diff options
| -rwxr-xr-x | bin/nbroles_to_grains.sh | 2 | ||||
| -rw-r--r-- | pillar/id/themis_lysergic_dev.sls | 6 | ||||
| -rw-r--r-- | salt/common/suse.sls | 4 | ||||
| -rw-r--r-- | salt/profile/bookstack/init.sls | 6 |
4 files changed, 11 insertions, 7 deletions
diff --git a/bin/nbroles_to_grains.sh b/bin/nbroles_to_grains.sh index ee4e726..85cb52c 100755 --- a/bin/nbroles_to_grains.sh +++ b/bin/nbroles_to_grains.sh @@ -1,4 +1,4 @@ #!/usr/bin/env sh # This rewrites top-files to fetch roles from grains instead of our custom roles API. Useful for testing outside of the LibertaCasa infrastructure, but not recommended for production. -sed -i "s/salt\['http.query'\].*/grains\['roles'\] -%}/" */top.sls +sed -i "s/salt\['http.query'\].*/grains\['roles'\] -%}/" */top.sls salt/common/suse.sls diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index a620c9e..5c3df5e 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -88,9 +88,9 @@ profile: saml2_email_attribute: email saml2_external_id_attribute: uid saml2_display_name_attributes: fullname - saml2_idp_entityid: https://libsso.net/realms/libertacasa - saml2_idp_sso: https://libsso.net/realms/libertacasa/protocol/saml - saml2_idp_slo: https://libsso.net/realms/libertacasa/protocol/saml + saml2_idp_entityid: https://libsso.net/realms/LibertaCasa + saml2_idp_sso: https://libsso.net/realms/LibertaCasa/protocol/saml + saml2_idp_slo: https://libsso.net/realms/LibertaCasa/protocol/saml saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'} saml2_autoload_metadata: false saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'} diff --git a/salt/common/suse.sls b/salt/common/suse.sls index 01c7333..da0a99e 100644 --- a/salt/common/suse.sls +++ b/salt/common/suse.sls @@ -1,3 +1,5 @@ +{%- set roles = salt['http.query']('http://machine-roles.lysergic.dev:4580/roles', decode=True, decode_type='json', params={"machine": id})['dict']['roles'] -%} + include: {#- drop pillar check after all firewall configurations have been imported #} {%- if salt['pillar.get']('manage_firewall'), False %} @@ -65,7 +67,9 @@ common_packages_remove: {#- we only use AutoYaST for the OS deployment #} - autoyast2 - autoyast2-installation + {%- if not 'php-fpm' in roles %} - libX11-data + {%- endif %} - yast2-add-on - yast2-services-manager - yast2-slp diff --git a/salt/profile/bookstack/init.sls b/salt/profile/bookstack/init.sls index 3dc5a36..ea75ec4 100644 --- a/salt/profile/bookstack/init.sls +++ b/salt/profile/bookstack/init.sls @@ -10,7 +10,7 @@ bookstack_permissions: file.managed: - mode: '0640' - user: root - - group: wwwrun + - group: www - names: - {{ configfile }} @@ -24,10 +24,10 @@ bookstack_permissions: - key_values: {%- macro condconf(option) %} {%- if option in mypillar -%} - {%- if mypillar[option] is string and mypillar[option].startswith('$') or mypillar[option] is number %} + {%- if ( mypillar[option] is string and mypillar[option].startswith('$') ) or mypillar[option] is number %} {%- set value = mypillar[option] %} {%- else %} - {%- set value = mypillar[option] | quote %} + {%- set value = "\"'" ~ mypillar[option] ~ "'\"" %} {%- endif %} {{ option | upper }}: {{ value }} {%- endif -%} |