diff --git a/.travis.yml b/.travis.yml index 87b7433..eb3d4a8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ --- stages: - test - - commitlint + - lint - name: release if: branch = master AND type != pull_request @@ -45,16 +45,21 @@ script: jobs: include: - # Define the commitlint stage - - stage: commitlint + # Define the `lint` stage (runs `yamllint` and `commitlint`) + - stage: lint language: node_js node_js: lts/* before_install: skip script: + # Install and run `yamllint` + - pip install --user yamllint + # yamllint disable-line rule:line-length + - yamllint -s . .yamllint pillar.example test/salt/default/pillar/nginx.sls + # Install and run `commitlint` - npm install @commitlint/config-conventional -D - npm install @commitlint/travis-cli -D - commitlint-travis - # Define the release stage that runs semantic-release + # Define the release stage that runs `semantic-release` - stage: release language: node_js node_js: lts/* diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..3a90f57 --- /dev/null +++ b/.yamllint @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# Extend the `default` configuration provided by `yamllint` +extends: default + +# Files to ignore completely +# 1. All YAML files under directory `node_modules/`, introduced during the Travis run +ignore: | + node_modules/ + +rules: + line-length: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + max: 88 diff --git a/pillar.example b/pillar.example index de62d4b..33db1aa 100644 --- a/pillar.example +++ b/pillar.example @@ -1,11 +1,15 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- # ======== # nginx (previously named nginx:ng) # ======== nginx: - # The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided - # package will be installed. If one of the `install_from` option is set to `True`, the state will - # make sure the other two repos are removed. + # The following three `install_from_` options are mutually exclusive. If none + # is used, the distro's provided package will be installed. If one of the + # `install_from` option is set to `true`, the state will make sure the other + # two repos are removed. # Use the official's nginx repo binaries install_from_repo: false @@ -16,7 +20,8 @@ nginx: # PPA install install_from_ppa: false - # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx ) + # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for + # each build accordingly ( https://launchpad.net/~nginx ) ppa_version: 'stable' # Source install @@ -32,40 +37,44 @@ nginx: conf_file: /etc/nginx/nginx.conf server_available: /etc/nginx/sites-available server_enabled: /etc/nginx/sites-enabled - server_use_symlink: True - # If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed + server_use_symlink: true + # If you install nginx+passenger from phusionpassenger in Debian, these + # values will probably be needed passenger_package: libnginx-mod-http-passenger passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf - # This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever + # This is required for RedHat like distros (Amazon Linux) that don't follow + # semantic versioning for $releasever rh_os_releasever: '6' # Currently it can be used on rhel/centos/suse when installing from repo - gpg_check: True - pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ### + gpg_check: true + ### prevents rendering SLS error nginx.server.config.pid undefined ### + pid_file: /var/run/nginx.pid # Source compilation is not currently a part of nginx - from_source: False + from_source: false source: opts: {} package: - opts: {} # this partially exposes parameters of pkg.installed + opts: {} # this partially exposes parameters of pkg.installed service: - enable: True # Whether or not the service will be enabled/running or dead - opts: {} # this partially exposes parameters of service.running / service.dead + enable: true # Whether or not the service will be enabled/running or dead + opts: {} # this partially exposes parameters of service.running / service.dead - ##--- --- - - - - - - -- - - - - -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## - ## You can use snippets to define often repeated configuration once and include it later - ## The letsencrypt example below is consumed by "- include: 'snippets/letsencrypt.conf'" - ## Files or Templates can be retrieved by TOFS with snippet name ( Fallback to server.conf ) - ##--- --- - - - - - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## + ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## + ## You can use snippets to define often repeated configuration once and + ## include it later # The letsencrypt example below is consumed by "- include: + ## 'snippets/letsencrypt.conf'" # Files or Templates can be retrieved by TOFS + ## with snippet name ( Fallback to server.conf ) + ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## snippets: letsencrypt.conf: - location ^~ /.well-known/acme-challenge/: - - proxy_pass: http://localhost:9999 + - proxy_pass: http://localhost:9999 cloudflare_proxy.conf: - set_real_ip_from: 103.21.244.0/22 - set_real_ip_from: 103.22.200.0/22 @@ -73,43 +82,48 @@ nginx: - set_real_ip_from: 108.162.192.0/18 blacklist.conf: - map $http_user_agent $bad_bot: - - default: 0 - - '~*^Lynx': 0 - - '~*malicious': 1 - - '~*bot': 1 - - '~*crawler': 1 - - '~*bandit': 1 - - libwww-perl: 1 - - '~(?i)(httrack|htmlparser|libwww)': 1 + - default: 0 + - '~*^Lynx': 0 + - '~*malicious': 1 + - '~*bot': 1 + - '~*crawler': 1 + - '~*bandit': 1 + - libwww-perl: 1 + - '~(?i)(httrack|htmlparser|libwww)': 1 upstream_netdata_tcp.conf: - upstream netdata: - - server: 127.0.0.1:19999 - - keepalive: 64 + - server: 127.0.0.1:19999 + - keepalive: 64 server: - opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file + # this partially exposes file.managed parameters as they relate to the main + # nginx.conf file + opts: {} - #-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # - # nginx.conf (main server) declarations - # dictionaries map to blocks {} and lists cause the same declaration to repeat with different values - # see also http://nginx.org/en/docs/example.html - # Nginx config file or template can be retrieved by TOFS ( Fallback to nginx.conf ) - #-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # + ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## + # nginx.conf (main server) declarations dictionaries map to blocks {} and + # lists cause the same declaration to repeat with different values see also + # http://nginx.org/en/docs/example.html Nginx config file or template can + # be retrieved by TOFS ( Fallback to nginx.conf ) + ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## config: include: 'snippets/letsencrypt.conf' - source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with TOFS and - # the rest of the options; if it is found other options - # (worker_processes: 4 and so on) are not processed - # and just upload the file from source + # IMPORTANT: This option is mutually exclusive with TOFS and the rest of + # the options; if it is found other options (worker_processes: 4 and so + # on) are not processed and just upload the file from source + source_path: salt://path_to_nginx_conf_file/nginx.conf worker_processes: 4 - load_module: modules/ngx_http_lua_module.so # pass as very first in configuration; otherwise nginx will fail to start - #pid: /var/run/nginx.pid # Directory location must exist (i.e. it's /run/nginx.pid on EL7) + # pass as very first in configuration; otherwise nginx will fail to start + load_module: modules/ngx_http_lua_module.so + # Directory location must exist (i.e. it's /run/nginx.pid on EL7) + # pid: /var/run/nginx.pid events: worker_connections: 1024 http: sendfile: 'on' include: - #### Note: Syntax issues in these files generate nginx [emerg] errors on startup. #### + #### Note: Syntax issues in these files generate nginx [emerg] errors + #### on startup. - /etc/nginx/mime.types ### module ngx_http_log_module example @@ -117,15 +131,16 @@ nginx: main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' - access_log: [] #suppress default access_log option from being added + access_log: [] # suppress default access_log option from being added - ### module nngx_stream_core_module - ### https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example + # module nngx_stream_core_module + # yamllint disable-line rule:line-length + # https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example stream: upstream lb-1000: - server: - - hostname1.example.com:1000 - - hostname2.example.com:1000 + - hostname1.example.com:1000 + - hostname2.example.com:1000 upstream stream_backend: least_conn: '' 'server backend1.example.com:12345 weight=5': @@ -148,11 +163,17 @@ nginx: servers: - disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling - symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites - rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites - managed_opts: {} # partially exposes file.managed params for managed server files - dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs + # a postfix appended to files when doing non-symlink disabling + disabled_postfix: .disabled + # partially exposes file.symlink params when symlinking enabled sites + symlink_opts: {} + # partially exposes file.rename params when not symlinking disabled/enabled sites + rename_opts: {} + # partially exposes file.managed params for managed server files + managed_opts: {} + # partially exposes file.directory params for site available/enabled and + # snippets dirs + dir_opts: {} ##################### @@ -160,72 +181,84 @@ nginx: ##################### managed: - mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite') - # may be True, False, or None where True is enabled, False, disabled, and None indicates no action - enabled: True + # relative filename of server file + # (defaults to '/etc/nginx/sites-available/mysite') + mysite: + # may be true, false, or None where true is enabled, false, disabled, + # and None indicates no action + enabled: true - # Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default) + # Remove the site config file shipped by nginx + # (i.e. '/etc/nginx/sites-available/default' by default) # It also remove the symlink (if it is exists). - # The site MUST be disabled before delete it (if not the nginx is not reloaded). - #deleted: True + # The site MUST be disabled before delete it (if not the nginx is not + # reloaded). + # deleted: true - #available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename - #enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename - disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking - overwrite: True # overwrite an existing server file or not + # custom directory (not sites-available) for server filename + # available_dir: /etc/nginx/sites-available-custom + # custom directory (not sites-enabled) for server filename + # enabled_dir: /etc/nginx/sites-enabled-custom + # an alternative disabled name to be use when not symlinking + disabled_name: mysite.aint_on + # overwrite an existing server file or not + overwrite: true - # May be a list of config options or None, if None, no server file will be managed/templated - # Take server directives as lists of dictionaries. If the dictionary value is another list of - # dictionaries a block {} will be started with the dictionary key name + # May be a list of config options or None, if None, no server file will + # be managed/templated Take server directives as lists of dictionaries. + # If the dictionary value is another list of dictionaries a block {} + # will be started with the dictionary key name config: - - server: - - server_name: localhost - - listen: - - '80 default_server' - - listen: - - '443 ssl' - - index: 'index.html index.htm' - - location ~ .htm: - - try_files: '$uri $uri/ =404' - - test: something else - - include: 'snippets/letsencrypt.conf' - - # Or a slightly more compact alternative syntax: + # both of the methods below lead to the output: + # server { + # server_name localhost; + # listen 80 default_server; + # listen 443 ssl; + # index index.html index.htm; + # location ~ .htm { + # try_files $uri $uri/ =404; + # test something else; + # } + # } - server: - - server_name: localhost - - listen: - - '80 default_server' - - '443 ssl' - - index: 'index.html index.htm' - - location ~ .htm: - - try_files: '$uri $uri/ =404' - - test: something else - - include: 'snippets/letsencrypt.conf' + - server_name: localhost + - listen: + - '80 default_server' + - listen: + - '443 ssl' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' + - test: something else + - include: 'snippets/letsencrypt.conf' - # both of those output: - # server { - # server_name localhost; - # listen 80 default_server; - # listen 443 ssl; - # index index.html index.htm; - # location ~ .htm { - # try_files $uri $uri/ =404; - # test something else; - # } - # } + # Or a slightly more compact alternative syntax: + - server: + - server_name: localhost + - listen: + - '80 default_server' + - '443 ssl' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' + - test: something else + - include: 'snippets/letsencrypt.conf' - mysite2: # Using source_path options to upload the file instead of templating all the file - enabled: True + + # Using source_path options to upload the file instead of templating all the file + mysite2: + enabled: true available_dir: /etc/nginx/sites-available enabled_dir: /etc/nginx/sites-enabled config: - source_path: salt://path-to-site-file/mysite2 # IMPORTANT: This field is mutually exclusive with TOFS - # and other config options, it just uploads the specified file + # IMPORTANT: This field is mutually exclusive with TOFS and other + # config options, it just uploads the specified file + source_path: salt://path-to-site-file/mysite2 - # Below configuration becomes handy if you want to create custom configuration files - # for example if you want to create /usr/local/etc/nginx/http_options.conf with - # the following content: + # Below configuration becomes handy if you want to create custom + # configuration files for example if you want to create + # /usr/local/etc/nginx/http_options.conf with the following content: # sendfile on; # tcp_nopush on; @@ -233,7 +266,7 @@ nginx: # send_iowait 12000; http_options.conf: - enabled: True + enabled: true available_dir: /usr/local/etc/nginx enabled_dir: /usr/local/etc/nginx config: @@ -242,14 +275,16 @@ nginx: - tcp_nodelay: 'on' - send_iowait: 12000 - certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. + # Use this if you need to deploy below certificates in a custom path. + certificates_path: '/etc/nginx/ssl' # If you're doing SSL termination, you can deploy certificates this way. # The private one(s) should go in a separate pillar file not in version # control (or use encrypted pillar data). certificates: 'www.example.com': - # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree) + # choose one of: deploying this cert by pillar (e.g. in combination with + # ext_pillar and file_tree) # public_cert_pillar: certs:example.com:fullchain.pem # private_key_pillar: certs:example.com:privkey.pem # or directly pasting the cert @@ -302,8 +337,9 @@ nginx: # # All aspects of path/file resolution are customisable using the options below. # This is unnecessary in most cases; there are sensible defaults. - # Path pattern: salt://{{ path_prefix or 'nginx' }}/{{ dirs.files or 'files' }}/{{ dirs.default or 'default' }} - # path_prefix: template_alt + # Default path: salt://{{ path_prefix }}/{{ dirs.files }}/{{ dirs.default }} + # I.e.: salt://nginx/files/default + # path_prefix: template_alt # dirs: # files: files_alt # default: default_alt diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml index 349adf7..8f05f87 100644 --- a/test/integration/default/inspec.yml +++ b/test/integration/default/inspec.yml @@ -1,3 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- name: default title: nginx formula maintainer: SaltStack Formulas diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls index bbdfa69..04e9aa4 100644 --- a/test/salt/default/pillar/nginx.sls +++ b/test/salt/default/pillar/nginx.sls @@ -1,4 +1,6 @@ - +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- # Simple pillar setup # - snippet letsencrypt # - remove 'default' site @@ -8,7 +10,7 @@ nginx: snippets: letsencrypt.conf: - location ^~ /.well-known/acme-challenge/: - - proxy_pass: http://localhost:9999 + - proxy_pass: http://localhost:9999 server: config: http: @@ -20,19 +22,18 @@ nginx: servers: managed: default: - deleted: True - enabled: False + deleted: true + enabled: false config: {} mysite: - enabled: True + enabled: true config: - server: - - server_name: localhost - - listen: - - '80 default_server' - - index: 'index.html index.htm' - - location ~ .htm: - - try_files: '$uri $uri/ =404' - - include: 'snippets/letsencrypt.conf' - + - server_name: localhost + - listen: + - '80 default_server' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' + - include: 'snippets/letsencrypt.conf'