diff options
Diffstat (limited to 'pillar')
| -rw-r--r-- | pillar/id/themis_lysergic_dev.sls | 98 |
1 files changed, 85 insertions, 13 deletions
diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index 0773f4f..67a7757 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -1,9 +1,26 @@ +{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%} + +{%- macro httpdformulaexcess() -%} + LogLevel: False + ErrorLog: False + LogFormat: False + CustomLog: False + ServerAdmin: False + ServerAlias: False +{%- endmacro -%} +{%- macro httpdcommon(app) -%} + Include {{ common['snippetsdir'] }}ssl_themis.conf + <FilesMatch '\.php$'> + SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}' + </FilesMatch> +{%- endmacro -%} + apache: sites: BookStack: - interface: '[fd29:8e45:f292:ff80::1]' - port: 443 - ServerName: bookstack.themis.backend.syscid.com + interface: '{{ common['address'] }}' + port: {{ common['port'] }} + ServerName: bookstack{{ common['domain'] }} DocumentRoot: /srv/www/BookStack/ DirectoryIndex: index.php Directory: @@ -21,19 +38,26 @@ apache: RewriteCond '%{REQUEST_FILENAME} !-d' RewriteCond '%{REQUEST_FILENAME} !-f' RewriteCond '^ index.php [L]' - LogLevel: False - ErrorLog: False - LogFormat: False - CustomLog: False - ServerAdmin: False - ServerAlias: False + {{ httpdformulaexcess() }} Formula_Append: | - Include /etc/apache2/snippets.d/ssl_themis.conf + {{ httpdcommon('BookStack') }} AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript SetOutputFilter DEFLATE - <FilesMatch '\.php$'> - SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack' - </FilesMatch> + + PrivateBin: + interface: '{{ common['address'] }}' + port: {{ common['port'] }} + ServerName: privatebin{{ common['domain'] }} + DocumentRoot: /srv/www/PrivateBin/public + DirectoryIndex: index.php + Directory: + /srv/www/PrivateBin/: + Options: false + AllowOverride: None + Require: all granted + {{ httpdformulaexcess() }} + Formula_Append: | + {{ httpdcommon('PrivateBin') }} profile: bookstack: @@ -75,3 +99,51 @@ profile: saml2_group_attribute: groups saml2_remove_from_groups: true queue_connection: database + + privatebin: + main: + name: Bin + fileupload: true + syntaxhighlightingtheme: sons-of-obsidian + sizelimit: 310485760 + notice: 'Note: Kittens will die if you abuse this service.' + languageselection: true + urlshortener: ${'secret_privatebin:main:urlshortener'} + qrcode: true + expire: + default: 1week + expire_options: + 5min: 300 + 10min: 600 + 1hour: 3600 + 1day: 86400 + 1week: 604800 + 1month: 2592000 + 1year: 31536000 + never: 0 + formatter_options: + plaintext: Plain Text + syntaxhighlighting: Source Code + markdown: Markdown + traffic: + limit: 10 + header: X_FORWARDED_FOR + dir: /var/lib/PrivateBin/limits + purge: + limit: 300 + batchsize: 10 + dir: /var/lib/PrivateBin/limits + model: + class: Database + model_options: + dsn: ${'secret_privatebin:model_options:dsn'} + tbl: privatebin_ + usr: ${'secret_privatebin:model_options:usr'} + pwd: ${'secret_privatebin:model_options:pwd'} + opt[12]: true + +firewalld: + zones: + backend: + services: + - https |