From bf3aaa5ff112840a0d89b7df7bd8b85a45842eb0 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 12 Mar 2023 17:01:17 +0100 Subject: id.themis: import PrivateBin configuration Signed-off-by: Georg Pfuetzenreuter --- pillar/id/themis_lysergic_dev.sls | 42 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'pillar') diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index 0773f4f..81538e9 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -75,3 +75,45 @@ profile: saml2_group_attribute: groups saml2_remove_from_groups: true queue_connection: database + + privatebin: + main: + name: Bin + fileupload: true + syntaxhighlightingtheme: sons-of-obsidian + sizelimit: 310485760 + notice: 'Note: Kittens will die if you abuse this service.' + languageselection: true + urlshortener: ${'secret_privatebin:main:urlshortener'} + qrcode: true + expire: + default: 1week + expire_options: + 5min: 300 + 10min: 600 + 1hour: 3600 + 1day: 86400 + 1week: 604800 + 1month: 2592000 + 1year: 31536000 + never: 0 + formatter_options: + plaintext: Plain Text + syntaxhighlighting: Source Code + markdown: Markdown + traffic: + limit: 10 + header: X_FORWARDED_FOR + dir: /var/lib/PrivateBin/limits + purge: + limit: 300 + batchsize: 10 + dir: /var/lib/PrivateBin/limits + model: + class: Database + model_options: + dsn: ${'secret_privatebin:model_options:dsn'} + tbl: privatebin_ + usr: ${'secret_privatebin:model_options:usr'} + pwd: ${'secret_privatebin:model_options:pwd'} + opt[12]: true -- cgit v1.2.3 From 4ff7a39f0ed24cf279347937f5b96aedfa2e8cce Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sun, 12 Mar 2023 17:21:32 +0100 Subject: id.themis: import PrivateBin httpd vhost Signed-off-by: Georg Pfuetzenreuter --- pillar/id/themis_lysergic_dev.sls | 50 +++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 13 deletions(-) (limited to 'pillar') diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index 81538e9..5decac5 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -1,9 +1,26 @@ +{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%} + +{%- macro httpdformulaexcess() -%} + LogLevel: False + ErrorLog: False + LogFormat: False + CustomLog: False + ServerAdmin: False + ServerAlias: False +{%- endmacro -%} +{%- macro httpdcommon(app) -%} + Include {{ common['snippetsdir'] }}ssl_themis.conf + + SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}' + +{%- endmacro -%} + apache: sites: BookStack: - interface: '[fd29:8e45:f292:ff80::1]' - port: 443 - ServerName: bookstack.themis.backend.syscid.com + interface: '{{ common['address'] }}' + port: {{ common['port'] }} + ServerName: bookstack{{ common['domain'] }} DocumentRoot: /srv/www/BookStack/ DirectoryIndex: index.php Directory: @@ -21,19 +38,26 @@ apache: RewriteCond '%{REQUEST_FILENAME} !-d' RewriteCond '%{REQUEST_FILENAME} !-f' RewriteCond '^ index.php [L]' - LogLevel: False - ErrorLog: False - LogFormat: False - CustomLog: False - ServerAdmin: False - ServerAlias: False + {{ httpdformulaexcess() }} Formula_Append: | - Include /etc/apache2/snippets.d/ssl_themis.conf + {{ httpdcommon('BookStack') }} AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript SetOutputFilter DEFLATE - - SetHandler 'proxy:unix:/run/php-fpm/BookStack.sock|fcgi://BookStack' - + + PrivateBin: + interface: '{{ common['address'] }}' + port: {{ common['port'] }} + ServerName: privatebin{{ common['domain'] }} + DocumentRoot: /srv/www/PrivateBin/public + DirectoryIndex: index.php + Directory: + /srv/www/PrivateBin/: + Options: false + AllowOverride: None + Require: all granted + {{ httpdformulaexcess() }} + Formula_Append: | + {{ httpdcommon('PrivateBin') }} profile: bookstack: -- cgit v1.2.3 From f32d814658a3005654b10e28c0827fb2a9302678 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Sat, 29 Apr 2023 18:39:30 +0200 Subject: id.themis: import backend firewall rules Allow HTTPS traffic. Signed-off-by: Georg Pfuetzenreuter --- pillar/id/themis_lysergic_dev.sls | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'pillar') diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index 5decac5..67a7757 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -141,3 +141,9 @@ profile: usr: ${'secret_privatebin:model_options:usr'} pwd: ${'secret_privatebin:model_options:pwd'} opt[12]: true + +firewalld: + zones: + backend: + services: + - https -- cgit v1.2.3