diff --git a/nginx/ng/init.sls b/nginx/ng/init.sls index 3af5427..411aeec 100644 --- a/nginx/ng/init.sls +++ b/nginx/ng/init.sls @@ -7,6 +7,9 @@ include: - nginx.ng.config - nginx.ng.service + {% if nginx.snippets is defined %} + - nginx.ng.snippets + {% endif %} - nginx.ng.servers - nginx.ng.certificates diff --git a/nginx/ng/map.jinja b/nginx/ng/map.jinja index c5bb973..d89c9a6 100644 --- a/nginx/ng/map.jinja +++ b/nginx/ng/map.jinja @@ -15,6 +15,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'pid_file': '/run/nginx.pid', 'openssl_package': 'openssl', @@ -28,6 +29,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -44,6 +46,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -63,6 +66,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'gpg_check': True, @@ -76,6 +80,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'openssl_package': 'openssl', }, @@ -86,6 +91,7 @@ 'conf_file': '/etc/nginx/nginx.conf', 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', + 'snippets_dir': '/etc/nginx/snippets', 'server_use_symlink': True, 'openssl_package': 'dev-libs/openssl', }, diff --git a/nginx/ng/snippets.sls b/nginx/ng/snippets.sls new file mode 100644 index 0000000..8635f2d --- /dev/null +++ b/nginx/ng/snippets.sls @@ -0,0 +1,20 @@ +# nginx.ng.snippet +# +# Manages creation of snippets + +{% from 'nginx/ng/map.jinja' import nginx, sls_block with context %} + +nginx_snippets_dir: + file.directory: + {{ sls_block(nginx.servers.dir_opts) }} + - name: {{ nginx.lookup.snippets_dir }} + +{% for snippet, config in nginx.snippets.items() %} +nginx_snippet_{{ snippet }}: + file.managed: + - name: {{ nginx.lookup.snippets_dir }}/{{ snippet }}.conf + - source: salt://nginx/ng/files/server.conf + - template: jinja + - context: + config: {{ config|json() }} +{% endfor %} diff --git a/pillar.example b/pillar.example index c326d9c..d269b6c 100644 --- a/pillar.example +++ b/pillar.example @@ -75,6 +75,11 @@ nginx: enable: True # Whether or not the service will be enabled/running or dead opts: {} # this partially exposes parameters of service.running / service.dead + snippets: # You can use snippets to define often repeated configuration once and include it later + letsencrypt: # e.g. this can be included using "- include: 'snippets/letsencrypt.conf'" + - location ^~ /.well-known/acme-challenge/: + - proxy_pass: http://localhost:9999 + server: opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file @@ -102,7 +107,7 @@ nginx: symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites managed_opts: {} # partially exposes file.managed params for managed server files - dir_opts: {} # partially exposes file.directory params for site available/enabled dirs + dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs # server declarations # servers will default to being placed in server_available @@ -139,6 +144,7 @@ nginx: - $uri - $uri/ =404 - test: something else + - include 'snippets/letsencrypt.conf' # The above outputs: # server {