saltstack-formulas/apache-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b99b7b71ad
apache-formula/apache/config/modules/mod_security/init.sls

90 lines
2.8 KiB
Plaintext
Raw Normal View History

refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_*.sls" became "config/mod_*.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls'
2020-09-13 06:07:20 +02:00
# -*- coding: utf-8 -*-
# vim: ft=sls
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}
include:
- {{ sls_service_running }}
- {{ sls_package_install }}
{%- if grains.os_family not in ('Arch',) %}
apache-config-modules-security-pkg:
pkg.installed:
- name: {{ apache.mod_security.package }}
- order: 180
- require:
- pkg: apache-package-install-pkg-installed
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- if apache.mod_security.crs_install and 'crs_package' in apache.mod_security %}
apache-config-modules-security-crs-pkg:
pkg.installed:
- name: {{ apache.mod_security.crs_package }}
- order: 180
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if apache.mod_security.manage_config and 'config_file' in apache.mod_security %}
apache-config-modules-security-main-config-file-managed:
file.managed:
- name: {{ apache.mod_security.config_file }}
- order: 220
- makedirs: True
- template: {{ apache.get('template_engine', 'jinja') }}
- context:
apache: {{ apache|json }}
- source:
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }}
- context: {{ apache.mod_security|json }}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-reload
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
{%- if grains['os_family'] in ('Suse', 'Debian',) %}
apache-config-modules-security-cmd-run-a2en-security2:
cmd.run:
- name: a2enmod security2
- unless: ls {{ apache.moddir }}/security2.load && ls {{ apache.moddir }}/security2.conf
- order: 225
{%- elif grains.os_family in ('Redhat',) %}
apache-config-modules-security-file-directory-modsecurity:
file.directory:
- name: /etc/httpd/modsecurity.d
{%- endif %}
- require:
- pkg: apache-config-modules-security-pkg
- watch_in:
- module: apache-service-running-restart
- require_in:
- module: apache-service-running-restart
- module: apache-service-running-reload
- service: apache-service-running
{%- endif %}
Reference in New Issue Copy Permalink