themis: add BookStack httpd configuration

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/formulas.yaml

@@ -1,4 +1,5 @@
 ---
+- apache
 - firewalld
 - keepalived
 - nginx

pillar/id/themis_lysergic_dev.sls

@@ -0,0 +1,35 @@
+apache:
+  sites:
+    BookStack:
+      interface: '[fd29:8e45:f292:ff80::1]'
+      port: 443
+      ServerName: bookstack.themis.backend.syscid.com
+      DocumentRoot: /srv/www/BookStack/
+      DirectoryIndex: index.php
+      Directory:
+        /srv/www/BookStack/:
+          Options: 'Indexes FollowSymLinks -MultiViews'
+          AllowOverride: None
+          Require: all granted
+          Formula_Append: |
+            RewriteEngine On
+            RewriteCond '%{HTTP:Authorization} .'
+            RewriteCond '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'
+            RewriteCond '%{REQUEST_FILENAME} !-d'
+            RewriteCond '%{REQUEST_URI} (.+)/$'
+            RewriteCond '^ %1 [L,R=301]'
+            RewriteCond '%{REQUEST_FILENAME} !-d'
+            RewriteCond '%{REQUEST_FILENAME} !-f'
+            RewriteCond '^ index.php [L]'
+      LogLevel: False
+      ErrorLog: False
+      LogFormat: False
+      CustomLog: False
+      ServerAdmin: False
+      ServerAlias: False
+      Formula_Append: |
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+        SetOutputFilter DEFLATE
+        <FilesMatch '\.php$'>
+          SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
+        </FilesMatch>

pillar/role/web/apache-httpd.sls

@@ -0,0 +1,3 @@
+apache:
+  global:
+    ServerAdmin: system@lysergic.dev

salt/profile/bookstack/init.sls

@@ -0,0 +1,70 @@
+{%- set mypillar = salt['pillar.get']('profile:bookstack', {}) -%}
+{%- set configfile = '/etc/sysconfig/BookStack' -%}
+
+bookstack_packages:
+  pkg.installed:
+    - names:
+      - BookStack-config-php-fpm-apache
+
+bookstack_permissions:
+  file.managed:
+    - mode: '0640'
+    - user: root
+    - group: wwwrun
+    - names:
+      - {{ configfile }}
+
+{%- if mypillar | length %}
+{{ configfile }}:
+  file.keyvalue:
+    - separator: '='
+    - show_changes: False
+    - require:
+      - pkg: bookstack_packages
+    - key_values:
+        {%- macro condconf(option) %}
+        {%- if option in mypillar %}
+        {{ option | upper }}: {{ mypillar[option] }}
+        {%- endif %}
+        {%- endmacro %}
+        {{ condconf('app_url') }}
+        {{ condconf('db_host') }}
+        {{ condconf('db_database') }}
+        {{ condconf('db_username') }}
+        {{ condconf('db_password') }}
+        {{ condconf('mail_driver') }}
+        {{ condconf('mail_from_name') }}
+        {{ condconf('mail_from') }}
+        {{ condconf('mail_host') }}
+        {{ condconf('mail_port') }}
+        {{ condconf('mail_username') }}
+        {{ condconf('mail_password') }}
+        {{ condconf('mail_encryption') }}
+        {{ condconf('app_theme') }}
+        {{ condconf('cache_driver') }}
+        {{ condconf('session_driver') }}
+        {{ condconf('memcached_servers') }}
+        {{ condconf('session_secure_cookie') }}
+        {{ condconf('session_cookie_name') }}
+        {{ condconf('app_debug') }}
+        {{ condconf('session_lifetime') }}
+        {{ condconf('auth_method') }}
+        {{ condconf('auth_auto_initiate') }}
+        {{ condconf('saml2_name') }}
+        {{ condconf('saml2_email_attribute') }}
+        {{ condconf('saml2_external_id_attribute') }}
+        {{ condconf('saml2_display_name_attributes') }}
+        {{ condconf('saml2_idp_entityid') }}
+        {{ condconf('saml2_idp_entityid') }}
+        {{ condconf('saml2_idp_sso') }}
+        {{ condconf('saml2_idp_slo') }}
+        {{ condconf('saml2_idp_x509') }}
+        {{ condconf('saml2_autoload_metadata') }}
+        {{ condconf('saml2_sp_x509') }}
+        {{ condconf('saml2_user_to_groups') }}
+        {{ condconf('saml2_group_attribute') }}
+        {{ condconf('saml2_remove_from_groups') }}
+        {{ condconf('saml2_dump_user_details') }}
+        {{ condconf('queue_connection') }}
+        {{ condconf('app_views_books') }}
+{%- endif %}

salt/role/bookstack.sls

@@ -0,0 +1,3 @@
+include:
+  - role.web.apache-httpd
+  - profile.bookstack

salt/role/web/apache-httpd.sls

@@ -0,0 +1,2 @@
+include:
+  - apache.config