diff options
Diffstat (limited to 'pillar')
| -rw-r--r-- | pillar/formulas.yaml | 3 | ||||
| -rw-r--r-- | pillar/id/themis_lysergic_dev.sls | 77 | ||||
| -rw-r--r-- | pillar/role/memcached.sls | 2 | ||||
| -rw-r--r-- | pillar/role/php-fpm.sls | 1 | ||||
| -rw-r--r-- | pillar/role/web/apache-httpd.sls | 13 |
5 files changed, 96 insertions, 0 deletions
diff --git a/pillar/formulas.yaml b/pillar/formulas.yaml index 191a8e1..bf74c21 100644 --- a/pillar/formulas.yaml +++ b/pillar/formulas.yaml @@ -1,8 +1,11 @@ --- +- apache - firewalld - keepalived +- memcached - nginx - openssh +- php - postfix - prometheus - salt diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls new file mode 100644 index 0000000..0773f4f --- /dev/null +++ b/pillar/id/themis_lysergic_dev.sls @@ -0,0 +1,77 @@ +apache: + sites: + BookStack: + interface: '[fd29:8e45:f292:ff80::1]' + port: 443 + ServerName: bookstack.themis.backend.syscid.com + DocumentRoot: /srv/www/BookStack/ + DirectoryIndex: index.php + Directory: + /srv/www/BookStack/: + Options: 'Indexes FollowSymLinks -MultiViews' + AllowOverride: None + Require: all granted + Formula_Append: | + RewriteEngine On + RewriteCond '%{HTTP:Authorization} .' + RewriteCond '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]' + RewriteCond '%{REQUEST_FILENAME} !-d' + RewriteCond '%{REQUEST_URI} (.+)/$' + RewriteCond '^ %1 [L,R=301]' + RewriteCond '%{REQUEST_FILENAME} !-d' + RewriteCond '%{REQUEST_FILENAME} !-f' + RewriteCond '^ index.php [L]' + LogLevel: False + ErrorLog: False + LogFormat: False + CustomLog: False + ServerAdmin: False + ServerAlias: False + Formula_Append: | + Include /etc/apache2/snippets.d/ssl_themis.conf + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript + SetOutputFilter DEFLATE + <FilesMatch '\.php$'> + SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack' + </FilesMatch> + +profile: + bookstack: + app_url: https://libertacasa.info + db_host: ${'secret_bookstack:db_host'} + db_database: ${'secret_bookstack:db_database'} + db_username: ${'secret_bookstack:db_username'} + db_password: ${'secret_bookstack:db_password'} + mail_driver: smtp + mail_from_name: LibertaCasa Documentation + mail_from: mail@libertacasa.info + mail_host: zz0.email + mail_port: 465 + mail_username: mail@libertacasa.info + mail_password: ${'secret_bookstack:mail_password'} + mail_encryption: ssl + app_theme: lysergic + cache_driver: memcached + session_driver: memcached + memcached_servers: /run/memcached/memcached.sock + session_secure_cookie: true + session_cookie_name: libertacasa_megayummycookie + app_debug: false + session_lifetime: 240 + auth_method: saml2 + auth_auto_initiate: true + saml2_name: LibertaCasa SSO + saml2_email_attribute: email + saml2_external_id_attribute: uid + saml2_display_name_attributes: fullname + saml2_idp_entityid: https://libsso.net/realms/libertacasa + saml2_idp_sso: https://libsso.net/realms/libertacasa/protocol/saml + saml2_idp_slo: https://libsso.net/realms/libertacasa/protocol/saml + saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'} + saml2_autoload_metadata: false + saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'} + saml2_sp_x509_key: ${'secret_bookstack:saml2_sp_x509_key'} + saml2_user_to_groups: true + saml2_group_attribute: groups + saml2_remove_from_groups: true + queue_connection: database diff --git a/pillar/role/memcached.sls b/pillar/role/memcached.sls new file mode 100644 index 0000000..e3ded73 --- /dev/null +++ b/pillar/role/memcached.sls @@ -0,0 +1,2 @@ +memcached: + listen_address: /run/memcached/memcached.sock diff --git a/pillar/role/php-fpm.sls b/pillar/role/php-fpm.sls new file mode 100644 index 0000000..1bb8bf6 --- /dev/null +++ b/pillar/role/php-fpm.sls @@ -0,0 +1 @@ +# empty diff --git a/pillar/role/web/apache-httpd.sls b/pillar/role/web/apache-httpd.sls new file mode 100644 index 0000000..bd77162 --- /dev/null +++ b/pillar/role/web/apache-httpd.sls @@ -0,0 +1,13 @@ +{%- set host = grains['host'] -%} +{%- set fqdn = grains['fqdn'] -%} + +apache: + global: + ServerAdmin: system@lysergic.dev + +profile: + apache-httpd: + snippets: + ssl_{{ host }}: + - 'SSLCertificateFile "/etc/ssl/{{ host }}/{{ fqdn }}.crt"' + - 'SSLCertificateKeyFile "/etc/ssl/{{ host }}/{{ fqdn }}.key"' |