Thomas Merkel [Sun, 20 Sep 2020 10:40:41 +0000 (12:40 +0200)]
add: packer template for debian-9 installation
Provide a simple packer template to generate an QEMU image for CI and
development. Maybe it should optional to run the puppet also during
image creation, but this could be considered when the image is stable.
Felix Dörre [Thu, 10 Jan 2019 21:11:57 +0000 (16:11 -0500)]
chg: allow domain-vhosts of motion container
This change allows to define new domains that the nginx will route to
the motions container. Additionally you can have separate users
and configurations per domain.
* changes:
add: motion system from source
add: virtual resource collectors for nginx+pg
chg: use explicit resources for nginx-binds
chg: extract lxc-bind-mounts to own resources
Felix Dörre [Sat, 22 Dec 2018 12:19:15 +0000 (13:19 +0100)]
add: virtual resource collectors for nginx+pg
This makes it possible to define virtual resources (prefixed by an '@'
character) in other manifests and have them be automatically added to
the correct nodes. For example, a different manifest could define @file
and @front_host resources with tag => [nginx], and the collectors added
here would automatically add them to the front-nginx node.
With systemd/systemd#9796 [1], included in systemd v240 and later [2],
we will be able to use `systemctl is-system-running --wait` to wait for
the system being online instead of polling systemd’s private socket,
which should be both more efficient and more stable.
fix: correct non-interactive forcing of apt commands
Change I8998df2b44 (commit 58c1a7f1b0) changed these apt commands to
pipe into `cat` so that they will use non-interactive output. However,
not only was the use of a dedicated subshell and `cat` per command
wasteful, it also introduced a bug – in a pipeline, only the exit status
of the last component matters (unless `set -o pipefail` is in effect):
$ ( false | cat ) && echo 'This still runs.'
This still runs.
Felix Dörre [Thu, 14 Dec 2017 21:46:14 +0000 (22:46 +0100)]
fix: replication needs max_wal_senders
This is necessary for the initial backup (using pg_basebackup), which
connects to the postgres server and receives the Write-Ahead Log while
it is created, so the server needs to have at least one session
available for this. See also the pg_basebackup documentation [1].
Felix Dörre [Fri, 16 Jun 2017 21:36:10 +0000 (23:36 +0200)]
upd: cleanup file-dependencies for lxcs
lxc containers with bind mounts require the file resources of the source
paths of those bind mounts. Declare this in the lxc module, instead of
declaring those requirements individually in the module definitions.
Felix Dörre [Tue, 28 Mar 2017 09:48:57 +0000 (11:48 +0200)]
add: systemd module for executing daemon-reload
This change adds a new resource type that manages a given
unit file and triggers a systemd daemon-reload when any of
the files have been managed (but before any of their
dependencies, i.e. services, are managed).
The git daemon doesn’t require any privileges (assuming the repositories
are world-readable), and the git user owns /gitweb-socket (and possibly
also the repositories). ReadOnlyDirectories=/ should prevent the git
daemon to make any modifications to those directories, but still,
there’s no harm done in locking it down even further.
This removes the need for running `git update-server-info` on the
repositories regularly (or on update), possibly speeds up clones (at
least, git clone can now show progress information), and almost
certainly improves reliability on a pull concurrent with a push to the
same repository (the git daemon can respect lock files, nginx can’t).
(We can also probably remove /srv/git from front-nginx, but I’ll do that
in a separate change.)
Serves all repositories in /data/git on the code. subdomain with gitweb,
and allows cloning them via https:// and git://.
NOTE: For clone over HTTP(S), git update-server-info needs to be run in
the repositories; this is expected to be done via a post-update hook in
the repositories, and not configured here.
Felix [Tue, 1 Nov 2016 11:10:57 +0000 (12:10 +0100)]
initial import
Current features include:
- setup of gigi, cassiopeia-client, quiz-system, minimalist exim, nginx
- setup of gigi-database from scratch (including validation of own domain and issuing own certificates
- optional cassiopeia-signer in own container with communication via tcpserial
- hop container for administrators connecting to the system