diff options
| -rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 7 | ||||
| -rw-r--r-- | salt/profile/apparmor/local.sls | 9 | ||||
| -rw-r--r-- | salt/role/web-proxy.sls | 1 |
3 files changed, 17 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 7b5cebd..7748768 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -209,3 +209,10 @@ firewalld: services: - http - https + +profile: + apparmor: + local: + usr.sbin.nginx: + - '{{ trustcrt }} r,' + - '/srv/www/{libsso.net,sso.casa,sso.syscid.com}/{index.html,stuff/tacit-css-1.5.2.min.css} r,' diff --git a/salt/profile/apparmor/local.sls b/salt/profile/apparmor/local.sls new file mode 100644 index 0000000..6dbdff3 --- /dev/null +++ b/salt/profile/apparmor/local.sls @@ -0,0 +1,9 @@ +{%- set aapillar = salt['pillar.get']('profile:apparmor') %} + +{%- if 'local' in aapillar %} +{%- for profile, lines in aapillar['local'].items() %} +/etc/apparmor.d/local/{{ profile }}: + file.managed: + - contents: {{ lines }} +{%- endfor %} +{%- endif %} diff --git a/salt/role/web-proxy.sls b/salt/role/web-proxy.sls index 81f2293..649c69e 100644 --- a/salt/role/web-proxy.sls +++ b/salt/role/web-proxy.sls @@ -1,5 +1,6 @@ include: - nginx.pkg + - profile.apparmor.local - nginx.config - nginx.snippets - nginx.servers |