Merge pull request #250 from myii/chore/standardise-structure

feat(yamllint): include for this repo and apply rules throughout
This commit is contained in:
Niels Abspoel 2019-08-12 20:07:42 +02:00 committed by GitHub
commit 8b90eb1ec2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 189 additions and 128 deletions

View File

@ -3,7 +3,7 @@
--- ---
stages: stages:
- test - test
- commitlint - lint
- name: release - name: release
if: branch = master AND type != pull_request if: branch = master AND type != pull_request
@ -45,16 +45,21 @@ script:
jobs: jobs:
include: include:
# Define the commitlint stage # Define the `lint` stage (runs `yamllint` and `commitlint`)
- stage: commitlint - stage: lint
language: node_js language: node_js
node_js: lts/* node_js: lts/*
before_install: skip before_install: skip
script: script:
# Install and run `yamllint`
- pip install --user yamllint
# yamllint disable-line rule:line-length
- yamllint -s . .yamllint pillar.example test/salt/default/pillar/nginx.sls
# Install and run `commitlint`
- npm install @commitlint/config-conventional -D - npm install @commitlint/config-conventional -D
- npm install @commitlint/travis-cli -D - npm install @commitlint/travis-cli -D
- commitlint-travis - commitlint-travis
# Define the release stage that runs semantic-release # Define the release stage that runs `semantic-release`
- stage: release - stage: release
language: node_js language: node_js
node_js: lts/* node_js: lts/*

16
.yamllint Normal file
View File

@ -0,0 +1,16 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
extends: default
# Files to ignore completely
# 1. All YAML files under directory `node_modules/`, introduced during the Travis run
ignore: |
node_modules/
rules:
line-length:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
max: 88

View File

@ -1,11 +1,15 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# ======== # ========
# nginx (previously named nginx:ng) # nginx (previously named nginx:ng)
# ======== # ========
nginx: nginx:
# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided # The following three `install_from_` options are mutually exclusive. If none
# package will be installed. If one of the `install_from` option is set to `True`, the state will # is used, the distro's provided package will be installed. If one of the
# make sure the other two repos are removed. # `install_from` option is set to `true`, the state will make sure the other
# two repos are removed.
# Use the official's nginx repo binaries # Use the official's nginx repo binaries
install_from_repo: false install_from_repo: false
@ -16,7 +20,8 @@ nginx:
# PPA install # PPA install
install_from_ppa: false install_from_ppa: false
# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx ) # Set to 'stable', 'development' (mainline), 'community', or 'nightly' for
# each build accordingly ( https://launchpad.net/~nginx )
ppa_version: 'stable' ppa_version: 'stable'
# Source install # Source install
@ -32,40 +37,44 @@ nginx:
conf_file: /etc/nginx/nginx.conf conf_file: /etc/nginx/nginx.conf
server_available: /etc/nginx/sites-available server_available: /etc/nginx/sites-available
server_enabled: /etc/nginx/sites-enabled server_enabled: /etc/nginx/sites-enabled
server_use_symlink: True server_use_symlink: true
# If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed # If you install nginx+passenger from phusionpassenger in Debian, these
# values will probably be needed
passenger_package: libnginx-mod-http-passenger passenger_package: libnginx-mod-http-passenger
passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf
# This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever # This is required for RedHat like distros (Amazon Linux) that don't follow
# semantic versioning for $releasever
rh_os_releasever: '6' rh_os_releasever: '6'
# Currently it can be used on rhel/centos/suse when installing from repo # Currently it can be used on rhel/centos/suse when installing from repo
gpg_check: True gpg_check: true
pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ### ### prevents rendering SLS error nginx.server.config.pid undefined ###
pid_file: /var/run/nginx.pid
# Source compilation is not currently a part of nginx # Source compilation is not currently a part of nginx
from_source: False from_source: false
source: source:
opts: {} opts: {}
package: package:
opts: {} # this partially exposes parameters of pkg.installed opts: {} # this partially exposes parameters of pkg.installed
service: service:
enable: True # Whether or not the service will be enabled/running or dead enable: true # Whether or not the service will be enabled/running or dead
opts: {} # this partially exposes parameters of service.running / service.dead opts: {} # this partially exposes parameters of service.running / service.dead
##--- --- - - - - - - -- - - - - -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
## You can use snippets to define often repeated configuration once and include it later ## You can use snippets to define often repeated configuration once and
## The letsencrypt example below is consumed by "- include: 'snippets/letsencrypt.conf'" ## include it later # The letsencrypt example below is consumed by "- include:
## Files or Templates can be retrieved by TOFS with snippet name ( Fallback to server.conf ) ## 'snippets/letsencrypt.conf'" # Files or Templates can be retrieved by TOFS
##--- --- - - - - - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## ## with snippet name ( Fallback to server.conf )
## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
snippets: snippets:
letsencrypt.conf: letsencrypt.conf:
- location ^~ /.well-known/acme-challenge/: - location ^~ /.well-known/acme-challenge/:
- proxy_pass: http://localhost:9999 - proxy_pass: http://localhost:9999
cloudflare_proxy.conf: cloudflare_proxy.conf:
- set_real_ip_from: 103.21.244.0/22 - set_real_ip_from: 103.21.244.0/22
- set_real_ip_from: 103.22.200.0/22 - set_real_ip_from: 103.22.200.0/22
@ -73,43 +82,48 @@ nginx:
- set_real_ip_from: 108.162.192.0/18 - set_real_ip_from: 108.162.192.0/18
blacklist.conf: blacklist.conf:
- map $http_user_agent $bad_bot: - map $http_user_agent $bad_bot:
- default: 0 - default: 0
- '~*^Lynx': 0 - '~*^Lynx': 0
- '~*malicious': 1 - '~*malicious': 1
- '~*bot': 1 - '~*bot': 1
- '~*crawler': 1 - '~*crawler': 1
- '~*bandit': 1 - '~*bandit': 1
- libwww-perl: 1 - libwww-perl: 1
- '~(?i)(httrack|htmlparser|libwww)': 1 - '~(?i)(httrack|htmlparser|libwww)': 1
upstream_netdata_tcp.conf: upstream_netdata_tcp.conf:
- upstream netdata: - upstream netdata:
- server: 127.0.0.1:19999 - server: 127.0.0.1:19999
- keepalive: 64 - keepalive: 64
server: server:
opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file # this partially exposes file.managed parameters as they relate to the main
# nginx.conf file
opts: {}
#-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
# nginx.conf (main server) declarations # nginx.conf (main server) declarations dictionaries map to blocks {} and
# dictionaries map to blocks {} and lists cause the same declaration to repeat with different values # lists cause the same declaration to repeat with different values see also
# see also http://nginx.org/en/docs/example.html # http://nginx.org/en/docs/example.html Nginx config file or template can
# Nginx config file or template can be retrieved by TOFS ( Fallback to nginx.conf ) # be retrieved by TOFS ( Fallback to nginx.conf )
#-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # ## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ##
config: config:
include: 'snippets/letsencrypt.conf' include: 'snippets/letsencrypt.conf'
source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with TOFS and # IMPORTANT: This option is mutually exclusive with TOFS and the rest of
# the rest of the options; if it is found other options # the options; if it is found other options (worker_processes: 4 and so
# (worker_processes: 4 and so on) are not processed # on) are not processed and just upload the file from source
# and just upload the file from source source_path: salt://path_to_nginx_conf_file/nginx.conf
worker_processes: 4 worker_processes: 4
load_module: modules/ngx_http_lua_module.so # pass as very first in configuration; otherwise nginx will fail to start # pass as very first in configuration; otherwise nginx will fail to start
#pid: /var/run/nginx.pid # Directory location must exist (i.e. it's /run/nginx.pid on EL7) load_module: modules/ngx_http_lua_module.so
# Directory location must exist (i.e. it's /run/nginx.pid on EL7)
# pid: /var/run/nginx.pid
events: events:
worker_connections: 1024 worker_connections: 1024
http: http:
sendfile: 'on' sendfile: 'on'
include: include:
#### Note: Syntax issues in these files generate nginx [emerg] errors on startup. #### #### Note: Syntax issues in these files generate nginx [emerg] errors
#### on startup.
- /etc/nginx/mime.types - /etc/nginx/mime.types
### module ngx_http_log_module example ### module ngx_http_log_module example
@ -117,15 +131,16 @@ nginx:
main '$remote_addr - $remote_user [$time_local] $status ' main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" ' '"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' '"$http_user_agent" "$http_x_forwarded_for"'
access_log: [] #suppress default access_log option from being added access_log: [] # suppress default access_log option from being added
### module nngx_stream_core_module # module nngx_stream_core_module
### https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example # yamllint disable-line rule:line-length
# https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example
stream: stream:
upstream lb-1000: upstream lb-1000:
- server: - server:
- hostname1.example.com:1000 - hostname1.example.com:1000
- hostname2.example.com:1000 - hostname2.example.com:1000
upstream stream_backend: upstream stream_backend:
least_conn: '' least_conn: ''
'server backend1.example.com:12345 weight=5': 'server backend1.example.com:12345 weight=5':
@ -148,11 +163,17 @@ nginx:
servers: servers:
disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling # a postfix appended to files when doing non-symlink disabling
symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites disabled_postfix: .disabled
rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites # partially exposes file.symlink params when symlinking enabled sites
managed_opts: {} # partially exposes file.managed params for managed server files symlink_opts: {}
dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs # partially exposes file.rename params when not symlinking disabled/enabled sites
rename_opts: {}
# partially exposes file.managed params for managed server files
managed_opts: {}
# partially exposes file.directory params for site available/enabled and
# snippets dirs
dir_opts: {}
##################### #####################
@ -160,72 +181,84 @@ nginx:
##################### #####################
managed: managed:
mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite') # relative filename of server file
# may be True, False, or None where True is enabled, False, disabled, and None indicates no action # (defaults to '/etc/nginx/sites-available/mysite')
enabled: True mysite:
# may be true, false, or None where true is enabled, false, disabled,
# and None indicates no action
enabled: true
# Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default) # Remove the site config file shipped by nginx
# (i.e. '/etc/nginx/sites-available/default' by default)
# It also remove the symlink (if it is exists). # It also remove the symlink (if it is exists).
# The site MUST be disabled before delete it (if not the nginx is not reloaded). # The site MUST be disabled before delete it (if not the nginx is not
#deleted: True # reloaded).
# deleted: true
#available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename # custom directory (not sites-available) for server filename
#enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename # available_dir: /etc/nginx/sites-available-custom
disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking # custom directory (not sites-enabled) for server filename
overwrite: True # overwrite an existing server file or not # enabled_dir: /etc/nginx/sites-enabled-custom
# an alternative disabled name to be use when not symlinking
disabled_name: mysite.aint_on
# overwrite an existing server file or not
overwrite: true
# May be a list of config options or None, if None, no server file will be managed/templated # May be a list of config options or None, if None, no server file will
# Take server directives as lists of dictionaries. If the dictionary value is another list of # be managed/templated Take server directives as lists of dictionaries.
# dictionaries a block {} will be started with the dictionary key name # If the dictionary value is another list of dictionaries a block {}
# will be started with the dictionary key name
config: config:
- server: # both of the methods below lead to the output:
- server_name: localhost # server {
- listen: # server_name localhost;
- '80 default_server' # listen 80 default_server;
- listen: # listen 443 ssl;
- '443 ssl' # index index.html index.htm;
- index: 'index.html index.htm' # location ~ .htm {
- location ~ .htm: # try_files $uri $uri/ =404;
- try_files: '$uri $uri/ =404' # test something else;
- test: something else # }
- include: 'snippets/letsencrypt.conf' # }
# Or a slightly more compact alternative syntax:
- server: - server:
- server_name: localhost - server_name: localhost
- listen: - listen:
- '80 default_server' - '80 default_server'
- '443 ssl' - listen:
- index: 'index.html index.htm' - '443 ssl'
- location ~ .htm: - index: 'index.html index.htm'
- try_files: '$uri $uri/ =404' - location ~ .htm:
- test: something else - try_files: '$uri $uri/ =404'
- include: 'snippets/letsencrypt.conf' - test: something else
- include: 'snippets/letsencrypt.conf'
# both of those output: # Or a slightly more compact alternative syntax:
# server { - server:
# server_name localhost; - server_name: localhost
# listen 80 default_server; - listen:
# listen 443 ssl; - '80 default_server'
# index index.html index.htm; - '443 ssl'
# location ~ .htm { - index: 'index.html index.htm'
# try_files $uri $uri/ =404; - location ~ .htm:
# test something else; - try_files: '$uri $uri/ =404'
# } - test: something else
# } - include: 'snippets/letsencrypt.conf'
mysite2: # Using source_path options to upload the file instead of templating all the file
enabled: True # Using source_path options to upload the file instead of templating all the file
mysite2:
enabled: true
available_dir: /etc/nginx/sites-available available_dir: /etc/nginx/sites-available
enabled_dir: /etc/nginx/sites-enabled enabled_dir: /etc/nginx/sites-enabled
config: config:
source_path: salt://path-to-site-file/mysite2 # IMPORTANT: This field is mutually exclusive with TOFS # IMPORTANT: This field is mutually exclusive with TOFS and other
# and other config options, it just uploads the specified file # config options, it just uploads the specified file
source_path: salt://path-to-site-file/mysite2
# Below configuration becomes handy if you want to create custom configuration files # Below configuration becomes handy if you want to create custom
# for example if you want to create /usr/local/etc/nginx/http_options.conf with # configuration files for example if you want to create
# the following content: # /usr/local/etc/nginx/http_options.conf with the following content:
# sendfile on; # sendfile on;
# tcp_nopush on; # tcp_nopush on;
@ -233,7 +266,7 @@ nginx:
# send_iowait 12000; # send_iowait 12000;
http_options.conf: http_options.conf:
enabled: True enabled: true
available_dir: /usr/local/etc/nginx available_dir: /usr/local/etc/nginx
enabled_dir: /usr/local/etc/nginx enabled_dir: /usr/local/etc/nginx
config: config:
@ -242,14 +275,16 @@ nginx:
- tcp_nodelay: 'on' - tcp_nodelay: 'on'
- send_iowait: 12000 - send_iowait: 12000
certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. # Use this if you need to deploy below certificates in a custom path.
certificates_path: '/etc/nginx/ssl'
# If you're doing SSL termination, you can deploy certificates this way. # If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version # The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data). # control (or use encrypted pillar data).
certificates: certificates:
'www.example.com': 'www.example.com':
# choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree) # choose one of: deploying this cert by pillar (e.g. in combination with
# ext_pillar and file_tree)
# public_cert_pillar: certs:example.com:fullchain.pem # public_cert_pillar: certs:example.com:fullchain.pem
# private_key_pillar: certs:example.com:privkey.pem # private_key_pillar: certs:example.com:privkey.pem
# or directly pasting the cert # or directly pasting the cert
@ -302,8 +337,9 @@ nginx:
# #
# All aspects of path/file resolution are customisable using the options below. # All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults. # This is unnecessary in most cases; there are sensible defaults.
# Path pattern: salt://{{ path_prefix or 'nginx' }}/{{ dirs.files or 'files' }}/{{ dirs.default or 'default' }} # Default path: salt://{{ path_prefix }}/{{ dirs.files }}/{{ dirs.default }}
# path_prefix: template_alt # I.e.: salt://nginx/files/default
# path_prefix: template_alt
# dirs: # dirs:
# files: files_alt # files: files_alt
# default: default_alt # default: default_alt

View File

@ -1,3 +1,6 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: default name: default
title: nginx formula title: nginx formula
maintainer: SaltStack Formulas maintainer: SaltStack Formulas

View File

@ -1,4 +1,6 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Simple pillar setup # Simple pillar setup
# - snippet letsencrypt # - snippet letsencrypt
# - remove 'default' site # - remove 'default' site
@ -8,7 +10,7 @@ nginx:
snippets: snippets:
letsencrypt.conf: letsencrypt.conf:
- location ^~ /.well-known/acme-challenge/: - location ^~ /.well-known/acme-challenge/:
- proxy_pass: http://localhost:9999 - proxy_pass: http://localhost:9999
server: server:
config: config:
http: http:
@ -20,19 +22,18 @@ nginx:
servers: servers:
managed: managed:
default: default:
deleted: True deleted: true
enabled: False enabled: false
config: {} config: {}
mysite: mysite:
enabled: True enabled: true
config: config:
- server: - server:
- server_name: localhost - server_name: localhost
- listen: - listen:
- '80 default_server' - '80 default_server'
- index: 'index.html index.htm' - index: 'index.html index.htm'
- location ~ .htm: - location ~ .htm:
- try_files: '$uri $uri/ =404' - try_files: '$uri $uri/ =404'
- include: 'snippets/letsencrypt.conf' - include: 'snippets/letsencrypt.conf'