From 0eca62f4ce29c4b986b24b4d5e0bc7980cdc6784 Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Feb 2023 16:20:44 +0100
Subject: Add AppArmor profile

Simple profile to allow for management of local profile drop-ins using
pillar values.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 salt/profile/apparmor/local.sls | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 salt/profile/apparmor/local.sls

(limited to 'salt')

diff --git a/salt/profile/apparmor/local.sls b/salt/profile/apparmor/local.sls
new file mode 100644
index 0000000..6dbdff3
--- /dev/null
+++ b/salt/profile/apparmor/local.sls
@@ -0,0 +1,9 @@
+{%- set aapillar = salt['pillar.get']('profile:apparmor') %}
+
+{%- if 'local' in aapillar %}
+{%- for profile, lines in aapillar['local'].items() %}
+/etc/apparmor.d/local/{{ profile }}:
+  file.managed:
+    - contents: {{ lines }}
+{%- endfor %}
+{%- endif %}
-- 
cgit v1.2.3


From 7e73f6b1a4524c39a4020a7e4a682341e50c6a7b Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Sun, 12 Feb 2023 16:21:23 +0100
Subject: web-proxy: include apparmor.local

Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 salt/role/web-proxy.sls | 1 +
 1 file changed, 1 insertion(+)

(limited to 'salt')

diff --git a/salt/role/web-proxy.sls b/salt/role/web-proxy.sls
index 81f2293..649c69e 100644
--- a/salt/role/web-proxy.sls
+++ b/salt/role/web-proxy.sls
@@ -1,5 +1,6 @@
 include:
   - nginx.pkg
+  - profile.apparmor.local
   - nginx.config
   - nginx.snippets
   - nginx.servers
-- 
cgit v1.2.3