Jan Dittberner
6a8997e950
This commit adds an initial Vagrant and Saltstack setup that reuses the same configuration as that of the gva repository. The LDAP server itself is not configured yet.
51 lines
1.1 KiB
Plaintext
51 lines
1.1 KiB
Plaintext
include:
|
|
- nginx
|
|
|
|
/etc/nginx/conf.d/logformat.conf:
|
|
file.managed:
|
|
- user: root
|
|
- group: root
|
|
- mode: 0644
|
|
- source: salt://webserver/nginx-logformat.conf
|
|
- require:
|
|
- pkg: nginx
|
|
- watch_in:
|
|
- service: nginx
|
|
|
|
{% set ssldir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
|
|
|
|
generate-dhparam-nginx:
|
|
cmd.run:
|
|
- name: openssl dhparam -out {{ ssldir }}/dhparams.pem 2048
|
|
- umask: 022
|
|
- user: root
|
|
- group: root
|
|
- creates: {{ ssldir }}/dhparams.pem
|
|
- require_in:
|
|
- file: /etc/nginx/conf.d/ssl.conf
|
|
- watch_in:
|
|
- service: nginx
|
|
|
|
/etc/nginx/conf.d/ssl.conf:
|
|
file.managed:
|
|
- user: root
|
|
- group: root
|
|
- mode: 0644
|
|
- source: salt://webserver/nginx-ssl.conf
|
|
- template: jinja
|
|
- require:
|
|
- pkg: nginx
|
|
- watch_in:
|
|
- service: nginx
|
|
|
|
/etc/nginx/snippets/security.conf:
|
|
file.managed:
|
|
- user: root
|
|
- group: root
|
|
- mode: 0644
|
|
- source: salt://webserver/nginx-security.conf
|
|
- require:
|
|
- pkg: nginx
|
|
- watch_in:
|
|
- service: nginx
|