Compare commits
3 Commits
732bc608c8
...
250d97dd3b
Author | SHA1 | Date | |
---|---|---|---|
250d97dd3b | |||
2bf2996f07 | |||
0ddf88225b |
77
pillar/id/themis_lysergic_dev.sls
Normal file
77
pillar/id/themis_lysergic_dev.sls
Normal file
@ -0,0 +1,77 @@
|
||||
apache:
|
||||
sites:
|
||||
BookStack:
|
||||
interface: '[fd29:8e45:f292:ff80::1]'
|
||||
port: 443
|
||||
ServerName: bookstack.themis.backend.syscid.com
|
||||
DocumentRoot: /srv/www/BookStack/
|
||||
DirectoryIndex: index.php
|
||||
Directory:
|
||||
/srv/www/BookStack/:
|
||||
Options: 'Indexes FollowSymLinks -MultiViews'
|
||||
AllowOverride: None
|
||||
Require: all granted
|
||||
Formula_Append: |
|
||||
RewriteEngine On
|
||||
RewriteCond '%{HTTP:Authorization} .'
|
||||
RewriteCond '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'
|
||||
RewriteCond '%{REQUEST_FILENAME} !-d'
|
||||
RewriteCond '%{REQUEST_URI} (.+)/$'
|
||||
RewriteCond '^ %1 [L,R=301]'
|
||||
RewriteCond '%{REQUEST_FILENAME} !-d'
|
||||
RewriteCond '%{REQUEST_FILENAME} !-f'
|
||||
RewriteCond '^ index.php [L]'
|
||||
LogLevel: False
|
||||
ErrorLog: False
|
||||
LogFormat: False
|
||||
CustomLog: False
|
||||
ServerAdmin: False
|
||||
ServerAlias: False
|
||||
Formula_Append: |
|
||||
Include /etc/apache2/snippets.d/ssl_themis.conf
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
|
||||
SetOutputFilter DEFLATE
|
||||
<FilesMatch '\.php$'>
|
||||
SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
|
||||
</FilesMatch>
|
||||
|
||||
profile:
|
||||
bookstack:
|
||||
app_url: https://libertacasa.info
|
||||
db_host: ${'secret_bookstack:db_host'}
|
||||
db_database: ${'secret_bookstack:db_database'}
|
||||
db_username: ${'secret_bookstack:db_username'}
|
||||
db_password: ${'secret_bookstack:db_password'}
|
||||
mail_driver: smtp
|
||||
mail_from_name: LibertaCasa Documentation
|
||||
mail_from: mail@libertacasa.info
|
||||
mail_host: zz0.email
|
||||
mail_port: 465
|
||||
mail_username: mail@libertacasa.info
|
||||
mail_password: ${'secret_bookstack:mail_password'}
|
||||
mail_encryption: ssl
|
||||
app_theme: lysergic
|
||||
cache_driver: memcached
|
||||
session_driver: memcached
|
||||
memcached_servers: /run/memcached/memcached.sock
|
||||
session_secure_cookie: true
|
||||
session_cookie_name: libertacasa_megayummycookie
|
||||
app_debug: false
|
||||
session_lifetime: 240
|
||||
auth_method: saml2
|
||||
auth_auto_initiate: true
|
||||
saml2_name: LibertaCasa SSO
|
||||
saml2_email_attribute: email
|
||||
saml2_external_id_attribute: uid
|
||||
saml2_display_name_attributes: fullname
|
||||
saml2_idp_entityid: https://libsso.net/realms/libertacasa
|
||||
saml2_idp_sso: https://libsso.net/realms/libertacasa/protocol/saml
|
||||
saml2_idp_slo: https://libsso.net/realms/libertacasa/protocol/saml
|
||||
saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'}
|
||||
saml2_autoload_metadata: false
|
||||
saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'}
|
||||
saml2_sp_x509_key: ${'secret_bookstack:saml2_sp_x509_key'}
|
||||
saml2_user_to_groups: true
|
||||
saml2_group_attribute: groups
|
||||
saml2_remove_from_groups: true
|
||||
queue_connection: database
|
@ -1,3 +1,13 @@
|
||||
{%- set host = grains['host'] -%}
|
||||
{%- set fqdn = grains['fqdn'] -%}
|
||||
|
||||
apache:
|
||||
global:
|
||||
ServerAdmin: system@lysergic.dev
|
||||
|
||||
profile:
|
||||
apache-httpd:
|
||||
snippets:
|
||||
ssl_{{ host }}:
|
||||
- 'SSLCertificateFile "/etc/ssl/{{ host }}/{{ fqdn }}.crt"'
|
||||
- 'SSLCertificateKeyFile "/etc/ssl/{{ host }}/{{ fqdn }}.key"'
|
||||
|
31
salt/profile/apache-httpd/init.sls
Normal file
31
salt/profile/apache-httpd/init.sls
Normal file
@ -0,0 +1,31 @@
|
||||
{%- set snippetsdir = '/etc/apache2/snippets.d' -%}
|
||||
{%- set mypillar = salt['pillar.get']('profile:apache-httpd', {}) -%}
|
||||
|
||||
{{ snippetsdir }}:
|
||||
file.directory:
|
||||
- makedirs: True
|
||||
|
||||
{%- if 'snippets' in mypillar %}
|
||||
{%- for snippet, config in mypillar['snippets'].items() %}
|
||||
{{ snippetsdir }}/{{ snippet }}.conf:
|
||||
file.managed:
|
||||
- contents:
|
||||
{%- for line in config %}
|
||||
- {{ line }}
|
||||
{%- endfor %}
|
||||
- require:
|
||||
- file: {{ snippetsdir }}
|
||||
{#- formula dependencies #}
|
||||
- require_in:
|
||||
- module: apache-service-running-restart
|
||||
- service: apache-service-running
|
||||
- watch_in:
|
||||
- module: apache-service-running-reload
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
include:
|
||||
- apache.config
|
||||
|
||||
|
||||
|
@ -1,2 +1,2 @@
|
||||
include:
|
||||
- apache.config
|
||||
- profile.apache-httpd
|
||||
|
Loading…
x
Reference in New Issue
Block a user