diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 61fd653..73ba74d 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -78,6 +78,7 @@ nginx: - X-Forwarded-Proto $scheme - proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt tls: + # yamllint disable-line rule:line-length - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 {#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #} diff --git a/pillar/id/dericom02_rigel_lysergic_dev.sls b/pillar/id/dericom02_rigel_lysergic_dev.sls index 4309cf9..51a487e 100644 --- a/pillar/id/dericom02_rigel_lysergic_dev.sls +++ b/pillar/id/dericom02_rigel_lysergic_dev.sls @@ -23,7 +23,7 @@ profile: NickServNick: viaduct NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'} ColorNicks: 'true' - Charset: utf8 + Charset: utf8 MessageSplit: 'true' MessageQueue: 60 UseRelayMsg: 'true' diff --git a/pillar/id/deriweb01_rigel_lysergic_dev.sls b/pillar/id/deriweb01_rigel_lysergic_dev.sls index ca607ba..cf691d8 100644 --- a/pillar/id/deriweb01_rigel_lysergic_dev.sls +++ b/pillar/id/deriweb01_rigel_lysergic_dev.sls @@ -412,12 +412,12 @@ nginx: - location /: - proxy_pass: http://media.takahe.rigel.lysergic.dev:8001 {{ takaheresolver }} - {#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #} + {#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #} - server: {{ takahe_includes() }} - server_name: despair.life {{ takahe_gohome() }} - {#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} + {#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length {%- for talopath in ['auth', 'saml2'] %} - location /{{ talopath }}: - rewrite: ^/(.*) https://social.liberta.casa/$1 redirect @@ -436,7 +436,7 @@ nginx: - snippets/error - server_name: exhausted.life {{ takahe_gohome() }} - - location /.well-known/: + - location /.well-known/: - proxy_pass: {{ backend.takahe }} - sub_filter_types: application/xml - sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life diff --git a/salt/profile/matterbridge/init.sls b/salt/profile/matterbridge/init.sls index c90225b..264f4e1 100644 --- a/salt/profile/matterbridge/init.sls +++ b/salt/profile/matterbridge/init.sls @@ -46,7 +46,7 @@ matterbridge_{{ instance }}_mediadir: - user: matterbridge {#- to-do: implement some shared group #} - group: lighttpd - - mode: 750 + - mode: '0750' - makedirs: True {%- endif %} diff --git a/salt/profile/netcup_failover/init.sls b/salt/profile/netcup_failover/init.sls index c4d5679..f0227e0 100644 --- a/salt/profile/netcup_failover/init.sls +++ b/salt/profile/netcup_failover/init.sls @@ -5,6 +5,6 @@ include: file.managed: - user: keepalived_script - group: wheel - - mode: 750 + - mode: '0750' - template: jinja - source: salt://{{ slspath }}/files/failover.sh.j2 diff --git a/salt/profile/salt/master.sls b/salt/profile/salt/master.sls index a8dce54..f0fdc7c 100644 --- a/salt/profile/salt/master.sls +++ b/salt/profile/salt/master.sls @@ -17,7 +17,7 @@ salt_master_extension_modules_dirs: {%- endfor %} - user: root - group: salt - - mode: 0755 + - mode: '0755' salt_master_extension_modules_bins: file.managed: @@ -30,7 +30,7 @@ salt_master_extension_modules_bins: {%- endfor %} - user: root - group: salt - - mode: 0640 + - mode: '0640' - require: - file: salt_master_extension_modules_dirs @@ -72,7 +72,7 @@ salt_master_extra_packages: - requirepass {{ master_pillar['cache.redis.password'] }} - user: root - group: redis - - mode: 0640 + - mode: '0640' - require: - pkg: redis @@ -80,7 +80,7 @@ salt_master_extra_packages: file.directory: - user: redis - group: redis - - mode: 0750 + - mode: '0750' - require: - pkg: redis diff --git a/salt/profile/salt/minion.sls b/salt/profile/salt/minion.sls index 5d33845..7d2ad54 100644 --- a/salt/profile/salt/minion.sls +++ b/salt/profile/salt/minion.sls @@ -1,5 +1,7 @@ {%- set netbox_pillar = salt['pillar.get']('netbox') -%} -{%- if 'custom_fields' in netbox_pillar and netbox_pillar['custom_fields']['salt_roles'] is not none and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%} +{%- if 'custom_fields' in netbox_pillar + and netbox_pillar['custom_fields']['salt_roles'] is not none + and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%} {%- set master = salt['pillar.get']('salt:master:syndic_master') -%} {%- elif 'config_context' in netbox_pillar -%} {%- set master = netbox_pillar['config_context']['salt_master'] -%}