Import profiles/roles from salt-devel
- + renaming baseline to common Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
f1a4b0514c
commit
2b40942a44
3
salt/common.sls
Normal file
3
salt/common.sls
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
include:
|
||||||
|
- role.minion
|
||||||
|
- role.common-suse
|
466
salt/profile/lighttpd/files/etc/lighttpd/lighttpd.conf.j2
Normal file
466
salt/profile/lighttpd/files/etc/lighttpd/lighttpd.conf.j2
Normal file
@ -0,0 +1,466 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{{ header }}
|
||||||
|
# This is mostly the default file shipped with the package, it's only managed via Salt to enable the vhosts.d include at the bottom
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## /etc/lighttpd/lighttpd.conf
|
||||||
|
##
|
||||||
|
## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Some Variable definition which will make chrooting easier.
|
||||||
|
##
|
||||||
|
## if you add a variable here. Add the corresponding variable in the
|
||||||
|
## chroot example as well.
|
||||||
|
##
|
||||||
|
var.log_root = "/var/log/lighttpd"
|
||||||
|
var.server_root = "/srv/www"
|
||||||
|
var.state_dir = "/run"
|
||||||
|
var.home_dir = "/var/lib/lighttpd"
|
||||||
|
var.conf_dir = "/etc/lighttpd"
|
||||||
|
|
||||||
|
##
|
||||||
|
## run the server chrooted.
|
||||||
|
##
|
||||||
|
## This requires root permissions during startup.
|
||||||
|
##
|
||||||
|
## If you run Chrooted set the the variables to directories relative to
|
||||||
|
## the chroot dir.
|
||||||
|
##
|
||||||
|
## example chroot configuration:
|
||||||
|
##
|
||||||
|
#var.log_root = "/logs"
|
||||||
|
#var.server_root = "/"
|
||||||
|
#var.state_dir = "/run"
|
||||||
|
#var.home_dir = "/lib/lighttpd"
|
||||||
|
#var.vhosts_dir = "/vhosts"
|
||||||
|
#var.conf_dir = "/etc"
|
||||||
|
#
|
||||||
|
#server.chroot = "/srv/www"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Some additional variables to make the configuration easier
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
## Base directory for all virtual hosts
|
||||||
|
##
|
||||||
|
## used in:
|
||||||
|
## conf.d/evhost.conf
|
||||||
|
## conf.d/simple_vhost.conf
|
||||||
|
## vhosts.d/vhosts.template
|
||||||
|
##
|
||||||
|
var.vhosts_dir = server_root + "/vhosts"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Cache for mod_deflate
|
||||||
|
##
|
||||||
|
## used in:
|
||||||
|
## conf.d/deflate.conf
|
||||||
|
##
|
||||||
|
var.cache_dir = "/var/cache/lighttpd"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Base directory for sockets.
|
||||||
|
##
|
||||||
|
## used in:
|
||||||
|
## conf.d/fastcgi.conf
|
||||||
|
## conf.d/scgi.conf
|
||||||
|
##
|
||||||
|
var.socket_dir = home_dir + "/sockets"
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Load the modules.
|
||||||
|
include conf_dir + "/modules.conf"
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Basic Configuration
|
||||||
|
## ---------------------
|
||||||
|
##
|
||||||
|
server.port = 80
|
||||||
|
|
||||||
|
##
|
||||||
|
## Use IPv6?
|
||||||
|
##
|
||||||
|
server.use-ipv6 = "enable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## bind to a specific IP
|
||||||
|
##
|
||||||
|
#server.bind = "localhost"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Run as a different username/groupname.
|
||||||
|
## This requires root permissions during startup.
|
||||||
|
##
|
||||||
|
server.username = "lighttpd"
|
||||||
|
server.groupname = "lighttpd"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Enable lighttpd to serve requests on sockets received from systemd
|
||||||
|
## https://www.freedesktop.org/software/systemd/man/systemd.socket.html
|
||||||
|
##
|
||||||
|
#server.systemd-socket-activation = "enable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## enable core files.
|
||||||
|
##
|
||||||
|
#server.core-files = "disable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Document root
|
||||||
|
##
|
||||||
|
server.document-root = server_root + "/htdocs"
|
||||||
|
|
||||||
|
##
|
||||||
|
## The value for the "Server:" response field.
|
||||||
|
##
|
||||||
|
## It would be nice to keep it at "lighttpd".
|
||||||
|
##
|
||||||
|
#server.tag = "lighttpd"
|
||||||
|
|
||||||
|
##
|
||||||
|
## store a pid file
|
||||||
|
##
|
||||||
|
server.pid-file = state_dir + "/lighttpd.pid"
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Logging Options
|
||||||
|
## ------------------
|
||||||
|
##
|
||||||
|
## all logging options can be overwritten per vhost.
|
||||||
|
##
|
||||||
|
## Path to the error log file
|
||||||
|
##
|
||||||
|
server.errorlog = log_root + "/error.log"
|
||||||
|
|
||||||
|
##
|
||||||
|
## If you want to log to syslog you have to unset the
|
||||||
|
## server.errorlog setting and uncomment the next line.
|
||||||
|
##
|
||||||
|
#server.errorlog-use-syslog = "enable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Access log config
|
||||||
|
##
|
||||||
|
include conf_dir + "/conf.d/access_log.conf"
|
||||||
|
|
||||||
|
##
|
||||||
|
## The debug options are moved into their own file.
|
||||||
|
## see conf.d/debug.conf for various options for request debugging.
|
||||||
|
##
|
||||||
|
include conf_dir + "/conf.d/debug.conf"
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Tuning/Performance
|
||||||
|
## --------------------
|
||||||
|
##
|
||||||
|
## corresponding documentation:
|
||||||
|
## https://wiki.lighttpd.net/Docs_Performance
|
||||||
|
##
|
||||||
|
## set the event-handler (read the performance section in the manual)
|
||||||
|
##
|
||||||
|
## The recommended server.event-handler is chosen by default for each OS.
|
||||||
|
##
|
||||||
|
## epoll (recommended on Linux)
|
||||||
|
## kqueue (recommended on *BSD and MacOS X)
|
||||||
|
## solaris-eventports (recommended on Solaris)
|
||||||
|
## poll (recommended if none of above are available)
|
||||||
|
## select (*not* recommended)
|
||||||
|
## libev (*not* recommended)
|
||||||
|
##
|
||||||
|
#server.event-handler = "linux-sysepoll"
|
||||||
|
|
||||||
|
##
|
||||||
|
## The basic network interface for all platforms at the syscalls read()
|
||||||
|
## and write(). Every modern OS provides its own syscall to help network
|
||||||
|
## servers transfer files as fast as possible
|
||||||
|
##
|
||||||
|
#server.network-backend = "sendfile"
|
||||||
|
|
||||||
|
##
|
||||||
|
## As lighttpd is a single-threaded server, its main resource limit is
|
||||||
|
## the number of file descriptors, which is set to 1024 by default (on
|
||||||
|
## most systems).
|
||||||
|
##
|
||||||
|
## If you are running a high-traffic site you might want to increase this
|
||||||
|
## limit by setting server.max-fds.
|
||||||
|
##
|
||||||
|
## Changing this setting requires root permissions on startup. see
|
||||||
|
## server.username/server.groupname.
|
||||||
|
##
|
||||||
|
## By default lighttpd would not change the operation system default.
|
||||||
|
## But setting it to 16384 is a better default for busy servers.
|
||||||
|
##
|
||||||
|
## With SELinux enabled, this is denied by default and needs to be allowed
|
||||||
|
## by running the following once: setsebool -P httpd_setrlimit on
|
||||||
|
##
|
||||||
|
server.max-fds = 16384
|
||||||
|
|
||||||
|
##
|
||||||
|
## listen-backlog is the size of the listen() backlog queue requested when
|
||||||
|
## the lighttpd server ask the kernel to listen() on the provided network
|
||||||
|
## address. Clients attempting to connect() to the server enter the listen()
|
||||||
|
## backlog queue and wait for the lighttpd server to accept() the connection.
|
||||||
|
##
|
||||||
|
## The out-of-box default on many operating systems is 128 and is identified
|
||||||
|
## as SOMAXCONN. This can be tuned on many operating systems. (On Linux,
|
||||||
|
## cat /proc/sys/net/core/somaxconn) Requesting a size larger than operating
|
||||||
|
## system limit will be silently reduced to the limit by the operating system.
|
||||||
|
##
|
||||||
|
## When there are too many connection attempts waiting for the server to
|
||||||
|
## accept() new connections, the listen backlog queue fills and the kernel
|
||||||
|
## rejects additional connection attempts. This can be useful as an
|
||||||
|
## indication to an upstream load balancer that the server is busy, and
|
||||||
|
## possibly overloaded. In that case, configure a smaller limit for
|
||||||
|
## server.listen-backlog. On the other hand, configure a larger limit to be
|
||||||
|
## able to handle bursts of new connections, but only do so up to an amount
|
||||||
|
## that the server can keep up with responding in a reasonable amount of
|
||||||
|
## time. Otherwise, clients may abandon the connection attempts and the
|
||||||
|
## server will waste resources servicing abandoned connections.
|
||||||
|
##
|
||||||
|
## It is best to leave this setting at its default unless you have modelled
|
||||||
|
## your traffic and tested that changing this benefits your traffic patterns.
|
||||||
|
##
|
||||||
|
## Default: 1024
|
||||||
|
##
|
||||||
|
#server.listen-backlog = 128
|
||||||
|
|
||||||
|
##
|
||||||
|
## Stat() call caching.
|
||||||
|
##
|
||||||
|
## lighttpd can utilize FAM/Gamin to cache stat call.
|
||||||
|
##
|
||||||
|
## possible values are:
|
||||||
|
## disable, simple, inotify, kqueue, or fam.
|
||||||
|
##
|
||||||
|
#server.stat-cache-engine = "simple"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Fine tuning for the request handling
|
||||||
|
##
|
||||||
|
## max-connections == max-fds/3)
|
||||||
|
## (other file handles are used for fastcgi/files)
|
||||||
|
##
|
||||||
|
#server.max-connections = 1024
|
||||||
|
|
||||||
|
##
|
||||||
|
## How many seconds to keep a keep-alive connection open,
|
||||||
|
## until we consider it idle.
|
||||||
|
##
|
||||||
|
## Default: 5
|
||||||
|
##
|
||||||
|
#server.max-keep-alive-idle = 5
|
||||||
|
|
||||||
|
##
|
||||||
|
## How many keep-alive requests until closing the connection.
|
||||||
|
##
|
||||||
|
## Default: 16
|
||||||
|
##
|
||||||
|
#server.max-keep-alive-requests = 16
|
||||||
|
|
||||||
|
##
|
||||||
|
## Maximum size of a request in kilobytes.
|
||||||
|
## By default it is unlimited (0).
|
||||||
|
##
|
||||||
|
## Uploads to your server cant be larger than this value.
|
||||||
|
##
|
||||||
|
#server.max-request-size = 0
|
||||||
|
|
||||||
|
##
|
||||||
|
## Time to read from a socket before we consider it idle.
|
||||||
|
##
|
||||||
|
## Default: 60
|
||||||
|
##
|
||||||
|
#server.max-read-idle = 60
|
||||||
|
|
||||||
|
##
|
||||||
|
## Time to write to a socket before we consider it idle.
|
||||||
|
##
|
||||||
|
## Default: 360
|
||||||
|
##
|
||||||
|
#server.max-write-idle = 360
|
||||||
|
|
||||||
|
##
|
||||||
|
## Traffic Shaping
|
||||||
|
## -----------------
|
||||||
|
##
|
||||||
|
## see /usr/share/doc/lighttpd/traffic-shaping.txt
|
||||||
|
##
|
||||||
|
## Values are in kilobyte per second.
|
||||||
|
##
|
||||||
|
## Keep in mind that a limit below 32kB/s might actually limit the
|
||||||
|
## traffic to 32kB/s. This is caused by the size of the TCP send
|
||||||
|
## buffer.
|
||||||
|
##
|
||||||
|
## per server:
|
||||||
|
##
|
||||||
|
#server.kbytes-per-second = 128
|
||||||
|
|
||||||
|
##
|
||||||
|
## per connection:
|
||||||
|
##
|
||||||
|
#connection.kbytes-per-second = 32
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## Filename/File handling
|
||||||
|
## ------------------------
|
||||||
|
|
||||||
|
##
|
||||||
|
## files to check for if .../ is requested
|
||||||
|
## index-file.names = ( "index.php", "index.rb", "index.html",
|
||||||
|
## "index.htm", "default.htm" )
|
||||||
|
##
|
||||||
|
index-file.names += (
|
||||||
|
"index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
|
||||||
|
)
|
||||||
|
|
||||||
|
##
|
||||||
|
## deny access the file-extensions
|
||||||
|
##
|
||||||
|
## ~ is for backupfiles from vi, emacs, joe, ...
|
||||||
|
## .inc is often used for code includes which should in general not be part
|
||||||
|
## of the document-root
|
||||||
|
url.access-deny = ( "~", ".inc" )
|
||||||
|
|
||||||
|
##
|
||||||
|
## disable range requests for pdf files
|
||||||
|
## workaround for a bug in the Acrobat Reader plugin.
|
||||||
|
## (ancient; should no longer be needed)
|
||||||
|
##
|
||||||
|
#$HTTP["url"] =~ "\.pdf$" {
|
||||||
|
# server.range-requests = "disable"
|
||||||
|
#}
|
||||||
|
|
||||||
|
##
|
||||||
|
## url handling modules (rewrite, redirect)
|
||||||
|
##
|
||||||
|
#url.rewrite = ( "^/$" => "/server-status" )
|
||||||
|
#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
|
||||||
|
|
||||||
|
##
|
||||||
|
## both rewrite/redirect support back reference to regex conditional using %n
|
||||||
|
##
|
||||||
|
#$HTTP["host"] =~ "^www\.(.*)" {
|
||||||
|
# url.redirect = ( "^/(.*)" => "http://%1/$1" )
|
||||||
|
#}
|
||||||
|
|
||||||
|
##
|
||||||
|
## which extensions should not be handle via static-file transfer
|
||||||
|
##
|
||||||
|
## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
|
||||||
|
##
|
||||||
|
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
|
||||||
|
|
||||||
|
##
|
||||||
|
## error-handler for all status 400-599
|
||||||
|
##
|
||||||
|
#server.error-handler = "/error-handler.html"
|
||||||
|
#server.error-handler = "/error-handler.php"
|
||||||
|
|
||||||
|
##
|
||||||
|
## error-handler for status 404
|
||||||
|
##
|
||||||
|
#server.error-handler-404 = "/error-handler.html"
|
||||||
|
#server.error-handler-404 = "/error-handler.php"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Format: <errorfile-prefix><status-code>.html
|
||||||
|
## -> ..../status-404.html for 'File not found'
|
||||||
|
##
|
||||||
|
#server.errorfile-prefix = server_root + "/htdocs/errors/status-"
|
||||||
|
|
||||||
|
##
|
||||||
|
## mimetype mapping
|
||||||
|
##
|
||||||
|
include conf_dir + "/conf.d/mime.conf"
|
||||||
|
|
||||||
|
##
|
||||||
|
## directory listing configuration
|
||||||
|
##
|
||||||
|
include conf_dir + "/conf.d/dirlisting.conf"
|
||||||
|
|
||||||
|
##
|
||||||
|
## Should lighttpd follow symlinks?
|
||||||
|
## default: "enable"
|
||||||
|
#server.follow-symlink = "enable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## force all filenames to be lowercase?
|
||||||
|
##
|
||||||
|
#server.force-lowercase-filenames = "disable"
|
||||||
|
|
||||||
|
##
|
||||||
|
## defaults to /var/tmp as we assume it is a local harddisk
|
||||||
|
## default: "/var/tmp"
|
||||||
|
#server.upload-dirs = ( "/var/tmp" )
|
||||||
|
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## SSL Support
|
||||||
|
## -------------
|
||||||
|
##
|
||||||
|
## https://wiki.lighttpd.net/Docs_SSL
|
||||||
|
#
|
||||||
|
## To enable SSL for the whole server you have to provide a valid
|
||||||
|
## certificate and have to enable the SSL engine.::
|
||||||
|
##
|
||||||
|
## server.modules += ( "mod_openssl" )
|
||||||
|
##
|
||||||
|
## ssl.privkey = "/path/to/privkey.pem"
|
||||||
|
## ssl.pemfile = "/path/to/fullchain.pem"
|
||||||
|
## # ssl.pemfile should contain the sorted certificate chain, including
|
||||||
|
## # intermediate certificates, as provided by the certificate issuer.
|
||||||
|
## # If both privkey and cert are in same file, specify only ssl.pemfile.
|
||||||
|
##
|
||||||
|
## # Check your cipher list with: openssl ciphers -v '...'
|
||||||
|
## # (use single quotes with: openssl ciphers -v '...'
|
||||||
|
## # as your shell won't like ! in double quotes)
|
||||||
|
## #ssl.cipher-list = "HIGH" # default
|
||||||
|
##
|
||||||
|
## # (recommended to accept only TLSv1.2 and TLSv1.3)
|
||||||
|
## #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2") # default
|
||||||
|
##
|
||||||
|
## $SERVER["socket"] == "*:443" {
|
||||||
|
## ssl.engine = "enable"
|
||||||
|
## }
|
||||||
|
## $SERVER["socket"] == "[::]:443" {
|
||||||
|
## ssl.engine = "enable"
|
||||||
|
## }
|
||||||
|
##
|
||||||
|
#######################################################################
|
||||||
|
|
||||||
|
#######################################################################
|
||||||
|
##
|
||||||
|
## custom includes like vhosts.
|
||||||
|
##
|
||||||
|
#include conf_dir + "/conf.d/config.conf"
|
||||||
|
include conf_dir + "/vhosts.d/*.conf"
|
||||||
|
##
|
||||||
|
#######################################################################
|
8
salt/profile/lighttpd/files/etc/lighttpd/vhosts.conf.j2
Normal file
8
salt/profile/lighttpd/files/etc/lighttpd/vhosts.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{{ header }}
|
||||||
|
|
||||||
|
{%- if vhostconfig is defined -%}
|
||||||
|
$HTTP["host"] =~ "{{ vhostconfig['host'].replace('.', '\.') }}" {
|
||||||
|
server.document-root = "{{ vhostconfig['root'] }}"
|
||||||
|
}
|
||||||
|
{%- endif -%}
|
42
salt/profile/lighttpd/init.sls
Normal file
42
salt/profile/lighttpd/init.sls
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
{%- set mypillar = 'profile:lighttpd' -%}
|
||||||
|
{%- set vhosts = salt['pillar.get'](mypillar ~ ':vhosts') or [] -%}
|
||||||
|
|
||||||
|
lighttpd_packages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- lighttpd
|
||||||
|
|
||||||
|
{%- if vhosts | length > 0 %}
|
||||||
|
lighttpd_directories:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: lighttpd
|
||||||
|
- mode: '0750'
|
||||||
|
- clean: True
|
||||||
|
- require:
|
||||||
|
- pkg: lighttpd_packages
|
||||||
|
- file: lighttpd_files
|
||||||
|
- names:
|
||||||
|
- /etc/lighttpd/vhosts.d
|
||||||
|
|
||||||
|
lighttpd_files:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- group: lighttpd
|
||||||
|
- mode: '0640'
|
||||||
|
- template: jinja
|
||||||
|
- names:
|
||||||
|
- /etc/lighttpd/lighttpd.conf:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/lighttpd/lighttpd.conf.j2
|
||||||
|
{%- for vhost, config in vhosts.items() %}
|
||||||
|
- /etc/lighttpd/vhosts.d/{{ vhost }}.conf:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/lighttpd/vhosts.conf.j2
|
||||||
|
- context:
|
||||||
|
vhostconfig: {{ config }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
lighttpd_service:
|
||||||
|
service.running:
|
||||||
|
- name: lighttpd.service
|
||||||
|
- enable: True
|
@ -0,0 +1,35 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{%- set myfqdn = salt['grains.get']('fqdn') -%}
|
||||||
|
{%- set mypillar = 'profile:matterbridge:instances:' ~ instance ~ ':' -%}
|
||||||
|
{%- set myaccounts = mypillar ~ 'accounts' -%}
|
||||||
|
{%- set mygateways = mypillar ~ 'gateways' -%}
|
||||||
|
{%- set generalopts = ['RemoteNickFormat', 'IgnoreFailureOnStart', 'MessageSplit', 'MediaDownloadSize', 'MediaDownloadPath', 'MediaServerDownload', 'LogFile'] -%}
|
||||||
|
{%- set accountopts = ['Nick', 'NickServNick', 'NickServPassword', 'Server', 'UseTLS', 'UseSASL', 'Label', 'Charset', 'IgnoreNicks', 'RunCommands', 'UseRelayMsg', 'RemoteNickFormat'] -%}
|
||||||
|
{{ header }}
|
||||||
|
|
||||||
|
[general]
|
||||||
|
{% for option in generalopts %}
|
||||||
|
{%- if salt['pillar.get'](mypillar ~ option, None) != None %}
|
||||||
|
{{ option }}="{{ salt['pillar.get'](mypillar ~ option) }}"
|
||||||
|
{%- endif -%}
|
||||||
|
{%- endfor -%}
|
||||||
|
|
||||||
|
{% for account, config in salt['pillar.get'](myaccounts).items() %}
|
||||||
|
[{{ config['protocol'] }}.{{ account }}]
|
||||||
|
{%- for option in accountopts %}
|
||||||
|
{%- if salt['pillar.get'](myaccounts ~ ':' ~ account ~ ':' ~ option, None) != None %}
|
||||||
|
{{ option }}="{{ config[option] }}"
|
||||||
|
{%- endif -%}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor -%}
|
||||||
|
|
||||||
|
{% for gateway, config in salt['pillar.get'](mygateways).items() %}
|
||||||
|
[[gateway]]
|
||||||
|
name="{{ gateway }}"
|
||||||
|
enable=true
|
||||||
|
{% for account, channel in config.items() %}
|
||||||
|
[[gateway.inout]]
|
||||||
|
account="{{ account }}"
|
||||||
|
channel="{{ channel }}"
|
||||||
|
{% endfor %}
|
||||||
|
{%- endfor -%}
|
45
salt/profile/matterbridge/init.sls
Normal file
45
salt/profile/matterbridge/init.sls
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{%- set mypillar = 'profile:matterbridge' -%}
|
||||||
|
{%- set instances = salt['pillar.get'](mypillar ~ ':instances') or [] -%}
|
||||||
|
|
||||||
|
matterbridge_packages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- matterbridge
|
||||||
|
|
||||||
|
matterbridge_directory:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: matterbridge
|
||||||
|
- clean: True
|
||||||
|
- require:
|
||||||
|
- pkg: matterbridge_packages
|
||||||
|
{%- if instances | length > 0 %}
|
||||||
|
- file: matterbridge_files
|
||||||
|
{%- endif %}
|
||||||
|
- names:
|
||||||
|
- /etc/matterbridge
|
||||||
|
|
||||||
|
{%- if instances | length > 0 %}
|
||||||
|
matterbridge_files:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- mode: '0644'
|
||||||
|
- template: jinja
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/matterbridge/matterbridge.toml.j2
|
||||||
|
- names:
|
||||||
|
{%- for instance in instances %}
|
||||||
|
- /etc/matterbridge/{{ instance }}.toml:
|
||||||
|
- context:
|
||||||
|
instance: {{ instance }}
|
||||||
|
|
||||||
|
matterbridge_{{ instance }}_service:
|
||||||
|
service.running:
|
||||||
|
- name: matterbridge@{{ instance }}.service
|
||||||
|
- enable: True
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
matterbridge_cleanup_timer:
|
||||||
|
service.running:
|
||||||
|
- name: matterbridge-cleanup.timer
|
||||||
|
- enable: True
|
36
salt/profile/node_exporter/init.sls
Normal file
36
salt/profile/node_exporter/init.sls
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{%- set sysconfig = '/etc/sysconfig/prometheus-node_exporter' -%}
|
||||||
|
|
||||||
|
node_exporter_packages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- golang-github-prometheus-node_exporter
|
||||||
|
|
||||||
|
node_exporter_sysconfig_header:
|
||||||
|
file.prepend:
|
||||||
|
- name: {{ sysconfig }}
|
||||||
|
- text: '{{ header }}'
|
||||||
|
- require:
|
||||||
|
- pkg: node_exporter_packages
|
||||||
|
|
||||||
|
node_exporter_sysconfig:
|
||||||
|
file.replace:
|
||||||
|
- name: {{ sysconfig }}
|
||||||
|
- pattern: |
|
||||||
|
^ARGS=.*$
|
||||||
|
- repl: |
|
||||||
|
ARGS="--web.listen-address=:9200 --collector.filesystem.fs-types-exclude='^(fuse.s3fs|fuse.cryfs|tmpfscgroup2?|debugfs|devpts|devtmpfs|fusectl|overlay|proc|procfs|pstore)\$' --no-collector.zfs --no-collector.thermal_zone --no-collector.powersupplyclass"
|
||||||
|
- require:
|
||||||
|
- pkg: node_exporter_packages
|
||||||
|
- file: node_exporter_sysconfig_header
|
||||||
|
|
||||||
|
node_exporter_service:
|
||||||
|
service.running:
|
||||||
|
- name: prometheus-node_exporter.service
|
||||||
|
- enable: True
|
||||||
|
- full_restart: True
|
||||||
|
- require:
|
||||||
|
- pkg: node_exporter_packages
|
||||||
|
- file: node_exporter_sysconfig
|
||||||
|
- watch:
|
||||||
|
- file: node_exporter_sysconfig
|
9
salt/profile/salt/files/etc/salt/grains.j2
Normal file
9
salt/profile/salt/files/etc/salt/grains.j2
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{%- set roles = salt['pillar.get']('netbox:config_context:roles', []) -%}
|
||||||
|
{{ header }}
|
||||||
|
{%- if roles is defined and roles %}
|
||||||
|
roles:
|
||||||
|
{%- for role in roles %}
|
||||||
|
- {{ role }}
|
||||||
|
{%- endfor %}
|
||||||
|
{% endif %}
|
15
salt/profile/salt/grains.sls
Normal file
15
salt/profile/salt/grains.sls
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
salt_grains_file:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- mode: '0644'
|
||||||
|
- template: jinja
|
||||||
|
- names:
|
||||||
|
- /etc/salt/grains:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/salt/grains.j2
|
||||||
|
|
||||||
|
salt_restart_minion:
|
||||||
|
cmd.run:
|
||||||
|
- name: 'salt-call service.restart salt-minion'
|
||||||
|
- bg: True
|
||||||
|
- onchanges:
|
||||||
|
- file: salt_grains_file
|
9
salt/profile/seccheck/files/etc/security/autologout.conf
Normal file
9
salt/profile/seccheck/files/etc/security/autologout.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{{ header }}
|
||||||
|
TTY_TIMEOUT=60
|
||||||
|
DEFAULT_DELAY=60
|
||||||
|
KILL_WAIT=20
|
||||||
|
|
||||||
|
LOGOUTCONF=(
|
||||||
|
"ssh idle:720 delay:30"
|
||||||
|
)
|
4
salt/profile/seccheck/files/etc/sysconfig/seccheck
Normal file
4
salt/profile/seccheck/files/etc/sysconfig/seccheck
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{{ header }}
|
||||||
|
SECCHK_USER="root"
|
||||||
|
START_SECCHK="yes"
|
20
salt/profile/seccheck/init.sls
Normal file
20
salt/profile/seccheck/init.sls
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
seccheck_packages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- seccheck
|
||||||
|
|
||||||
|
seccheck_files:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- mode: '0644'
|
||||||
|
- template: jinja
|
||||||
|
- names:
|
||||||
|
- /etc/sysconfig/seccheck:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/sysconfig/seccheck
|
||||||
|
- /etc/security/autologout.conf:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/security/autologout.conf
|
||||||
|
|
||||||
|
seccheck_service:
|
||||||
|
service.running:
|
||||||
|
- name: seccheck-autologout.timer
|
||||||
|
- enable: True
|
4
salt/profile/test-webserver/init.sls
Normal file
4
salt/profile/test-webserver/init.sls
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
test-webserver_packages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- lighttpd
|
8
salt/profile/zypp/files/etc/zypp/zypp.conf.j2
Normal file
8
salt/profile/zypp/files/etc/zypp/zypp.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{%- set header = salt['pillar.get']('managed_header_pound') -%}
|
||||||
|
{{ header }}
|
||||||
|
|
||||||
|
[main]
|
||||||
|
repo.add.probe = true
|
||||||
|
solver.onlyRequires = true
|
||||||
|
multiversion = provides:multiversion(kernel)
|
||||||
|
multiversion.kernels = latest,latest-1,running
|
13
salt/profile/zypp/init.sls
Normal file
13
salt/profile/zypp/init.sls
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
zypp_files:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- mode: '0644'
|
||||||
|
- template: jinja
|
||||||
|
- names:
|
||||||
|
- /etc/zypp/zypp.conf:
|
||||||
|
- source: salt:///{{ slspath }}/files/etc/zypp/zypp.conf.j2
|
||||||
|
|
||||||
|
rpm_key_libertacasa:
|
||||||
|
cmd.run:
|
||||||
|
- name: 'rpm --import https://pepper.lysergic.dev/pub/libertacasa-obs-pubkey'
|
||||||
|
- unless: 'rpm -q gpg-pubkey-f8722274-5f7a4d7b'
|
4
salt/role/common-suse.sls
Normal file
4
salt/role/common-suse.sls
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
include:
|
||||||
|
- profile.seccheck
|
||||||
|
- profile.zypp
|
||||||
|
- profile.node_exporter
|
2
salt/role/lighttpd.sls
Normal file
2
salt/role/lighttpd.sls
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include:
|
||||||
|
- profile.lighttpd
|
3
salt/role/matterbridge.sls
Normal file
3
salt/role/matterbridge.sls
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
include:
|
||||||
|
- profile.lighttpd
|
||||||
|
- profile.matterbridge
|
2
salt/role/minion.sls
Normal file
2
salt/role/minion.sls
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include:
|
||||||
|
- profile.salt.grains
|
2
salt/role/test-webserver.sls
Normal file
2
salt/role/test-webserver.sls
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
include:
|
||||||
|
- profile.test-webserver
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
{{ saltenv }}:
|
{{ saltenv }}:
|
||||||
'*':
|
'*':
|
||||||
- baseline
|
- common
|
||||||
{% for role in roles %}
|
{% for role in roles %}
|
||||||
'roles:{{ role }}':
|
'roles:{{ role }}':
|
||||||
- match: grain
|
- match: grain
|
||||||
|
Loading…
Reference in New Issue
Block a user