opendev/system-config
Code Issues Proposed changes
ef1f976faa
system-config/playbooks/roles
History
Jeremy Stanley f75191dbd4 Tighten permissions on Etherpad settings file 
The file in which our Etherpad settings reside is templated with
sensitive data like an API key and DB password. Remove the world
readable bit from it, and also drop user/group write perms while
we're at it. Also switch the service's effective GID to match its
UID and make sure the config's ownership is set accordingly.

Change-Id: I65b70237b4bc8f4e63aa0b717702c124e01ed777
2024-05-01 19:18:59 +00:00
..
accessbot Revert "Move system-config irc bots into quay.io" 2023-05-24 13:17:54 -07:00
add-inventory-known-hosts bridge: Disable writing known_hosts files 2022-11-21 15:29:56 +11:00
afs-release afs-release: better info when can not get lockfile 2022-10-11 10:53:02 +11:00
afsmon afsmon: install python3-pip 2020-02-12 16:39:11 +11:00
apache-ua-filter Merge "Apply apache us filter to Zuul" 2024-04-23 19:27:34 +00:00
base Merge "Don't install phased package updates with apt" 2022-11-03 00:12:28 +00:00
borg-backup Add hints to borg backup error logging 2023-12-11 08:42:04 -08:00
borg-backup-server borg-backup-server: build borg users betterer 2022-11-23 08:26:28 +11:00
codesearch codesearch: Add robots.txt 2020-11-20 19:13:32 +11:00
configure-kubectl Configure .kube/config on bridge 2019-02-06 15:43:19 -08:00
configure-openstacksdk Farewell limestone 2023-02-13 23:54:59 +00:00
create-venv pip: use latest instead of upgrade 2022-12-06 17:28:09 +11:00
disable-puppet-agent Stop running mcollective 2020-05-05 15:00:04 -05:00
dstat-logger dstat-logger: redirect stdout to /dev/null 2021-03-24 22:23:13 +00:00
edit-secrets-script edit-secrets: configure gpg-agent/emacs 2022-11-03 10:07:20 +11:00
etherpad Tighten permissions on Etherpad settings file 2024-05-01 19:18:59 +00:00
gerrit Reapply "Switch Gerrit replication to a larger RSA key" 2023-12-06 09:02:17 -08:00
gerritbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
gitea Upgrade Gitea's backend DB to MariaDB 10.11 2024-04-23 15:16:41 -07:00
gitea-git-repos gitea-git-repos: remove #!/usr/bin/env python 2022-11-23 08:26:28 +11:00
gitea-lb gitea-haproxy: issue liveness check to HEAD / 2022-03-08 09:46:59 +11:00
gitea-set-org-logos Update gitea to 1.19.3 2023-05-03 14:42:08 -07:00
grafana Temporarily pin Grafana to 10.2.2 2023-12-31 19:15:56 +00:00
graphite graphite: add grafana header to CORS allowed list 2023-12-31 14:28:49 +00:00
haproxy Downgrade haproxy image from latest to lts 2023-12-20 13:41:53 +00:00
import-gpg-key reprepro: convert to Ansible 2020-10-19 14:06:57 +11:00
install-ansible Transition to Rackspace API keys 2024-03-05 19:31:09 +00:00
install-ansible-roles puppet: don't run module install steps multiple times 2020-09-03 09:23:05 +10:00
install-apt-repo Vendor the apt repo gpg keys used for Zuul 2020-05-20 13:17:09 -07:00
install-borg install-borg: update to borg 1.1.18 2022-08-10 10:14:56 +10:00
install-certcheck Generate ssl check list directly from letsencrypt variables 2020-05-20 14:27:14 +10:00
install-docker Merge "Switch install-docker playbook to include_tasks" 2024-03-22 22:48:03 +00:00
install-kubectl Remove snap cleanup tasks 2020-04-16 12:45:36 -05:00
install-launch-node Deduplicate Rackspace control plane API keys 2024-03-12 19:17:09 +00:00
install-podman Run a gerrit container on review-dev01 2019-10-29 08:29:17 +09:00
iptables iptables: handle hosts in allowed groups not having an ipv6 address 2023-01-12 21:48:22 +11:00
jaeger Increase Jaeger start timeout to 300 2024-02-12 22:45:39 +00:00
jitsi-meet Fix jitsi meet jvb connection info and cert CN 2022-09-16 15:43:48 -07:00
kerberos-kdc Merge "kerberos-kdc: quote some integers to avoid string/int confusion" 2021-03-22 22:56:26 +00:00
keycloak Add backups for the new Keycloak server 2024-02-09 17:35:02 +00:00
letsencrypt-acme-sh-install Patch acme.sh/4659 for arbitrary command execution 2023-06-11 20:41:11 +00:00
letsencrypt-config-certcheck Add more LE debugging info to our Ansible role 2024-04-05 13:40:14 -07:00
letsencrypt-create-certs Upgrade to Keycloak 23.0 2024-02-06 05:33:37 +00:00
letsencrypt-install-txt-record dns: abstract names 2023-04-19 09:53:10 +10:00
letsencrypt-request-certs letsencrypt-request-certs: refactor certcheck list 2022-11-23 08:26:28 +11:00
limnoria Revert "Move system-config irc bots into quay.io" 2023-05-24 13:17:54 -07:00
lodgeit Upgrade the lodgeit mariadb to 10.11 2024-02-20 14:25:42 -08:00
logrotate Cleanup opensuse mirroring configs entirely 2024-03-18 15:49:43 -07:00
mailman3 Override upstream ADMINS address for mailman 2024-04-24 18:02:00 +00:00
mariadb Merge "Restrict permissions on mariadb compose file" 2024-04-05 03:17:11 +00:00
master-nameserver bind9 : drop obsolete option for later versions 2023-03-09 16:37:32 +11:00
matrix-eavesdrop Restart matrix-eavesdrop when config changes 2023-08-24 12:59:13 -07:00
matrix-gerritbot Update gerritbot-matrix version to include wipness 2022-04-12 14:41:53 +00:00
mirror Ubuntu 22.04: Add ceph quincy and reef to mirror 2024-04-21 02:40:37 +09:00
mirror-update Cleanup opensuse mirroring configs entirely 2024-03-18 15:49:43 -07:00
nameserver nameserver: Allow master server to notify via ipv6 2020-10-28 09:26:14 +00:00
nodepool-base nodepool-base: use ipv4 ZK addresses if we don't have an ipv6 address 2023-01-12 21:50:17 +11:00
nodepool-builder Temporarily limit node image upload concurrency 2023-08-30 21:16:01 +00:00
nodepool-launcher Switch to nodepool images on quay.io 2023-04-26 10:37:08 -07:00
openafs-db-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-file-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-server-config Retire mordred as infra-root 2022-12-06 11:04:08 -06:00
opendev-ca Correct internal tracing server cert name 2022-09-28 10:38:41 -07:00
pip3 Use versioned get-pip.py URL for Ubuntu Bionic 2022-01-30 15:37:58 +00:00
ptgbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
puppet-run puppet: don't run module install steps multiple times 2020-09-03 09:23:05 +10:00
puppet-setup-ansible install-ansible: move install_modules.sh to puppet-setup-ansible 2020-09-03 09:28:16 +10:00
rax-dns-backup rax-dns-backup: fix parsing 2022-11-21 11:44:07 +11:00
refstack Upgrade Refstack's MariaDB to 10.11 2024-03-04 13:27:20 -08:00
registry Switch the zuul-registry image location to quay.io 2023-04-26 10:41:51 -07:00
reprepro Merge "Ubuntu 22.04: Add ceph quincy and reef to mirror" 2024-04-29 16:58:19 +00:00
root-keys roles: Add README.rst and lint 2018-08-23 21:34:42 +10:00
run-selenium run-selenium: Use latest tag on firefox image 2022-10-11 10:53:00 +11:00
static Revert registry.zuul-ci.org 2023-11-14 16:05:28 -08:00
statusbot Revert "Move pull external IRC bot images from quay.io" 2023-05-24 13:42:47 -07:00
sync-project-config Revert "Update to tip of master in periodic jobs" 2022-11-03 16:40:54 +11:00
vos-release Add missing newline in vos_release.sudo 2019-11-21 19:08:30 +00:00
zookeeper Bump zookeeper from 3.7 to 3.8 2023-10-11 08:56:18 -07:00
zuul Update Zuul auth config for new Keycloak images 2024-02-09 17:34:21 +00:00
zuul-executor Stop adding duplicate OpenAFS PPA on executors 2023-06-06 23:45:46 +00:00
zuul-lb Do more robust checks against zuul-web with haproxy 2022-03-04 14:17:51 -08:00
zuul-merger Switch zuul container images to quay.io 2023-04-26 10:40:30 -07:00
zuul-preview Switch zuul container images to quay.io 2023-04-26 10:40:30 -07:00
zuul-scheduler Switch zuul container images to quay.io 2023-04-26 10:40:30 -07:00
zuul-status-backup Add --fail flag to zuul status backup curl 2020-04-28 08:33:05 -05:00
zuul-user Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
zuul-web Add robots.txt to Zuul web 2024-04-03 13:31:06 -07:00
set-hostname Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00