71b29d5e88
feat: add sudaporn account
...
- enable access to media
- enable access to jupyter
2024-11-16 20:23:01 +11:00
6493f392b8
Merge pull request 'neoloc/jupyterhub' ( #174 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/174
2024-11-16 20:20:16 +11:00
8586e9eb32
feat: enable web-sockets
...
- change simpleproxy config for jupyter::hub role to use websockets
2024-11-16 20:15:03 +11:00
42ad972697
feat: add ldap configuration
...
- add group members to jupyterhub_user
- add svc_jupyterhub user for ldap binding
- paramatarise all ldap fields required
- manage the notebook data directory
2024-11-16 19:20:20 +11:00
926d3d29d0
fix: enable docker for jupyterhub
...
- install/manage docker
2024-11-10 20:21:51 +11:00
c6bdae5790
Merge pull request 'feat: add jupyterhub role' ( #173 ) from neoloc/jupyterhub into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/173
2024-11-10 19:14:49 +11:00
159d66af18
feat: add jupyterhub role
...
- add nodejs module to use npm package provider
- add jupyterhub role
- add class to configure the jupyterhub instance
- add ldap groups
- add nginx simpleproxy
2024-11-10 19:09:50 +11:00
4fec931fb1
feat: add service data
...
- add pki certificates
- add consul service
- add ssh principals
2024-10-27 13:26:07 +11:00
1db8847833
feat: add vault admin group
...
- group will be assigned global admin rights
2024-10-21 19:40:52 +11:00
5549275ecc
chore: add new user
...
- add margol as standard media user
2024-10-20 13:12:36 +11:00
7acfea8547
fix: correct given/sn fields
...
- fix ryadun's given/sn fields
2024-10-20 13:12:02 +11:00
2ef4fb0bf8
feat: update certbot module
...
- update documentation
- add option to notify services
- set haproxy role to notify the haproxy service
2024-10-07 13:40:53 +11:00
4a0760516f
feat: add vault service account
...
- used by vault to bind to ldap
2024-09-23 22:13:48 +10:00
10b57abffc
feat: add terraform service account
...
- add terraform service account
2024-09-23 22:08:52 +10:00
e09819284d
feat: add vault access group
...
- add vault_access group
2024-09-20 23:17:35 +10:00
93b9629c5c
feat: enable larger uploads to gitea
...
- change client body max size to 1GB
2024-09-08 01:43:22 +10:00
0210d849c7
feat: add gitea runner role
...
- ensure docker is configured
- create runner user/group
- deploy config.yaml from hiera hash
- install runner from url
- register the runner with the gitea instance
- manage the act_runner service
2024-09-07 17:59:02 +10:00
69c298e162
Merge pull request 'feat: remove masterauth redis' ( #156 ) from neoloc/redis_masterauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/156
2024-09-03 21:29:58 +10:00
1ad2b806b4
feat: remove masterauth redis
...
- removed requirepass previously, also need to remove masterauth
2024-09-03 21:29:18 +10:00
938db9880b
Adding hieradata/node/ausyd1nxvm1059.main.unkin.net.yaml
2024-09-01 00:17:59 +10:00
bcb9beae5f
fix: updated client secret
2024-08-31 23:00:58 +10:00
0bed8ba4f4
Merge branch 'develop' into neoloc/runner
2024-08-27 22:01:24 +10:00
5471adae32
Merge pull request 'feat: add droneadmin' ( #152 ) from neoloc/droneadmin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/152
2024-08-25 15:03:15 +10:00
91d9a073d6
feat: add droneadmin
...
- add environment variable to assign primary admin
2024-08-25 14:58:56 +10:00
ec7814e2a9
Merge pull request 'Adding hieradata/node/ausyd1nxvm1058.main.unkin.net.yaml' ( #151 ) from autonode/ausyd1nxvm1058.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/151
2024-08-25 14:28:20 +10:00
71c134dc1a
Merge pull request 'Adding hieradata/node/ausyd1nxvm1057.main.unkin.net.yaml' ( #150 ) from autonode/ausyd1nxvm1057.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/150
2024-08-25 14:28:06 +10:00
90eabac007
feat: droneci for organisation
...
- change from personal account to organisation
2024-08-25 14:24:45 +10:00
d79a5de17b
feat: add droneci runner
...
- ensure /data and docker are available
- add droneci runner configuration
2024-08-25 02:14:35 +10:00
0f755b231f
Merge pull request 'neoloc/droneci' ( #148 ) from neoloc/droneci into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/148
2024-08-25 00:01:27 +10:00
3d1ba79325
Adding hieradata/node/ausyd1nxvm1058.main.unkin.net.yaml
2024-08-24 23:36:52 +10:00
c33b58ead6
Adding hieradata/node/ausyd1nxvm1057.main.unkin.net.yaml
2024-08-24 23:30:37 +10:00
9f937b2869
Merge pull request 'Adding hieradata/node/ausyd1nxvm1056.main.unkin.net.yaml' ( #147 ) from autonode/ausyd1nxvm1056.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/147
2024-08-24 12:37:44 +10:00
8660bec810
Merge pull request 'Adding hieradata/node/ausyd1nxvm1055.main.unkin.net.yaml' ( #146 ) from autonode/ausyd1nxvm1055.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/146
2024-08-24 12:37:34 +10:00
f30325b3e9
Merge pull request 'Adding hieradata/node/ausyd1nxvm1054.main.unkin.net.yaml' ( #145 ) from autonode/ausyd1nxvm1054.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/145
2024-08-24 12:37:25 +10:00
76c1c93c02
Merge pull request 'Adding hieradata/node/ausyd1nxvm1053.main.unkin.net.yaml' ( #144 ) from autonode/ausyd1nxvm1053.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/144
2024-08-24 12:37:16 +10:00
4577997506
Merge pull request 'Adding hieradata/node/ausyd1nxvm1052.main.unkin.net.yaml' ( #143 ) from autonode/ausyd1nxvm1052.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/143
2024-08-24 12:36:50 +10:00
6326e820a9
Merge pull request 'chore: add new user' ( #142 ) from neoloc/ryadun into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/142
2024-08-24 12:36:09 +10:00
757f3042ed
chore: add new user
...
- add ryadun
2024-08-24 12:35:34 +10:00
5d36a4053b
feat: add droneci module
...
- add droneci module for server
- add droneci/server role
- add consul query for droneci service
- manage certificates, ssh principals, consul services/checks
2024-08-24 00:34:15 +10:00
8a8cc0ae1b
feat: remove requirepass
...
- required for droneci
2024-08-23 23:18:02 +10:00
70a9edd118
Adding hieradata/node/ausyd1nxvm1056.main.unkin.net.yaml
2024-08-16 22:13:16 +10:00
348d8889ed
Adding hieradata/node/ausyd1nxvm1055.main.unkin.net.yaml
2024-08-16 22:11:47 +10:00
1a2023f4ff
Merge pull request 'feat: add patroni/psql cluster' ( #140 ) from neoloc/patroni into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/140
2024-08-10 23:40:29 +10:00
35834f8f5a
feat: add patroni/psql cluster
...
- add patroni puppet module
- add patroni role and hieradata
- add sql/patroni class that utilised consul
2024-08-10 22:34:43 +10:00
4347faf153
Merge pull request 'neoloc/redis' ( #139 ) from neoloc/redis into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/139
2024-08-10 18:47:17 +10:00
5c731fef34
feat: deploy redisha cluster
...
- manage pki and ssh principals
- manage redis/sentinel with redisha module
- add consul checks to manage redis-replica/redis-master services
- manage sudo rules for consul checks
2024-08-10 17:39:30 +10:00
afe2a2afb7
Adding hieradata/node/ausyd1nxvm1054.main.unkin.net.yaml
2024-08-10 14:13:59 +10:00
c76ce3bf10
Adding hieradata/node/ausyd1nxvm1053.main.unkin.net.yaml
2024-08-10 14:13:51 +10:00
af989a19c3
Adding hieradata/node/ausyd1nxvm1052.main.unkin.net.yaml
2024-08-10 14:11:47 +10:00
4d08e30733
Merge pull request 'fix: also fix repodata' ( #138 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/138
2024-08-10 13:36:30 +10:00
e2873a492a
fix: also fix repodata
2024-08-10 13:36:04 +10:00
90af895a34
Merge pull request 'fix: ceph-reef 18.2.4 not on el8' ( #137 ) from neoloc/cephreef into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/137
2024-08-10 13:30:54 +10:00
52e3d5b20b
fix: ceph-reef 18.2.4 not on el8
...
- force repo to use 18.2.2
2024-08-10 13:30:16 +10:00
403e3eeb1b
chore: add account
2024-08-08 19:01:18 +10:00
a5baed8cd9
chore: add two new users
...
- add marbal and seablo
2024-08-07 22:19:08 +10:00
20ee6fa19e
Merge pull request 'feat: add rundeck runner user' ( #130 ) from neoloc/rundeck_user into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
2024-08-06 22:36:54 +10:00
c846cc4e21
feat: add rundeck runner user
...
- add rundeck account on all hosts except rundeck
- add rundeck ssh private/public key to rundeck server
2024-08-06 22:33:32 +10:00
8e0f26e726
Merge pull request 'Adding hieradata/node/ausyd1nxvm1050.main.unkin.net.yaml' ( #124 ) from autonode/ausyd1nxvm1050.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/124
2024-08-01 22:41:27 +10:00
4338dfe27f
Adding hieradata/node/ausyd1nxvm1051.main.unkin.net.yaml
2024-08-01 22:35:03 +10:00
66cb1e356d
Adding hieradata/node/ausyd1nxvm1050.main.unkin.net.yaml
2024-08-01 22:33:26 +10:00
d3daac3b71
fix: change debian repos to http
...
- until https issues are resolved with https
2024-07-31 21:51:04 +10:00
eb32a216f5
Merge pull request 'neoloc/rundeck' ( #121 ) from neoloc/rundeck into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/121
2024-07-28 02:05:20 +10:00
5354c99b1e
feat: add rundeck profile
...
- export mysql user for each rundeck server
- ensure the jdbc driver for mariadb is available
- exclude jq from default packages (managed by rundeck)
- add groups for admin/user for each project in rundeck
- add consul service
- add vault certificates
- add ssh principals
- add nginx simpleproxy
2024-07-28 01:51:41 +10:00
6a3123e12e
Merge pull request 'feat: change packages to Hash' ( #120 ) from neoloc/packages_hash into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/120
2024-07-27 16:29:48 +10:00
26ffe17ee1
feat: add database
...
- add database for rundeck
2024-07-27 13:06:14 +10:00
cb5bb0798f
feat: add rundeck to ldap
...
- add service account for rundeck
- add rundeck_access group
2024-07-27 13:06:14 +10:00
08241692ee
feat: add rundeck
...
- add puppet-rundeck module
- add rundeck role
2024-07-27 13:06:14 +10:00
cc01259a64
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:01:06 +10:00
20686e04f4
Adding hieradata/node/ausyd1nxvm1049.main.unkin.net.yaml
2024-07-26 23:27:10 +10:00
480eced404
Merge pull request 'feat: add vrrp to halb' ( #116 ) from neoloc/keepalived into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/116
2024-07-14 22:07:34 +10:00
946922fdb9
feat: add vrrp to halb
...
- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1
2024-07-13 20:15:13 +10:00
319c3b6d67
feat: ensure *arr can access prowlarr
2024-07-13 16:55:21 +10:00
01fc6aacd7
Merge pull request 'fix: remove unkin.net from internal dns' ( #113 ) from neoloc/bind_static_dns into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/113
2024-07-11 22:31:29 +10:00
73c7dbd56c
fix: remove unkin.net from internal dns
...
- unkin.net is entirely hosted externally
2024-07-11 22:30:44 +10:00
bbd6cdb228
Merge pull request 'feat: add rpmfusion to nzbget' ( #110 ) from neoloc/rpmfusion_nzbget into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/110
2024-07-11 21:28:56 +10:00
2cbba808c3
feat: add rpmfusion to nzbget
2024-07-11 21:24:35 +10:00
3dc8fb03fa
chore: add service account to submit nzbs
2024-07-11 19:56:17 +10:00
93ab2bebc3
feat: rewrite for nzbget
...
- required for consul health check to work
2024-07-10 21:26:53 +10:00
5221c15a66
fix: update ldap filter
...
- update ldap filter for *arr's to match on user and group
2024-07-10 20:43:50 +10:00
1532641640
feat: add nzbget to media platform
...
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
2024-07-09 22:32:54 +10:00
abb4a47703
chore: add ens19 to nzbget host
...
- required to access cephfs
2024-07-09 22:26:46 +10:00
857d51a934
chore: add matsol to nzbget
2024-07-09 22:26:03 +10:00
fd5163d6e6
Merge branch 'develop' into neoloc/nzbget
2024-07-09 22:25:28 +10:00
d67eba5860
feat: add nzbget module/role
...
- add nzbget module
- add nzbget ldap user/group
2024-07-09 22:23:58 +10:00
dacd2c6994
Merge pull request 'chore: disable gpgcheck for unkin repo' ( #100 ) from neoloc/gpgcheck_unkin_repo into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/100
2024-07-09 22:01:01 +10:00
47333237ee
chore: disable gpgcheck for unkin repo
2024-07-09 21:18:02 +10:00
924631d705
Adding hieradata/node/ausyd1nxvm1048.main.unkin.net.yaml
2024-07-09 20:54:51 +10:00
384e301fd3
Merge pull request 'feat: add new users' ( #98 ) from neoloc/moreusers into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/98
2024-07-09 19:22:26 +10:00
d52949fc4f
feat: add new users
...
- matsol
2024-07-09 19:21:59 +10:00
899e2cbf49
feat: haproxy updates
...
- use letsencrypt certificates
- add fafflix and jellyfin backends
2024-07-08 22:56:24 +10:00
bd5164fed3
feat: certbot reorg
...
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
2024-07-08 22:33:11 +10:00
30ec8c1bb1
feat: enable retrieval of certbot certs
...
- refactor certbot
- add nginx to certbot hosts
2024-07-07 22:30:40 +10:00
9db714d02f
feat: manage certbot
...
- add haproxy backend for be_letsencrypt
- manage the certbot role/profile
- create define to export certificate requests
2024-07-07 21:21:50 +10:00
991c8a3029
feat: haproxy updates
...
- add acls for all backends
- harden security of backends
- update http-check for all backends
2024-07-07 16:51:36 +10:00
b5c7b310ee
Merge pull request 'neoloc/mediaproxy' ( #92 ) from neoloc/mediaproxy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
2024-07-06 23:24:49 +10:00
2ab2cd1399
feat: deploy ldap-auth to all *arrs
...
- refactor sonarr locations to generalised locations
- set locations to be deep merged
- updated hiera_include statements for media and media subroles
- added eyaml entries for all ldap credentials
2024-07-06 22:50:10 +10:00
cbded220bb
feat: add sonarr locations
...
- add authproxy
- add api and web
- add /consul/health for unauth access from consul
- update sonarr/consul check to use /consul/health
- change client body side to 20mb
2024-07-06 22:01:47 +10:00
89697e85aa
Merge pull request 'chore: update svc_sonarr credential' ( #91 ) from neoloc/sonarr_auth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/91
2024-07-06 18:32:43 +10:00
158ebaf7a0
chore: update svc_sonarr credential
2024-07-06 18:32:25 +10:00
21a45c1b03
feat: add rpmfusion to jellyfin hosts
...
- required for jellyfin packages
- additional dependencies also from rpmfusion
2024-07-03 21:27:05 +10:00
8e1622a158
Merge pull request 'neoloc/glauth' ( #87 ) from neoloc/glauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/87
2024-07-02 18:12:54 +10:00
6e3802ad57
feat: add users/services/groups
2024-07-01 22:54:22 +10:00
c8604baa4e
feat: add glauth role/profile classes
...
- role added to cobbler
- add role specific hieradata
2024-07-01 22:42:29 +10:00
0a86986edf
Merge pull request 'neoloc/jellyfin' ( #86 ) from neoloc/jellyfin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/86
2024-06-30 21:24:49 +10:00
2199e4e3c0
feat: add jellyfin to haproxy
2024-06-30 00:02:44 +10:00
f81b5753ff
feat: add jellyfin role/profile classes
2024-06-30 00:02:16 +10:00
c1a6191cab
Adding hieradata/node/ausyd1nxvm1047.main.unkin.net.yaml
2024-06-29 14:41:25 +10:00
0d4652cfdf
Merge pull request 'Adding hieradata/node/ausyd1nxvm1046.main.unkin.net.yaml' ( #84 ) from autonode/ausyd1nxvm1046.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/84
2024-06-29 01:57:05 +10:00
9b9f64ca95
Merge pull request 'feat: haproxy for *arr stack' ( #83 ) from neoloc/haproxy_backends into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/83
2024-06-29 01:56:52 +10:00
d7f0c9073f
Adding hieradata/node/ausyd1nxvm1046.main.unkin.net.yaml
2024-06-29 01:23:09 +10:00
7bd12c9880
Adding hieradata/node/ausyd1nxvm1045.main.unkin.net.yaml
2024-06-29 01:13:45 +10:00
aa8ded5850
Merge pull request 'Adding hieradata/node/ausyd1nxvm1045.main.unkin.net.yaml' ( #81 ) from autonode/ausyd1nxvm1045.main.unkin.net into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/81
2024-06-29 01:13:24 +10:00
0e11c03e9d
Adding hieradata/node/ausyd1nxvm1045.main.unkin.net.yaml
2024-06-29 01:09:56 +10:00
7520fdddbd
Adding hieradata/node/ausyd1nxvm1044.main.unkin.net.yaml
2024-06-29 01:03:43 +10:00
d07751a151
feat: haproxy for *arr stack
...
- add additional backends
- set *arr's to export as a backend
- add *arr.main.unkin.net certificates
2024-06-28 22:46:50 +10:00
9b8556f487
fear: deploy additional *arr stack apps
...
- cleanup hieradata entires for roles to remove some defaults
- add profiles::media::* classes to manage *arr stacks
2024-06-27 23:42:33 +10:00
5acc683374
Merge pull request 'neoloc/arr_params' ( #78 ) from neoloc/arr_params into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/78
2024-06-27 23:22:22 +10:00
8a1d62cd41
chore: change media group to 20000
...
- found 10001 and simliar were already taken
2024-06-27 23:20:51 +10:00
b6a77afc7b
chore: change all *arr's to use port 8000 locally
2024-06-27 23:19:45 +10:00
2b1ea45e4e
feat: add manage_group param to *arr stack
...
- change hieradata/role/apps/media/* to use correct namespaces
- add manage_group boolean to all *arr stack modules
2024-06-27 23:15:08 +10:00
19caafbc43
Merge pull request 'chore: change media group to 20000' ( #77 ) from neoloc/groups_20k into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/77
2024-06-27 22:27:37 +10:00
a4e78f645a
chore: change media group to 20000
...
- found 10001 and simliar were already taken
2024-06-27 22:26:46 +10:00
2147cc434d
Adding hieradata/node/ausyd1nxvm1043.main.unkin.net.yaml
2024-06-27 22:22:39 +10:00
f63e6a953c
Merge pull request 'chore: add ens19 to ausyd1nxvm1041' ( #75 ) from neoloc/ausyd1nxvm1041 into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/75
2024-06-27 22:18:14 +10:00
38819ba2ab
chore: add ens19 to ausyd1nxvm1041
2024-06-27 22:17:50 +10:00
dc70687860
Adding hieradata/node/ausyd1nxvm1042.main.unkin.net.yaml
2024-06-27 22:15:55 +10:00
dcccc85264
feat: add media user to all media roles
...
- change *arrs to use media as the group
2024-06-27 21:48:47 +10:00
89383268f0
chore: change to use sonarr::parmas
...
- use sonarr::params class as it contains typing on params
2024-06-27 20:39:25 +10:00
aa63970dc1
Adding hieradata/node/ausyd1nxvm1041.main.unkin.net.yaml
2024-06-27 18:22:43 +10:00
40ff5f7d92
feat: deploy radarr
...
- manage ens19 nic on ausyd1nxvm1040
- manage cephfs storage
2024-06-26 22:57:36 +10:00
56df5695dc
Merge pull request 'feat: manage sonarr configuration' ( #60 ) from neoloc/sonarr_config into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/60
2024-06-25 23:47:36 +10:00
f22556b39f
feat: manage sonarr configuration
...
- add config class to sonarr module
- update params to include unique group param
2024-06-25 23:45:29 +10:00
b846a49127
Adding hieradata/node/ausyd1nxvm1040.main.unkin.net.yaml
2024-06-25 22:40:57 +10:00
a12fac20ab
chore: dont remove ens18 from ausyd1nxvm1021
2024-06-23 17:53:49 +10:00
4857b72ce3
chore: fix ausyd1nxvm1021
...
- change default interface from eth0 to ens18
2024-06-23 17:49:34 +10:00
6839fb8c5f
feat: networking defaults
...
- add interface/route defaults
- merge defaults into each interface/route
2024-06-23 17:34:23 +10:00
3b907159f1
chore: change eth0 to ens18
2024-06-23 16:47:46 +10:00
803a0ac01d
Merge pull request 'neoloc/cephfs' ( #54 ) from neoloc/cephfs into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/54
2024-06-23 15:34:04 +10:00
736f04143f
chore: manage ens19 interface on ausyd1nxvm1037
...
- add storage interface
2024-06-23 15:33:40 +10:00
82ed27cf56
feat: add sonarr profile
...
- add cephfs secret for mounting mediafs
- add ceph-reef repo for apps::media roles
- add the shared cephfs mediafs mount
2024-06-23 15:33:40 +10:00
5631f07e6e
feat: add cephfs shared volume define
...
- add ceph class to manage ceph client configuration/packages
- add cephfs define for mounting volumes
- add ceph keyring define to manage secrets used to mount cephfs
2024-06-23 15:33:33 +10:00
548076728a
feat: swap networkmanager for network service
2024-06-22 16:31:03 +10:00
2d3f4414b7
fix: unar package not available on debian
2024-06-22 00:47:36 +10:00
8548ef0284
Merge pull request 'neoloc/sonarr_deploy' ( #48 ) from neoloc/sonarr_deploy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/48
2024-06-21 22:53:06 +10:00
681f9e3eb8
feat: deploy sonarr
...
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
2024-06-21 22:51:40 +10:00
59b181ed54
Merge pull request 'feat: add ceph mirror to edgecache' ( #43 ) from neoloc/ceph_mirror into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/43
2024-06-21 20:44:08 +10:00
36ad19ffed
feat: add ceph mirror to edgecache
...
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
2024-06-21 20:38:54 +10:00
a3ef535bfc
fix: ceph consul check script
...
- add permissions to write ceph-* services to consul
- change from `script` to `args` array
2024-06-19 22:36:04 +10:00
0ff9b86782
Merge pull request 'chore: change ssh to listen to vmbr1' ( #39 ) from neoloc/proxmox_ips into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/39
2024-06-17 21:55:18 +10:00
7d70b99491
chore: change ssh to listen to vmbr1
...
- changed enp3s0 from static interface to bridge member
- added bridge vmbr1, with enp3s0 as member
2024-06-17 21:54:26 +10:00
c6530e34f6
Merge pull request 'feat: add haproxy exporter' ( #38 ) from neoloc/haproxy_exporter into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
2024-06-17 21:36:31 +10:00
5725d092b8
feat: add haproxy exporter
...
- add admin socket for exporter
2024-06-16 20:56:23 +10:00
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
0fe05bb896
Merge branch 'develop' into neoloc/grafana
2024-06-16 00:39:45 +10:00
67f831edaf
fix: yumrepo purging
2024-06-14 23:55:31 +10:00
6b0e0daecb
chore: add ssh principals
...
- add ssh principals for consul service addresses
2024-06-11 20:20:12 +10:00
6f7740e6a2
fix: add cluster ip to sshd ListenAddress
...
- ensure cluster communication over ssh can function
2024-06-11 20:02:04 +10:00
abd2eb5c9b
adding hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml
2024-06-10 22:18:16 +10:00
e00a78e5fb
Merge pull request 'fix: resolve vncproxy issue' ( #28 ) from neoloc/proxmox_ssh into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/28
2024-06-10 13:02:18 +10:00
a143732b3b
fix: resolve vncproxy issue
...
https://forum.proxmox.com/threads/lc_pve_ticket-not-set-vnc-proxy-without-password-is-forbiddentask-error-failed-to-run-vncproxy.98192/
2024-06-10 13:01:45 +10:00
45f3cb39c7
Merge pull request 'fix: proxmox root ssh' ( #27 ) from neoloc/proxmox_ssh into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/27
2024-06-10 12:07:43 +10:00
2b36ee3efa
fix: proxmox root ssh
...
- allow proxmox hosts to accept root logins
2024-06-10 12:07:08 +10:00
4ab5fd6be3
Adding hieradata/node/ausyd1nxvm1039.main.unkin.net.yaml
2024-06-10 11:57:51 +10:00
255cf38c67
Adding hieradata/node/ausyd1nxvm1038.main.unkin.net.yaml
2024-06-10 11:51:29 +10:00
5e13f1a1e8
adding hieradata/nodes/ausyd1nxvm1037.main.unkin.net.yaml
2024-06-10 11:50:15 +10:00
965e334636
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:39:27 +10:00
d4163233f6
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:38:25 +10:00
52b06dcd8e
feat: manage ssh known hosts
...
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
2024-06-09 20:26:34 +10:00
934f4be03c
fix: dont manage loopback
...
- dont manage the lo interface
- cleanup /etc/hosts records
2024-06-09 09:06:54 +10:00
777fe1aef6
feat: manage ssh server
...
- add ssh module
- include the ssh::server class
- manage sshd settings
2024-06-08 17:20:56 +10:00
da9d52e117
chore: set per-node interface/gateway details
2024-06-08 17:07:58 +10:00
06545c6298
feat: change hiera_include, hiera_exclude
...
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
2024-06-08 17:07:58 +10:00
51eeb13793
feat: add networking module
...
- manage interfaces and routes
- set default params for hosts
- add params class to networking module
- set defaults for debian
2024-06-08 17:07:51 +10:00
e3f34a7cc4
chore: update apt mirror url
...
- change apt mirror url to use edgecache service
2024-06-03 20:19:12 +10:00
902e55f655
Merge pull request 'feat: create ntp consul service' ( #16 ) from neoloc/ntp_consul_service into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/16
2024-06-02 19:27:09 +10:00
da3444e49f
feat: create ntp consul service
...
- create consul policy for ntp servers
- add consul service check and check script
2024-06-02 19:23:39 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
9819ce7f4d
Merge pull request 'ferat: change to gitea hosted package repo' ( #8 ) from neoloc/unkinrepo into develop
...
Reviewed-on: https://git.service.au-syd1.consul/unkinben/puppet-prod/pulls/8
2024-06-01 18:39:55 +10:00
cc7165055d
Merge pull request 'feat: refacter gitea profile' ( #7 ) from neoloc/gitea_refactor into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
2024-06-01 17:28:28 +10:00
4bd3310ea8
feat: refacter gitea profile
...
- move more data to hiera
- change how the custom_configuration is made
2024-06-01 17:16:37 +10:00
4b4272250a
Merge branch 'develop' into neoloc/grafana
2024-06-01 14:47:06 +10:00
3dfe9b9b73
Merge pull request 'feat: puppetdb sql updates' ( #5 ) from neoloc/puppetdb_sql into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
2024-06-01 14:36:27 +10:00
de39515862
ferat: change to gitea hosted package repo
2024-06-01 14:05:14 +10:00
6c2328e8ba
feat: bump git client_max_body_size
...
- change from 100m to 250m
2024-06-01 13:31:35 +10:00
e7ddbfa035
feat: increase client_max_body_size for git
...
- update hieradata with client_max_body_size for git role
2024-06-01 12:51:06 +10:00
f029b04427
feat: update git sources
...
- update r10k source
- update enc source
- update source for puppet-bind module
2024-05-28 23:51:19 +10:00
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
263d41fe9e
chore: remove prodinf01n01 as puppetca
2024-05-28 21:06:04 +10:00
df371a6b09
feat: syd1 puppetca provisioning
...
- move puppetca to ausyd1nxvm1036
2024-05-28 20:13:08 +10:00
d2d08bc479
fix: change drw1 puppetmasters to use syd1 approle
...
- changing vault url to vault.query.consul forced puppetmasters in drw1
to connect to syd1 vault hosts
- set drw1 puppetmasters to use syd1 approle_id
2024-05-26 01:27:45 +10:00
b00781b604
feat: change vault url to vaul.query.consul
...
- support access to vault from multiple datacentres for certmanager
2024-05-26 01:23:16 +10:00
ad268e8977
Merge pull request 'feat: vault use vault' ( #226 ) from neoloc/vault_use_vault into develop
...
Reviewed-on: unkinben/puppet-prod#226
2024-05-26 00:38:55 +09:30
ad4f9b81f4
Merge pull request 'neoloc/syd1_certmanager_approle' ( #224 ) from neoloc/syd1_certmanager_approle into develop
...
Reviewed-on: unkinben/puppet-prod#224
2024-05-26 00:38:16 +09:30
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
b9c327799f
feat: add vault service/query altnames
...
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
2024-05-25 15:51:09 +10:00
2c3aa2bbdc
feat: vault certmanager tokens
...
- move vault certmanager tokens to drw1/syd1 specific eyaml
- add syd1 certmanger token for syd1 vault
2024-05-25 15:50:59 +10:00
0b549325a1
Merge pull request 'feat: added country-region altnames' ( #223 ) from neoloc/puppetboard_altnames into develop
...
Reviewed-on: unkinben/puppet-prod#223
2024-05-24 23:01:37 +09:30
c883bc8c91
feat: added country-region altnames
...
- add puppetboard.service.au-{syd1|drw1}.consul to:
- vault pki cert
- nginx server aliases
2024-05-24 23:27:07 +10:00
cbf3f0e694
feat: change drw1 puppetdb -> syd1
2024-05-24 23:06:18 +10:00
22af602510
Merge pull request 'feat: puppet::client multiple altnames' ( #221 ) from neoloc/puppetdbapi_certs into develop
...
Reviewed-on: unkinben/puppet-prod#221
2024-05-22 22:42:59 +09:30
0901595de9
feat: puppet::client multiple altnames
...
- puppet clients can not request multiple dns alt_names
- set puppetdbapi hosts to request multiple certificates
2024-05-22 23:05:34 +10:00
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
8fb4c59f88
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:30:10 +10:00
d2235610af
Merge pull request 'feat: set syd1 puppetdb hosts' ( #218 ) from neoloc/puppetboard into develop
...
Reviewed-on: unkinben/puppet-prod#218
2024-05-22 21:58:52 +09:30
25cbff4656
feat: set syd1 puppetdb hosts
...
- change syd1 puppetdb hosts to use consul serivce/query addresses
2024-05-22 22:23:07 +10:00
770c8cc159
feat: update hiera key for puppetdb api/sql
...
- changed to use puppetdbapi and puppetdbsql hiera keys
- updated all classes that referenced old values
2024-05-22 22:18:32 +10:00
9e3b680b0b
feat: add prepared query for puppetdbapi
...
- merge to develop
- add prepared query for puppetdbapi
2024-05-22 22:11:51 +10:00
f6bf504416
Merge branch 'develop' into neoloc/syd1_puppetdb
2024-05-22 22:11:04 +10:00
39aa6e114e
feat: puppetdb sql updates
...
- add consul support
- enable local script checks in consul agents
- add a test DB/User for consult to verify the psql instance is running
- manage the postgresql repo and gpg key
2024-05-22 22:05:54 +10:00
6035af37a1
feat: increase puppetdb api Xmx
...
- change java args to use 2048mb of memory
2024-05-22 21:37:00 +10:00
65bd2ae8d5
fix: repo target changes
...
- use per-repo target files
2024-05-19 22:46:27 +10:00
0e7168026d
Merge pull request 'neoloc/yumrepos' ( #212 ) from neoloc/yumrepos into develop
...
Reviewed-on: unkinben/puppet-prod#212
2024-05-19 20:09:50 +09:30
fd466fcccc
feat: cleanup old repo management
...
- change profiles::puppet::agent to require Yumrepo['puppet']
- remove managed repos hieradata
- remove profiles:😋 :* classes that are not required
- remove missed rebase comment
2024-05-19 20:27:56 +10:00
5f9480f186
feat: direct yumrepo config
...
- deep merge yumrepo resources
- convert repos to direct yumrepo in hieradata
- change from repos.main.unkin.net to edgecache.query.consul
- create all yumrepo resources from $profiles:😋 :global::repos
2024-05-19 20:27:47 +10:00
da2e98ed4d
feat: add centos mirror to edgecache
...
- add centos repo to edgecache
2024-05-19 19:41:15 +10:00
6f9a606549
feat: configure edgecache for postgresql
...
- add fact to record system resolvers
- add resolvers feature in /etc/nginx/conf.d/resolvers.conf
- add rewrite rules for postgres/yum/repodata
2024-05-19 16:56:36 +10:00
9640779846
feat: mariadb improvements
...
- add bind-address to local_ip
- add consul service
2024-05-19 14:53:14 +10:00
8f4799ce2a
feat: update consul service service
...
- change edgecache service name from puppet -> edgecache
2024-05-19 14:53:14 +10:00
6bddec6bd2
Merge pull request 'feat: manage pgsql settings for puppetdb' ( #208 ) from neoloc/puppetdb_connections into develop
...
Reviewed-on: unkinben/puppet-prod#208
2024-05-12 16:10:42 +09:30
5774ebd614
feat: manage pgsql settings for puppetdb
...
- deep merge postgresql_config_entries in common.yaml
- add postgresql_config_entries into a new hieradata/roles/infra/puppetdb/sql.yaml
- set puppetdb role to import the options
2024-05-12 16:36:43 +10:00
2aa5ead9d1
feat: prepare syd1 mariadb cluster
...
- update role to wait for enc_role
- move hiera data to country/region/role specific location
2024-05-12 15:40:43 +10:00
4a1848db38
fix: cobbler host
...
- fixed name of cobbler host in yaml
2024-05-11 23:09:30 +10:00
5577e368e9
Merge pull request 'chore: move pxeboot to syd1 cobbler' ( #204 ) from neoloc/dhcp_syd1_cobbler into develop
...
Reviewed-on: unkinben/puppet-prod#204
2024-05-11 21:36:23 +09:30
dca99d2716
chore: move pxeboot to syd1 cobbler
...
- update nameservers for syd1 to use local dns resolvers
- update pxeserver to au-syd1 cobbler
2024-05-11 22:05:21 +10:00
ec6e49e37a
Merge pull request 'feat: change cobbler master' ( #203 ) from neoloc/cobbler_master into develop
...
Reviewed-on: unkinben/puppet-prod#203
2024-05-11 21:20:56 +09:30
3e233ea688
feat: change cobbler master
...
- promote ausyd1nxvm1017
2024-05-11 21:50:02 +10:00
cb54cd2dba
feat: add edgecache prepared_query
...
- add edgecache as a prepared_query in consul
2024-05-11 21:47:14 +10:00
4171427e7b
feat: add edgecache role
...
- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
2024-05-11 21:46:20 +10:00
9edd060367
feat: deep merge /etc/hosts
...
- allow managing /etc/hosts on multiple levels of hiera
2024-05-11 21:45:24 +10:00
eeb21081d3
Merge branch 'develop' into neoloc/selinux_fix
2024-05-11 15:01:38 +09:30
6633f07d8b
feat: install policycoreutils
...
- install policycoreutils on all almalinux releases
2024-05-11 15:30:01 +10:00
a618962d07
fix: move selinux profile to cobbler
...
- only import the selinux enforce profile in cobbler
2024-05-11 15:22:16 +10:00
911e284586
Merge pull request 'fix: export cobbler DNS if is_cobbler_master' ( #200 ) from neoloc/cobbler_dns into develop
...
Reviewed-on: unkinben/puppet-prod#200
2024-05-11 14:13:37 +09:30
a05f81799d
fix: export cobbler DNS if is_cobbler_master
...
- set prodinf01n48 as primary cobbler node
- ensure the cobbler DNS record is created
2024-05-11 14:36:28 +10:00
ce3e0f2320
Merge pull request 'neoloc/cobbler_refacter' ( #199 ) from neoloc/cobbler_refacter into develop
...
Reviewed-on: unkinben/puppet-prod#199
2024-05-09 22:45:33 +09:30
fee0bde604
feat: complete cobbler automation
...
- add facts to manage the /var/www/cobbler and /data/cobbler directories
- move /var/www/cobbler -> /data/cobbler
- create symlink from /var/www/cobbler -> /data/cobbler
- ensure that cobbler nodes are set to permissive selinux mode
2024-05-09 22:44:55 +10:00
72077d64a2
refactor: reconfigure cobbler to module style
...
- split params into class
- split class into individual functions
2024-05-07 22:44:01 +10:00
c2e413c0fb
chore: move dhcp hieradata to hieradata/role
2024-05-06 21:49:41 +10:00
e9c7fbc2b5
feat: update puppetdb_api for multi-zone
...
- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
2024-05-06 20:38:25 +10:00
14a56a41a2
Merge branch 'develop' into neoloc/consul_wan
...
Conflicts:
hieradata/common.yaml
2024-05-05 18:01:41 +10:00
31f670ad18
Merge pull request 'neoloc/syd1_puppet' ( #195 ) from neoloc/syd1_puppet into develop
...
Reviewed-on: unkinben/puppet-prod#195
2024-05-05 17:13:38 +09:30
6335167e3a
feat: change clients to use puppet.query.consul
...
- change all clients/servers to use puppet from consul service mesh
2024-05-05 16:47:39 +10:00
f1ff7cb736
feat: distribute eyaml pub/priv key
...
- distribute the private/public pem for eyaml via eyaml
2024-05-05 16:25:18 +10:00
51bd1796ad
feat: per-datacentre consul dns
...
- change forwarding for consul to be per-datacentre to local consul
- change domain from service.consul -> consul so query.consul can be resolved
2024-05-04 16:27:32 +10:00
fe296d52d9
feat: manage puppet/puppetca consul services
...
- add puppet service
- add puppetca service
- add ability to write to puppet/puppetca service in consul
- add puppet.(query,service).consul to dns_alt_names of all masters
- add puppetca.(query,service).consul to dns_alt_names of puppetca
2024-05-04 16:10:32 +10:00
8a241d6b96
feat: add prepared_query capabilities to consul
...
- add prepared query for:
- vault
- puppet
- puppetca
2024-05-04 15:46:47 +10:00
6020143f76
feat: consul multi-datacentre joining
...
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
2024-05-04 00:39:18 +10:00
df8a55c3dd
feat: manage puppetca
...
- manage the puppet ca.cfg
- distribute the crl.pem from the puppetca to masters
2024-05-03 21:29:25 +10:00
56b23620b7
refactor: reoganise the puppetserver profile
...
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
- set param types using stdlib where possible
- set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
2024-05-02 23:32:32 +10:00
95135fb58a
fix: add use_backend for drw1 haproxy
2024-05-01 21:58:10 +10:00
