68fed2439d
bundles/apt: fix "set -x" call
bundlewrap/pipeline/head This commit looks good
2021-05-02 10:45:21 +02:00
c548a88ee7
bundles/grafana: introduce, add to htz-cloud.influxdb
2021-05-02 10:44:50 +02:00
1a1ea721d9
bundles/telegraf: also work for arch linux systems
2021-05-02 07:32:54 +02:00
8c276b53a6
nodes/home.nas: enable x11 forwarding for admins
bundlewrap/pipeline/head This commit looks good
2021-05-01 15:18:21 +02:00
75fea7aa34
bundles/gitea: add a ssh key, enable git hooks for htz.ex42-1048908
bundlewrap/pipeline/head This commit looks good
2021-05-01 14:27:31 +02:00
8a95dfa90a
nodes/home.downloadhelper: restrict lldp to vlan 42
bundlewrap/pipeline/head This commit looks good
2021-05-01 10:05:24 +02:00
3de85e6717
bundles/webfs: introduce
2021-04-30 19:40:45 +02:00
30efde6eb3
bundles/apt: remove unneeded if
bundlewrap/pipeline/head This commit looks good
2021-04-30 13:30:10 +02:00
b235519ecf
bundles/apt: "set -xeuo pipefail" for upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2021-04-30 12:51:09 +02:00
8fd83241ca
bundles: ensure apt/repos/*/items is a set
2021-04-30 12:49:59 +02:00
44d42de81c
bundles/nginx: only redirect to ssl for sites which actually have ssl enabled
bundlewrap/pipeline/head This commit looks good
2021-04-25 09:20:16 +02:00
d98a1adfd9
bundles/ssl: support using a preexisting ssl certificate
2021-04-25 09:09:23 +02:00
019d658442
bundles/icinga2: add check_usv_snmp
bundlewrap/pipeline/head This commit looks good
2021-04-25 08:02:04 +02:00
ffd899534a
bundles/telegraf: use node.metadate.get() everywhere
bundlewrap/pipeline/head This commit looks good
2021-04-24 14:51:01 +02:00
e9ce0ce869
bundles/systemd-networkd: add missing key to .provides()
bundlewrap/pipeline/head This commit looks good
2021-04-24 12:38:51 +02:00
966ee7dae9
bundles/unbound: set correct statistics interval
2021-04-24 12:00:09 +02:00
a9692317d2
bundles/telegraf: temporarily hardcode a repo path
bundlewrap/pipeline/head There was a failure building this commit
2021-04-24 11:47:28 +02:00
6772b3b5d0
bundles: various fixes for telegraf plugins
bundlewrap/pipeline/head There was a failure building this commit
2021-04-24 11:45:58 +02:00
a980e22ecb
bundles/telegraf: support requesting additional capabilities and/or groups
2021-04-24 11:44:55 +02:00
dc0695e38f
bundles/influxdb: introduce
2021-04-24 10:17:56 +02:00
c97d9ab948
bundles/postfix: use own postqueue exporter
2021-04-24 10:17:05 +02:00
76f46ca7d5
bundles/telegraf: add sudoers file
2021-04-24 10:12:56 +02:00
2432075f9a
bundles/telegraf: ensure telegraf is running, restart on config changes
2021-04-24 10:05:52 +02:00
f58e66f701
bundles/c3voc-addons: make sure we're not accidentially overwriting c3voc telegraf config
2021-04-24 09:44:31 +02:00
2667a2c00d
libs: replace libs.toml.dict_to_toml with libs.faults.resolve_faults
bundlewrap/pipeline/head This commit looks good
2021-04-24 09:39:08 +02:00
a37d31973a
bundles: add some telegraf plugins
2021-04-24 09:14:25 +02:00
5e0541aef8
bundles/telegraf: introduce
2021-04-24 09:14:21 +02:00
ebb6d287b2
bundles/icinga2: add node name to automatic downtime comment
bundlewrap/pipeline/head This commit looks good
2021-04-23 14:30:34 +02:00
8b14575657
bundles/postgresql: add metadata keys for some performance related config options
2021-04-23 14:02:04 +02:00
616feb54b2
bundles/sshmon: fix an issue where check_mounts couldn't properly detect systemd mount units
2021-04-23 14:01:24 +02:00
c0ff320281
bundles/scansnap: set proper permissions for /srv/scansnap
2021-04-21 18:25:37 +02:00
c79b3f77c2
bundles/scansnap: cleanup old scans
2021-04-21 18:20:47 +02:00
0c0a8e6263
bundles/scansnap: chown files to nobody-nogroup
2021-04-21 18:18:27 +02:00
b5fb5dd6c2
bundles/scansnap: introduce, add to home.nas
2021-04-21 17:58:16 +02:00
5e49e3204b
bundles/nfs-server: sort shares
2021-04-21 17:56:53 +02:00
24362768fb
bundles/dhcpd: rework metadata
bundlewrap/pipeline/head This commit looks good
2021-04-20 18:18:17 +02:00
12c04cf3be
bundles/users: some more bash config
2021-04-19 20:39:57 +02:00
8536e87475
bundles/systemd-networkd: some more dhcp settings
bundlewrap/pipeline/head This commit looks good
2021-04-18 11:05:42 +02:00
51ee9be424
bundles/radvd: advertise atleast every 30 seconds
2021-04-18 11:05:10 +02:00
4973c63e62
bundles/icinga2: remove icinga_options/downtime_also_for, add host dependencies via icinga_options/also_affected_by
bundlewrap/pipeline/head This commit looks good
2021-04-17 09:21:51 +02:00
4d5e75df68
bundles/icinga2: introduce icinga_options/downtime_also_for
bundlewrap/pipeline/head This commit looks good
2021-04-17 03:43:08 +02:00
6a88040826
bundles/nginx: disable Federated Learning of Cohorts for all hosts
bundlewrap/pipeline/head This commit looks good
2021-04-16 18:36:50 +02:00
bc8050cd3c
bundles/postfix: fix connection limits for smtpd
bundlewrap/pipeline/head This commit looks good
2021-04-11 21:56:37 +02:00
b04a207262
nodes/htz.ex42-1048908: add some blocked email domains
bundlewrap/pipeline/head This commit looks good
2021-04-11 18:20:16 +02:00
f0eb6f0d1b
bundles/vnstat: add favicon to web dashboard
...
bundlewrap/pipeline/head This commit looks good
As requested by sophie
2021-04-11 14:35:49 +02:00
e809ed4859
bundles/vnstat: changes in systemd unit files must trigger daemon-reload
bundlewrap/pipeline/head This commit looks good
2021-04-11 11:18:42 +02:00
dca56140aa
bundles/simple-icinga-dashboard: use systemd-timers, use virtualenv
bundlewrap/pipeline/head This commit looks good
2021-04-11 11:17:09 +02:00
26c2be07cf
bundles/vnstat: adjust vnstati calls for debian bullseye
bundlewrap/pipeline/head This commit looks good
2021-04-11 09:01:58 +02:00
69279ba34f
bundles/postfix: be a bit more relaxed when checking for smtp errors
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:50:16 +02:00
018bdb2f83
bundles/matrix*: better monitoring
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:40:44 +02:00
9618e388c3
bundles/simple-icinga-dashboard: only resolve faults when rendering the template, not earlier
bundlewrap/pipeline/head This commit looks good
2021-04-10 16:33:32 +02:00
36bd6f5755
bundles/simple-icinga-dashboard: config is a toml file now
bundlewrap/pipeline/head There was a failure building this commit
2021-04-10 16:08:52 +02:00
b33ddaadb5
bundles/simple-icinga-dashboard: add replacements
2021-04-10 15:43:37 +02:00
fc7655469f
icinga2: add pretty_name for status page
bundlewrap/pipeline/head This commit looks good
2021-04-10 15:05:29 +02:00
efd2875b17
bundles/c3voc-addons: add sms to NGINX VHOST checks
2021-04-10 15:04:34 +02:00
8b2771cd63
Revert "bundles/systemd-networkd: fix vlan support for bridges and bonds"
...
bundlewrap/pipeline/head This commit looks good
This reverts commit 02146a81d6
.
2021-04-10 13:34:49 +02:00
ef84b3f889
Revert "bundles/systemd-networkd: no need for a specific order in /etc/systemd/network/"
...
bundlewrap/pipeline/head This commit looks good
This reverts commit b679f568eb
.
Documentation says order is irrelevant, but it is not. If we do not use
ordering, vlan interfaces are defined before the parent interfaces, which
leads to systemd-networkd not applying config for the parent interfaces.
2021-04-10 12:22:08 +02:00
0d1a220b7b
bundles/systemd-networkd: generate unique mac address for vlan interfaces
2021-04-10 12:18:23 +02:00
197ebe2e38
bundles/systemd-networkd: add BindCarrier to bridges
bundlewrap/pipeline/head This commit looks good
2021-04-10 11:41:23 +02:00
00d46cb1b1
bundles/pppd: fix typo in restart-pppoe-if-no-public-ip
2021-04-10 09:49:40 +02:00
af6b16cc35
bundles/pppd: fix KeyError in restart-pppoe-if-no-public-ip
bundlewrap/pipeline/head This commit looks good
2021-04-10 09:38:47 +02:00
02146a81d6
bundles/systemd-networkd: fix vlan support for bridges and bonds
2021-04-10 09:18:45 +02:00
24f04e59aa
nodes/voc.pretalx: work around content-security-policy issues
bundlewrap/pipeline/head This commit looks good
2021-04-05 08:18:21 +02:00
aad27851bb
bundles/miniflux: proxy all images
bundlewrap/pipeline/head This commit looks good
2021-04-04 22:16:14 +02:00
e36a352a42
bundles: fix usage of set() vs {}
bundlewrap/pipeline/head This commit looks good
2021-04-04 10:34:55 +02:00
c418102000
bundles/netdata: fix iptables default
2021-04-04 10:30:45 +02:00
513eb4bed6
bundles/mosquitto: add monitoring
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:43:24 +02:00
2027308249
bundles/zfs: fix typo in check_zpool_space
2021-04-03 09:41:17 +02:00
9cbf866de7
bundles/mosquitto: introduce, add to node home.nas
bundlewrap/pipeline/head This commit looks good
2021-04-03 09:36:47 +02:00
f8bbe00d47
overall better handling and usage of exceptions
bundlewrap/pipeline/head This commit looks good
2021-04-02 18:57:13 +02:00
5d5930265a
bundles/postfix: remove print statement
2021-04-02 18:29:33 +02:00
61cf881a03
bundles/pretalx: add bash_alias for manage.py
bundlewrap/pipeline/head This commit looks good
2021-04-02 14:59:56 +02:00
4a3be10add
bundles/apt: fix if in upgrade-and-reboot
2021-04-02 13:40:55 +02:00
a24fb12c21
bundles/apt: introduce restart_triggers (restart services if another service has been upgraded)
bundlewrap/pipeline/head There was a failure building this commit
2021-04-02 08:12:51 +02:00
7ca24d27d3
bundles/apt: add a bit of code to remove old, unused kernel images
2021-04-02 08:11:17 +02:00
8a0c8f32ae
bundles: less Restart=on-failure, more Restart=always
2021-04-02 08:05:33 +02:00
5b276368b8
bundles/wireguard: iptables/bundle_rules should be a list
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:13:24 +02:00
17f9aa9c3e
bundles/icinga2: disable command module
bundlewrap/pipeline/head This commit looks good
2021-04-01 17:12:35 +02:00
c5eb2f4f70
bundles/icinga2: do not send recovery emails
2021-04-01 17:11:42 +02:00
957cac5ebc
bundles/postfix: disable SPAM BLOCKLIST check if relayhost is set
2021-04-01 17:00:53 +02:00
61c6188454
bundles/postfix: mynetworks now supports identifiers
2021-04-01 16:59:49 +02:00
b7222e2cd1
bundles/systemd-networkd: fix typo in routes
bundlewrap/pipeline/head This commit looks good
2021-04-01 16:31:57 +02:00
6e423c24fb
bundles/wireguard: rework metadata.py
bundlewrap/pipeline/head There was a failure building this commit
2021-04-01 16:27:31 +02:00
b679f568eb
bundles/systemd-networkd: no need for a specific order in /etc/systemd/network/
2021-04-01 16:26:06 +02:00
d787f8b0a3
bundles/systemd-networkd: rework routes
2021-04-01 16:25:24 +02:00
b52a196c73
bundles/nginx: add configuration option for client_max_body_size
bundlewrap/pipeline/head This commit looks good
2021-03-30 21:26:25 +02:00
da9fe36646
bundles/pretalx: support installing plugins
2021-03-30 19:52:03 +02:00
7345543fa2
bundles/mx-puppet-discord: remove logging to files, disable presence logging
bundlewrap/pipeline/head This commit looks good
2021-03-28 11:29:16 +02:00
c388d5ea1e
bundles/postgresql: fix restart dependencies
bundlewrap/pipeline/head This commit looks good
2021-03-28 09:39:08 +02:00
35e4bbf04b
bundles/postfix: remove postscreen usage
...
bundlewrap/pipeline/head This commit looks good
postscreen isn't able to share its cache file between
instances, which leads to the server simply accepting
mails for the port on which postscreen starts up later.
Since we can't predict which port this will be, we
simply remove postscreen alltogether.
Yes, i know i could just remove postscreen for port 2525.
2021-03-28 09:00:37 +02:00
ce39850bda
bundles/postfix: fix .provides() for iptables reactor
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:56:22 +02:00
9fe4e2933d
bundles/postfix: add firewalling for port 2525
bundlewrap/pipeline/head There was a failure building this commit
2021-03-28 08:37:51 +02:00
a4b2dc29a9
bundles/miniflux: don't clean up old entries
bundlewrap/pipeline/head This commit looks good
2021-03-28 08:04:41 +02:00
39c1d34bbb
bundles/sshmon: fix disk space usage limits
2021-03-27 12:07:49 +01:00
8f0f635484
bundles/basic: change load graph for cpu graph
2021-03-27 12:06:12 +01:00
568a31586f
bundles/apt: fix permissions for /etc/kernel/postinst.d/unattended-upgrades
bundlewrap/pipeline/head This commit looks good
2021-03-27 08:31:29 +01:00
f514e200f0
bundles/mautrix-whatsapp: restart bridge daily again
...
bundlewrap/pipeline/head This commit looks good
It seems neither WhatsApp nor WhatsApp Web are designed for 24/7
connections, thus leading to all kinds of weird side effects like
"Bridge thinks it's connected, but no messages get through at all"
or "WhatsApp is running, but the Bridge can't connect to it"
2021-03-27 08:21:41 +01:00
f98720b57b
bundles/dhcpd: sort dchp leases by ip in bash alias
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:27:52 +01:00
65490b1d20
bundles/apt: log stdout and stderr separately in upgrade-and-reboot
bundlewrap/pipeline/head This commit looks good
2021-03-26 09:02:48 +01:00
27753d50c4
bundles/postfix: use threading in check_spam_blocklist
bundlewrap/pipeline/head This commit looks good
2021-03-25 17:42:59 +01:00