LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity

Compare commits

base: LibertaCasa:91089d5d98d1a8833698d719beb7211988a52cb2
Branches Tags
LibertaCasa:production
LibertaCasa:change_bridges
LibertaCasa:fix/matterb-trashtgirclinks
LibertaCasa:add/matterbridge-chillnet-tgchan
LibertaCasa:mta-optional
LibertaCasa:orpheus
LibertaCasa:privatebin
LibertaCasa:bookstack
LibertaCasa:nsd
LibertaCasa:import-denc-webcluster
LibertaCasa:fix/pillar_boolquotes
..
compare: LibertaCasa:0a00f3ea9367386847162a10d7548b2d0433ce93
Branches Tags
LibertaCasa:production
LibertaCasa:change_bridges
LibertaCasa:fix/matterb-trashtgirclinks
LibertaCasa:add/matterbridge-chillnet-tgchan
LibertaCasa:mta-optional
LibertaCasa:orpheus
LibertaCasa:privatebin
LibertaCasa:bookstack
LibertaCasa:nsd
LibertaCasa:import-denc-webcluster
LibertaCasa:fix/pillar_boolquotes

4 Commits
91089d5d98 ... 0a00f3ea93

Author SHA1 Message Date
Georg Pfuetzenreuter
0a00f3ea93 Merge pull request 'Manage AppArmor on web-proxie's' (#27) from import-denc-webcluster-apparmor into production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Reviewed-on: #27
 2023-02-12 17:14:41 +01:00
Georg Pfuetzenreuter
2d5da24ce5
denc-webcluster: nginx AppArmor rules
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details 
Allow access to client trust certificate and to static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 16:39:49 +01:00
Georg Pfuetzenreuter
7e73f6b1a4
web-proxy: include apparmor.local 
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 16:39:48 +01:00
Georg Pfuetzenreuter
0eca62f4ce
Add AppArmor profile 
Simple profile to allow for management of local profile drop-ins using
pillar values.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
 2023-02-12 16:20:44 +01:00
3 changed files with 17 additions and 0 deletions
Show Stats Expand all files Collapse all files

7
pillar/cluster/denc/web-proxy.sls
View File

@ -209,3 +209,10 @@ firewalld:
services: services:
- http - http
- https - https
profile:
apparmor:
local:
usr.sbin.nginx:
- '{{ trustcrt }} r,'
- '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,'

9
salt/profile/apparmor/local.sls Normal file
View File

@ -0,0 +1,9 @@
{%- set aapillar = salt['pillar.get']('profile:apparmor') %}
{%- if 'local' in aapillar %}
{%- for profile, lines in aapillar['local'].items() %}
/etc/apparmor.d/local/{{ profile }}:
file.managed:
- contents: {{ lines }}
{%- endfor %}
{%- endif %}

1
salt/role/web-proxy.sls
View File

@ -1,5 +1,6 @@
include: include:
- nginx.pkg - nginx.pkg
- profile.apparmor.local
- nginx.config - nginx.config
- nginx.snippets - nginx.snippets
- nginx.servers - nginx.servers