Felix Dörre [Thu, 14 Dec 2017 21:46:14 +0000 (22:46 +0100)]
fix: replication needs max_wal_senders
This is necessary for the initial backup (using pg_basebackup), which
connects to the postgres server and receives the Write-Ahead Log while
it is created, so the server needs to have at least one session
available for this. See also the pg_basebackup documentation [1].
Felix Dörre [Fri, 16 Jun 2017 21:36:10 +0000 (23:36 +0200)]
upd: cleanup file-dependencies for lxcs
lxc containers with bind mounts require the file resources of the source
paths of those bind mounts. Declare this in the lxc module, instead of
declaring those requirements individually in the module definitions.
Felix Dörre [Tue, 28 Mar 2017 09:48:57 +0000 (11:48 +0200)]
add: systemd module for executing daemon-reload
This change adds a new resource type that manages a given
unit file and triggers a systemd daemon-reload when any of
the files have been managed (but before any of their
dependencies, i.e. services, are managed).
The git daemon doesn’t require any privileges (assuming the repositories
are world-readable), and the git user owns /gitweb-socket (and possibly
also the repositories). ReadOnlyDirectories=/ should prevent the git
daemon to make any modifications to those directories, but still,
there’s no harm done in locking it down even further.
This removes the need for running `git update-server-info` on the
repositories regularly (or on update), possibly speeds up clones (at
least, git clone can now show progress information), and almost
certainly improves reliability on a pull concurrent with a push to the
same repository (the git daemon can respect lock files, nginx can’t).
(We can also probably remove /srv/git from front-nginx, but I’ll do that
in a separate change.)
Serves all repositories in /data/git on the code. subdomain with gitweb,
and allows cloning them via https:// and git://.
NOTE: For clone over HTTP(S), git update-server-info needs to be run in
the repositories; this is expected to be done via a post-update hook in
the repositories, and not configured here.
Felix [Tue, 1 Nov 2016 11:10:57 +0000 (12:10 +0100)]
initial import
Current features include:
- setup of gigi, cassiopeia-client, quiz-system, minimalist exim, nginx
- setup of gigi-database from scratch (including validation of own domain and issuing own certificates
- optional cassiopeia-signer in own container with communication via tcpserial
- hop container for administrators connecting to the system