Commit graph

52 commits

Author SHA1 Message Date
Patrik Lundin a82798ead5
Add network reload support 2024-10-11 19:04:17 +02:00
Patrik Lundin 637e2ae307
Add address config for dummy interface 2024-10-11 18:52:53 +02:00
Patrik Lundin 1e8cad6ea0
Add dummy0 interface
The netplan version we have is too old to do this so handle it manually.
2024-10-11 18:45:54 +02:00
Patrik Lundin 4d7283e361
Allow haproxy to bind to ports 80/443
This way we can run haproxy as an unprivileged user and still use what
is normally considered privileged ports.
2024-10-11 13:49:04 +02:00
Patrik Lundin 7402f8cfc1
More tweaks 2024-10-11 11:51:36 +02:00
Patrik Lundin 5185b62431
Syntax fixes 2024-10-11 11:47:44 +02:00
Patrik Lundin 31d7a3c93a
puppet-lint fixes 2024-10-11 11:46:06 +02:00
Patrik Lundin ca9f7fbe50
Replace "." with ","
While here fix some variable usage and puppet-lint complaints
2024-10-11 11:42:12 +02:00
Patrik Lundin 88e3771f6e
Install certificate files 2024-10-11 11:38:58 +02:00
Patrik Lundin ff6376b68d
Add basic varnish VCL for testing 2024-10-10 20:39:35 +02:00
Patrik Lundin bacdb2c90a
Make sure customer conf dir is created 2024-10-10 15:31:54 +02:00
Patrik Lundin 170bdbc154
Missing $ 2024-10-10 15:29:50 +02:00
Patrik Lundin 26f583c41a
Fix manifest name 2024-10-10 15:28:23 +02:00
Patrik Lundin 4b1f93c08a
Add missing $ 2024-10-10 15:27:06 +02:00
Patrik Lundin d0a19691aa
Initial cdn::cache manifest 2024-10-10 15:22:11 +02:00
Patrik Lundin d78d8c22b1
Make sure we trust internal cdn CA 2024-10-10 10:19:00 +02:00
Patrik Lundin 65fc0590b4
Add certbot deploy script for mosquitto 2024-10-10 10:13:04 +02:00
Patrik Lundin b9266ec0e7
Start requesting ACME certs from internal CA 2024-10-09 12:13:30 +02:00
Patrik Lundin 8f8c360c69
Use environment instead of instance 2024-10-09 11:59:51 +02:00
Patrik Lundin c09f81afbf
Fix type declaration
```
Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Cdn::Ca_trust]:
  parameter 'ca_root_fp' entry 'test' entry 'url' expects a Hash value, got String
  parameter 'ca_root_fp' entry 'test' entry 'fp' expects a Hash value, got String on node internal-sto3-test-mqtt-1.cdn.sunet.se
```

Also rename variable now that it contains more than fingerprint
2024-10-09 11:53:52 +02:00
Patrik Lundin 1ef179cad2
Fix broken file declaration
While here make puppet-lint happy
2024-10-09 11:50:34 +02:00
Patrik Lundin ab3c08c5e1
Add class for setting up trust of internal CA 2024-10-09 11:46:28 +02:00
Patrik Lundin 22a2029cf9
Enable ACME provisioner at init 2024-10-08 16:50:46 +02:00
Patrik Lundin 6354f6faaa
Test opening port 80 for certbot operation 2024-10-08 16:38:11 +02:00
Patrik Lundin 8d4d1841c4
Bootstrap step client 2024-10-08 14:09:44 +02:00
Patrik Lundin 44001514de
Missing "," 2024-10-08 13:42:14 +02:00
Patrik Lundin a4a5a44647
Install step-cli from deb 2024-10-08 13:40:54 +02:00
Patrik Lundin 1cfbc3e908
Make puppet-lint happy with indent 2024-10-08 13:36:21 +02:00
Patrik Lundin 49ff235bc4
Download step client deb file 2024-10-08 13:33:32 +02:00
Patrik Lundin d9db9fee72
Add init script for setting provisioner file
This is to deal with the problem that it makes sense to have a separate
passsword for encryption keys and the admin provisioner. It is currently
not possible to control this via the docker env flags so add this
workaround for now.
2024-10-08 12:35:41 +02:00
Patrik Lundin d46d54a6a6
Enable compose file 2024-10-08 10:04:32 +02:00
Patrik Lundin 1803d1c69a
Add initial compose file for step-ca 2024-10-08 10:02:48 +02:00
Patrik Lundin 828f9a899d
Fix templates for passwords 2024-10-08 09:51:08 +02:00
Patrik Lundin 9379ba58e2
Handle undef ca_secrets more gracefully 2024-10-08 09:39:09 +02:00
Patrik Lundin 61a4ec13e3
Start setting up step-ca files 2024-10-08 09:36:04 +02:00
Patrik Lundin e02160a311
Initial cdn::ca class 2024-10-07 08:35:00 +02:00
Patrik Lundin 49106049ff
Start using cdn.conf template 2024-10-06 14:51:55 +02:00
Patrik Lundin 52469c754d
Correct path 2024-10-06 14:32:17 +02:00
Patrik Lundin 4b90469531
Missing $ 2024-10-06 14:30:51 +02:00
Patrik Lundin 0c5e2604b6
Add missing clients parameter 2024-10-06 14:29:48 +02:00
Patrik Lundin 7352a20143
Start managing mqtt ACL
Include sample comsos-rules entry for testing out template
2024-10-06 14:26:10 +02:00
Patrik Lundin 2099c4d691
Fix class name 2024-10-04 17:43:31 +02:00
Patrik Lundin 152179a5c1
Initial commit for mqtt management 2024-10-04 17:33:49 +02:00
Patrik Lundin 571af24060
Make seccomp file readable by runner 2024-10-04 09:22:05 +02:00
Patrik Lundin 05ee26e7c2
Make docker_certs available to runner 2024-10-03 21:04:17 +02:00
Patrik Lundin 48d3b890d0
Use owner/group matching runner compose file 2024-10-03 20:57:28 +02:00
Patrik Lundin 32e4a99cef
Add initial forgejo runner config 2024-10-03 20:12:59 +02:00
Patrik Lundin dc180c10b0
Fix so systemd file is named sunet-cdn-l4lb
Not sunet-sunet-cdn-l4lb
2024-08-20 12:38:06 +02:00
Patrik Lundin 79f2018d1b
Fix path to template 2024-08-20 12:10:29 +02:00
Patrik Lundin 4755886ea9
Move manifest to expected location 2024-08-20 12:06:35 +02:00