Franzi
b42e39ed0a
get rid of check_rbl
2021-02-17 10:51:49 +01:00
Franzi
9d5d80457f
bundles/element-web: rename from riot-web, use tagged releases
bundlewrap/pipeline/head This commit looks good
2021-02-16 12:49:02 +01:00
Franzi
abb99ed58a
bundles/raspberrypi: remove isc-dhcp-client
2021-02-16 08:41:37 +01:00
Franzi
d2260b4699
bundles/wireguard: use PersistentKeepalive to work around intermittent connection issues
bundlewrap/pipeline/head This commit looks good
2021-02-15 15:16:44 +01:00
Franzi
5c1eba0d58
bundles: use a common metadata key for firewall restrictions, use repo.libs.tools.resolve_identifier()
bundlewrap/pipeline/head This commit looks good
2021-02-15 14:16:35 +01:00
Franzi
56fce7d460
bundles/wireguard: add exclude_from_monitoring option for wireguard peers
2021-02-14 21:35:37 +01:00
Franzi
65e6b8d053
bundles/backup-client: use a bash function to do backups instead of repeating the same code over and over
2021-02-13 09:18:00 +01:00
Franzi
adeb8eff88
bundles/postgresql: only do database dumps if we're actually doing backups
2021-02-13 09:04:59 +01:00
Franzi
724537558e
bundles/postgresql: do a database dump before backing up the database
bundlewrap/pipeline/head This commit looks good
2021-02-13 08:56:35 +01:00
Franzi
3d1468b214
bundles/backup-client: backup-pre-hooks should have numeric sorting
2021-02-13 08:37:49 +01:00
Franzi
7aeb46382d
bundles/zfs: move icinga2_api to metadata defaults
2021-02-13 08:37:00 +01:00
Franzi
2fbbaa1586
bundles/zfs: remove support for snapshot_only and snapshot_never (unused)
2021-02-13 08:36:10 +01:00
Franzi
b20f369ea8
bundles/backup-client: metadata backup-pre-hooks now use /bin/sh by default
2021-02-13 08:26:46 +01:00
Franzi
077eaa265c
bundles/radicale: use Fault.as_htpasswd_entry() instead of pre-encrypting passwords
2021-02-13 08:17:31 +01:00
Franzi
978285bf32
bundles/matrix-media-repo: add backup/paths metadata
2021-02-13 08:09:48 +01:00
Franzi
f52df58517
bundles: code style improvements
bundlewrap/pipeline/head This commit looks good
2021-02-12 20:45:41 +01:00
Franzi
c0353d2911
bundles/apt: add option to configure patch-hour, not only patchday
2021-02-12 18:53:25 +01:00
Franzi
767db8efdd
bundles/apt: add /etc/kernel/postinst.d/unattended-upgrades to ensure a reboot on kernel updates
bundlewrap/pipeline/head This commit looks good
2021-02-12 18:12:24 +01:00
Franzi
d4b110087f
bundles/matrix-media-repo: introduce, add to htz.ex42-1048908
bundlewrap/pipeline/head This commit looks good
2021-02-12 16:01:35 +01:00
Franzi
638e37c05f
bundles: add Requires=postgresql.service to some services which require postgresql
bundlewrap/pipeline/head This commit looks good
2021-02-12 13:28:52 +01:00
Franzi
9f8cbde7d7
bundles/transmission: always try to restart transmission
bundlewrap/pipeline/head This commit looks good
2021-02-11 09:06:20 +01:00
Franzi
a86e04683a
bundles/backup-client: fix missing space in generate-backup
bundlewrap/pipeline/head This commit looks good
2021-02-09 07:17:25 +01:00
Franzi
c25233b991
nodes: replace pkg_apt:redis with bundle:redis
bundlewrap/pipeline/head This commit looks good
2021-02-07 21:09:39 +01:00
Franzi
0d1e987a6f
bundles/backup-client: add backup-pre-hooks ( fixes #24 )
2021-02-07 20:47:22 +01:00
Franzi
a8690b13b8
bundles/rspamd: add "unless" to action:rspamd_assure_dkim_key_permissions
bundlewrap/pipeline/head This commit looks good
2021-02-06 19:10:16 +01:00
Franzi
eb431d8da8
bundles/postfix: also set alias_maps
...
bundlewrap/pipeline/head This commit looks good
fixes "warning: dict_nis_init: NIS domain name not set - NIS lookups disabled"
2021-02-06 10:24:19 +01:00
Franzi
457052d42b
bundles/gitea: downloading gitea updates needs stopping it first
2021-02-06 09:43:54 +01:00
Franzi
b6d23aaed4
bundles/sshmon: use own check_cpu_stats script
...
Old script only checked iowait, which is not enough.
2021-02-06 09:38:50 +01:00
Franzi
c185a5bacd
bundles/backup-client: do backups at 23:xx, so it won't interfere with upgrade-and-reboot
...
bundlewrap/pipeline/head This commit looks good
There were still problems with systems starting their backups late in the hour,
but backup servers did upgrade-and-reboot early it the hour. This leads to
incomplete backups, if the machine is rebooting, too.
2021-02-06 09:36:44 +01:00
Franzi
7e15f8adc3
bundles/octoprint: multi-line-output for check_octoprint_update
bundlewrap/pipeline/head This commit looks good
2021-02-02 20:20:11 +01:00
Franzi
8523754935
bundles/users: add vim-keybindings for pane navigation to tmux.conf
2021-01-31 07:59:19 +01:00
Franzi
bdc5b4de33
bundles/transmission: don't overwrite configs managed by transmission
2021-01-30 17:39:34 +01:00
Franzi
71f033b7c2
bundles/icinga2: fix dependencies for svc_systemd:icinga2
...
bundlewrap/pipeline/head This commit looks good
icinga2 runs fine without any checks, so we now only depend on the other
configuration files managed by bw. This will also fix unwanted
dependencies, because 'file:' means *all* files, not only those provided
by this bundle. In the past, it wasn't possible to skip any file,
because that would result in icinga not properly restarting.
2021-01-30 17:31:05 +01:00
Franzi
569275329c
bundles/sshmon: remove INTERNET check
...
bundlewrap/pipeline/head This commit looks good
We're using the internet to check these hosts, so if those hosts
wouldn't have an internet connection, the whole host would be
down, atleast as far as icinga can tell.
2021-01-30 11:47:55 +01:00
Franzi
161aec9314
bundles/powerdnsadmin: use tagged release
bundlewrap/pipeline/head This commit looks good
2021-01-29 18:13:16 +01:00
Franzi
f56852c27d
bundles/postfixadmin: use tagged release
2021-01-29 18:07:57 +01:00
Franzi
fa462fbd0f
bundles/sshmon: use tag_name instead of human-readable name in check_github_for_new_release
2021-01-29 18:04:35 +01:00
Franzi
b3e6063596
bundles/unbound: silence refresh-root-hints cronjob
2021-01-29 17:58:24 +01:00
Franzi
c31066fea8
bundles/mautrix-whatsapp: restart weekly to work around 24/7 connection issues
2021-01-29 17:27:33 +01:00
Franzi
fd421bf6f8
add bundle:redis, add redis support to pretalx
bundlewrap/pipeline/head This commit looks good
2021-01-29 15:58:54 +01:00
Franzi
ce76430b4d
bundles/mautrix-whatsapp: decrease log level to info
bundlewrap/pipeline/head This commit looks good
2021-01-28 15:05:04 +01:00
Franzi
4efcc73f55
bundles/mautrix-whatsapp: ensure we're not using ssl for postgres
bundlewrap/pipeline/head This commit looks good
2021-01-25 22:27:11 +01:00
Franzi
f3d8a1412c
bundles/dovecot: better ssl
bundlewrap/pipeline/head This commit looks good
2021-01-24 18:44:25 +01:00
Franzi
2aaf7cf8f8
bundles/nginx: better ssl
2021-01-24 18:44:13 +01:00
Franzi
614bdf9dec
bundles/basic: support creating additional locales
2021-01-24 07:49:49 +01:00
Franzi
d344664fa1
bundles/basic: fix format for /etc/locale.gen
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:25:32 +01:00
Franzi
6b720c6c75
bundles/postgresql: only deploy packages if we have locales installed
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:06:38 +01:00
Franzi
4a9463db5f
bundles/basic: ensure a proper locale is installed
2021-01-23 12:05:59 +01:00
Franzi
a160e7cf46
bundles/postgresql: improvements
...
bundlewrap/pipeline/head This commit looks good
- support other postgresql versions
- manage configs using bw
2021-01-23 11:35:03 +01:00
Franzi
c41ee0f806
bundles/apt: fix logging for upgrade-and-reboot
2021-01-23 11:32:35 +01:00
Franzi
51101fc615
bundles/sudo: fix mode for /etc/sudoers
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:28:50 +01:00
Franzi
c5109fbfe3
bundles/icinga2: no need to do metadata.copy() here
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:11:18 +01:00
Franzi
717159b61f
bundles/seafile: no need for sms for seafile process, we're already doing http content checks
bundlewrap/pipeline/head There was a failure building this commit
2021-01-23 09:09:30 +01:00
Franzi
63cdd470cf
bundles/c3voc-addons: support cron definition
bundlewrap/pipeline/head This commit looks good
2021-01-19 13:34:23 +01:00
Franzi
0893156723
bundles/c3voc-addons: add upgrade-and-reboot to bundle
bundlewrap/pipeline/head This commit looks good
2021-01-17 18:43:30 +01:00
Franzi
0f0ee046b1
bundles/c3voc-addons: some assertions to make sure we don't conflict with ansible
bundlewrap/pipeline/head This commit looks good
2021-01-17 10:16:23 +01:00
Franzi
1041e092b1
bundles/dhcpd: add bash alias for lease list
2021-01-17 09:12:32 +01:00
Franzi
4f62e25d5e
bundles/c3voc-addons: add nginx vhost monitoring
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:07:21 +01:00
Franzi
3b90426b4d
bundles/pretalx: fix needs for systemd units
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:01:15 +01:00
Franzi
2b0678063c
bundles/pretalx: new version needs to trigger regenerate_css, too
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:59:57 +01:00
Franzi
b5cc8c2c57
bundles/pretalx: add to PORT_MAP.md, allocate a port
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:55:08 +01:00
Franzi
35abb92daf
bundles/icinga2: do not schedule downtimes for hosts which do not do unattended-upgrades
bundlewrap/pipeline/head This commit looks good
2021-01-16 22:31:51 +01:00
Franzi
173746fe9c
bundles/sshmon: ensure sshmon user is able to log in
2021-01-16 22:31:18 +01:00
Franzi
39aabd0546
bundles/backup-server: of course, we need to ignore hosts which have exclude_from_backups set
bundlewrap/pipeline/head This commit looks good
2021-01-16 22:22:51 +01:00
Franzi
ad84f62c0d
bundles/sshmon: do not rely on bundle:users to create sshmon user
bundlewrap/pipeline/head There was a failure building this commit
2021-01-16 22:21:27 +01:00
Franzi
ec8802dd4a
bundles/backup-server: ignore all nodes which don't have bundle:backup-client
2021-01-16 22:12:49 +01:00
Franzi
9f0fc90679
bundles/pretalx: fix wrong metadata key
2021-01-16 22:12:16 +01:00
Franzi
70944d7065
bundles/pretalx: introduce
2021-01-16 22:03:38 +01:00
Franzi
0b9056bd2b
add pseudo-bundle to add configs to c3voc ansible managed hosts
2021-01-16 22:03:03 +01:00
Franzi
8fc0017378
bundles/backup-client: do backups at 00:xx, so it won't interfere with upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2021-01-15 15:31:36 +01:00
Franzi
9854fc9dbc
bundles/hostname: also set motd
2021-01-15 15:29:49 +01:00
Franzi
db3a15310c
bundles/letsencrypt: fix concat_and_deploy comment
bundlewrap/pipeline/head This commit looks good
2021-01-10 10:48:19 +01:00
Franzi
659e35686e
bundles/iptables: removing rule files should also trigger iptables-enforce
bundlewrap/pipeline/head This commit looks good
2021-01-09 14:02:50 +01:00
Franzi
4f6b57676a
bundles/systemd-networkd: LACPTransmitRate=fast
bundlewrap/pipeline/head This commit looks good
2021-01-09 12:52:03 +01:00
Franzi
00fd1df67a
bundles/wide-dhcp6c: stop, then start, instead of restart
2021-01-09 12:51:37 +01:00
Franzi
8e54d6eb23
add monitoring for freifunk nodes
bundlewrap/pipeline/head This commit looks good
2021-01-09 11:03:23 +01:00
Franzi
19dd29e847
bundles/transmission: also allow tcp peer-port
bundlewrap/pipeline/head This commit looks good
2021-01-08 17:06:26 +01:00
Franzi
33b85ff0de
bundles/transmission: add bundle, add to home.downloadhelper
bundlewrap/pipeline/head This commit looks good
2021-01-08 17:00:08 +01:00
Franzi
dca13263e2
bundles/systemd-networkd: add option for setting static routes
2021-01-08 16:09:59 +01:00
Franzi
17510b783c
bundles/nfs-client: do start automount units. Previous comment was wrong.
bundlewrap/pipeline/head This commit looks good
2021-01-07 22:15:57 +01:00
Franzi
fb42f9e667
bundles/dhcpd: catch keyerrors for nodes which do dhcp in unmanaged networks
2021-01-07 22:14:17 +01:00
Franzi
2d42e5f7dd
update bw to 4.3, add .provides() to metadata reactors
bundlewrap/pipeline/head This commit looks good
2021-01-07 18:44:38 +01:00
Franzi
7f0fb7a6e2
bundles/influxdb: remove
2021-01-07 18:28:08 +01:00
Sophie Schiller
2ba4946975
update letsencrypt hashes
bundlewrap/pipeline/head This commit looks good
2021-01-06 13:18:44 +01:00
Franzi
ec13a1edaa
bundles/simple-icinga-dashboard: repo is public now
bundlewrap/pipeline/head This commit looks good
2021-01-03 09:56:51 +01:00
Franzi
03d3ab6e9d
bundles/{netdata,nginx,unbound}: fix iptables rules (should also create ip6tables rules)
bundlewrap/pipeline/head There was a failure building this commit
2021-01-02 16:19:55 +01:00
Franzi
e8d131b041
add simple-icinga-dashboard on status.franzi.business
...
bundlewrap/pipeline/head There was a failure building this commit
fixes #20
2021-01-02 14:47:11 +01:00
Franzi
2ebf7ec32b
bundles/mautrix-whatsapp: disable log timestamps, journal takes care of that
bundlewrap/pipeline/head This commit looks good
2021-01-02 14:01:26 +01:00
Franzi
b8bcc6c499
bundles/mautrix-whatsapp: only log to journal
bundlewrap/pipeline/head This commit looks good
2021-01-02 13:59:47 +01:00
Franzi
8752299e61
bundles/icinga2: add hostgroup for hosts which send SMS
bundlewrap/pipeline/head This commit looks good
2021-01-02 12:58:52 +01:00
Franzi
4f57a6c0e3
icinga2: more checks should send sms
bundlewrap/pipeline/head This commit looks good
2021-01-02 12:26:37 +01:00
Franzi
10fd67a0fd
bundles/systemd-networkd: fix LACP options
...
bundlewrap/pipeline/head This commit looks good
fixes #25 , hopefully
2021-01-02 11:00:10 +01:00
Franzi
f329373a4a
bundles/systemd-networkd: remove settings from bond.netdev
...
bundlewrap/pipeline/head This commit looks good
Why the fuck doesn't this work like it's written in the documentation?
2021-01-01 22:00:50 +01:00
Franzi
16ea6ce0d5
bundles/systemd-networkd: disable STP on bridges
2021-01-01 21:59:21 +01:00
Franzi
48fc341137
bundles/backup-client: add monitoring for backups
2021-01-01 13:59:42 +01:00
Franzi
3e1d3b483e
bundles/mautrix-whatsapp: use -a for check_procs
bundlewrap/pipeline/head This commit looks good
2020-12-31 12:31:14 +01:00
Franzi
fede30c2cc
bundles/mautrix-whatsapp: introduce
2020-12-31 12:18:34 +01:00
Franzi
914889da6c
bundles/vmhost: add option to exclude VM from monitoring
bundlewrap/pipeline/head This commit looks good
2020-12-29 10:18:16 +01:00
Franzi
62d7baa3ec
bundles/icinga2: admins shall receive all notifications
bundlewrap/pipeline/head This commit looks good
2020-12-27 09:09:40 +01:00
Franzi
d72c43083d
nodes/rx300: set proper lldp hostname
bundlewrap/pipeline/head This commit looks good
2020-12-25 14:45:41 +01:00