summaryrefslogtreecommitdiffstats
path: root/pillar/id/themis_lysergic_dev.sls
blob: 5c3df5e74a2b8df5a44173ca5bcf01acd42e74c5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}

{%- macro httpdformulaexcess() -%}
      LogLevel: False
      ErrorLog: False
      LogFormat: False
      CustomLog: False
      ServerAdmin: False
      ServerAlias: False
{%- endmacro -%}
{%- macro httpdcommon(app) -%}
        Include {{ common['snippetsdir'] }}ssl_themis.conf
        <FilesMatch '\.php$'>
          SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
        </FilesMatch>
{%- endmacro -%}

apache:
  sites:
    BookStack:
      interface: '{{ common['address'] }}'
      port: {{ common['port'] }}
      ServerName: bookstack{{ common['domain'] }}
      DocumentRoot: /srv/www/BookStack/
      DirectoryIndex: index.php
      Directory:
        /srv/www/BookStack/:
          Options: false
          AllowOverride: None
          Require: all granted
          Formula_Append: |
            RewriteEngine On
            RewriteCond '%{HTTP:Authorization} .'
            RewriteCond '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'
            RewriteCond '%{REQUEST_FILENAME} !-d'
            RewriteCond '%{REQUEST_URI} (.+)/$'
            RewriteCond '^ %1 [L,R=301]'
            RewriteCond '%{REQUEST_FILENAME} !-d'
            RewriteCond '%{REQUEST_FILENAME} !-f'
            RewriteCond '^ index.php [L]'
      {{ httpdformulaexcess() }}
      Formula_Append: |
        {{ httpdcommon('BookStack') }}
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
        SetOutputFilter DEFLATE

    PrivateBin:
      interface: '{{ common['address'] }}'
      port: {{ common['port'] }}
      ServerName: privatebin{{ common['domain'] }}
      DocumentRoot: /srv/www/PrivateBin/public
      DirectoryIndex: index.php
      Directory:
        /srv/www/PrivateBin/:
          Options: false
          AllowOverride: None
          Require: all granted
      {{ httpdformulaexcess() }}
      Formula_Append: |
        {{ httpdcommon('PrivateBin') }}

profile:
  bookstack:
    app_url: https://libertacasa.info
    db_host: ${'secret_bookstack:db_host'}
    db_database: ${'secret_bookstack:db_database'}
    db_username: ${'secret_bookstack:db_username'}
    db_password: ${'secret_bookstack:db_password'}
    mail_driver: smtp
    mail_from_name: LibertaCasa Documentation
    mail_from: mail@libertacasa.info
    mail_host: zz0.email
    mail_port: 465
    mail_username: mail@libertacasa.info
    mail_password: ${'secret_bookstack:mail_password'}
    mail_encryption: ssl
    app_theme: lysergic
    cache_driver: memcached
    session_driver: memcached
    memcached_servers: /run/memcached/memcached.sock
    session_secure_cookie: true
    session_cookie_name: libertacasa_megayummycookie
    app_debug: false
    session_lifetime: 240
    auth_method: saml2
    auth_auto_initiate: true
    saml2_name: LibertaCasa SSO
    saml2_email_attribute: email
    saml2_external_id_attribute: uid
    saml2_display_name_attributes: fullname
    saml2_idp_entityid: https://libsso.net/realms/LibertaCasa
    saml2_idp_sso: https://libsso.net/realms/LibertaCasa/protocol/saml
    saml2_idp_slo: https://libsso.net/realms/LibertaCasa/protocol/saml
    saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'}
    saml2_autoload_metadata: false
    saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'}
    saml2_sp_x509_key: ${'secret_bookstack:saml2_sp_x509_key'}
    saml2_user_to_groups: true
    saml2_group_attribute: groups
    saml2_remove_from_groups: true
    queue_connection: database

  privatebin:
    main:
      name: Bin
      fileupload: true
      syntaxhighlightingtheme: sons-of-obsidian
      sizelimit: 310485760
      notice: 'Note: Kittens will die if you abuse this service.'
      languageselection: true
      urlshortener: ${'secret_privatebin:main:urlshortener'}
      qrcode: true
    expire:
      default: 1week
    expire_options:
      5min: 300
      10min: 600
      1hour: 3600
      1day: 86400
      1week: 604800
      1month: 2592000
      1year: 31536000
      never: 0
    formatter_options:
      plaintext: Plain Text
      syntaxhighlighting: Source Code
      markdown: Markdown
    traffic:
      limit: 10
      header: X_FORWARDED_FOR
      dir: /var/lib/PrivateBin/limits
    purge:
      limit: 300
      batchsize: 10
      dir: /var/lib/PrivateBin/limits
    model:
      class: Database
    model_options:
      dsn: ${'secret_privatebin:model_options:dsn'}
      tbl: privatebin_
      usr: ${'secret_privatebin:model_options:usr'}
      pwd: ${'secret_privatebin:model_options:pwd'}
      opt[12]: true

manage_firewall: True
firewalld:
  zones:
    backend:
      services:
        - https