Address salt-lint errors/warnings
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful

- remove trailing whitespaces
- format octal modes correctly

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-02-15 23:08:18 +01:00
parent cd93d792ff
commit c4728bc96d
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57
7 changed files with 14 additions and 11 deletions

View File

@ -78,6 +78,7 @@ nginx:
- X-Forwarded-Proto $scheme - X-Forwarded-Proto $scheme
- proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt - proxy_ssl_trusted_certificate: /etc/pki/trust/anchors/backend-ca.crt
tls: tls:
# yamllint disable-line rule:line-length
- ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
{#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #} {#- certificate snippets, to-do: merge snippets/tls include into crtkeypair #}

View File

@ -23,7 +23,7 @@ profile:
NickServNick: viaduct NickServNick: viaduct
NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'} NickServPassword: ${'secret_matterbridge:general:accounts:irc.libertacasa:NickServPassword'}
ColorNicks: 'true' ColorNicks: 'true'
Charset: utf8 Charset: utf8
MessageSplit: 'true' MessageSplit: 'true'
MessageQueue: 60 MessageQueue: 60
UseRelayMsg: 'true' UseRelayMsg: 'true'

View File

@ -412,12 +412,12 @@ nginx:
- location /: - location /:
- proxy_pass: http://media.takahe.rigel.lysergic.dev:8001 - proxy_pass: http://media.takahe.rigel.lysergic.dev:8001
{{ takaheresolver }} {{ takaheresolver }}
{#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #} {#- despair.life is a second entry-point to social.liberta.casa instead of only a secondary domain in Takahe #}
- server: - server:
{{ takahe_includes() }} {{ takahe_includes() }}
- server_name: despair.life - server_name: despair.life
{{ takahe_gohome() }} {{ takahe_gohome() }}
{#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} {#- if someone clicks "Log in" on despair.life, the SAML IDP (Keycloak) would redirect back to despair.life, which breaks the session cookie originating from social.liberta.casa (Django only allows a single "cookie domain" - hence we rewrite the login endpoints to handle sessions exclusively via social.liberta.casa #} # yamllint disable-line rule:line-length
{%- for talopath in ['auth', 'saml2'] %} {%- for talopath in ['auth', 'saml2'] %}
- location /{{ talopath }}: - location /{{ talopath }}:
- rewrite: ^/(.*) https://social.liberta.casa/$1 redirect - rewrite: ^/(.*) https://social.liberta.casa/$1 redirect
@ -436,7 +436,7 @@ nginx:
- snippets/error - snippets/error
- server_name: exhausted.life - server_name: exhausted.life
{{ takahe_gohome() }} {{ takahe_gohome() }}
- location /.well-known/: - location /.well-known/:
- proxy_pass: {{ backend.takahe }} - proxy_pass: {{ backend.takahe }}
- sub_filter_types: application/xml - sub_filter_types: application/xml
- sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life - sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life

View File

@ -46,7 +46,7 @@ matterbridge_{{ instance }}_mediadir:
- user: matterbridge - user: matterbridge
{#- to-do: implement some shared group #} {#- to-do: implement some shared group #}
- group: lighttpd - group: lighttpd
- mode: 750 - mode: '0750'
- makedirs: True - makedirs: True
{%- endif %} {%- endif %}

View File

@ -5,6 +5,6 @@ include:
file.managed: file.managed:
- user: keepalived_script - user: keepalived_script
- group: wheel - group: wheel
- mode: 750 - mode: '0750'
- template: jinja - template: jinja
- source: salt://{{ slspath }}/files/failover.sh.j2 - source: salt://{{ slspath }}/files/failover.sh.j2

View File

@ -17,7 +17,7 @@ salt_master_extension_modules_dirs:
{%- endfor %} {%- endfor %}
- user: root - user: root
- group: salt - group: salt
- mode: 0755 - mode: '0755'
salt_master_extension_modules_bins: salt_master_extension_modules_bins:
file.managed: file.managed:
@ -30,7 +30,7 @@ salt_master_extension_modules_bins:
{%- endfor %} {%- endfor %}
- user: root - user: root
- group: salt - group: salt
- mode: 0640 - mode: '0640'
- require: - require:
- file: salt_master_extension_modules_dirs - file: salt_master_extension_modules_dirs
@ -72,7 +72,7 @@ salt_master_extra_packages:
- requirepass {{ master_pillar['cache.redis.password'] }} - requirepass {{ master_pillar['cache.redis.password'] }}
- user: root - user: root
- group: redis - group: redis
- mode: 0640 - mode: '0640'
- require: - require:
- pkg: redis - pkg: redis
@ -80,7 +80,7 @@ salt_master_extra_packages:
file.directory: file.directory:
- user: redis - user: redis
- group: redis - group: redis
- mode: 0750 - mode: '0750'
- require: - require:
- pkg: redis - pkg: redis

View File

@ -1,5 +1,7 @@
{%- set netbox_pillar = salt['pillar.get']('netbox') -%} {%- set netbox_pillar = salt['pillar.get']('netbox') -%}
{%- if 'custom_fields' in netbox_pillar and netbox_pillar['custom_fields']['salt_roles'] is not none and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%} {%- if 'custom_fields' in netbox_pillar
and netbox_pillar['custom_fields']['salt_roles'] is not none
and 'salt.syndic' in netbox_pillar['custom_fields']['salt_roles'] -%}
{%- set master = salt['pillar.get']('salt:master:syndic_master') -%} {%- set master = salt['pillar.get']('salt:master:syndic_master') -%}
{%- elif 'config_context' in netbox_pillar -%} {%- elif 'config_context' in netbox_pillar -%}
{%- set master = netbox_pillar['config_context']['salt_master'] -%} {%- set master = netbox_pillar['config_context']['salt_master'] -%}