1532641640
feat: add nzbget to media platform
...
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
2024-07-09 22:32:54 +10:00
899e2cbf49
feat: haproxy updates
...
- use letsencrypt certificates
- add fafflix and jellyfin backends
2024-07-08 22:56:24 +10:00
bd5164fed3
feat: certbot reorg
...
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
2024-07-08 22:33:11 +10:00
991c8a3029
feat: haproxy updates
...
- add acls for all backends
- harden security of backends
- update http-check for all backends
2024-07-07 16:51:36 +10:00
2199e4e3c0
feat: add jellyfin to haproxy
2024-06-30 00:02:44 +10:00
d07751a151
feat: haproxy for *arr stack
...
- add additional backends
- set *arr's to export as a backend
- add *arr.main.unkin.net certificates
2024-06-28 22:46:50 +10:00
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
ad268e8977
Merge pull request 'feat: vault use vault' ( #226 ) from neoloc/vault_use_vault into develop
...
Reviewed-on: unkinben/puppet-prod#226
2024-05-26 00:38:55 +09:30
ad4f9b81f4
Merge pull request 'neoloc/syd1_certmanager_approle' ( #224 ) from neoloc/syd1_certmanager_approle into develop
...
Reviewed-on: unkinben/puppet-prod#224
2024-05-26 00:38:16 +09:30
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
b9c327799f
feat: add vault service/query altnames
...
- add nginx aliases for vault services
- add additional vault certificates
- change certmanager script to use vault.service.consul
2024-05-25 15:51:09 +10:00
2c3aa2bbdc
feat: vault certmanager tokens
...
- move vault certmanager tokens to drw1/syd1 specific eyaml
- add syd1 certmanger token for syd1 vault
2024-05-25 15:50:59 +10:00
c883bc8c91
feat: added country-region altnames
...
- add puppetboard.service.au-{syd1|drw1}.consul to:
- vault pki cert
- nginx server aliases
2024-05-24 23:27:07 +10:00
349547c4bc
feat: puppetboard on consul
...
- updated nginx param types
- add nginx aliases, merge with vhost, use as server_names
- add additional vault alt-names
- add prepared query for puppetboard
2024-05-22 22:54:54 +10:00
2aa5ead9d1
feat: prepare syd1 mariadb cluster
...
- update role to wait for enc_role
- move hiera data to country/region/role specific location
2024-05-12 15:40:43 +10:00
14a56a41a2
Merge branch 'develop' into neoloc/consul_wan
...
Conflicts:
hieradata/common.yaml
2024-05-05 18:01:41 +10:00
31f670ad18
Merge pull request 'neoloc/syd1_puppet' ( #195 ) from neoloc/syd1_puppet into develop
...
Reviewed-on: unkinben/puppet-prod#195
2024-05-05 17:13:38 +09:30
51bd1796ad
feat: per-datacentre consul dns
...
- change forwarding for consul to be per-datacentre to local consul
- change domain from service.consul -> consul so query.consul can be resolved
2024-05-04 16:27:32 +10:00
6020143f76
feat: consul multi-datacentre joining
...
- add method to join multiple consul datacentres
- set syd1 as the primary datacentre
- use default token from au-syd1 cluster in all locations
- add replication token
2024-05-04 00:39:18 +10:00
56b23620b7
refactor: reoganise the puppetserver profile
...
- manage puppetserver package
- set order for puppetserver classes
- for profiles::puppet::server class:
- set param types using stdlib where possible
- set default values for all params
- move configuration data to hieradata
- wait for enc_role fact to match role
- exclude puppet::client from puppermaster nodes
2024-05-02 23:32:32 +10:00
8697492611
feat: haproxy refactor
...
- configure deep merging in hiera
- move fe_http and fe_https to hiera
- configure pve backends for standard and api traffic
2024-05-01 19:02:03 +10:00
220ac182f4
feat: sydney haproxy cluster
...
- add au-syd1 halb cluster
- add http-response to frontends
- manage haproxy after enc_role is correct
2024-04-28 21:14:36 +10:00
8df927de18
feat: add node_token to agent config
...
- move policy rules to hiera array[hash]
- add node_token to agent as the default token
2024-04-28 17:06:06 +10:00
43afc23535
feat: deploy consul services
...
- add vault.service.consul
2024-04-28 14:06:49 +10:00
3001bc32f2
feat: add sydney vault cluster
...
- separate yaml between multiple regions
- add nginx frontend to vault
2024-04-27 22:35:16 +10:00
f536d19034
feat: generate consul policy/tokens
...
- generate policy/token to add nodes
- generate policy/token for all nodes
- add base::root profile to manage aspects of the root user
2024-04-27 20:21:57 +10:00
a7e9f1590e
fix: move primary_datacenter to region/role
...
- set syd1 as primary consul datacentre
- add consul.service.consul zone
- add nginx reverse proxy for consul webui
- set dns zones/acls/views/keys to be deep merged from hiera
- update default token
- add consul/consul.service.consul/consul.main.unkin.net to vault cert
2024-04-26 23:11:38 +10:00
89fcfe38ea
feat: add syd1 consul cluster
2024-04-24 19:31:18 +10:00
f04c74bd4d
feat: manage proxmox nodes
...
- change /etc/hosts to meet proxmox requirements
- add proxmox node role
- add init, params, repo, install, clusterjoin classes
2024-04-21 15:08:28 +10:00
