:
|
||||||
general:
|
general:
|
||||||
@ -211,61 +215,24 @@ profile:
|
|||||||
nerds:
|
nerds:
|
||||||
irc.libertacasa: '#nerds'
|
irc.libertacasa: '#nerds'
|
||||||
irc.nerds: '#nerds'
|
irc.nerds: '#nerds'
|
||||||
|
chillops:
|
||||||
|
irc.libertacasa: '#chillops'
|
||||||
|
irc.chillnet: '#chillops'
|
||||||
|
irc.stardust: '#chillnet-test'
|
||||||
music:
|
music:
|
||||||
irc.libertacasa: '#music'
|
irc.libertacasa: '#music'
|
||||||
irc.chillnet: '#music'
|
irc.chillnet: '#music'
|
||||||
irc.stardust: '#music'
|
irc.stardust: '#music'
|
||||||
chillnet:
|
|
||||||
general:
|
|
||||||
MediaDownloadSize: 1000000000
|
|
||||||
MediaDownloadPath: {{ mediapath }}chillnet
|
|
||||||
MediaServerDownload: https://up.chillnet.org
|
|
||||||
accounts:
|
|
||||||
irc.chillnet:
|
|
||||||
Server: irc.chillnet.org:6697
|
|
||||||
UseTLS: 'true'
|
|
||||||
UseSASL: 'true'
|
|
||||||
Nick: viaduct
|
|
||||||
NickServNick: viaduct
|
|
||||||
NickServPassword: ${'secret_matterbridge:chillnet:accounts:irc.chillnet:NickServPassword'}
|
|
||||||
ColorNicks: 'true'
|
|
||||||
Charset: utf8
|
|
||||||
MessageSplit: 'true'
|
|
||||||
MessageQueue: 60
|
|
||||||
UseRelayMsg: 'true'
|
|
||||||
RemoteNickFormat: '{NICK}/{LABEL}'
|
|
||||||
telegram.chillnet:
|
|
||||||
Token: ${'secret_matterbridge:chillnet:accounts:telegram.chillnet:Token'}
|
|
||||||
RemoteNickFormat: '<{NICK}> '
|
|
||||||
MessageFormat: HTMLNick
|
|
||||||
Label: tg
|
|
||||||
DisableWebPagePreview: 'true'
|
|
||||||
discord.23:
|
|
||||||
Token: ${'secret_matterbridge:general:accounts:discord.23:Token'}
|
|
||||||
Server: ${'secret_matterbridge:general:accounts:discord.23:Server'}
|
|
||||||
{{ discord_common() }}
|
|
||||||
gateways:
|
|
||||||
staff:
|
|
||||||
irc.chillnet: '#chillstaff'
|
|
||||||
telegram.chillnet: '-1001932699309'
|
|
||||||
devs:
|
|
||||||
irc.chillnet: '#chilldevs'
|
|
||||||
telegram.chillnet: '-1001778806358'
|
|
||||||
discord.23: chilldevs
|
|
||||||
|
|
||||||
lighttpd:
|
lighttpd:
|
||||||
vhosts:
|
vhosts:
|
||||||
matterbridge-general:
|
matterbridge-general:
|
||||||
host: 'libertacasa-general.matterbridge.dericom02.rigel.lysergic.dev'
|
host: 'libertacasa-general\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
||||||
root: {{ mediapath }}libertacasa-general
|
root: {{ mediapath }}libertacasa-general
|
||||||
matterbridge-irc:
|
matterbridge-irc:
|
||||||
host: 'libertacasa-irc.matterbridge.dericom02.rigel.lysergic.dev'
|
host: 'libertacasa-irc\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
|
||||||
root: {{ mediapath }}libertacasa-irc
|
root: {{ mediapath }}libertacasa-irc
|
||||||
matterbridge-chillnet:
|
|
||||||
host: 'chillnet.matterbridge.dericom02.rigel.lysergic.dev'
|
|
||||||
root: {{ mediapath }}chillnet
|
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
firewalld:
|
firewalld:
|
||||||
zones:
|
zones:
|
||||||
web:
|
web:
|
||||||
|
@ -1 +0,0 @@
|
|||||||
manage_firewall: True
|
|
@ -12,5 +12,3 @@ tor:
|
|||||||
hostname: cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion
|
hostname: cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion
|
||||||
hs_ed25519_public_key: PT0gZWQyNTUxOXYxLXB1YmxpYzogdHlwZTAgPT0AAAAUd+uGrDJs0tuSXjiqC8LbsnJJMSbx15jQ7calMDGHhw==
|
hs_ed25519_public_key: PT0gZWQyNTUxOXYxLXB1YmxpYzogdHlwZTAgPT0AAAAUd+uGrDJs0tuSXjiqC8LbsnJJMSbx15jQ7calMDGHhw==
|
||||||
hs_ed25519_secret_key: ${'secret_tor:hidden_services:irc:key'}
|
hs_ed25519_secret_key: ${'secret_tor:hidden_services:irc:key'}
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
|
@ -44,15 +44,15 @@
|
|||||||
- proxy_set_header: Host $http_host
|
- proxy_set_header: Host $http_host
|
||||||
- resolver: '{{ resolver }} ipv4=off valid=24h'
|
- resolver: '{{ resolver }} ipv4=off valid=24h'
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
{%- macro matterbridge_media(domain, name, tls='load') -%}
|
{%- macro matterbridge_media(name) -%}
|
||||||
- server:
|
- server:
|
||||||
- include:
|
- include:
|
||||||
- snippets/listen
|
- snippets/listen
|
||||||
- snippets/tls_{{ tls }}
|
- snippets/tls_load
|
||||||
- snippets/tls
|
- snippets/tls
|
||||||
- server_name: {{ domain }}
|
- server_name: {% if name == 'general' %}load.casa{%- else %}{{ name ~ '.load.casa' }}{%- endif %}
|
||||||
- location /:
|
- location /:
|
||||||
- proxy_pass: http://{{ name }}.matterbridge.dericom02.rigel.lysergic.dev
|
- proxy_pass: http://libertacasa-{{ name }}.matterbridge.dericom02.rigel.lysergic.dev
|
||||||
{%- endmacro -%}
|
{%- endmacro -%}
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
@ -71,7 +71,6 @@ nginx:
|
|||||||
{{ nginx_crtkeypair('meet', 'meet.com.de') | indent }}
|
{{ nginx_crtkeypair('meet', 'meet.com.de') | indent }}
|
||||||
{{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }}
|
{{ nginx_crtkeypair('takahe', 'social.liberta.casa') | indent }}
|
||||||
{{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }}
|
{{ nginx_crtkeypair('pub_sectigo', 'pub') | indent }}
|
||||||
{{ nginx_crtkeypair('up.chillnet.org', 'up.chillnet.org') | indent }}
|
|
||||||
|
|
||||||
{#- locations shared between clearnet and Tor LibertaCasa servers #}
|
{#- locations shared between clearnet and Tor LibertaCasa servers #}
|
||||||
libertacasa:
|
libertacasa:
|
||||||
@ -317,9 +316,8 @@ nginx:
|
|||||||
|
|
||||||
matterbridge.conf:
|
matterbridge.conf:
|
||||||
config:
|
config:
|
||||||
{{ matterbridge_media('load.casa', 'libertacasa-general') }}
|
{{ matterbridge_media('general') }}
|
||||||
{{ matterbridge_media('irc.load.casa', 'libertacasa-irc') }}
|
{{ matterbridge_media('irc') }}
|
||||||
{{ matterbridge_media('up.chillnet.org', 'chillnet', 'up.chillnet.org') }}
|
|
||||||
|
|
||||||
meet.conf:
|
meet.conf:
|
||||||
config:
|
config:
|
||||||
@ -443,4 +441,3 @@ nginx:
|
|||||||
- sub_filter_types: application/xml
|
- sub_filter_types: application/xml
|
||||||
- sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life
|
- sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
manage_firewall: True
|
|
@ -108,16 +108,3 @@ prometheus:
|
|||||||
require_tls: false
|
require_tls: false
|
||||||
smarthost: 'zz0.email:465'
|
smarthost: 'zz0.email:465'
|
||||||
send_resolved: yes
|
send_resolved: yes
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
firewalld:
|
|
||||||
zones:
|
|
||||||
internal:
|
|
||||||
services:
|
|
||||||
- https
|
|
||||||
ports:
|
|
||||||
- comment: DNS Slave
|
|
||||||
port: 5353
|
|
||||||
protocol: tcp
|
|
||||||
- port: 5353
|
|
||||||
protocol: udp
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
manage_sshd: False
|
|
@ -1 +0,0 @@
|
|||||||
manage_sshd: False
|
|
@ -1 +0,0 @@
|
|||||||
manage_firewall: True
|
|
@ -1 +0,0 @@
|
|||||||
manage_sshd: False
|
|
@ -1 +0,0 @@
|
|||||||
manage_sshd: False
|
|
@ -25,19 +25,19 @@ apache:
|
|||||||
DirectoryIndex: index.php
|
DirectoryIndex: index.php
|
||||||
Directory:
|
Directory:
|
||||||
/srv/www/BookStack/:
|
/srv/www/BookStack/:
|
||||||
Options: FollowSymLinks
|
Options: 'Indexes FollowSymLinks -MultiViews'
|
||||||
AllowOverride: None
|
AllowOverride: None
|
||||||
Require: all granted
|
Require: all granted
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
RewriteEngine On
|
RewriteEngine On
|
||||||
RewriteCond %{HTTP:Authorization} .
|
RewriteCond '%{HTTP:Authorization} .'
|
||||||
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
RewriteCond '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'
|
||||||
RewriteCond %{REQUEST_FILENAME} !-d
|
RewriteCond '%{REQUEST_FILENAME} !-d'
|
||||||
RewriteCond %{REQUEST_URI} (.+)/$
|
RewriteCond '%{REQUEST_URI} (.+)/$'
|
||||||
RewriteRule ^ %1 [L,R=301]
|
RewriteCond '^ %1 [L,R=301]'
|
||||||
RewriteCond %{REQUEST_FILENAME} !-d
|
RewriteCond '%{REQUEST_FILENAME} !-d'
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond '%{REQUEST_FILENAME} !-f'
|
||||||
RewriteRule ^ index.php [L]
|
RewriteCond '^ index.php [L]'
|
||||||
{{ httpdformulaexcess() }}
|
{{ httpdformulaexcess() }}
|
||||||
Formula_Append: |
|
Formula_Append: |
|
||||||
{{ httpdcommon('BookStack') }}
|
{{ httpdcommon('BookStack') }}
|
||||||
@ -88,9 +88,9 @@ profile:
|
|||||||
saml2_email_attribute: email
|
saml2_email_attribute: email
|
||||||
saml2_external_id_attribute: uid
|
saml2_external_id_attribute: uid
|
||||||
saml2_display_name_attributes: fullname
|
saml2_display_name_attributes: fullname
|
||||||
saml2_idp_entityid: https://libsso.net/realms/LibertaCasa
|
saml2_idp_entityid: https://libsso.net/realms/libertacasa
|
||||||
saml2_idp_sso: https://libsso.net/realms/LibertaCasa/protocol/saml
|
saml2_idp_sso: https://libsso.net/realms/libertacasa/protocol/saml
|
||||||
saml2_idp_slo: https://libsso.net/realms/LibertaCasa/protocol/saml
|
saml2_idp_slo: https://libsso.net/realms/libertacasa/protocol/saml
|
||||||
saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'}
|
saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'}
|
||||||
saml2_autoload_metadata: false
|
saml2_autoload_metadata: false
|
||||||
saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'}
|
saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'}
|
||||||
@ -142,7 +142,6 @@ profile:
|
|||||||
pwd: ${'secret_privatebin:model_options:pwd'}
|
pwd: ${'secret_privatebin:model_options:pwd'}
|
||||||
opt[12]: true
|
opt[12]: true
|
||||||
|
|
||||||
manage_firewall: True
|
|
||||||
firewalld:
|
firewalld:
|
||||||
zones:
|
zones:
|
||||||
backend:
|
backend:
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
manage_firewall: True
|
|
||||||
firewalld:
|
|
||||||
zones:
|
|
||||||
public:
|
|
||||||
services:
|
|
||||||
- http
|
|
||||||
- https
|
|
@ -1 +0,0 @@
|
|||||||
# empty
|
|
@ -1 +0,0 @@
|
|||||||
# empty
|
|
@ -21,7 +21,7 @@ salt:
|
|||||||
- roots
|
- roots
|
||||||
- git
|
- git
|
||||||
file_roots:
|
file_roots:
|
||||||
__env__:
|
production:
|
||||||
{%- for formula in formulas %}
|
{%- for formula in formulas %}
|
||||||
- /srv/formulas/{{ formula }}-formula
|
- /srv/formulas/{{ formula }}-formula
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
@ -30,7 +30,6 @@ salt:
|
|||||||
- https://git.com.de/LibertaCasa/salt.git:
|
- https://git.com.de/LibertaCasa/salt.git:
|
||||||
- user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
|
- user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
|
||||||
- password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
|
- password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
|
||||||
- fallback: production
|
|
||||||
ext_pillar:
|
ext_pillar:
|
||||||
- netbox:
|
- netbox:
|
||||||
api_url: ${'secret_salt:master:ext_pillar:netbox:api_url'}
|
api_url: ${'secret_salt:master:ext_pillar:netbox:api_url'}
|
||||||
@ -60,7 +59,6 @@ salt:
|
|||||||
timeout: 20
|
timeout: 20
|
||||||
gather_job_timeout: 20
|
gather_job_timeout: 20
|
||||||
keep_jobs: 30
|
keep_jobs: 30
|
||||||
ping_on_rotate: True
|
|
||||||
user: ${'secret_salt:master:user'}
|
user: ${'secret_salt:master:user'}
|
||||||
syndic_user: ${'secret_salt:master:syndic_user'}
|
syndic_user: ${'secret_salt:master:syndic_user'}
|
||||||
cache.redis.unix_socket_path: ${'secret_salt:master:cache.redis.unix_socket_path'}
|
cache.redis.unix_socket_path: ${'secret_salt:master:cache.redis.unix_socket_path'}
|
||||||
|
@ -3,7 +3,4 @@ salt:
|
|||||||
minion_remove_config: True
|
minion_remove_config: True
|
||||||
minion:
|
minion:
|
||||||
master_type: str
|
master_type: str
|
||||||
backup_mode: minion
|
|
||||||
cache_jobs: True
|
|
||||||
enable_gpu_grains: False
|
|
||||||
saltenv: production
|
saltenv: production
|
||||||
|
@ -1 +0,0 @@
|
|||||||
# Nothing yet
|
|
@ -1,6 +1,5 @@
|
|||||||
include:
|
include:
|
||||||
- openssh.banner
|
- openssh.banner
|
||||||
{%- if salt['pillar.get']('manage_sshd', True) %}
|
|
||||||
- openssh.config
|
- openssh.config
|
||||||
|
|
||||||
/etc/ssh/user_ca:
|
/etc/ssh/user_ca:
|
||||||
@ -11,4 +10,3 @@ include:
|
|||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
- require:
|
- require:
|
||||||
- pkg: openssh
|
- pkg: openssh
|
||||||
{%- endif %}
|
|
||||||
|
@ -1,16 +1,9 @@
|
|||||||
include:
|
include:
|
||||||
{#- drop pillar check after all firewall configurations have been imported #}
|
|
||||||
{%- if salt['pillar.get']('manage_firewall', False) %}
|
|
||||||
- firewalld
|
- firewalld
|
||||||
{%- endif %}
|
|
||||||
- profile.seccheck
|
- profile.seccheck
|
||||||
- profile.zypp
|
- profile.zypp
|
||||||
- profile.prometheus.node_exporter
|
- profile.prometheus.node_exporter
|
||||||
{%- if salt['cmd.run']("awk '/^passwd/{ print $2; exit }' /etc/nsswitch.conf") == 'sss' %}
|
|
||||||
{%- do salt.log.warning('Not configuring local users due to sss') %}
|
|
||||||
{%- else %}
|
|
||||||
- users
|
- users
|
||||||
{%- endif %}
|
|
||||||
- .ssh
|
- .ssh
|
||||||
- postfix.config
|
- postfix.config
|
||||||
|
|
||||||
@ -69,6 +62,7 @@ common_packages_remove:
|
|||||||
{#- we only use AutoYaST for the OS deployment #}
|
{#- we only use AutoYaST for the OS deployment #}
|
||||||
- autoyast2
|
- autoyast2
|
||||||
- autoyast2-installation
|
- autoyast2-installation
|
||||||
|
- libX11-data
|
||||||
- yast2-add-on
|
- yast2-add-on
|
||||||
- yast2-services-manager
|
- yast2-services-manager
|
||||||
- yast2-slp
|
- yast2-slp
|
||||||
|
@ -16,8 +16,11 @@
|
|||||||
- require:
|
- require:
|
||||||
- file: {{ snippetsdir }}
|
- file: {{ snippetsdir }}
|
||||||
{#- formula dependencies #}
|
{#- formula dependencies #}
|
||||||
- watch_in:
|
- require_in:
|
||||||
|
- module: apache-service-running-restart
|
||||||
- service: apache-service-running
|
- service: apache-service-running
|
||||||
|
- watch_in:
|
||||||
|
- module: apache-service-running-reload
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ bookstack_permissions:
|
|||||||
file.managed:
|
file.managed:
|
||||||
- mode: '0640'
|
- mode: '0640'
|
||||||
- user: root
|
- user: root
|
||||||
- group: www
|
- group: wwwrun
|
||||||
- names:
|
- names:
|
||||||
- {{ configfile }}
|
- {{ configfile }}
|
||||||
|
|
||||||
@ -24,10 +24,10 @@ bookstack_permissions:
|
|||||||
- key_values:
|
- key_values:
|
||||||
{%- macro condconf(option) %}
|
{%- macro condconf(option) %}
|
||||||
{%- if option in mypillar -%}
|
{%- if option in mypillar -%}
|
||||||
{%- if ( mypillar[option] is string and mypillar[option].startswith('$') ) or mypillar[option] is number %}
|
{%- if mypillar[option] is string and mypillar[option].startswith('$') or mypillar[option] is number %}
|
||||||
{%- set value = mypillar[option] %}
|
{%- set value = mypillar[option] %}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
{%- set value = "\"'" ~ mypillar[option] ~ "'\"" %}
|
{%- set value = mypillar[option] | quote %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{{ option | upper }}: {{ value }}
|
{{ option | upper }}: {{ value }}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
|
@ -24,10 +24,10 @@ privatebin_clean:
|
|||||||
- sections:
|
- sections:
|
||||||
{%- macro conf(section, options) %}
|
{%- macro conf(section, options) %}
|
||||||
{%- for option in options.keys() -%}
|
{%- for option in options.keys() -%}
|
||||||
{%- if ( mypillar[section][option] is string and mypillar[section][option].startswith('$') ) or mypillar[section][option] is number %}
|
{%- if mypillar[section][option] is string and mypillar[section][option].startswith('$') or mypillar[section][option] is number %}
|
||||||
{%- set value = mypillar[section][option] -%}
|
{%- set value = mypillar[section][option] -%}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
{%- set value = "\"'" ~ mypillar[section][option] ~ "'\"" -%}
|
{%- set value = mypillar[section][option] | quote -%}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{{ option }}: {{ value }}
|
{{ option }}: {{ value }}
|
||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
salt_master_formulas:
|
|
||||||
git.latest:
|
|
||||||
- name: https://git.com.de/LibertaCasa/salt-formulas.git
|
|
||||||
- target: /srv/formulas
|
|
||||||
- branch: production
|
|
||||||
- submodules: True
|
|
@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
include:
|
include:
|
||||||
- salt.master
|
- salt.master
|
||||||
- .formulas
|
|
||||||
|
|
||||||
salt_master_extension_modules_dirs:
|
salt_master_extension_modules_dirs:
|
||||||
file.directory:
|
file.directory:
|
||||||
@ -35,13 +34,20 @@ salt_master_extension_modules_bins:
|
|||||||
- require:
|
- require:
|
||||||
- file: salt_master_extension_modules_dirs
|
- file: salt_master_extension_modules_dirs
|
||||||
|
|
||||||
|
salt_master_formulas:
|
||||||
|
git.latest:
|
||||||
|
- name: https://git.com.de/LibertaCasa/salt-formulas.git
|
||||||
|
- target: /srv/formulas
|
||||||
|
- branch: production
|
||||||
|
- submodules: True
|
||||||
|
|
||||||
salt_master_extra_packages:
|
salt_master_extra_packages:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- names:
|
- names:
|
||||||
- python3-ldap
|
- python3-ldap
|
||||||
- python3-pynetbox
|
- python3-pynetbox
|
||||||
- python3-redis
|
- python3-redis
|
||||||
- redis7
|
- redis
|
||||||
- salt-bash-completion
|
- salt-bash-completion
|
||||||
- salt-fish-completion
|
- salt-fish-completion
|
||||||
- salt-keydiff
|
- salt-keydiff
|
||||||
@ -68,7 +74,7 @@ salt_master_extra_packages:
|
|||||||
- group: redis
|
- group: redis
|
||||||
- mode: '0640'
|
- mode: '0640'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis7
|
- pkg: redis
|
||||||
|
|
||||||
/var/lib/redis/salt:
|
/var/lib/redis/salt:
|
||||||
file.directory:
|
file.directory:
|
||||||
@ -76,19 +82,19 @@ salt_master_extra_packages:
|
|||||||
- group: redis
|
- group: redis
|
||||||
- mode: '0750'
|
- mode: '0750'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis7
|
- pkg: redis
|
||||||
|
|
||||||
salt_redis_service_enable:
|
salt_redis_service_enable:
|
||||||
service.enabled:
|
service.enabled:
|
||||||
- name: {{ redis_service }}
|
- name: {{ redis_service }}
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis7
|
- pkg: redis
|
||||||
|
|
||||||
salt_redis_service_start:
|
salt_redis_service_start:
|
||||||
service.running:
|
service.running:
|
||||||
- name: {{ redis_service }}
|
- name: {{ redis_service }}
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis7
|
- pkg: redis
|
||||||
- watch:
|
- watch:
|
||||||
- file: {{ redis_config }}
|
- file: {{ redis_config }}
|
||||||
|
|
||||||
@ -96,7 +102,7 @@ salt_redis_membership:
|
|||||||
group.present:
|
group.present:
|
||||||
- name: redis
|
- name: redis
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis7
|
- pkg: redis
|
||||||
- addusers:
|
- addusers:
|
||||||
- {{ master_pillar['user'] }}
|
- {{ master_pillar['user'] }}
|
||||||
{%- if pillar['secret_salt'] is defined %}
|
{%- if pillar['secret_salt'] is defined %}
|
||||||
|
Loading…
Reference in New Issue
Block a user