Compare commits
8 Commits
af3dd436a5
...
d4f39e8e5f
| Author | SHA1 | Date | |
|---|---|---|---|
d4f39e8e5f
|
|||
| a7cd6609e6 | |||
|
d65cb9a43b
|
|||
| b1249e69eb | |||
|
f32d814658
|
|||
|
4ff7a39f0e
|
|||
|
bf3aaa5ff1
|
|||
|
96daffc979
|
@ -1,9 +1,26 @@
|
||||
{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}
|
||||
|
||||
{%- macro httpdformulaexcess() -%}
|
||||
LogLevel: False
|
||||
ErrorLog: False
|
||||
LogFormat: False
|
||||
CustomLog: False
|
||||
ServerAdmin: False
|
||||
ServerAlias: False
|
||||
{%- endmacro -%}
|
||||
{%- macro httpdcommon(app) -%}
|
||||
Include {{ common['snippetsdir'] }}ssl_themis.conf
|
||||
<FilesMatch '\.php$'>
|
||||
SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
|
||||
</FilesMatch>
|
||||
{%- endmacro -%}
|
||||
|
||||
apache:
|
||||
sites:
|
||||
BookStack:
|
||||
interface: '[fd29:8e45:f292:ff80::1]'
|
||||
port: 443
|
||||
ServerName: bookstack.themis.backend.syscid.com
|
||||
interface: '{{ common['address'] }}'
|
||||
port: {{ common['port'] }}
|
||||
ServerName: bookstack{{ common['domain'] }}
|
||||
DocumentRoot: /srv/www/BookStack/
|
||||
DirectoryIndex: index.php
|
||||
Directory:
|
||||
@ -21,19 +38,26 @@ apache:
|
||||
RewriteCond '%{REQUEST_FILENAME} !-d'
|
||||
RewriteCond '%{REQUEST_FILENAME} !-f'
|
||||
RewriteCond '^ index.php [L]'
|
||||
LogLevel: False
|
||||
ErrorLog: False
|
||||
LogFormat: False
|
||||
CustomLog: False
|
||||
ServerAdmin: False
|
||||
ServerAlias: False
|
||||
{{ httpdformulaexcess() }}
|
||||
Formula_Append: |
|
||||
Include /etc/apache2/snippets.d/ssl_themis.conf
|
||||
{{ httpdcommon('BookStack') }}
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
|
||||
SetOutputFilter DEFLATE
|
||||
<FilesMatch '\.php$'>
|
||||
SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
|
||||
</FilesMatch>
|
||||
|
||||
PrivateBin:
|
||||
interface: '{{ common['address'] }}'
|
||||
port: {{ common['port'] }}
|
||||
ServerName: privatebin{{ common['domain'] }}
|
||||
DocumentRoot: /srv/www/PrivateBin/public
|
||||
DirectoryIndex: index.php
|
||||
Directory:
|
||||
/srv/www/PrivateBin/:
|
||||
Options: false
|
||||
AllowOverride: None
|
||||
Require: all granted
|
||||
{{ httpdformulaexcess() }}
|
||||
Formula_Append: |
|
||||
{{ httpdcommon('PrivateBin') }}
|
||||
|
||||
profile:
|
||||
bookstack:
|
||||
@ -75,3 +99,51 @@ profile:
|
||||
saml2_group_attribute: groups
|
||||
saml2_remove_from_groups: true
|
||||
queue_connection: database
|
||||
|
||||
privatebin:
|
||||
main:
|
||||
name: Bin
|
||||
fileupload: true
|
||||
syntaxhighlightingtheme: sons-of-obsidian
|
||||
sizelimit: 310485760
|
||||
notice: 'Note: Kittens will die if you abuse this service.'
|
||||
languageselection: true
|
||||
urlshortener: ${'secret_privatebin:main:urlshortener'}
|
||||
qrcode: true
|
||||
expire:
|
||||
default: 1week
|
||||
expire_options:
|
||||
5min: 300
|
||||
10min: 600
|
||||
1hour: 3600
|
||||
1day: 86400
|
||||
1week: 604800
|
||||
1month: 2592000
|
||||
1year: 31536000
|
||||
never: 0
|
||||
formatter_options:
|
||||
plaintext: Plain Text
|
||||
syntaxhighlighting: Source Code
|
||||
markdown: Markdown
|
||||
traffic:
|
||||
limit: 10
|
||||
header: X_FORWARDED_FOR
|
||||
dir: /var/lib/PrivateBin/limits
|
||||
purge:
|
||||
limit: 300
|
||||
batchsize: 10
|
||||
dir: /var/lib/PrivateBin/limits
|
||||
model:
|
||||
class: Database
|
||||
model_options:
|
||||
dsn: ${'secret_privatebin:model_options:dsn'}
|
||||
tbl: privatebin_
|
||||
usr: ${'secret_privatebin:model_options:usr'}
|
||||
pwd: ${'secret_privatebin:model_options:pwd'}
|
||||
opt[12]: true
|
||||
|
||||
firewalld:
|
||||
zones:
|
||||
backend:
|
||||
services:
|
||||
- https
|
||||
|
||||
@ -21,7 +21,7 @@ salt:
|
||||
- roots
|
||||
- git
|
||||
file_roots:
|
||||
production:
|
||||
__env__:
|
||||
{%- for formula in formulas %}
|
||||
- /srv/formulas/{{ formula }}-formula
|
||||
{%- endfor %}
|
||||
@ -30,6 +30,7 @@ salt:
|
||||
- https://git.com.de/LibertaCasa/salt.git:
|
||||
- user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
|
||||
- password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
|
||||
- fallback: production
|
||||
ext_pillar:
|
||||
- netbox:
|
||||
api_url: ${'secret_salt:master:ext_pillar:netbox:api_url'}
|
||||
@ -53,7 +54,6 @@ salt:
|
||||
pillar_merge_lists: True
|
||||
pillar_source_merging_strategy: smart
|
||||
top_file_merging_strategy: same
|
||||
env_order: ['production']
|
||||
log_level: info
|
||||
show_jid: True
|
||||
timeout: 20
|
||||
|
||||
@ -16,11 +16,8 @@
|
||||
- require:
|
||||
- file: {{ snippetsdir }}
|
||||
{#- formula dependencies #}
|
||||
- require_in:
|
||||
- module: apache-service-running-restart
|
||||
- service: apache-service-running
|
||||
- watch_in:
|
||||
- module: apache-service-running-reload
|
||||
- service: apache-service-running
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
|
||||
55
salt/profile/privatebin/init.sls
Normal file
55
salt/profile/privatebin/init.sls
Normal file
@ -0,0 +1,55 @@
|
||||
{%- set mypillar = salt['pillar.get']('profile:privatebin', {}) -%}
|
||||
{%- set confdir = '/etc/PrivateBin' -%}
|
||||
{%- set configfile = confdir ~ '/conf.php' -%}
|
||||
|
||||
privatebin_packages:
|
||||
pkg.installed:
|
||||
- names:
|
||||
- PrivateBin-config-httpd
|
||||
|
||||
privatebin_clean:
|
||||
file.directory:
|
||||
- name: {{ confdir }}
|
||||
- clean: True
|
||||
- onchanges:
|
||||
- pkg: privatebin_packages
|
||||
- require:
|
||||
- pkg: privatebin_packages
|
||||
|
||||
{%- if mypillar | length %}
|
||||
{{ configfile }}:
|
||||
ini.options_present:
|
||||
- separator: '='
|
||||
- strict: True
|
||||
- sections:
|
||||
{%- macro conf(section, options) %}
|
||||
{%- for option in options.keys() -%}
|
||||
{%- if mypillar[section][option] is string and mypillar[section][option].startswith('$') or mypillar[section][option] is number %}
|
||||
{%- set value = mypillar[section][option] -%}
|
||||
{%- else %}
|
||||
{%- set value = mypillar[section][option] | quote -%}
|
||||
{%- endif %}
|
||||
{{ option }}: {{ value }}
|
||||
{%- endfor -%}
|
||||
{%- endmacro %}
|
||||
{%- for section, options in mypillar.items() %}
|
||||
{{ section }}:
|
||||
{{ conf(section, options) }}
|
||||
{%- endfor %}
|
||||
- require:
|
||||
- pkg: privatebin_packages
|
||||
- watch:
|
||||
- file: privatebin_clean
|
||||
- watch_in:
|
||||
- file: privatebin_permissions
|
||||
{%- endif %}
|
||||
|
||||
privatebin_permissions:
|
||||
file.managed:
|
||||
- mode: '0640'
|
||||
- user: wwwrun
|
||||
- group: privatebin
|
||||
- names:
|
||||
- {{ configfile }}
|
||||
- require:
|
||||
- pkg: privatebin_packages
|
||||
4
salt/role/privatebin.sls
Normal file
4
salt/role/privatebin.sls
Normal file
@ -0,0 +1,4 @@
|
||||
include:
|
||||
- role.web.apache-httpd
|
||||
- profile.privatebin
|
||||
- php.fpm
|
||||
Loading…
x
Reference in New Issue
Block a user