Allow saltenv/pillarenv override

To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/id/themis_lysergic_dev.sls

@@ -1,26 +1,9 @@
-{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}
-
-{%- macro httpdformulaexcess() -%}
-      LogLevel: False
-      ErrorLog: False
-      LogFormat: False
-      CustomLog: False
-      ServerAdmin: False
-      ServerAlias: False
-{%- endmacro -%}
-{%- macro httpdcommon(app) -%}
-        Include {{ common['snippetsdir'] }}ssl_themis.conf
-        <FilesMatch '\.php$'>
-          SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
-        </FilesMatch>
-{%- endmacro -%}
-
 apache:
   sites:
     BookStack:
-      interface: '{{ common['address'] }}'
-      port: {{ common['port'] }}
-      ServerName: bookstack{{ common['domain'] }}
+      interface: '[fd29:8e45:f292:ff80::1]'
+      port: 443
+      ServerName: bookstack.themis.backend.syscid.com
       DocumentRoot: /srv/www/BookStack/
       DirectoryIndex: index.php
       Directory:
@@ -38,26 +21,19 @@ apache:
             RewriteCond '%{REQUEST_FILENAME} !-d'
             RewriteCond '%{REQUEST_FILENAME} !-f'
             RewriteCond '^ index.php [L]'
-      {{ httpdformulaexcess() }}
+      LogLevel: False
+      ErrorLog: False
+      LogFormat: False
+      CustomLog: False
+      ServerAdmin: False
+      ServerAlias: False
       Formula_Append: |
-        {{ httpdcommon('BookStack') }}
+        Include /etc/apache2/snippets.d/ssl_themis.conf
         AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
         SetOutputFilter DEFLATE
-
-    PrivateBin:
-      interface: '{{ common['address'] }}'
-      port: {{ common['port'] }}
-      ServerName: privatebin{{ common['domain'] }}
-      DocumentRoot: /srv/www/PrivateBin/public
-      DirectoryIndex: index.php
-      Directory:
-        /srv/www/PrivateBin/:
-          Options: false
-          AllowOverride: None
-          Require: all granted
-      {{ httpdformulaexcess() }}
-      Formula_Append: |
-        {{ httpdcommon('PrivateBin') }}
+        <FilesMatch '\.php$'>
+          SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
+        </FilesMatch>
 
 profile:
   bookstack:
@@ -99,51 +75,3 @@ profile:
     saml2_group_attribute: groups
     saml2_remove_from_groups: true
     queue_connection: database
-
-  privatebin:
-    main:
-      name: Bin
-      fileupload: true
-      syntaxhighlightingtheme: sons-of-obsidian
-      sizelimit: 310485760
-      notice: 'Note: Kittens will die if you abuse this service.'
-      languageselection: true
-      urlshortener: ${'secret_privatebin:main:urlshortener'}
-      qrcode: true
-    expire:
-      default: 1week
-    expire_options:
-      5min: 300
-      10min: 600
-      1hour: 3600
-      1day: 86400
-      1week: 604800
-      1month: 2592000
-      1year: 31536000
-      never: 0
-    formatter_options:
-      plaintext: Plain Text
-      syntaxhighlighting: Source Code
-      markdown: Markdown
-    traffic:
-      limit: 10
-      header: X_FORWARDED_FOR
-      dir: /var/lib/PrivateBin/limits
-    purge:
-      limit: 300
-      batchsize: 10
-      dir: /var/lib/PrivateBin/limits
-    model:
-      class: Database
-    model_options:
-      dsn: ${'secret_privatebin:model_options:dsn'}
-      tbl: privatebin_
-      usr: ${'secret_privatebin:model_options:usr'}
-      pwd: ${'secret_privatebin:model_options:pwd'}
-      opt[12]: true
-
-firewalld:
-  zones:
-    backend:
-      services:
-        - https

salt/profile/apache-httpd/init.sls

@@ -16,8 +16,11 @@
     - require:
       - file: {{ snippetsdir }}
     {#- formula dependencies #}
-    - watch_in:
+    - require_in:
+      - module: apache-service-running-restart
       - service: apache-service-running
+    - watch_in:
+      - module: apache-service-running-reload
 {%- endfor %}
 {%- endif %}
 

salt/profile/privatebin/init.sls

@@ -1,55 +0,0 @@
-{%- set mypillar = salt['pillar.get']('profile:privatebin', {}) -%}
-{%- set confdir = '/etc/PrivateBin' -%}
-{%- set configfile = confdir ~ '/conf.php' -%}
-
-privatebin_packages:
-  pkg.installed:
-    - names:
-      - PrivateBin-config-httpd
-
-privatebin_clean:
-  file.directory:
-    - name: {{ confdir }}
-    - clean: True
-    - onchanges:
-      - pkg: privatebin_packages
-    - require:
-      - pkg: privatebin_packages
-
-{%- if mypillar | length %}
-{{ configfile }}:
-  ini.options_present:
-    - separator: '='
-    - strict: True
-    - sections:
-        {%- macro conf(section, options) %}
-        {%- for option in options.keys() -%}
-        {%- if mypillar[section][option] is string and mypillar[section][option].startswith('$') or mypillar[section][option] is number %}
-        {%- set value = mypillar[section][option] -%}
-        {%- else %}
-        {%- set value = mypillar[section][option] | quote -%}
-        {%- endif %}
-          {{ option }}: {{ value }}
-        {%- endfor -%}
-        {%- endmacro %}
-        {%- for section, options in mypillar.items() %}
-        {{ section }}:
-          {{ conf(section, options) }}
-        {%- endfor %}
-    - require:
-      - pkg: privatebin_packages
-    - watch:
-      - file: privatebin_clean
-    - watch_in:
-      - file: privatebin_permissions
-{%- endif %}
-
-privatebin_permissions:
-  file.managed:
-    - mode: '0640'
-    - user: wwwrun
-    - group: privatebin
-    - names:
-      - {{ configfile }}
-    - require:
-      - pkg: privatebin_packages

salt/role/privatebin.sls

@@ -1,4 +0,0 @@
-include:
-  - role.web.apache-httpd
-  - profile.privatebin
-  - php.fpm