LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity

Manage AppArmor on web-proxie's #27

Merged
Georg merged 3 commits from import-denc-webcluster-apparmor into production 2023-02-12 17:14:41 +01:00
Conversation 0 Commits 3 Files Changed 3 +17
3 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pillar/cluster/denc/web-proxy.sls
View File

@ -209,3 +209,10 @@ firewalld:
services: services:
- http - http
- https - https
profile:
apparmor:
local:
usr.sbin.nginx:
- '{{ trustcrt }} r,'
- '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,'

9
salt/profile/apparmor/local.sls Normal file
View File

@ -0,0 +1,9 @@
{%- set aapillar = salt['pillar.get']('profile:apparmor') %}
{%- if 'local' in aapillar %}
{%- for profile, lines in aapillar['local'].items() %}
/etc/apparmor.d/local/{{ profile }}:
file.managed:
- contents: {{ lines }}
{%- endfor %}
{%- endif %}

1
salt/role/web-proxy.sls
View File

@ -1,5 +1,6 @@
include: include:
- nginx.pkg - nginx.pkg
- profile.apparmor.local
- nginx.config - nginx.config
- nginx.snippets - nginx.snippets
- nginx.servers - nginx.servers