From bf3aaa5ff112840a0d89b7df7bd8b85a45842eb0 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Mar 2023 17:01:17 +0100
Subject: id.themis: import PrivateBin configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
pillar/id/themis_lysergic_dev.sls | 42 +++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
(limited to 'pillar')
diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls
index 0773f4f..81538e9 100644
--- a/pillar/id/themis_lysergic_dev.sls
+++ b/pillar/id/themis_lysergic_dev.sls
@@ -75,3 +75,45 @@ profile:
saml2_group_attribute: groups
saml2_remove_from_groups: true
queue_connection: database
+
+ privatebin:
+ main:
+ name: Bin
+ fileupload: true
+ syntaxhighlightingtheme: sons-of-obsidian
+ sizelimit: 310485760
+ notice: 'Note: Kittens will die if you abuse this service.'
+ languageselection: true
+ urlshortener: ${'secret_privatebin:main:urlshortener'}
+ qrcode: true
+ expire:
+ default: 1week
+ expire_options:
+ 5min: 300
+ 10min: 600
+ 1hour: 3600
+ 1day: 86400
+ 1week: 604800
+ 1month: 2592000
+ 1year: 31536000
+ never: 0
+ formatter_options:
+ plaintext: Plain Text
+ syntaxhighlighting: Source Code
+ markdown: Markdown
+ traffic:
+ limit: 10
+ header: X_FORWARDED_FOR
+ dir: /var/lib/PrivateBin/limits
+ purge:
+ limit: 300
+ batchsize: 10
+ dir: /var/lib/PrivateBin/limits
+ model:
+ class: Database
+ model_options:
+ dsn: ${'secret_privatebin:model_options:dsn'}
+ tbl: privatebin_
+ usr: ${'secret_privatebin:model_options:usr'}
+ pwd: ${'secret_privatebin:model_options:pwd'}
+ opt[12]: true
--
cgit v1.2.3
From 4ff7a39f0ed24cf279347937f5b96aedfa2e8cce Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Mar 2023 17:21:32 +0100
Subject: id.themis: import PrivateBin httpd vhost
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
pillar/id/themis_lysergic_dev.sls | 50 +++++++++++++++++++++++++++++----------
1 file changed, 37 insertions(+), 13 deletions(-)
(limited to 'pillar')
diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls
index 81538e9..5decac5 100644
--- a/pillar/id/themis_lysergic_dev.sls
+++ b/pillar/id/themis_lysergic_dev.sls
@@ -1,9 +1,26 @@
+{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}
+
+{%- macro httpdformulaexcess() -%}
+ LogLevel: False
+ ErrorLog: False
+ LogFormat: False
+ CustomLog: False
+ ServerAdmin: False
+ ServerAlias: False
+{%- endmacro -%}
+{%- macro httpdcommon(app) -%}
+ Include {{ common['snippetsdir'] }}ssl_themis.conf
+ <FilesMatch '\.php$'>
+ SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
+ </FilesMatch>
+{%- endmacro -%}
+
apache:
sites:
BookStack:
- interface: '[fd29:8e45:f292:ff80::1]'
- port: 443
- ServerName: bookstack.themis.backend.syscid.com
+ interface: '{{ common['address'] }}'
+ port: {{ common['port'] }}
+ ServerName: bookstack{{ common['domain'] }}
DocumentRoot: /srv/www/BookStack/
DirectoryIndex: index.php
Directory:
@@ -21,19 +38,26 @@ apache:
RewriteCond '%{REQUEST_FILENAME} !-d'
RewriteCond '%{REQUEST_FILENAME} !-f'
RewriteCond '^ index.php [L]'
- LogLevel: False
- ErrorLog: False
- LogFormat: False
- CustomLog: False
- ServerAdmin: False
- ServerAlias: False
+ {{ httpdformulaexcess() }}
Formula_Append: |
- Include /etc/apache2/snippets.d/ssl_themis.conf
+ {{ httpdcommon('BookStack') }}
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
SetOutputFilter DEFLATE
- <FilesMatch '\.php$'>
- SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack'
- </FilesMatch>
+
+ PrivateBin:
+ interface: '{{ common['address'] }}'
+ port: {{ common['port'] }}
+ ServerName: privatebin{{ common['domain'] }}
+ DocumentRoot: /srv/www/PrivateBin/public
+ DirectoryIndex: index.php
+ Directory:
+ /srv/www/PrivateBin/:
+ Options: false
+ AllowOverride: None
+ Require: all granted
+ {{ httpdformulaexcess() }}
+ Formula_Append: |
+ {{ httpdcommon('PrivateBin') }}
profile:
bookstack:
--
cgit v1.2.3
From f32d814658a3005654b10e28c0827fb2a9302678 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sat, 29 Apr 2023 18:39:30 +0200
Subject: id.themis: import backend firewall rules
Allow HTTPS traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
pillar/id/themis_lysergic_dev.sls | 6 ++++++
1 file changed, 6 insertions(+)
(limited to 'pillar')
diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls
index 5decac5..67a7757 100644
--- a/pillar/id/themis_lysergic_dev.sls
+++ b/pillar/id/themis_lysergic_dev.sls
@@ -141,3 +141,9 @@ profile:
usr: ${'secret_privatebin:model_options:usr'}
pwd: ${'secret_privatebin:model_options:pwd'}
opt[12]: true
+
+firewalld:
+ zones:
+ backend:
+ services:
+ - https
--
cgit v1.2.3