Franzi
c97d9ab948
bundles/postfix: use own postqueue exporter
2021-04-24 10:17:05 +02:00
Franzi
76f46ca7d5
bundles/telegraf: add sudoers file
2021-04-24 10:12:56 +02:00
Franzi
2432075f9a
bundles/telegraf: ensure telegraf is running, restart on config changes
2021-04-24 10:05:52 +02:00
Franzi
f58e66f701
bundles/c3voc-addons: make sure we're not accidentially overwriting c3voc telegraf config
2021-04-24 09:44:31 +02:00
Franzi
2667a2c00d
libs: replace libs.toml.dict_to_toml with libs.faults.resolve_faults
bundlewrap/pipeline/head This commit looks good
2021-04-24 09:39:08 +02:00
Franzi
a37d31973a
bundles: add some telegraf plugins
2021-04-24 09:14:25 +02:00
Franzi
5e0541aef8
bundles/telegraf: introduce
2021-04-24 09:14:21 +02:00
Franzi
ebb6d287b2
bundles/icinga2: add node name to automatic downtime comment
bundlewrap/pipeline/head This commit looks good
2021-04-23 14:30:34 +02:00
Franzi
8b14575657
bundles/postgresql: add metadata keys for some performance related config options
2021-04-23 14:02:04 +02:00
Franzi
616feb54b2
bundles/sshmon: fix an issue where check_mounts couldn't properly detect systemd mount units
2021-04-23 14:01:24 +02:00
Franzi
c0ff320281
bundles/scansnap: set proper permissions for /srv/scansnap
2021-04-21 18:25:37 +02:00
Franzi
c79b3f77c2
bundles/scansnap: cleanup old scans
2021-04-21 18:20:47 +02:00
Franzi
0c0a8e6263
bundles/scansnap: chown files to nobody-nogroup
2021-04-21 18:18:27 +02:00
Franzi
b5fb5dd6c2
bundles/scansnap: introduce, add to home.nas
2021-04-21 17:58:16 +02:00
Franzi
5e49e3204b
bundles/nfs-server: sort shares
2021-04-21 17:56:53 +02:00
Franzi
24362768fb
bundles/dhcpd: rework metadata
bundlewrap/pipeline/head This commit looks good
2021-04-20 18:18:17 +02:00
Franzi
12c04cf3be
bundles/users: some more bash config
2021-04-19 20:39:57 +02:00
Franzi
8536e87475
bundles/systemd-networkd: some more dhcp settings
bundlewrap/pipeline/head This commit looks good
2021-04-18 11:05:42 +02:00
Franzi
51ee9be424
bundles/radvd: advertise atleast every 30 seconds
2021-04-18 11:05:10 +02:00
Franzi
4973c63e62
bundles/icinga2: remove icinga_options/downtime_also_for, add host dependencies via icinga_options/also_affected_by
bundlewrap/pipeline/head This commit looks good
2021-04-17 09:21:51 +02:00
Franzi
4d5e75df68
bundles/icinga2: introduce icinga_options/downtime_also_for
bundlewrap/pipeline/head This commit looks good
2021-04-17 03:43:08 +02:00
Franzi
6a88040826
bundles/nginx: disable Federated Learning of Cohorts for all hosts
bundlewrap/pipeline/head This commit looks good
2021-04-16 18:36:50 +02:00
Franzi
bc8050cd3c
bundles/postfix: fix connection limits for smtpd
bundlewrap/pipeline/head This commit looks good
2021-04-11 21:56:37 +02:00
Franzi
b04a207262
nodes/htz.ex42-1048908: add some blocked email domains
bundlewrap/pipeline/head This commit looks good
2021-04-11 18:20:16 +02:00
Franzi
f0eb6f0d1b
bundles/vnstat: add favicon to web dashboard
...
bundlewrap/pipeline/head This commit looks good
As requested by sophie
2021-04-11 14:35:49 +02:00
Franzi
e809ed4859
bundles/vnstat: changes in systemd unit files must trigger daemon-reload
bundlewrap/pipeline/head This commit looks good
2021-04-11 11:18:42 +02:00
Franzi
dca56140aa
bundles/simple-icinga-dashboard: use systemd-timers, use virtualenv
bundlewrap/pipeline/head This commit looks good
2021-04-11 11:17:09 +02:00
Franzi
26c2be07cf
bundles/vnstat: adjust vnstati calls for debian bullseye
bundlewrap/pipeline/head This commit looks good
2021-04-11 09:01:58 +02:00
Franzi
69279ba34f
bundles/postfix: be a bit more relaxed when checking for smtp errors
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:50:16 +02:00
Franzi
018bdb2f83
bundles/matrix*: better monitoring
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:40:44 +02:00
Franzi
9618e388c3
bundles/simple-icinga-dashboard: only resolve faults when rendering the template, not earlier
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:33:32 +02:00
Franzi
36bd6f5755
bundles/simple-icinga-dashboard: config is a toml file now
bundlewrap/pipeline/head There was a failure building this commit
2021-04-10 16:08:52 +02:00
Franzi
b33ddaadb5
bundles/simple-icinga-dashboard: add replacements
2021-04-10 15:43:37 +02:00
Franzi
fc7655469f
icinga2: add pretty_name for status page
bundlewrap/pipeline/head This commit looks good
2021-04-10 15:05:29 +02:00
Franzi
efd2875b17
bundles/c3voc-addons: add sms to NGINX VHOST checks
2021-04-10 15:04:34 +02:00
Franzi
8b2771cd63
Revert "bundles/systemd-networkd: fix vlan support for bridges and bonds"
...
bundlewrap/pipeline/head This commit looks good
This reverts commit 02146a81d6
.
2021-04-10 13:34:49 +02:00
Franzi
ef84b3f889
Revert "bundles/systemd-networkd: no need for a specific order in /etc/systemd/network/"
...
bundlewrap/pipeline/head This commit looks good
This reverts commit b679f568eb
.
Documentation says order is irrelevant, but it is not. If we do not use
ordering, vlan interfaces are defined before the parent interfaces, which
leads to systemd-networkd not applying config for the parent interfaces.
2021-04-10 12:22:08 +02:00
Franzi
0d1a220b7b
bundles/systemd-networkd: generate unique mac address for vlan interfaces
2021-04-10 12:18:23 +02:00
Franzi
197ebe2e38
bundles/systemd-networkd: add BindCarrier to bridges
bundlewrap/pipeline/head This commit looks good
2021-04-10 11:41:23 +02:00
Franzi
00d46cb1b1
bundles/pppd: fix typo in restart-pppoe-if-no-public-ip
2021-04-10 09:49:40 +02:00
Franzi
af6b16cc35
bundles/pppd: fix KeyError in restart-pppoe-if-no-public-ip
bundlewrap/pipeline/head This commit looks good
2021-04-10 09:38:47 +02:00
Franzi
02146a81d6
bundles/systemd-networkd: fix vlan support for bridges and bonds
2021-04-10 09:18:45 +02:00
Franzi
24f04e59aa
nodes/voc.pretalx: work around content-security-policy issues
bundlewrap/pipeline/head This commit looks good
2021-04-05 08:18:21 +02:00
Franzi
aad27851bb
bundles/miniflux: proxy all images
bundlewrap/pipeline/head This commit looks good
2021-04-04 22:16:14 +02:00
Franzi
e36a352a42
bundles: fix usage of set() vs {}
bundlewrap/pipeline/head This commit looks good
2021-04-04 10:34:55 +02:00
Franzi
c418102000
bundles/netdata: fix iptables default
2021-04-04 10:30:45 +02:00
Franzi
513eb4bed6
bundles/mosquitto: add monitoring
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:43:24 +02:00
Franzi
2027308249
bundles/zfs: fix typo in check_zpool_space
2021-04-03 09:41:17 +02:00
Franzi
9cbf866de7
bundles/mosquitto: introduce, add to node home.nas
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:36:47 +02:00
Franzi
f8bbe00d47
overall better handling and usage of exceptions
bundlewrap/pipeline/head This commit looks good
2021-04-02 18:57:13 +02:00
Franzi
5d5930265a
bundles/postfix: remove print statement
2021-04-02 18:29:33 +02:00
Franzi
61cf881a03
bundles/pretalx: add bash_alias for manage.py
bundlewrap/pipeline/head This commit looks good
2021-04-02 14:59:56 +02:00
Franzi
4a3be10add
bundles/apt: fix if in upgrade-and-reboot
2021-04-02 13:40:55 +02:00
Franzi
a24fb12c21
bundles/apt: introduce restart_triggers (restart services if another service has been upgraded)
bundlewrap/pipeline/head There was a failure building this commit
2021-04-02 08:12:51 +02:00
Franzi
7ca24d27d3
bundles/apt: add a bit of code to remove old, unused kernel images
2021-04-02 08:11:17 +02:00
Franzi
8a0c8f32ae
bundles: less Restart=on-failure, more Restart=always
2021-04-02 08:05:33 +02:00
Franzi
5b276368b8
bundles/wireguard: iptables/bundle_rules should be a list
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:13:24 +02:00
Franzi
17f9aa9c3e
bundles/icinga2: disable command module
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:12:35 +02:00
Franzi
c5eb2f4f70
bundles/icinga2: do not send recovery emails
2021-04-01 17:11:42 +02:00
Franzi
957cac5ebc
bundles/postfix: disable SPAM BLOCKLIST check if relayhost is set
2021-04-01 17:00:53 +02:00
Franzi
61c6188454
bundles/postfix: mynetworks now supports identifiers
2021-04-01 16:59:49 +02:00
Franzi
b7222e2cd1
bundles/systemd-networkd: fix typo in routes
bundlewrap/pipeline/head This commit looks good
2021-04-01 16:31:57 +02:00
Franzi
6e423c24fb
bundles/wireguard: rework metadata.py
bundlewrap/pipeline/head There was a failure building this commit
2021-04-01 16:27:31 +02:00
Franzi
b679f568eb
bundles/systemd-networkd: no need for a specific order in /etc/systemd/network/
2021-04-01 16:26:06 +02:00
Franzi
d787f8b0a3
bundles/systemd-networkd: rework routes
2021-04-01 16:25:24 +02:00
Franzi
b52a196c73
bundles/nginx: add configuration option for client_max_body_size
bundlewrap/pipeline/head This commit looks good
2021-03-30 21:26:25 +02:00
Franzi
da9fe36646
bundles/pretalx: support installing plugins
2021-03-30 19:52:03 +02:00
Franzi
7345543fa2
bundles/mx-puppet-discord: remove logging to files, disable presence logging
bundlewrap/pipeline/head This commit looks good
2021-03-28 11:29:16 +02:00
Franzi
c388d5ea1e
bundles/postgresql: fix restart dependencies
bundlewrap/pipeline/head This commit looks good
2021-03-28 09:39:08 +02:00
Franzi
35e4bbf04b
bundles/postfix: remove postscreen usage
...
bundlewrap/pipeline/head This commit looks good
postscreen isn't able to share its cache file between
instances, which leads to the server simply accepting
mails for the port on which postscreen starts up later.
Since we can't predict which port this will be, we
simply remove postscreen alltogether.
Yes, i know i could just remove postscreen for port 2525.
2021-03-28 09:00:37 +02:00
Franzi
ce39850bda
bundles/postfix: fix .provides() for iptables reactor
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:56:22 +02:00
Franzi
9fe4e2933d
bundles/postfix: add firewalling for port 2525
bundlewrap/pipeline/head There was a failure building this commit
2021-03-28 08:37:51 +02:00
Franzi
a4b2dc29a9
bundles/miniflux: don't clean up old entries
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:04:41 +02:00
Franzi
39c1d34bbb
bundles/sshmon: fix disk space usage limits
2021-03-27 12:07:49 +01:00
Franzi
8f0f635484
bundles/basic: change load graph for cpu graph
2021-03-27 12:06:12 +01:00
Franzi
568a31586f
bundles/apt: fix permissions for /etc/kernel/postinst.d/unattended-upgrades
bundlewrap/pipeline/head This commit looks good
2021-03-27 08:31:29 +01:00
Franzi
f514e200f0
bundles/mautrix-whatsapp: restart bridge daily again
...
bundlewrap/pipeline/head This commit looks good
It seems neither WhatsApp nor WhatsApp Web are designed for 24/7
connections, thus leading to all kinds of weird side effects like
"Bridge thinks it's connected, but no messages get through at all"
or "WhatsApp is running, but the Bridge can't connect to it"
2021-03-27 08:21:41 +01:00
Franzi
f98720b57b
bundles/dhcpd: sort dchp leases by ip in bash alias
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:27:52 +01:00
Franzi
65490b1d20
bundles/apt: log stdout and stderr separately in upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:02:48 +01:00
Franzi
27753d50c4
bundles/postfix: use threading in check_spam_blocklist
bundlewrap/pipeline/head This commit looks good
2021-03-25 17:42:59 +01:00
Franzi
fdcec012f3
bundles/postfix: add SPAM BLOCKLIST check for every non-private IP attached to the server
bundlewrap/pipeline/head This commit looks good
2021-03-22 20:24:14 +01:00
Franzi
b99176be49
bundles/kodi: add iptables rules
bundlewrap/pipeline/head This commit looks good
2021-03-21 19:10:49 +01:00
Franzi
28dd9694af
add bundle:oidentd
bundlewrap/pipeline/head This commit looks good
2021-03-21 17:40:58 +01:00
Franzi
6a6198c9b9
bundles/wireguard: move iptables rules to metadata reactor
bundlewrap/pipeline/head This commit looks good
2021-03-21 15:26:29 +01:00
Franzi
3bc5e55400
bundles/iptables: don't apply iptables rules if a rules file is missing
2021-03-21 11:44:27 +01:00
Franzi
4b00c8b55a
bundles/unbound: do not bind to 0.0.0.0 if qemu is installed
2021-03-21 11:43:53 +01:00
Franzi
5a0aa82ec9
bundles/powerdns: fix missing imports
2021-03-21 11:43:17 +01:00
Franzi
62f7080db9
bundles/nfs-server: add iptables config
2021-03-21 11:24:21 +01:00
Franzi
850d860d59
bundles/powerdns: add iptables config
2021-03-21 11:12:18 +01:00
Franzi
31ddea7649
bundles/dovecot: add iptables config
2021-03-21 11:12:03 +01:00
Franzi
5775001301
bundles/postfix: add iptables config
2021-03-21 11:11:49 +01:00
Franzi
c9f008ad82
bundles/openssh: move iptables rules to metadata reactor
bundlewrap/pipeline/head This commit looks good
2021-03-21 10:37:28 +01:00
Franzi
b943d2d465
rework iptables configuration
bundlewrap/pipeline/head This commit looks good
2021-03-21 10:30:04 +01:00
Franzi
3fcd81960e
bundles/postfix: allow configuring mynetworks
bundlewrap/pipeline/head This commit looks good
2021-03-15 11:41:35 +01:00
Franzi
52cab71fec
bundles/wireguard: also allow outgoing traffic
...
How did this ever work without this rule?
2021-03-15 09:00:35 +01:00
Franzi
adb808a683
bundles/users: more colourful bash for everyone
bundlewrap/pipeline/head This commit looks good
2021-03-14 17:14:08 +01:00
Franzi
f6ecf2a465
bundles/nfs-client: support arch linux
bundlewrap/pipeline/head This commit looks good
2021-03-11 15:24:06 +01:00
Sophie Schiller
c87611c2e2
bw/kodi add backports repo
bundlewrap/pipeline/head This commit looks good
2021-03-08 21:06:25 +01:00
Franzi
8b07fce738
bundles/unbound: decrease statistics-interval until debian has 1.19 and we're actually able to use them
2021-03-06 10:03:22 +01:00
Franzi
f214f70cd4
bundles/basic: add textual cpu stats to htop
2021-03-06 09:58:22 +01:00
Franzi
7e57c0f03e
bundles/basic: current htop version in debian does not support DiskIO nor NetworkIO
bundlewrap/pipeline/head This commit looks good
2021-03-06 09:56:05 +01:00
Franzi
ebcf8e4445
bundles/matrix-media-repo: also restart matrix-media-repo after updating
bundlewrap/pipeline/head This commit looks good
2021-03-05 07:21:23 +01:00
Franzi
2adf3c6a72
bundles/sshmon: increase acceptable amount of cpu steal
bundlewrap/pipeline/head This commit looks good
2021-03-01 15:52:55 +01:00
Franzi
e435ae582a
bundles/icinga2: add monitoring for IdoPgsqlConnection
bundlewrap/pipeline/head This commit looks good
2021-03-01 15:36:29 +01:00
Franzi
3adfb9779a
bundles/molly-guard: introduce, add to systems
bundlewrap/pipeline/head This commit looks good
2021-02-26 17:58:20 +01:00
Franzi
51ca74549e
bundles/basic: add htoprc
bundlewrap/pipeline/head This commit looks good
2021-02-24 19:24:56 +01:00
Franzi
836f065382
bundles/pleroma: add website content check
bundlewrap/pipeline/head This commit looks good
2021-02-20 22:11:19 +01:00
Franzi
b470fddc12
bundles/nginx: add gdpr-compatible log format
2021-02-20 21:11:12 +01:00
Franzi
8cb172a1c1
bundles/pleroma: remove NoNewPrivileges=true, interferes with mail delivery
2021-02-20 20:57:00 +01:00
Franzi
017c2c3421
bundles/pleroma: allow database configuration
bundlewrap/pipeline/head There was a failure building this commit
2021-02-20 20:18:34 +01:00
Franzi
f8c157ce50
bundles/pleroma: get it working
bundlewrap/pipeline/head This commit looks good
2021-02-20 19:37:33 +01:00
Franzi
1f3e7afb2c
bundles/pleroma: initial NON-WORKING version
2021-02-20 19:14:20 +01:00
Franzi
5433859a86
bundles/letsencrypt: also check for chain.pem, nginx needs this
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:38:11 +01:00
Franzi
e2d7d05783
bundles/systemd-networkd: manage apt packages via bundle:apt
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:35:45 +01:00
Franzi
ad5c8cc0ab
bundles/postfix: only get certificate if actually needed
bundlewrap/pipeline/head This commit looks good
2021-02-20 17:30:38 +01:00
Franzi
97a1b3ae85
bundles/zfs: add comment to action:modprobe-zfs
bundlewrap/pipeline/head This commit looks good
2021-02-20 16:51:34 +01:00
Franzi
1c0a3ee8e7
bundles/postgresql: fix postgresql config path
2021-02-20 16:50:38 +01:00
Franzi
194de9ef2d
bundles/letsencrypt: fix some errors in letsencrypt-ensure-some-certificate
bundlewrap/pipeline/head This commit looks good
2021-02-20 15:48:17 +01:00
Franzi
3fa81ddc85
bundles/gitea: use canned stop action
2021-02-20 15:47:35 +01:00
Franzi
74d81eb7ba
bundles/nginx: support disabling ssl for each vhost individually
bundlewrap/pipeline/head This commit looks good
2021-02-20 14:25:27 +01:00
Franzi
228786f6aa
bundles/letsencrypt: generate a dummy certificate, if no certificate already exists
2021-02-20 13:52:40 +01:00
Franzi
014b6029c5
nodes/htz.ex42-1048908: update element-web config
bundlewrap/pipeline/head This commit looks good
2021-02-20 11:10:08 +01:00
Franzi
1ac6559b9f
bundles/postgresql: add pg_query_mon
2021-02-20 10:56:20 +01:00
Franzi
c0b8d35a47
bundles/icinga2: fix double emoji for WARNING state
bundlewrap/pipeline/head This commit looks good
2021-02-19 14:03:00 +01:00
Franzi
2bccbf9ded
bundles/icinga2: add some emoji to sent SMS, don't send output via SMS if everything is fine
bundlewrap/pipeline/head This commit looks good
2021-02-19 14:01:45 +01:00
Franzi
8ac9b2f204
bundles/matrix-synapse: add scripts/synapse-purge-unused-rooms
bundlewrap/pipeline/head This commit looks good
2021-02-19 11:56:21 +01:00
Franzi
b06532241b
bundles: use metastack syntax for metadata.get()
bundlewrap/pipeline/head This commit looks good
2021-02-18 18:12:25 +01:00
Franzi
6e9fb7044a
bundles/systemd-networkd: add "enable-resolved" flag
2021-02-18 17:56:43 +01:00
Franzi
fbf0371371
bundles/systemd: support different timezones
2021-02-18 17:56:06 +01:00
Franzi
1abc0153f5
bundles/openssh: do not add deleted users to ssh config
bundlewrap/pipeline/head There was a failure building this commit
2021-02-18 15:12:30 +01:00
Franzi
75224f0d5c
bundles/lldp: support arch linux
2021-02-18 15:10:50 +01:00
Franzi
f4a644795e
bundles/basic: support setting a different default locale
2021-02-18 14:51:33 +01:00
Franzi
32d129015e
bundles/pacman: introduce, support pkg_pacman in some other bundles
2021-02-18 14:24:57 +01:00
Franzi
9bf7f856af
bundles/users: allow setting another shell
2021-02-18 14:24:09 +01:00
Franzi
8a2bef9b77
bundles/apt: move vim to default packages
2021-02-18 14:23:43 +01:00
Franzi
03840fd152
bundles/systemd: more options in journald.conf
bundlewrap/pipeline/head This commit looks good
2021-02-18 10:29:38 +01:00
Franzi
fbb8840dff
add .editorconfig, format files correctly
bundlewrap/pipeline/head This commit looks good
2021-02-17 10:56:18 +01:00
Franzi
b42e39ed0a
get rid of check_rbl
2021-02-17 10:51:49 +01:00
Franzi
9d5d80457f
bundles/element-web: rename from riot-web, use tagged releases
bundlewrap/pipeline/head This commit looks good
2021-02-16 12:49:02 +01:00
Franzi
abb99ed58a
bundles/raspberrypi: remove isc-dhcp-client
2021-02-16 08:41:37 +01:00
Franzi
d2260b4699
bundles/wireguard: use PersistentKeepalive to work around intermittent connection issues
bundlewrap/pipeline/head This commit looks good
2021-02-15 15:16:44 +01:00
Franzi
5c1eba0d58
bundles: use a common metadata key for firewall restrictions, use repo.libs.tools.resolve_identifier()
bundlewrap/pipeline/head This commit looks good
2021-02-15 14:16:35 +01:00
Franzi
56fce7d460
bundles/wireguard: add exclude_from_monitoring option for wireguard peers
2021-02-14 21:35:37 +01:00
Franzi
65e6b8d053
bundles/backup-client: use a bash function to do backups instead of repeating the same code over and over
2021-02-13 09:18:00 +01:00
Franzi
adeb8eff88
bundles/postgresql: only do database dumps if we're actually doing backups
2021-02-13 09:04:59 +01:00
Franzi
724537558e
bundles/postgresql: do a database dump before backing up the database
bundlewrap/pipeline/head This commit looks good
2021-02-13 08:56:35 +01:00
Franzi
3d1468b214
bundles/backup-client: backup-pre-hooks should have numeric sorting
2021-02-13 08:37:49 +01:00
Franzi
7aeb46382d
bundles/zfs: move icinga2_api to metadata defaults
2021-02-13 08:37:00 +01:00
Franzi
2fbbaa1586
bundles/zfs: remove support for snapshot_only and snapshot_never (unused)
2021-02-13 08:36:10 +01:00
Franzi
b20f369ea8
bundles/backup-client: metadata backup-pre-hooks now use /bin/sh by default
2021-02-13 08:26:46 +01:00
Franzi
077eaa265c
bundles/radicale: use Fault.as_htpasswd_entry() instead of pre-encrypting passwords
2021-02-13 08:17:31 +01:00
Franzi
978285bf32
bundles/matrix-media-repo: add backup/paths metadata
2021-02-13 08:09:48 +01:00
Franzi
f52df58517
bundles: code style improvements
bundlewrap/pipeline/head This commit looks good
2021-02-12 20:45:41 +01:00
Franzi
c0353d2911
bundles/apt: add option to configure patch-hour, not only patchday
2021-02-12 18:53:25 +01:00
Franzi
767db8efdd
bundles/apt: add /etc/kernel/postinst.d/unattended-upgrades to ensure a reboot on kernel updates
bundlewrap/pipeline/head This commit looks good
2021-02-12 18:12:24 +01:00
Franzi
d4b110087f
bundles/matrix-media-repo: introduce, add to htz.ex42-1048908
bundlewrap/pipeline/head This commit looks good
2021-02-12 16:01:35 +01:00
Franzi
638e37c05f
bundles: add Requires=postgresql.service to some services which require postgresql
bundlewrap/pipeline/head This commit looks good
2021-02-12 13:28:52 +01:00
Franzi
9f8cbde7d7
bundles/transmission: always try to restart transmission
bundlewrap/pipeline/head This commit looks good
2021-02-11 09:06:20 +01:00
Franzi
a86e04683a
bundles/backup-client: fix missing space in generate-backup
bundlewrap/pipeline/head This commit looks good
2021-02-09 07:17:25 +01:00
Franzi
c25233b991
nodes: replace pkg_apt:redis with bundle:redis
bundlewrap/pipeline/head This commit looks good
2021-02-07 21:09:39 +01:00
Franzi
0d1e987a6f
bundles/backup-client: add backup-pre-hooks ( fixes #24 )
2021-02-07 20:47:22 +01:00
Franzi
a8690b13b8
bundles/rspamd: add "unless" to action:rspamd_assure_dkim_key_permissions
bundlewrap/pipeline/head This commit looks good
2021-02-06 19:10:16 +01:00
Franzi
eb431d8da8
bundles/postfix: also set alias_maps
...
bundlewrap/pipeline/head This commit looks good
fixes "warning: dict_nis_init: NIS domain name not set - NIS lookups disabled"
2021-02-06 10:24:19 +01:00
Franzi
457052d42b
bundles/gitea: downloading gitea updates needs stopping it first
2021-02-06 09:43:54 +01:00
Franzi
b6d23aaed4
bundles/sshmon: use own check_cpu_stats script
...
Old script only checked iowait, which is not enough.
2021-02-06 09:38:50 +01:00
Franzi
c185a5bacd
bundles/backup-client: do backups at 23:xx, so it won't interfere with upgrade-and-reboot
...
bundlewrap/pipeline/head This commit looks good
There were still problems with systems starting their backups late in the hour,
but backup servers did upgrade-and-reboot early it the hour. This leads to
incomplete backups, if the machine is rebooting, too.
2021-02-06 09:36:44 +01:00
Franzi
7e15f8adc3
bundles/octoprint: multi-line-output for check_octoprint_update
bundlewrap/pipeline/head This commit looks good
2021-02-02 20:20:11 +01:00
Franzi
8523754935
bundles/users: add vim-keybindings for pane navigation to tmux.conf
2021-01-31 07:59:19 +01:00
Franzi
bdc5b4de33
bundles/transmission: don't overwrite configs managed by transmission
2021-01-30 17:39:34 +01:00
Franzi
71f033b7c2
bundles/icinga2: fix dependencies for svc_systemd:icinga2
...
bundlewrap/pipeline/head This commit looks good
icinga2 runs fine without any checks, so we now only depend on the other
configuration files managed by bw. This will also fix unwanted
dependencies, because 'file:' means *all* files, not only those provided
by this bundle. In the past, it wasn't possible to skip any file,
because that would result in icinga not properly restarting.
2021-01-30 17:31:05 +01:00
Franzi
569275329c
bundles/sshmon: remove INTERNET check
...
bundlewrap/pipeline/head This commit looks good
We're using the internet to check these hosts, so if those hosts
wouldn't have an internet connection, the whole host would be
down, atleast as far as icinga can tell.
2021-01-30 11:47:55 +01:00
Franzi
161aec9314
bundles/powerdnsadmin: use tagged release
bundlewrap/pipeline/head This commit looks good
2021-01-29 18:13:16 +01:00
Franzi
f56852c27d
bundles/postfixadmin: use tagged release
2021-01-29 18:07:57 +01:00
Franzi
fa462fbd0f
bundles/sshmon: use tag_name instead of human-readable name in check_github_for_new_release
2021-01-29 18:04:35 +01:00
Franzi
b3e6063596
bundles/unbound: silence refresh-root-hints cronjob
2021-01-29 17:58:24 +01:00
Franzi
c31066fea8
bundles/mautrix-whatsapp: restart weekly to work around 24/7 connection issues
2021-01-29 17:27:33 +01:00
Franzi
fd421bf6f8
add bundle:redis, add redis support to pretalx
bundlewrap/pipeline/head This commit looks good
2021-01-29 15:58:54 +01:00
Franzi
ce76430b4d
bundles/mautrix-whatsapp: decrease log level to info
bundlewrap/pipeline/head This commit looks good
2021-01-28 15:05:04 +01:00
Franzi
4efcc73f55
bundles/mautrix-whatsapp: ensure we're not using ssl for postgres
bundlewrap/pipeline/head This commit looks good
2021-01-25 22:27:11 +01:00
Franzi
f3d8a1412c
bundles/dovecot: better ssl
bundlewrap/pipeline/head This commit looks good
2021-01-24 18:44:25 +01:00
Franzi
2aaf7cf8f8
bundles/nginx: better ssl
2021-01-24 18:44:13 +01:00
Franzi
614bdf9dec
bundles/basic: support creating additional locales
2021-01-24 07:49:49 +01:00
Franzi
d344664fa1
bundles/basic: fix format for /etc/locale.gen
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:25:32 +01:00
Franzi
6b720c6c75
bundles/postgresql: only deploy packages if we have locales installed
bundlewrap/pipeline/head This commit looks good
2021-01-23 12:06:38 +01:00
Franzi
4a9463db5f
bundles/basic: ensure a proper locale is installed
2021-01-23 12:05:59 +01:00
Franzi
a160e7cf46
bundles/postgresql: improvements
...
bundlewrap/pipeline/head This commit looks good
- support other postgresql versions
- manage configs using bw
2021-01-23 11:35:03 +01:00
Franzi
c41ee0f806
bundles/apt: fix logging for upgrade-and-reboot
2021-01-23 11:32:35 +01:00
Franzi
51101fc615
bundles/sudo: fix mode for /etc/sudoers
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:28:50 +01:00
Franzi
c5109fbfe3
bundles/icinga2: no need to do metadata.copy() here
bundlewrap/pipeline/head This commit looks good
2021-01-23 09:11:18 +01:00
Franzi
717159b61f
bundles/seafile: no need for sms for seafile process, we're already doing http content checks
bundlewrap/pipeline/head There was a failure building this commit
2021-01-23 09:09:30 +01:00
Franzi
63cdd470cf
bundles/c3voc-addons: support cron definition
bundlewrap/pipeline/head This commit looks good
2021-01-19 13:34:23 +01:00
Franzi
0893156723
bundles/c3voc-addons: add upgrade-and-reboot to bundle
bundlewrap/pipeline/head This commit looks good
2021-01-17 18:43:30 +01:00
Franzi
0f0ee046b1
bundles/c3voc-addons: some assertions to make sure we don't conflict with ansible
bundlewrap/pipeline/head This commit looks good
2021-01-17 10:16:23 +01:00
Franzi
1041e092b1
bundles/dhcpd: add bash alias for lease list
2021-01-17 09:12:32 +01:00
Franzi
4f62e25d5e
bundles/c3voc-addons: add nginx vhost monitoring
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:07:21 +01:00
Franzi
3b90426b4d
bundles/pretalx: fix needs for systemd units
bundlewrap/pipeline/head This commit looks good
2021-01-17 08:01:15 +01:00
Franzi
2b0678063c
bundles/pretalx: new version needs to trigger regenerate_css, too
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:59:57 +01:00
Franzi
b5cc8c2c57
bundles/pretalx: add to PORT_MAP.md, allocate a port
bundlewrap/pipeline/head This commit looks good
2021-01-17 07:55:08 +01:00
Franzi
35abb92daf
bundles/icinga2: do not schedule downtimes for hosts which do not do unattended-upgrades
bundlewrap/pipeline/head This commit looks good
2021-01-16 22:31:51 +01:00
Franzi
173746fe9c
bundles/sshmon: ensure sshmon user is able to log in
2021-01-16 22:31:18 +01:00