- remove trailing whitespaces - format octal modes correctly - trim lines or add ignore rules where necessary Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
7ef54079a6
commit
7ad05670a7
@ -78,6 +78,7 @@ nginx:
|
|||||||
- X-Forwarded-Proto $scheme
|
- X-Forwarded-Proto $scheme
|
||||||
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
|
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
|
||||||
tls:
|
tls:
|
||||||
|
# yamllint disable-line rule:line-length
|
||||||
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
|
||||||
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}
|
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}
|
||||||
|
@ -417,7 +417,7 @@ nginx:
|
|||||||
{{ takahe_includes() }}
|
{{ takahe_includes() }}
|
||||||
- server_name: despair.life
|
- server_name: despair.life
|
||||||
{{ takahe_gohome() }}
|
{{ takahe_gohome() }}
|
||||||
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #}
|
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
|
||||||
{%- for talopath in ['auth', 'saml2'] %}
|
{%- for talopath in ['auth', 'saml2'] %}
|
||||||
- location /{{ talopath }}:
|
- location /{{ talopath }}:
|
||||||
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
|
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
|
||||||
|
@ -46,7 +46,7 @@ matterbridge_{{ instance }}_mediadir:
|
|||||||
- user: matterbridge
|
- user: matterbridge
|
||||||
{#- to-do: implement some shared group #}
|
{#- to-do: implement some shared group #}
|
||||||
- group: lighttpd
|
- group: lighttpd
|
||||||
- mode: 750
|
- mode: '0750'
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
@ -5,6 +5,6 @@ include:
|
|||||||
file.managed:
|
file.managed:
|
||||||
- user: keepalived_script
|
- user: keepalived_script
|
||||||
- group: wheel
|
- group: wheel
|
||||||
- mode: 750
|
- mode: '0750'
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- source: salt://{{ slspath }}/files/failover.sh.j2
|
- source: salt://{{ slspath }}/files/failover.sh.j2
|
||||||
|
@ -19,7 +19,7 @@ node_exporter_sysconfig:
|
|||||||
- pattern: |
|
- pattern: |
|
||||||
^ARGS=.*$
|
^ARGS=.*$
|
||||||
- repl: |
|
- repl: |
|
||||||
ARGS="--web.listen-address=:9200 --collector.filesystem.fs-types-exclude='^(fuse.s3fs|fuse.cryfs|tmpfscgroup2?|debugfs|devpts|devtmpfs|fusectl|overlay|proc|procfs|pstore)\$' --no-collector.zfs --no-collector.thermal_zone --no-collector.powersupplyclass"
|
ARGS="--web.listen-address=:9200 --collector.filesystem.fs-types-exclude='^(fuse.s3fs|fuse.cryfs|tmpfscgroup2?|debugfs|devpts|devtmpfs|fusectl|overlay|proc|procfs|pstore)\$' --no-collector.zfs --no-collector.thermal_zone --no-collector.powersupplyclass" # yamllint disable-line rule:line-length
|
||||||
- require:
|
- require:
|
||||||
- pkg: node_exporter_packages
|
- pkg: node_exporter_packages
|
||||||
- file: node_exporter_sysconfig_header
|
- file: node_exporter_sysconfig_header
|
||||||
|
@ -17,7 +17,7 @@ salt_master_extension_modules_dirs:
|
|||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
- user: root
|
- user: root
|
||||||
- group: salt
|
- group: salt
|
||||||
- mode: 0755
|
- mode: '0755'
|
||||||
|
|
||||||
salt_master_extension_modules_bins:
|
salt_master_extension_modules_bins:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -30,7 +30,7 @@ salt_master_extension_modules_bins:
|
|||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
- user: root
|
- user: root
|
||||||
- group: salt
|
- group: salt
|
||||||
- mode: 0640
|
- mode: '0640'
|
||||||
- require:
|
- require:
|
||||||
- file: salt_master_extension_modules_dirs
|
- file: salt_master_extension_modules_dirs
|
||||||
|
|
||||||
@ -72,7 +72,7 @@ salt_master_extra_packages:
|
|||||||
- requirepass {{ master_pillar['cache.redis.password'] }}
|
- requirepass {{ master_pillar['cache.redis.password'] }}
|
||||||
- user: root
|
- user: root
|
||||||
- group: redis
|
- group: redis
|
||||||
- mode: 0640
|
- mode: '0640'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis
|
||||||
|
|
||||||
@ -80,7 +80,7 @@ salt_master_extra_packages:
|
|||||||
file.directory:
|
file.directory:
|
||||||
- user: redis
|
- user: redis
|
||||||
- group: redis
|
- group: redis
|
||||||
- mode: 0750
|
- mode: '0750'
|
||||||
- require:
|
- require:
|
||||||
- pkg: redis
|
- pkg: redis
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
{%- set netbox_pillar = salt['pillar.get']('netbox') -%}
|
{%- set netbox_pillar = salt['pillar.get']('netbox') -%}
|
||||||
{%- if 'custom_fields' in netbox_pillar and netbox_pillar['custom_fields']['salt_roles'] is not none and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
|
{%- if 'custom_fields' in netbox_pillar
|
||||||
|
and netbox_pillar['custom_fields']['salt_roles'] is not none
|
||||||
|
and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
|
||||||
{%- set master = salt['pillar.get']('salt:master:syndic_master') -%}
|
{%- set master = salt['pillar.get']('salt:master:syndic_master') -%}
|
||||||
{%- elif 'config_context' in netbox_pillar -%}
|
{%- elif 'config_context' in netbox_pillar -%}
|
||||||
{%- set master = netbox_pillar['config_context']['salt_master'] -%}
|
{%- set master = netbox_pillar['config_context']['salt_master'] -%}
|
||||||
|
Loading…
Reference in New Issue
Block a user