diff options
author | Georg Pfuetzenreuter | 2023-02-12 17:14:41 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-02-12 17:14:41 +0100 |
commit | 0a00f3ea9367386847162a10d7548b2d0433ce93 (patch) | |
tree | fafacca2b764a7f30013ba5d41e3c841e6f72ea8 | |
parent | 91089d5d98d1a8833698d719beb7211988a52cb2 (diff) | |
parent | 2d5da24ce5d695b3f934ec06c654f7ae754b3fbf (diff) | |
download | salt-0a00f3ea9367386847162a10d7548b2d0433ce93.tar.gz salt-0a00f3ea9367386847162a10d7548b2d0433ce93.tar.bz2 salt-0a00f3ea9367386847162a10d7548b2d0433ce93.zip |
Merge pull request 'Manage AppArmor on web-proxie's' (#27) from import-denc-webcluster-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27
-rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 7 | ||||
-rw-r--r-- | salt/profile/apparmor/local.sls | 9 | ||||
-rw-r--r-- | salt/role/web-proxy.sls | 1 |
3 files changed, 17 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 7b5cebd..7748768 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -209,3 +209,10 @@ firewalld: services: - http - https + +profile: + apparmor: + local: + usr.sbin.nginx: + - '{{ trustcrt }} r,' + - '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,' diff --git a/salt/profile/apparmor/local.sls b/salt/profile/apparmor/local.sls new file mode 100644 index 0000000..6dbdff3 --- /dev/null +++ b/salt/profile/apparmor/local.sls @@ -0,0 +1,9 @@ +{%- set aapillar = salt['pillar.get']('profile:apparmor') %} + +{%- if 'local' in aapillar %} +{%- for profile, lines in aapillar['local'].items() %} +/etc/apparmor.d/local/{{ profile }}: + file.managed: + - contents: {{ lines }} +{%- endfor %} +{%- endif %} diff --git a/salt/role/web-proxy.sls b/salt/role/web-proxy.sls index 81f2293..649c69e 100644 --- a/salt/role/web-proxy.sls +++ b/salt/role/web-proxy.sls @@ -1,5 +1,6 @@ include: - nginx.pkg + - profile.apparmor.local - nginx.config - nginx.snippets - nginx.servers |