summaryrefslogtreecommitdiffstats
path: root/pillar/id/themis_lysergic_dev.sls
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-04-30 14:37:12 +0200
committerGeorg Pfuetzenreuter2023-04-30 14:37:12 +0200
commitb1249e69eb51b619dde5a3b0ffc162c86ffff16f (patch)
tree1b593d83d7c4982d6579641bef14371d1c1d699f /pillar/id/themis_lysergic_dev.sls
parent87bb69fa376ffd78b6e619732c5c921e131b49f8 (diff)
parentf32d814658a3005654b10e28c0827fb2a9302678 (diff)
downloadsalt-b1249e69eb51b619dde5a3b0ffc162c86ffff16f.tar.gz
salt-b1249e69eb51b619dde5a3b0ffc162c86ffff16f.tar.bz2
salt-b1249e69eb51b619dde5a3b0ffc162c86ffff16f.zip
Merge pull request 'Import themis / PrivateBin' (#40) from privatebin into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
Diffstat (limited to 'pillar/id/themis_lysergic_dev.sls')
-rw-r--r--pillar/id/themis_lysergic_dev.sls98
1 files changed, 85 insertions, 13 deletions
diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls
index 0773f4f..67a7757 100644
--- a/pillar/id/themis_lysergic_dev.sls
+++ b/pillar/id/themis_lysergic_dev.sls
@@ -1,9 +1,26 @@
+{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}
+
+{%- macro httpdformulaexcess() -%}
+ LogLevel: False
+ ErrorLog: False
+ LogFormat: False
+ CustomLog: False
+ ServerAdmin: False
+ ServerAlias: False
+{%- endmacro -%}
+{%- macro httpdcommon(app) -%}
+ Include {{ common['snippetsdir'] }}ssl_themis.conf
+ <FilesMatch '\.php$'>
+ SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
+ </FilesMatch>
+{%- endmacro -%}
+
apache:
sites:
BookStack:
- interface: '[fd29:8e45:f292:ff80::1]'
- port: 443
- ServerName: bookstack.themis.backend.syscid.com
+ interface: '{{ common['address'] }}'
+ port: {{ common['port'] }}
+ ServerName: bookstack{{ common['domain'] }}
DocumentRoot: /srv/www/BookStack/
DirectoryIndex: index.php
Directory:
@@ -21,19 +38,26 @@ apache:
RewriteCond '%{REQUEST_FILENAME} !-d'
RewriteCond '%{REQUEST_FILENAME} !-f'
RewriteCond '^ index.php [L]'
- LogLevel: False
- ErrorLog: False
- LogFormat: False
- CustomLog: False
- ServerAdmin: False
- ServerAlias: False
+ {{ httpdformulaexcess() }}
Formula_Append: |
- Include /etc/apache2/snippets.d/ssl_themis.conf
+ {{ httpdcommon('BookStack') }}
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
SetOutputFilter DEFLATE
- <FilesMatch '\.php$'>
- SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
- </FilesMatch>
+
+ PrivateBin:
+ interface: '{{ common['address'] }}'
+ port: {{ common['port'] }}
+ ServerName: privatebin{{ common['domain'] }}
+ DocumentRoot: /srv/www/PrivateBin/public
+ DirectoryIndex: index.php
+ Directory:
+ /srv/www/PrivateBin/:
+ Options: false
+ AllowOverride: None
+ Require: all granted
+ {{ httpdformulaexcess() }}
+ Formula_Append: |
+ {{ httpdcommon('PrivateBin') }}
profile:
bookstack:
@@ -75,3 +99,51 @@ profile:
saml2_group_attribute: groups
saml2_remove_from_groups: true
queue_connection: database
+
+ privatebin:
+ main:
+ name: Bin
+ fileupload: true
+ syntaxhighlightingtheme: sons-of-obsidian
+ sizelimit: 310485760
+ notice: 'Note: Kittens will die if you abuse this service.'
+ languageselection: true
+ urlshortener: ${'secret_privatebin:main:urlshortener'}
+ qrcode: true
+ expire:
+ default: 1week
+ expire_options:
+ 5min: 300
+ 10min: 600
+ 1hour: 3600
+ 1day: 86400
+ 1week: 604800
+ 1month: 2592000
+ 1year: 31536000
+ never: 0
+ formatter_options:
+ plaintext: Plain Text
+ syntaxhighlighting: Source Code
+ markdown: Markdown
+ traffic:
+ limit: 10
+ header: X_FORWARDED_FOR
+ dir: /var/lib/PrivateBin/limits
+ purge:
+ limit: 300
+ batchsize: 10
+ dir: /var/lib/PrivateBin/limits
+ model:
+ class: Database
+ model_options:
+ dsn: ${'secret_privatebin:model_options:dsn'}
+ tbl: privatebin_
+ usr: ${'secret_privatebin:model_options:usr'}
+ pwd: ${'secret_privatebin:model_options:pwd'}
+ opt[12]: true
+
+firewalld:
+ zones:
+ backend:
+ services:
+ - https