Commit graph

705 commits

Author SHA1 Message Date
00d46cb1b1
bundles/pppd: fix typo in restart-pppoe-if-no-public-ip 2021-04-10 09:49:40 +02:00
af6b16cc35
bundles/pppd: fix KeyError in restart-pppoe-if-no-public-ip
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-10 09:38:47 +02:00
02146a81d6
bundles/systemd-networkd: fix vlan support for bridges and bonds 2021-04-10 09:18:45 +02:00
24f04e59aa
nodes/voc.pretalx: work around content-security-policy issues
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-05 08:18:21 +02:00
aad27851bb
bundles/miniflux: proxy all images
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-04 22:16:14 +02:00
e36a352a42
bundles: fix usage of set() vs {}
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-04 10:34:55 +02:00
c418102000
bundles/netdata: fix iptables default 2021-04-04 10:30:45 +02:00
513eb4bed6
bundles/mosquitto: add monitoring
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:43:24 +02:00
2027308249
bundles/zfs: fix typo in check_zpool_space 2021-04-03 09:41:17 +02:00
9cbf866de7
bundles/mosquitto: introduce, add to node home.nas
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:36:47 +02:00
f8bbe00d47
overall better handling and usage of exceptions
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-02 18:57:13 +02:00
5d5930265a
bundles/postfix: remove print statement 2021-04-02 18:29:33 +02:00
61cf881a03
bundles/pretalx: add bash_alias for manage.py
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-02 14:59:56 +02:00
4a3be10add
bundles/apt: fix if in upgrade-and-reboot 2021-04-02 13:40:55 +02:00
a24fb12c21
bundles/apt: introduce restart_triggers (restart services if another service has been upgraded)
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2021-04-02 08:12:51 +02:00
7ca24d27d3
bundles/apt: add a bit of code to remove old, unused kernel images 2021-04-02 08:11:17 +02:00
8a0c8f32ae
bundles: less Restart=on-failure, more Restart=always 2021-04-02 08:05:33 +02:00
5b276368b8
bundles/wireguard: iptables/bundle_rules should be a list
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:13:24 +02:00
17f9aa9c3e
bundles/icinga2: disable command module
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:12:35 +02:00
c5eb2f4f70
bundles/icinga2: do not send recovery emails 2021-04-01 17:11:42 +02:00
957cac5ebc
bundles/postfix: disable SPAM BLOCKLIST check if relayhost is set 2021-04-01 17:00:53 +02:00
61c6188454
bundles/postfix: mynetworks now supports identifiers 2021-04-01 16:59:49 +02:00
b7222e2cd1
bundles/systemd-networkd: fix typo in routes
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-04-01 16:31:57 +02:00
6e423c24fb
bundles/wireguard: rework metadata.py
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2021-04-01 16:27:31 +02:00
b679f568eb
bundles/systemd-networkd: no need for a specific order in /etc/systemd/network/ 2021-04-01 16:26:06 +02:00
d787f8b0a3
bundles/systemd-networkd: rework routes 2021-04-01 16:25:24 +02:00
b52a196c73
bundles/nginx: add configuration option for client_max_body_size
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-30 21:26:25 +02:00
da9fe36646
bundles/pretalx: support installing plugins 2021-03-30 19:52:03 +02:00
7345543fa2
bundles/mx-puppet-discord: remove logging to files, disable presence logging
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-28 11:29:16 +02:00
c388d5ea1e
bundles/postgresql: fix restart dependencies
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-28 09:39:08 +02:00
35e4bbf04b
bundles/postfix: remove postscreen usage
All checks were successful
bundlewrap/pipeline/head This commit looks good
postscreen isn't able to share its cache file between
instances, which leads to the server simply accepting
mails for the port on which postscreen starts up later.
Since we can't predict which port this will be, we
simply remove postscreen alltogether.

Yes, i know i could just remove postscreen for port 2525.
2021-03-28 09:00:37 +02:00
ce39850bda
bundles/postfix: fix .provides() for iptables reactor
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:56:22 +02:00
9fe4e2933d
bundles/postfix: add firewalling for port 2525
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2021-03-28 08:37:51 +02:00
a4b2dc29a9
bundles/miniflux: don't clean up old entries
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:04:41 +02:00
39c1d34bbb
bundles/sshmon: fix disk space usage limits 2021-03-27 12:07:49 +01:00
8f0f635484
bundles/basic: change load graph for cpu graph 2021-03-27 12:06:12 +01:00
568a31586f
bundles/apt: fix permissions for /etc/kernel/postinst.d/unattended-upgrades
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-27 08:31:29 +01:00
f514e200f0
bundles/mautrix-whatsapp: restart bridge daily again
All checks were successful
bundlewrap/pipeline/head This commit looks good
It seems neither WhatsApp nor WhatsApp Web are designed for 24/7
connections, thus leading to all kinds of weird side effects like
"Bridge thinks it's connected, but no messages get through at all"
or "WhatsApp is running, but the Bridge can't connect to it"
2021-03-27 08:21:41 +01:00
f98720b57b
bundles/dhcpd: sort dchp leases by ip in bash alias
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:27:52 +01:00
65490b1d20
bundles/apt: log stdout and stderr separately in upgrade-and-reboot
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:02:48 +01:00
27753d50c4
bundles/postfix: use threading in check_spam_blocklist
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-25 17:42:59 +01:00
fdcec012f3
bundles/postfix: add SPAM BLOCKLIST check for every non-private IP attached to the server
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-22 20:24:14 +01:00
b99176be49
bundles/kodi: add iptables rules
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-21 19:10:49 +01:00
28dd9694af
add bundle:oidentd
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-21 17:40:58 +01:00
6a6198c9b9
bundles/wireguard: move iptables rules to metadata reactor
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-21 15:26:29 +01:00
3bc5e55400
bundles/iptables: don't apply iptables rules if a rules file is missing 2021-03-21 11:44:27 +01:00
4b00c8b55a
bundles/unbound: do not bind to 0.0.0.0 if qemu is installed 2021-03-21 11:43:53 +01:00
5a0aa82ec9
bundles/powerdns: fix missing imports 2021-03-21 11:43:17 +01:00
62f7080db9
bundles/nfs-server: add iptables config 2021-03-21 11:24:21 +01:00
850d860d59
bundles/powerdns: add iptables config 2021-03-21 11:12:18 +01:00
31ddea7649
bundles/dovecot: add iptables config 2021-03-21 11:12:03 +01:00
5775001301
bundles/postfix: add iptables config 2021-03-21 11:11:49 +01:00
c9f008ad82
bundles/openssh: move iptables rules to metadata reactor
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-21 10:37:28 +01:00
b943d2d465
rework iptables configuration
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-21 10:30:04 +01:00
3fcd81960e
bundles/postfix: allow configuring mynetworks
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-15 11:41:35 +01:00
52cab71fec
bundles/wireguard: also allow outgoing traffic
How did this ever work without this rule?
2021-03-15 09:00:35 +01:00
adb808a683
bundles/users: more colourful bash for everyone
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-14 17:14:08 +01:00
f6ecf2a465
bundles/nfs-client: support arch linux
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-11 15:24:06 +01:00
Sophie Schiller
c87611c2e2 bw/kodi add backports repo
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-08 21:06:25 +01:00
8b07fce738
bundles/unbound: decrease statistics-interval until debian has 1.19 and we're actually able to use them 2021-03-06 10:03:22 +01:00
f214f70cd4
bundles/basic: add textual cpu stats to htop 2021-03-06 09:58:22 +01:00
7e57c0f03e
bundles/basic: current htop version in debian does not support DiskIO nor NetworkIO
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-06 09:56:05 +01:00
ebcf8e4445
bundles/matrix-media-repo: also restart matrix-media-repo after updating
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-05 07:21:23 +01:00
2adf3c6a72
bundles/sshmon: increase acceptable amount of cpu steal
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-01 15:52:55 +01:00
e435ae582a
bundles/icinga2: add monitoring for IdoPgsqlConnection
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-03-01 15:36:29 +01:00
3adfb9779a
bundles/molly-guard: introduce, add to systems
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-26 17:58:20 +01:00
51ca74549e
bundles/basic: add htoprc
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-24 19:24:56 +01:00
836f065382
bundles/pleroma: add website content check
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 22:11:19 +01:00
b470fddc12
bundles/nginx: add gdpr-compatible log format 2021-02-20 21:11:12 +01:00
8cb172a1c1
bundles/pleroma: remove NoNewPrivileges=true, interferes with mail delivery 2021-02-20 20:57:00 +01:00
017c2c3421
bundles/pleroma: allow database configuration
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2021-02-20 20:18:34 +01:00
f8c157ce50
bundles/pleroma: get it working
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 19:37:33 +01:00
1f3e7afb2c
bundles/pleroma: initial NON-WORKING version 2021-02-20 19:14:20 +01:00
5433859a86
bundles/letsencrypt: also check for chain.pem, nginx needs this
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:38:11 +01:00
e2d7d05783
bundles/systemd-networkd: manage apt packages via bundle:apt
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:35:45 +01:00
ad5c8cc0ab
bundles/postfix: only get certificate if actually needed
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:30:38 +01:00
97a1b3ae85
bundles/zfs: add comment to action:modprobe-zfs
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 16:51:34 +01:00
1c0a3ee8e7
bundles/postgresql: fix postgresql config path 2021-02-20 16:50:38 +01:00
194de9ef2d
bundles/letsencrypt: fix some errors in letsencrypt-ensure-some-certificate
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 15:48:17 +01:00
3fa81ddc85
bundles/gitea: use canned stop action 2021-02-20 15:47:35 +01:00
74d81eb7ba
bundles/nginx: support disabling ssl for each vhost individually
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 14:25:27 +01:00
228786f6aa
bundles/letsencrypt: generate a dummy certificate, if no certificate already exists 2021-02-20 13:52:40 +01:00
014b6029c5
nodes/htz.ex42-1048908: update element-web config
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-20 11:10:08 +01:00
1ac6559b9f
bundles/postgresql: add pg_query_mon 2021-02-20 10:56:20 +01:00
c0b8d35a47
bundles/icinga2: fix double emoji for WARNING state
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-19 14:03:00 +01:00
2bccbf9ded
bundles/icinga2: add some emoji to sent SMS, don't send output via SMS if everything is fine
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-19 14:01:45 +01:00
8ac9b2f204
bundles/matrix-synapse: add scripts/synapse-purge-unused-rooms
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-19 11:56:21 +01:00
b06532241b
bundles: use metastack syntax for metadata.get()
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-18 18:12:25 +01:00
6e9fb7044a
bundles/systemd-networkd: add "enable-resolved" flag 2021-02-18 17:56:43 +01:00
fbf0371371
bundles/systemd: support different timezones 2021-02-18 17:56:06 +01:00
1abc0153f5
bundles/openssh: do not add deleted users to ssh config
Some checks failed
bundlewrap/pipeline/head There was a failure building this commit
2021-02-18 15:12:30 +01:00
75224f0d5c
bundles/lldp: support arch linux 2021-02-18 15:10:50 +01:00
f4a644795e
bundles/basic: support setting a different default locale 2021-02-18 14:51:33 +01:00
32d129015e
bundles/pacman: introduce, support pkg_pacman in some other bundles 2021-02-18 14:24:57 +01:00
9bf7f856af
bundles/users: allow setting another shell 2021-02-18 14:24:09 +01:00
8a2bef9b77
bundles/apt: move vim to default packages 2021-02-18 14:23:43 +01:00
03840fd152
bundles/systemd: more options in journald.conf
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-18 10:29:38 +01:00
fbb8840dff
add .editorconfig, format files correctly
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-17 10:56:18 +01:00
b42e39ed0a
get rid of check_rbl 2021-02-17 10:51:49 +01:00
9d5d80457f
bundles/element-web: rename from riot-web, use tagged releases
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-16 12:49:02 +01:00
abb99ed58a
bundles/raspberrypi: remove isc-dhcp-client 2021-02-16 08:41:37 +01:00
d2260b4699
bundles/wireguard: use PersistentKeepalive to work around intermittent connection issues
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-15 15:16:44 +01:00
5c1eba0d58
bundles: use a common metadata key for firewall restrictions, use repo.libs.tools.resolve_identifier()
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-15 14:16:35 +01:00
56fce7d460
bundles/wireguard: add exclude_from_monitoring option for wireguard peers 2021-02-14 21:35:37 +01:00
65e6b8d053
bundles/backup-client: use a bash function to do backups instead of repeating the same code over and over 2021-02-13 09:18:00 +01:00
adeb8eff88
bundles/postgresql: only do database dumps if we're actually doing backups 2021-02-13 09:04:59 +01:00
724537558e
bundles/postgresql: do a database dump before backing up the database
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-13 08:56:35 +01:00
3d1468b214
bundles/backup-client: backup-pre-hooks should have numeric sorting 2021-02-13 08:37:49 +01:00
7aeb46382d
bundles/zfs: move icinga2_api to metadata defaults 2021-02-13 08:37:00 +01:00
2fbbaa1586
bundles/zfs: remove support for snapshot_only and snapshot_never (unused) 2021-02-13 08:36:10 +01:00
b20f369ea8
bundles/backup-client: metadata backup-pre-hooks now use /bin/sh by default 2021-02-13 08:26:46 +01:00
077eaa265c
bundles/radicale: use Fault.as_htpasswd_entry() instead of pre-encrypting passwords 2021-02-13 08:17:31 +01:00
978285bf32
bundles/matrix-media-repo: add backup/paths metadata 2021-02-13 08:09:48 +01:00
f52df58517
bundles: code style improvements
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-12 20:45:41 +01:00
c0353d2911
bundles/apt: add option to configure patch-hour, not only patchday 2021-02-12 18:53:25 +01:00
767db8efdd
bundles/apt: add /etc/kernel/postinst.d/unattended-upgrades to ensure a reboot on kernel updates
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-12 18:12:24 +01:00
d4b110087f
bundles/matrix-media-repo: introduce, add to htz.ex42-1048908
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-12 16:01:35 +01:00
638e37c05f
bundles: add Requires=postgresql.service to some services which require postgresql
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-12 13:28:52 +01:00
9f8cbde7d7
bundles/transmission: always try to restart transmission
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-11 09:06:20 +01:00
a86e04683a
bundles/backup-client: fix missing space in generate-backup
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-09 07:17:25 +01:00
c25233b991
nodes: replace pkg_apt:redis with bundle:redis
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-07 21:09:39 +01:00
0d1e987a6f
bundles/backup-client: add backup-pre-hooks (fixes #24) 2021-02-07 20:47:22 +01:00
a8690b13b8
bundles/rspamd: add "unless" to action:rspamd_assure_dkim_key_permissions
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-06 19:10:16 +01:00
eb431d8da8
bundles/postfix: also set alias_maps
All checks were successful
bundlewrap/pipeline/head This commit looks good
fixes "warning: dict_nis_init: NIS domain name not set - NIS lookups disabled"
2021-02-06 10:24:19 +01:00
457052d42b
bundles/gitea: downloading gitea updates needs stopping it first 2021-02-06 09:43:54 +01:00
b6d23aaed4
bundles/sshmon: use own check_cpu_stats script
Old script only checked iowait, which is not enough.
2021-02-06 09:38:50 +01:00
c185a5bacd
bundles/backup-client: do backups at 23:xx, so it won't interfere with upgrade-and-reboot
All checks were successful
bundlewrap/pipeline/head This commit looks good
There were still problems with systems starting their backups late in the hour,
but backup servers did upgrade-and-reboot early it the hour. This leads to
incomplete backups, if the machine is rebooting, too.
2021-02-06 09:36:44 +01:00
7e15f8adc3
bundles/octoprint: multi-line-output for check_octoprint_update
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-02-02 20:20:11 +01:00
8523754935
bundles/users: add vim-keybindings for pane navigation to tmux.conf 2021-01-31 07:59:19 +01:00
bdc5b4de33
bundles/transmission: don't overwrite configs managed by transmission 2021-01-30 17:39:34 +01:00
71f033b7c2
bundles/icinga2: fix dependencies for svc_systemd:icinga2
All checks were successful
bundlewrap/pipeline/head This commit looks good
icinga2 runs fine without any checks, so we now only depend on the other
configuration files managed by bw. This will also fix unwanted
dependencies, because 'file:' means *all* files, not only those provided
by this bundle. In the past, it wasn't possible to skip any file,
because that would result in icinga not properly restarting.
2021-01-30 17:31:05 +01:00
569275329c
bundles/sshmon: remove INTERNET check
All checks were successful
bundlewrap/pipeline/head This commit looks good
We're using the internet to check these hosts, so if those hosts
wouldn't have an internet connection, the whole host would be
down, atleast as far as icinga can tell.
2021-01-30 11:47:55 +01:00
161aec9314
bundles/powerdnsadmin: use tagged release
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-29 18:13:16 +01:00
f56852c27d
bundles/postfixadmin: use tagged release 2021-01-29 18:07:57 +01:00
fa462fbd0f
bundles/sshmon: use tag_name instead of human-readable name in check_github_for_new_release 2021-01-29 18:04:35 +01:00
b3e6063596
bundles/unbound: silence refresh-root-hints cronjob 2021-01-29 17:58:24 +01:00
c31066fea8
bundles/mautrix-whatsapp: restart weekly to work around 24/7 connection issues 2021-01-29 17:27:33 +01:00
fd421bf6f8
add bundle:redis, add redis support to pretalx
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-29 15:58:54 +01:00
ce76430b4d
bundles/mautrix-whatsapp: decrease log level to info
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-28 15:05:04 +01:00
4efcc73f55
bundles/mautrix-whatsapp: ensure we're not using ssl for postgres
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-25 22:27:11 +01:00
f3d8a1412c
bundles/dovecot: better ssl
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-24 18:44:25 +01:00
2aaf7cf8f8
bundles/nginx: better ssl 2021-01-24 18:44:13 +01:00
614bdf9dec
bundles/basic: support creating additional locales 2021-01-24 07:49:49 +01:00
d344664fa1
bundles/basic: fix format for /etc/locale.gen
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:25:32 +01:00
6b720c6c75
bundles/postgresql: only deploy packages if we have locales installed
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:06:38 +01:00
4a9463db5f
bundles/basic: ensure a proper locale is installed 2021-01-23 12:05:59 +01:00
a160e7cf46
bundles/postgresql: improvements
All checks were successful
bundlewrap/pipeline/head This commit looks good
- support other postgresql versions
- manage configs using bw
2021-01-23 11:35:03 +01:00
c41ee0f806
bundles/apt: fix logging for upgrade-and-reboot 2021-01-23 11:32:35 +01:00
51101fc615
bundles/sudo: fix mode for /etc/sudoers
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:28:50 +01:00
c5109fbfe3
bundles/icinga2: no need to do metadata.copy() here
All checks were successful
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:11:18 +01:00