Franzi
c0353d2911
bundles/apt: add option to configure patch-hour, not only patchday
2021-02-12 18:53:25 +01:00
Franzi
767db8efdd
bundles/apt: add /etc/kernel/postinst.d/unattended-upgrades to ensure a reboot on kernel updates
bundlewrap/pipeline/head This commit looks good
2021-02-12 18:12:24 +01:00
Franzi
d4b110087f
bundles/matrix-media-repo: introduce, add to htz.ex42-1048908
bundlewrap/pipeline/head This commit looks good
2021-02-12 16:01:35 +01:00
Franzi
638e37c05f
bundles: add Requires=postgresql.service to some services which require postgresql
bundlewrap/pipeline/head This commit looks good
2021-02-12 13:28:52 +01:00
Franzi
9f8cbde7d7
bundles/transmission: always try to restart transmission
bundlewrap/pipeline/head This commit looks good
2021-02-11 09:06:20 +01:00
Franzi
a86e04683a
bundles/backup-client: fix missing space in generate-backup
bundlewrap/pipeline/head This commit looks good
2021-02-09 07:17:25 +01:00
Franzi
c25233b991
nodes: replace pkg_apt:redis with bundle:redis
bundlewrap/pipeline/head This commit looks good
2021-02-07 21:09:39 +01:00
Franzi
0d1e987a6f
bundles/backup-client: add backup-pre-hooks ( fixes #24 )
2021-02-07 20:47:22 +01:00
Franzi
a8690b13b8
bundles/rspamd: add "unless" to action:rspamd_assure_dkim_key_permissions
bundlewrap/pipeline/head This commit looks good
2021-02-06 19:10:16 +01:00
Franzi
eb431d8da8
bundles/postfix: also set alias_maps
...
bundlewrap/pipeline/head This commit looks good
fixes "warning: dict_nis_init: NIS domain name not set - NIS lookups disabled"
2021-02-06 10:24:19 +01:00
Franzi
457052d42b
bundles/gitea: downloading gitea updates needs stopping it first
2021-02-06 09:43:54 +01:00
Franzi
b6d23aaed4
bundles/sshmon: use own check_cpu_stats script
...
Old script only checked iowait, which is not enough.
2021-02-06 09:38:50 +01:00
Franzi
c185a5bacd
bundles/backup-client: do backups at 23:xx, so it won't interfere with upgrade-and-reboot
...
bundlewrap/pipeline/head This commit looks good
There were still problems with systems starting their backups late in the hour,
but backup servers did upgrade-and-reboot early it the hour. This leads to
incomplete backups, if the machine is rebooting, too.
2021-02-06 09:36:44 +01:00
Franzi
7e15f8adc3
bundles/octoprint: multi-line-output for check_octoprint_update
bundlewrap/pipeline/head This commit looks good
2021-02-02 20:20:11 +01:00
Franzi
8523754935
bundles/users: add vim-keybindings for pane navigation to tmux.conf
2021-01-31 07:59:19 +01:00
Franzi
bdc5b4de33
bundles/transmission: don't overwrite configs managed by transmission
2021-01-30 17:39:34 +01:00
Franzi
71f033b7c2
bundles/icinga2: fix dependencies for svc_systemd:icinga2
...
bundlewrap/pipeline/head This commit looks good
icinga2 runs fine without any checks, so we now only depend on the other
configuration files managed by bw. This will also fix unwanted
dependencies, because 'file:' means *all* files, not only those provided
by this bundle. In the past, it wasn't possible to skip any file,
because that would result in icinga not properly restarting.
2021-01-30 17:31:05 +01:00
Franzi
569275329c
bundles/sshmon: remove INTERNET check
...
bundlewrap/pipeline/head This commit looks good
We're using the internet to check these hosts, so if those hosts
wouldn't have an internet connection, the whole host would be
down, atleast as far as icinga can tell.
2021-01-30 11:47:55 +01:00
Franzi
161aec9314
bundles/powerdnsadmin: use tagged release
bundlewrap/pipeline/head This commit looks good
2021-01-29 18:13:16 +01:00
Franzi
f56852c27d
bundles/postfixadmin: use tagged release
2021-01-29 18:07:57 +01:00
Franzi
fa462fbd0f
bundles/sshmon: use tag_name instead of human-readable name in check_github_for_new_release
2021-01-29 18:04:35 +01:00
Franzi
b3e6063596
bundles/unbound: silence refresh-root-hints cronjob
2021-01-29 17:58:24 +01:00
Franzi
c31066fea8
bundles/mautrix-whatsapp: restart weekly to work around 24/7 connection issues
2021-01-29 17:27:33 +01:00
Franzi
fd421bf6f8
add bundle:redis, add redis support to pretalx
bundlewrap/pipeline/head This commit looks good
2021-01-29 15:58:54 +01:00
Franzi
ce76430b4d
bundles/mautrix-whatsapp: decrease log level to info
bundlewrap/pipeline/head This commit looks good
2021-01-28 15:05:04 +01:00
Franzi
4efcc73f55
bundles/mautrix-whatsapp: ensure we're not using ssl for postgres
bundlewrap/pipeline/head This commit looks good
2021-01-25 22:27:11 +01:00
Franzi
f3d8a1412c
bundles/dovecot: better ssl
bundlewrap/pipeline/head This commit looks good
2021-01-24 18:44:25 +01:00
Franzi
2aaf7cf8f8
bundles/nginx: better ssl
2021-01-24 18:44:13 +01:00
Franzi
614bdf9dec
bundles/basic: support creating additional locales
2021-01-24 07:49:49 +01:00
Franzi
d344664fa1
bundles/basic: fix format for /etc/locale.gen
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:25:32 +01:00
Franzi
6b720c6c75
bundles/postgresql: only deploy packages if we have locales installed
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:06:38 +01:00
Franzi
4a9463db5f
bundles/basic: ensure a proper locale is installed
2021-01-23 12:05:59 +01:00
Franzi
a160e7cf46
bundles/postgresql: improvements
...
bundlewrap/pipeline/head This commit looks good
- support other postgresql versions
- manage configs using bw
2021-01-23 11:35:03 +01:00
Franzi
c41ee0f806
bundles/apt: fix logging for upgrade-and-reboot
2021-01-23 11:32:35 +01:00
Franzi
51101fc615
bundles/sudo: fix mode for /etc/sudoers
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:28:50 +01:00
Franzi
c5109fbfe3
bundles/icinga2: no need to do metadata.copy() here
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:11:18 +01:00
Franzi
717159b61f
bundles/seafile: no need for sms for seafile process, we're already doing http content checks
bundlewrap/pipeline/head There was a failure building this commit
2021-01-23 09:09:30 +01:00
Franzi
63cdd470cf
bundles/c3voc-addons: support cron definition
bundlewrap/pipeline/head This commit looks good
2021-01-19 13:34:23 +01:00
Franzi
0893156723
bundles/c3voc-addons: add upgrade-and-reboot to bundle
bundlewrap/pipeline/head This commit looks good
2021-01-17 18:43:30 +01:00
Franzi
0f0ee046b1
bundles/c3voc-addons: some assertions to make sure we don't conflict with ansible
bundlewrap/pipeline/head This commit looks good
2021-01-17 10:16:23 +01:00
Franzi
1041e092b1
bundles/dhcpd: add bash alias for lease list
2021-01-17 09:12:32 +01:00
Franzi
4f62e25d5e
bundles/c3voc-addons: add nginx vhost monitoring
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:07:21 +01:00
Franzi
3b90426b4d
bundles/pretalx: fix needs for systemd units
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:01:15 +01:00
Franzi
2b0678063c
bundles/pretalx: new version needs to trigger regenerate_css, too
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:59:57 +01:00
Franzi
b5cc8c2c57
bundles/pretalx: add to PORT_MAP.md, allocate a port
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:55:08 +01:00
Franzi
35abb92daf
bundles/icinga2: do not schedule downtimes for hosts which do not do unattended-upgrades
bundlewrap/pipeline/head This commit looks good
2021-01-16 22:31:51 +01:00
Franzi
173746fe9c
bundles/sshmon: ensure sshmon user is able to log in
2021-01-16 22:31:18 +01:00
Franzi
39aabd0546
bundles/backup-server: of course, we need to ignore hosts which have exclude_from_backups set
bundlewrap/pipeline/head This commit looks good
2021-01-16 22:22:51 +01:00
Franzi
ad84f62c0d
bundles/sshmon: do not rely on bundle:users to create sshmon user
bundlewrap/pipeline/head There was a failure building this commit
2021-01-16 22:21:27 +01:00
Franzi
ec8802dd4a
bundles/backup-server: ignore all nodes which don't have bundle:backup-client
2021-01-16 22:12:49 +01:00
Franzi
9f0fc90679
bundles/pretalx: fix wrong metadata key
2021-01-16 22:12:16 +01:00
Franzi
70944d7065
bundles/pretalx: introduce
2021-01-16 22:03:38 +01:00
Franzi
0b9056bd2b
add pseudo-bundle to add configs to c3voc ansible managed hosts
2021-01-16 22:03:03 +01:00
Franzi
8fc0017378
bundles/backup-client: do backups at 00:xx, so it won't interfere with upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2021-01-15 15:31:36 +01:00
Franzi
9854fc9dbc
bundles/hostname: also set motd
2021-01-15 15:29:49 +01:00
Franzi
db3a15310c
bundles/letsencrypt: fix concat_and_deploy comment
bundlewrap/pipeline/head This commit looks good
2021-01-10 10:48:19 +01:00
Franzi
659e35686e
bundles/iptables: removing rule files should also trigger iptables-enforce
bundlewrap/pipeline/head This commit looks good
2021-01-09 14:02:50 +01:00
Franzi
4f6b57676a
bundles/systemd-networkd: LACPTransmitRate=fast
bundlewrap/pipeline/head This commit looks good
2021-01-09 12:52:03 +01:00
Franzi
00fd1df67a
bundles/wide-dhcp6c: stop, then start, instead of restart
2021-01-09 12:51:37 +01:00
Franzi
8e54d6eb23
add monitoring for freifunk nodes
bundlewrap/pipeline/head This commit looks good
2021-01-09 11:03:23 +01:00
Franzi
19dd29e847
bundles/transmission: also allow tcp peer-port
bundlewrap/pipeline/head This commit looks good
2021-01-08 17:06:26 +01:00
Franzi
33b85ff0de
bundles/transmission: add bundle, add to home.downloadhelper
bundlewrap/pipeline/head This commit looks good
2021-01-08 17:00:08 +01:00
Franzi
dca13263e2
bundles/systemd-networkd: add option for setting static routes
2021-01-08 16:09:59 +01:00
Franzi
17510b783c
bundles/nfs-client: do start automount units. Previous comment was wrong.
bundlewrap/pipeline/head This commit looks good
2021-01-07 22:15:57 +01:00
Franzi
fb42f9e667
bundles/dhcpd: catch keyerrors for nodes which do dhcp in unmanaged networks
2021-01-07 22:14:17 +01:00
Franzi
2d42e5f7dd
update bw to 4.3, add .provides() to metadata reactors
bundlewrap/pipeline/head This commit looks good
2021-01-07 18:44:38 +01:00
Franzi
7f0fb7a6e2
bundles/influxdb: remove
2021-01-07 18:28:08 +01:00
Sophie Schiller
2ba4946975
update letsencrypt hashes
bundlewrap/pipeline/head This commit looks good
2021-01-06 13:18:44 +01:00
Franzi
ec13a1edaa
bundles/simple-icinga-dashboard: repo is public now
bundlewrap/pipeline/head This commit looks good
2021-01-03 09:56:51 +01:00
Franzi
03d3ab6e9d
bundles/{netdata,nginx,unbound}: fix iptables rules (should also create ip6tables rules)
bundlewrap/pipeline/head There was a failure building this commit
2021-01-02 16:19:55 +01:00
Franzi
e8d131b041
add simple-icinga-dashboard on status.franzi.business
...
bundlewrap/pipeline/head There was a failure building this commit
fixes #20
2021-01-02 14:47:11 +01:00
Franzi
2ebf7ec32b
bundles/mautrix-whatsapp: disable log timestamps, journal takes care of that
bundlewrap/pipeline/head This commit looks good
2021-01-02 14:01:26 +01:00
Franzi
b8bcc6c499
bundles/mautrix-whatsapp: only log to journal
bundlewrap/pipeline/head This commit looks good
2021-01-02 13:59:47 +01:00
Franzi
8752299e61
bundles/icinga2: add hostgroup for hosts which send SMS
bundlewrap/pipeline/head This commit looks good
2021-01-02 12:58:52 +01:00
Franzi
4f57a6c0e3
icinga2: more checks should send sms
bundlewrap/pipeline/head This commit looks good
2021-01-02 12:26:37 +01:00
Franzi
10fd67a0fd
bundles/systemd-networkd: fix LACP options
...
bundlewrap/pipeline/head This commit looks good
fixes #25 , hopefully
2021-01-02 11:00:10 +01:00
Franzi
f329373a4a
bundles/systemd-networkd: remove settings from bond.netdev
...
bundlewrap/pipeline/head This commit looks good
Why the fuck doesn't this work like it's written in the documentation?
2021-01-01 22:00:50 +01:00
Franzi
16ea6ce0d5
bundles/systemd-networkd: disable STP on bridges
2021-01-01 21:59:21 +01:00
Franzi
48fc341137
bundles/backup-client: add monitoring for backups
2021-01-01 13:59:42 +01:00
Franzi
3e1d3b483e
bundles/mautrix-whatsapp: use -a for check_procs
bundlewrap/pipeline/head This commit looks good
2020-12-31 12:31:14 +01:00
Franzi
fede30c2cc
bundles/mautrix-whatsapp: introduce
2020-12-31 12:18:34 +01:00
Franzi
914889da6c
bundles/vmhost: add option to exclude VM from monitoring
bundlewrap/pipeline/head This commit looks good
2020-12-29 10:18:16 +01:00
Franzi
62d7baa3ec
bundles/icinga2: admins shall receive all notifications
bundlewrap/pipeline/head This commit looks good
2020-12-27 09:09:40 +01:00
Franzi
d72c43083d
nodes/rx300: set proper lldp hostname
bundlewrap/pipeline/head This commit looks good
2020-12-25 14:45:41 +01:00
Franzi
ca7f3ed4a6
bundles/octoprint: fix typo in check_octoprint_update
bundlewrap/pipeline/head This commit looks good
2020-12-23 12:38:44 +01:00
Franzi
e40f88aa69
bundles/unbound: only start unbound after pppoe.service has been started ( fixes #23 )
bundlewrap/pipeline/head This commit looks good
2020-12-23 10:50:54 +01:00
Franzi
275249481f
bundles/octoprint: display version in update check, remove error states (we're monitoring this separately)
bundlewrap/pipeline/head This commit looks good
2020-12-23 10:43:13 +01:00
Franzi
d2be654206
bundles/unbound: enable prefetching
2020-12-22 09:24:10 +01:00
Franzi
5e45efb7ae
bundles/unbound: better caching
2020-12-22 09:22:37 +01:00
Franzi
5935aed0db
bundles/{netdata,pppd,radvd,vmhost,vnstat,wide-dhcp6c}: add monitoring
bundlewrap/pipeline/head This commit looks good
2020-12-21 09:50:15 +01:00
Franzi
0b52f8e7e6
bundles/icinga2: allow limiting permissions for api users
2020-12-20 09:33:17 +01:00
Franzi
da4b139095
bundles/{radvd,wide-dhcp6c}: remove metadata key integrate-with-pppd
bundlewrap/pipeline/head This commit looks good
2020-12-18 16:30:17 +01:00
Franzi
6045debe9e
bundles/nginx: check ssl certificates
bundlewrap/pipeline/head This commit looks good
2020-12-18 13:28:08 +01:00
Franzi
5f5c3d5207
bundles/icinga2: admins shall receive more notifications
bundlewrap/pipeline/head This commit looks good
2020-12-18 08:24:19 +01:00
Franzi
958f5893e6
bundles/zfs: adjust warning period for check_zfs_old_snapshots
2020-12-18 08:23:42 +01:00
Franzi
487e4d0df6
bundles/rspamd: add missing }
2020-12-18 08:21:56 +01:00
Franzi
e81fcafe7a
bundles/powerdns: fix dependencies
bundlewrap/pipeline/head There was a failure building this commit
2020-12-18 06:41:24 +01:00
Franzi
63d455d242
bundles/rspamd: fix dependencies
2020-12-18 06:41:05 +01:00
Franzi
65db8b1625
bundles/systemd-networkd: faster miimon
2020-12-18 06:33:05 +01:00
Franzi
ecb7a93073
bundles/pppd: silence restart-pppoe-if-no-public-ip
2020-12-18 06:32:18 +01:00
Franzi
e33af1c845
bundles/unbound: refresh root-hint.txt once a week
2020-12-13 15:22:19 +01:00
Franzi
9c6fe48859
bundles/unbound: add netdata config
bundlewrap/pipeline/head This commit looks good
2020-12-13 15:17:19 +01:00
Franzi
3eeb253e55
bundles/unbound: introduce, add to nodes
bundlewrap/pipeline/head This commit looks good
2020-12-13 14:59:44 +01:00
Franzi
c5e43188ca
bundles/radvd: support not announcing a nameserver
2020-12-13 14:59:10 +01:00
Franzi
057d4f0c4c
bundles/dovecot: autoexpunge Trash older than 360 days
bundlewrap/pipeline/head This commit looks good
2020-12-13 11:55:28 +01:00
Franzi
18c56cce9a
bundles/dovecot: do not auto-subscribe to junk mailbox
2020-12-13 11:54:55 +01:00
Franzi
58d99eb402
bundles/systemd: configure journald
bundlewrap/pipeline/head This commit looks good
2020-12-12 10:39:57 +01:00
Franzi
cf4d0c1ca6
bundles/powerdnsadmin: ensure permissions of powerdnsadmin static directory
bundlewrap/pipeline/head This commit looks good
2020-12-10 22:18:04 +01:00
Franzi
8be6f9b78d
bundles/apt: fix date call in check_unattended_upgrades
2020-12-10 22:15:31 +01:00
Franzi
be15458e1e
bundles/powerdnsadmin: fix database upgrade
bundlewrap/pipeline/head This commit looks good
2020-12-10 22:07:26 +01:00
Franzi
1d06d86205
bundles/wireguard: fix early fault resolve in metadata.py
bundlewrap/pipeline/head This commit looks good
2020-12-10 16:39:26 +01:00
Franzi
bd217f0666
bundles/pppd: automatically restart pppoe (once per hour) if no public ip address can be found
bundlewrap/pipeline/head There was a failure building this commit
2020-12-10 16:14:17 +01:00
Franzi
b80c0b12fe
home.router: add c3voc vpn
2020-12-08 17:45:30 +01:00
Franzi
9398649db0
bundles/seafile: add icinga checks
bundlewrap/pipeline/head There was a failure building this commit
2020-12-05 09:28:54 +01:00
Franzi
febcacdfe3
icinga2: enable mails for update checks
2020-12-05 09:17:21 +01:00
Franzi
67d8293201
bundles/wireguard: one icinga2 check per peer
bundlewrap/pipeline/head There was a failure building this commit
2020-11-30 06:43:46 +01:00
Franzi
295ff72b4b
bundles/smartd: introduce, add to hosts where *we* need to keep track of disk health
bundlewrap/pipeline/head This commit looks good
2020-11-29 12:07:27 +01:00
Franzi
8456ac43c6
bundles/nfs-client: don't try to start automount units
2020-11-29 12:06:34 +01:00
Franzi
1bfeead5e8
nodes/home.nas: change nfs-mount options for /storage/nas
2020-11-29 12:05:51 +01:00
Franzi
a549936e09
bundles/nfs-server: ensure nfs-kernel-server is started
2020-11-28 15:48:27 +01:00
Franzi
014b37082c
bundles/wireguard: send pings over vpn, if pppd reconnects
2020-11-27 03:09:37 +01:00
Franzi
c1885e20b6
nodes/home.octoprint-vielschichtigkeit: fix ifnames, fix vhost
2020-11-25 21:26:21 +01:00
Franzi
dc9e378908
bundles/icinga2: add icinga statusmonitor
bundlewrap/pipeline/head This commit looks good
2020-11-22 18:56:04 +01:00
Franzi
12ce8d8f6e
bundles/icinga2: add automatic downtime for upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2020-11-22 13:28:14 +01:00
Franzi
3a56b0425c
bundles/icinga2: add default for vars.notification.mail, enable mail for check_sipgate_account_balance
bundlewrap/pipeline/head This commit looks good
2020-11-22 11:44:09 +01:00
Franzi
9651d740ae
bundles/icinga2: add check_sipgate_account_balance, adjust check_interval
bundlewrap/pipeline/head This commit looks good
2020-11-22 11:38:53 +01:00
Franzi
9cace7dace
bundles/icinga2: only include service_name in sms if it actually is a service
bundlewrap/pipeline/head This commit looks good
2020-11-22 11:09:44 +01:00
Franzi
54219928e4
bundles/icinga2: only add user to on-call group if they have atleast one of (email, phone) set
bundlewrap/pipeline/head This commit looks good
2020-11-22 11:07:02 +01:00
Franzi
8c6c691e5e
bundles/icinga2: implement SMS notifications
2020-11-22 10:34:49 +01:00
Franzi
22d5ba12ee
bundles/octoprint: don't try to resolve faults in metadata.py
bundlewrap/pipeline/head This commit looks good
2020-11-22 09:07:28 +01:00
Franzi
15826c73b0
bundles/icinga2: send notifications
bundlewrap/pipeline/head There was a failure building this commit
2020-11-22 09:04:24 +01:00
Franzi
d26b8ade45
remove some comments
2020-11-22 08:27:37 +01:00
Franzi
4a57926577
bundles/icinga2: set some notification options for checks
2020-11-22 08:24:44 +01:00
Franzi
b114ba3ff8
bundles/postgresql: fix typo
bundlewrap/pipeline/head There was a failure building this commit
2020-11-22 07:40:34 +01:00
Franzi
d428572461
bundles/icinga2: add servicegroup for every service which has checks
bundlewrap/pipeline/head There was a failure building this commit
2020-11-21 23:04:15 +01:00
Franzi
0bc4b5439c
bundles/icinga2: add hostgroup for every bw group
bundlewrap/pipeline/head There was a failure building this commit
2020-11-21 22:46:29 +01:00
Franzi
12cf03e03f
bundles/icinga2: generate icinga_users from users.json
bundlewrap/pipeline/head There was a failure building this commit
2020-11-21 21:46:41 +01:00
Franzi
c77856f97a
bundles/vmhost: add info line to QEMU VM STATUS
2020-11-21 21:01:37 +01:00
Franzi
5639da4954
bundles/vmhost: add QEMU VM STATUS check
bundlewrap/pipeline/head There was a failure building this commit
2020-11-21 20:58:55 +01:00
Franzi
325f483a26
bundles/{gitea,mautrix-telegram}: add update check
bundlewrap/pipeline/head There was a failure building this commit
2020-11-21 20:35:51 +01:00
Franzi
4f5e462c94
bundles/octoprint: add update check
2020-11-21 20:35:29 +01:00
Franzi
91f2fd839b
bundles/sshmon: add check_github_for_new_release
2020-11-21 20:03:50 +01:00
Franzi
a4ca98e79e
bundles/rspamd: add monitoring
bundlewrap/pipeline/head This commit looks good
2020-11-21 18:55:45 +01:00
Franzi
e6acda1f52
bundles/powerdns: add monitoring
2020-11-21 18:55:34 +01:00
Franzi
2fdeeca9c3
bundles/postgresql: add monitoring
2020-11-21 18:55:21 +01:00
Franzi
2f7f35c85a
bundles/matrix*: add monitoring
2020-11-21 18:55:06 +01:00
Franzi
1d450b9829
bundles/apt: fix statusfile output of unattended upgrades
bundlewrap/pipeline/head This commit looks good
2020-11-21 18:07:01 +01:00
Franzi
35025b40f6
bundles/sshmon: increase timeout for INTERNET check
bundlewrap/pipeline/head This commit looks good
2020-11-21 16:17:16 +01:00
Franzi
5aee050c5d
bundles/wireguard: add icinga check
2020-11-21 16:15:34 +01:00
Franzi
58ca3fa9ae
bundles/wireguard: add netdev and network files, add iptables rules
bundlewrap/pipeline/head This commit looks good
2020-11-21 15:38:38 +01:00
Franzi
63fd31c226
bundles/icinga2: support specifying an alternative host for checks
bundlewrap/pipeline/head This commit looks good
2020-11-21 10:58:57 +01:00
Franzi
5419bf31fb
bundles: fix some icinga checks
2020-11-21 10:30:05 +01:00
Franzi
11071914e0
bundles/icinga2: initial working draft
2020-11-21 10:29:36 +01:00
Franzi
d3de7a27be
bundles/icinga2: add dependencies for icingaweb2 setup
2020-11-21 08:57:46 +01:00
Franzi
6ad28bb375
bundles/vnstat: add graph for "yesterday"
2020-11-19 16:52:45 +01:00
Franzi
fd99334a66
bundles/vnstat: improve usability of web dashboard for mobile devices
bundlewrap/pipeline/head This commit looks good
2020-11-16 21:43:51 +01:00
Franzi
6b11a7b2a8
bundles/vnstat: redirect cron output to /dev/null
bundlewrap/pipeline/head This commit looks good
2020-11-16 17:10:14 +01:00
Franzi
7d78ac9db8
bundles/vnstat: add flag to generate statistics images, add to home.router
bundlewrap/pipeline/head This commit looks good
2020-11-16 17:07:05 +01:00
Franzi
2d856a1e9a
bundles/nginx: add iptables rules
bundlewrap/pipeline/head This commit looks good
2020-11-16 16:43:57 +01:00
Franzi
88dd587fb4
bundles/vnstat: introduce, add to home.router
2020-11-16 16:33:26 +01:00
Franzi
8343838dc6
bundles/nfs-client: don't touch permissions of mount directory by default
bundlewrap/pipeline/head This commit looks good
2020-11-15 13:37:13 +01:00
sophie
75e199ae0d
Merge pull request 'bundle/dhcpd: improvements' ( #19 ) from kunsi-dhcpd-improvements into main
...
bundlewrap/pipeline/head This commit looks good
Reviewed-on: https://git.kunsmann.eu/kunsi/bundlewrap/pulls/19
2020-11-15 12:34:41 +00:00
Franzi
c9e5ae87a1
bundles/users: sort ssh keys
bundlewrap/pipeline/head This commit looks good
2020-11-15 13:26:10 +01:00
Franzi
121dfb692c
bundles/netdata: use correct metadatum name
bundlewrap/pipeline/head This commit looks good
2020-11-15 13:25:15 +01:00
Franzi
9df5cb1f16
bundles/dhcpd: remove hardcoded group in metadata reactor get_static_allocations()
bundlewrap/pipeline/head This commit looks good
2020-11-15 13:23:24 +01:00
Franzi
c597244a9d
bundles/dhcpd: adjust spacing in metadata processor for static leases
bundlewrap/pipeline/head This commit looks good
2020-11-15 12:07:02 +01:00
Franzi
d5bca495e0
bundles/dhcpd: remove some .get()
bundlewrap/pipeline/head This commit looks good
2020-11-15 12:06:03 +01:00
Franzi
ad569f073e
bundles/dhcpd: add iptables rules
2020-11-15 12:01:14 +01:00
Franzi
cdef8cdb13
bundles/dhcpd: adjust indentation in dhcpd.conf
2020-11-15 12:00:58 +01:00
Franzi
4f9281a4a4
bundles/dhcpd: download oui.txt
bundlewrap/pipeline/head This commit looks good
2020-11-15 11:40:33 +01:00
Franzi
2457d5b435
bundles/backup-client: redirect stderr to /dev/null
...
bundlewrap/pipeline/head This commit looks good
We have monitoring to determine wether the backup succeeded or not.
No need for E-Mails, too.
2020-11-15 11:15:53 +01:00
Franzi
84d1984cc1
nodes/home.nas: add users to "nas" group, add cronjobs to ensure permissions on nas dataset
bundlewrap/pipeline/head This commit looks good
2020-11-15 11:12:22 +01:00
Franzi
ccfa56ad5e
bundles/pppd: also wait for ppp interface to vanish before restarting
bundlewrap/pipeline/head This commit looks good
2020-11-15 10:02:13 +01:00
Franzi
0aafeb96cd
bundles/pppd: make sure dependent services are stopped before restarting pppoe session
2020-11-15 09:56:06 +01:00
Franzi
d83dbbdd75
bundles/systemd-networkd: use some more options for bond interfaces
2020-11-15 09:39:44 +01:00
Franzi
5319cd1e8b
bundles/netdata: disable health checks
2020-11-14 16:55:29 +01:00
Franzi
6d58f2387f
bundles/openssh: introduce, add to all nodes
bundlewrap/pipeline/head This commit looks good
2020-11-14 14:46:59 +01:00
Franzi
e56e875433
bundles/rspamd: switch to automatically-generated dkim key
2020-11-14 14:35:27 +01:00
Franzi
3213e462c5
bundles/netdata: only save to ram, keep less history
2020-11-14 14:34:38 +01:00
Franzi
1339564dc4
bundles/netdata: introduce, add to home.nas and home.router
bundlewrap/pipeline/head This commit looks good
2020-11-14 14:05:28 +01:00
Franzi
ff607777ce
bundles/backup-client: support using a non-standard ssh port
bundlewrap/pipeline/head This commit looks good
2020-11-14 12:52:18 +01:00
Franzi
f405dca771
bundles/pppd: add dyndns capability
2020-11-14 12:46:19 +01:00
Franzi
0ca8edf656
bundles/apt: move patchday to metadata reactor, make patchday configurable
2020-11-14 12:24:55 +01:00
Franzi
32b7dda61f
bundles/iptables: add newline to rules files
2020-11-14 12:24:12 +01:00
Franzi
877744b0ba
bundles/pppd: send out a Router Solicitation on ifup
bundlewrap/pipeline/head This commit looks good
2020-11-14 12:11:51 +01:00
Franzi
a14580944b
bundles/{radvd,wide-dhcp6c}: improve handling of non-properly terminated ip-down scripts
2020-11-14 11:57:01 +01:00
Franzi
644eb37b82
bundles/radvd: introduce, add to home.router
2020-11-14 11:47:44 +01:00
Franzi
fa224a9939
bundles/wide-dhcp6c: introduce, add to home.router
2020-11-14 11:34:16 +01:00
Franzi
00ba7e49d6
bundles/pppd: accept RA on ppp interface
2020-11-13 23:56:59 +01:00
Sophie Schiller
cbfc8c75ad
bundles/dhcpd add defaults file and some escaping
bundlewrap/pipeline/head This commit looks good
2020-11-13 23:30:49 +01:00
Sophie Schiller
ef211f7356
update gitignore
2020-11-13 23:30:49 +01:00
Sophie Schiller
dcf944b198
bundles/dhcpd add initial items, metadata and template
2020-11-13 23:30:49 +01:00
Franzi
6ba0f6df1d
bundles/systemd: make sure we're using UTC and NTP
bundlewrap/pipeline/head This commit looks good
2020-11-13 23:26:13 +01:00
Franzi
870a5252e5
bundles/pppd: add iptables rules on ifup/ifdown
2020-11-13 23:04:43 +01:00
Franzi
f65e216828
bundles/iptables: introduce, add to home.router
bundlewrap/pipeline/head This commit looks good
2020-11-13 22:47:23 +01:00
Franzi
df9863ef31
bundles/openvpn-client: add
2020-11-13 22:15:36 +01:00
Franzi
e515378497
bundles/backup-server: dummy nodes never do backups
bundlewrap/pipeline/head There was a failure building this commit
2020-11-13 21:58:35 +01:00
Franzi
3b829caaf6
bundles/pppd: introduce
2020-11-13 21:41:02 +01:00
Franzi
b1860b7e01
bundles/systemd-networkd: add option to only create a .netdev file for interfaces
2020-11-13 21:40:44 +01:00
Franzi
75d86f3339
bundles/systemd-networkd: support vlans
2020-11-13 16:29:17 +01:00
Franzi
4213b60052
bundles/lldp: introduce, add to all nodes at home
2020-11-13 16:28:43 +01:00
Franzi
b9b0a9c5ca
bundles/vmhost: install correct packages
2020-11-13 14:47:40 +01:00
Franzi
df63f8c732
bundles/nginx: make sure /var/www exists
2020-11-13 13:35:02 +01:00
Franzi
e91ac7e457
bundles/backup-client: fix detection of rsync errors
bundlewrap/pipeline/head This commit looks good
2020-11-13 13:34:21 +01:00
Franzi
d31910368c
icinga2: install packages and dependencies
2020-11-13 13:19:26 +01:00
Franzi
6bac83def2
bundles/rspamd: fix automatic generation of dkim key
bundlewrap/pipeline/head This commit looks good
2020-11-13 13:11:26 +01:00
Franzi
cff0870e63
bundles/rspamd: refine auto-generation of dkim signing keys
2020-11-13 13:09:37 +01:00
Franzi
56f1b1a6c6
bundles/rspamd: first draft for automatically-rotating dkim keys
2020-11-13 13:09:34 +01:00
Franzi
f04dac11e5
Merge branch 'kunsi-icinga2' into main
bundlewrap/pipeline/head This commit looks good
2020-11-13 13:03:16 +01:00
Franzi
741f3b0032
bundles/backup-client: fix cronjob
2020-11-13 12:57:50 +01:00
Franzi
0749fc75c5
bundles: add backup paths
2020-11-13 12:37:26 +01:00
Franzi
f71653e3ce
bundles/backup-{client,server}: introduce
2020-11-13 12:36:52 +01:00
Franzi
30ee0c8bdf
bundles/mx-puppet-discord: restart service after building new version
2020-11-13 09:26:34 +01:00
Franzi
e5c12f0628
bundles/nginx: create webroot directories after bundle:zfs is done
2020-11-12 22:59:46 +01:00
Franzi
2274e7aa37
bundles/nfs-server: introduce
bundlewrap/pipeline/head This commit looks good
2020-11-12 19:59:02 +01:00
Franzi
f2a0f0b46a
bundles/systemd-networkd: support bond and bridge interfaces
2020-11-12 19:38:10 +01:00
Franzi
633ccb97fd
bundles/zfs: rename zed -> zfs-zed
2020-11-12 19:36:28 +01:00
Franzi
d01d89d432
bundles/apt: support debian 11
2020-11-12 18:40:19 +01:00
Franzi
e395a42160
bundles/apt: no need to have apt-daily.timer running
bundlewrap/pipeline/head This commit looks good
2020-11-12 15:10:59 +01:00
Franzi
087f4bb74d
groups/{gce,home}: send mail via mx0.kunbox.net
bundlewrap/pipeline/head This commit looks good
2020-11-11 13:31:01 +01:00
Franzi
11701a67c8
dns: deploy MTA-STS
bundlewrap/pipeline/head This commit looks good
2020-11-11 11:41:06 +01:00
Franzi
d47c39185b
bundles/php: no need to restart php if just installing the base packages
bundlewrap/pipeline/head This commit looks good
2020-11-11 08:37:29 +01:00
Franzi
652fb72ccc
bundles/postfix: fix metadata reactor for letsencrypt
2020-11-11 08:35:36 +01:00
Franzi
9dd7589f12
bundles/postfix: add submission_header_cleanup file
2020-11-10 20:34:27 +01:00
Franzi
8180769120
bundles/postfix: add postmaster alias
2020-11-10 20:32:39 +01:00
Franzi
f9bd2d695d
bundles/postfix: add SPAM BLOCKLISt for every non-private IP attached to the server
bundlewrap/pipeline/head This commit looks good
2020-11-10 14:28:12 +01:00
Franzi
aad1a742b7
bundles/icinga2: add ipv6-capable check_rbl script
2020-11-10 14:26:07 +01:00
Franzi
f30aa48eca
bundles/icinga2: add sshmon private key
bundlewrap/pipeline/head This commit looks good
2020-11-10 13:43:46 +01:00
Franzi
a176a1aa65
bundles/icinga2: introduce, install checks, install sources.list, create postgres database
bundlewrap/pipeline/head This commit looks good
2020-11-10 13:37:27 +01:00
Franzi
a9c00409b4
bundles/mautrix-telegram: fix item dependency error
bundlewrap/pipeline/head This commit looks good
2020-11-10 13:26:03 +01:00
Franzi
6cd02dc563
bundles: move non-login users to items.py
bundlewrap/pipeline/head There was a failure building this commit
2020-11-10 13:24:07 +01:00
Franzi
cca4fec761
bundles/users: get default user data from users.json
2020-11-10 13:12:36 +01:00
Franzi
c090a9c2c2
bundles/users: move root user to metadata
2020-11-10 12:50:08 +01:00
Franzi
3fbe32518a
bundles/postgresql: rename users -> roles
bundlewrap/pipeline/head This commit looks good
2020-11-10 12:37:58 +01:00
Franzi
d087cea869
bundles/gitea: add monitoring
2020-11-10 11:32:59 +01:00
Franzi
985f47ca99
bundles/miniflux: add monitoring
2020-11-10 11:28:40 +01:00
Franzi
8cb997133a
bundles/nginx: add monitoring
bundlewrap/pipeline/head This commit looks good
2020-11-10 10:57:04 +01:00
Franzi
65a8efc97f
bundles/zfs: fix monitoring metadata
bundlewrap/pipeline/head This commit looks good
2020-11-10 10:35:01 +01:00
Franzi
f80896fa3b
bundles/postfix: add monitoring
2020-11-10 10:21:37 +01:00
Franzi
420cea15d2
bundles/apt: add monitoring for unattended upgrades
2020-11-10 09:50:20 +01:00
Franzi
6ca0d863b1
bundles/sudo: use sudoers.d
bundlewrap/pipeline/head This commit looks good
2020-11-09 20:39:35 +01:00
Franzi
c7362df6c4
bundles/sshmon: import from work repository
2020-11-09 20:31:06 +01:00
Franzi
eaf268aea9
libs/tools: change resolve_identifier() to return ipv4 and ipv6 separately
bundlewrap/pipeline/head This commit looks good
2020-11-09 18:46:37 +01:00
Franzi
67386d9efa
bundles/cron: provide some environment, also manage /etc/crontab
bundlewrap/pipeline/head This commit looks good
2020-11-09 18:24:01 +01:00
Franzi
a58c5877bf
bundles/gce-workaround: uninstall gce-disk-expand, too
bundlewrap/pipeline/head This commit looks good
2020-11-09 16:48:28 +01:00
Franzi
4921e0b74f
bundles/systemd-networkd: use correct syntax for resolv.conf
2020-11-09 16:47:56 +01:00
Franzi
6f87a1d240
bundles/systemd-networkd: also deploy resolv.conf
2020-11-09 16:38:59 +01:00
Franzi
394424951f
bundles/systemd-networkd: fix naming of GatewayOnlink
2020-11-09 16:38:35 +01:00
Franzi
78047da04a
bundles/postgresql: only install packages after we have a zfs dataset
2020-11-09 16:37:00 +01:00
Franzi
5bd642236c
bundles/postfix: only call newaliases if we already have postfix installed
2020-11-09 16:36:26 +01:00
Franzi
607da9d39b
bundles/powerdns: user resolve_identifier() for node-dns-entries
2020-11-09 15:37:48 +01:00
Franzi
91fd33cfa0
bundles/systemd-networkd: better dhcp support
2020-11-09 14:58:09 +01:00
Franzi
5e7c7671e0
bundles/systemd-networkd: proper config
2020-11-09 14:48:19 +01:00
Franzi
fbb4e2f7a5
systemd-networkd: first draft
2020-11-09 14:08:32 +01:00
Franzi
c3c510c609
bundles/mautrix-telegram: disable parallel file transfers for now
2020-11-09 13:17:38 +01:00
Franzi
af97226512
nodes/htz.ex42-1048908: update mautrix-telegram to 0.9.2-rc2
bundlewrap/pipeline/head This commit looks good
2020-11-09 12:16:06 +01:00
Franzi
06e30cf23c
bundles/mautrix-telegram: also upgrade pip when upgrading bridge
2020-11-09 12:15:37 +01:00
Franzi
90e3bb7fb2
bundles/mautrix-telegram: no need to provide our own alembic.ini
2020-11-09 12:12:04 +01:00
Franzi
c0986eb956
bundles/mautrix-telegram: fix database migration
bundlewrap/pipeline/head This commit looks good
2020-11-09 12:09:17 +01:00
Franzi
614b920890
bundles/mautrix-telegram: pin version until database migration is fixed
bundlewrap/pipeline/head This commit looks good
2020-11-09 11:27:34 +01:00
Franzi
3ff5d8a7dd
bundles/postfix: add alias database
bundlewrap/pipeline/head This commit looks good
2020-11-09 10:52:24 +01:00
Franzi
64cffad6a7
bundles/rspamd: silence clamav cronjob
2020-11-08 15:03:26 +01:00
Franzi
0eca42d188
bundles/dovecot: fix home directory for virtual mailboxes
bundlewrap/pipeline/head This commit looks good
2020-11-08 13:00:44 +01:00
Franzi
b4b988e5f2
bundles/postfix: disable TLS1.0 and 1.1, disable weak ciphers
bundlewrap/pipeline/head This commit looks good
2020-11-08 12:24:37 +01:00
Franzi
f85349f0c5
bundles/postfixadmin: fix apt packages
bundlewrap/pipeline/head This commit looks good
2020-11-08 11:53:51 +01:00
Franzi
15428b03be
bundles/rspamd: introduce, add to htz.ex42-1048908
bundlewrap/pipeline/head There was a failure building this commit
2020-11-08 10:43:51 +01:00
Franzi
a236444fe5
bundles/dovecot: make sure to reload dovecot after letsencrypt
2020-11-08 10:42:08 +01:00
Franzi
b00b2aa245
bundles/dovecot: autoexpunge Junk folder
bundlewrap/pipeline/head There was a failure building this commit
2020-11-07 22:46:15 +01:00
Franzi
7080b0d89e
bundles/rspamd: create dummy bundle
2020-11-07 22:32:08 +01:00
Franzi
18b573a9c6
bundles/dovecot: introduce
2020-11-07 22:31:47 +01:00
Franzi
f42dda5961
bundles/postfixadmin: introduce
2020-11-07 22:31:29 +01:00
Franzi
5550d2cc56
bundles/postfix: introduce
2020-11-07 22:31:18 +01:00
Franzi
88afba9ce9
bundles/mx-puppet-discord: add RestartSec= to systemd unit file
2020-11-07 09:40:22 +01:00
Franzi
7ab121e7e5
bundles/mautrix-telegram: install bridge from git repository
2020-11-07 09:39:57 +01:00
Franzi
d7f578742b
bundles/mx-puppet-discord: put bridge repo into subdirectory
...
this avoids recreating config and registration on every update, which in turn
avoids restarting synapse
2020-11-07 09:08:10 +01:00
Franzi
c481fc1327
nodes/htz.ex42-1048908: add php
bundlewrap/pipeline/head This commit looks good
2020-11-07 09:06:11 +01:00
Franzi
f8bc4b2ad9
bundles/php: introduce
2020-10-31 13:00:38 +01:00
Franzi
e2d8923dee
bundles/nginx: use metadata reactor to determine index files
2020-10-31 10:41:48 +01:00
Franzi
f1f7086aab
bundles/postgresql: make sure we have postgres_role before adding postgres_db
2020-10-31 10:30:48 +01:00
Franzi
67c5c23194
bundles/nginx: support non-domain vhost names
2020-10-31 10:30:07 +01:00
Franzi
113221a9b2
bundles/nginx: make sure we have dhparam.pem
2020-10-31 10:18:40 +01:00
Franzi
9cc5c07466
bundles/letsencrypt: do not try to do authorizations without a webserver
2020-10-31 10:11:58 +01:00
Franzi
76fe68a3d1
bundles/zfs: fix dependencies, auto-load zfs module if not loaded
2020-10-31 10:11:15 +01:00
Franzi
8eeaabf615
bundles/nginx: use http 308 for https redirect
...
bundlewrap/pipeline/head This commit looks good
basically "go away. nothing's here. use https forever."
2020-10-30 15:24:24 +01:00
Franzi
50372572f4
bundles/zfs: improvements
2020-10-25 16:41:18 +01:00
Franzi
3077d74318
bundles/users: alias s='sudo -i'
2020-10-25 13:21:04 +01:00
Franzi
351d779f20
bundles/users: add metadata entry for bash aliases
2020-10-25 13:19:46 +01:00
Franzi
2a992773f3
bundles/users: fish shell is gone everywhere
2020-10-25 13:17:26 +01:00
Franzi
831545d8b1
introduce node.metadata['hostname'] to other bundles, update nodefiles to reflect changes
bundlewrap/pipeline/head This commit looks good
2020-10-25 11:14:46 +01:00
Franzi
b70f9c9c9d
bundles/powerdns: make sure every dns server is able to resolve every other dns server
2020-10-25 10:58:11 +01:00
Franzi
a33d8e4201
bundles/powerdns: decrease RETRY time
2020-10-25 10:57:26 +01:00
Franzi
29f488c082
bundles/powerdns: put ip addresses of secondary nameservers into allow-axfer-ips
bundlewrap/pipeline/head There was a failure building this commit
2020-10-25 10:56:55 +01:00
Franzi
152bb56fdd
bundles/powerdns: remove superslave setting
...
bundlewrap/pipeline/head There was a failure building this commit
debian currently does ship an older version, in which this
setting is enabled by default.
2020-10-25 10:55:17 +01:00
Franzi
7a3e3ad68f
bundles/powerdns: we don't need the node names of primary nameservers
2020-10-25 10:53:55 +01:00
Franzi
43bd6b4774
bundles/powerdns: only enable webserver and api on primary nameservers
2020-10-25 10:52:51 +01:00
Franzi
78c553faf9
bundles/nodejs: update to 14.x
bundlewrap/pipeline/head This commit looks good
2020-10-24 17:20:50 +02:00
Franzi
a0702416a0
bundles/radicale: introduce
bundlewrap/pipeline/head This commit looks good
2020-10-23 15:22:35 +02:00
Franzi
d76f69ab49
bundles/apt: more output for upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2020-10-23 06:26:19 +02:00
Franzi
2bc659af5f
bundles/users: add some bash aliases
bundlewrap/pipeline/head This commit looks good
2020-10-23 06:06:59 +02:00
Franzi
6398e668e1
bundles/apt: use DEBIAN_FRONTEND=noninteractive everywhere in upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2020-10-23 04:33:01 +02:00