gvasalt/states/nginx/init.sls

nginx:
  pkg:
    - installed
  service.running:
    - enable: True
    - require:
      - pkg: nginx

nginx-common:
  pkg.installed

/etc/nginx/nginx.conf:
  file.managed:
    - source: salt://nginx/nginx.conf
    - user: root
    - group: root
    - mode: 0644
    - require:
      - pkg: nginx-common
    - watch_in:
      - service: nginx

{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}

{{ nginx_ssl_certdir }}:
  file.directory:
    - user: root
    - group: root
    - mode: 0755
    - makedirs: True

{{ nginx_ssl_keydir }}:
  file.directory:
    - user: root
    - group: root
    - mode: 0750
    - makedirs: True

generate-dhparam-nginx:
  cmd.run:
    - name: openssl dhparam -out {{ nginx_ssl_keydir }}/dhparams.pem 2048
    - umask: 022
    - runas: root
    - timeout: 300
    - output_loglevel: debug
    - creates: {{ nginx_ssl_keydir }}/dhparams.pem
    - require:
      - file: {{ nginx_ssl_keydir }}
    - require_in:
      - file: /etc/nginx/conf.d/ssl.conf
    - watch_in:
      - service: nginx

/etc/nginx/conf.d/ssl.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://nginx/nginx-ssl.conf
    - template: jinja
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx

/etc/nginx/snippets/security.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://nginx/nginx-security.conf
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx

/etc/nginx/conf.d/logformat.conf:
  file.managed:
    - user: root
    - group: root
    - mode: 0644
    - source: salt://nginx/nginx-logformat.conf
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx
setup vagrant box roles and nginx package 2015-10-04 19:00:46 +02:00			`nginx:`
			`pkg:`
			`- installed`
			`service.running:`
			`- enable: True`
			`- require:`
			`- pkg: nginx`

			`nginx-common:`
			`pkg.installed`

			`/etc/nginx/nginx.conf:`
			`file.managed:`
Improve salt setup This commit improves the salt setup of the Vagrant box: - Salt output is reduced to log level warning - Hosts entries are created for the internal IPs of all planned gva component VMs - .bashrc and a .bash_functions sourced from it are now managed for the vagrant user - the VM name has been changed to gva.local - recent salt versions do not depend on m2crypto anymore, therefore it is now installed before x509certificate functions are called - the rabbitmq_vhost for gva is now setup before any users are created because the previous implementation was broken with recent salt versions - the gnuviechadmin-locale-data-compile step has been simplified because Django 1.9's compilemessages takes care of recursive .mo file compilation - pillar data has been separated by role (especially queue permissions and credentials) - salt configuration is now unified with gvaldap 2016-01-29 18:34:40 +01:00			`- source: salt://nginx/nginx.conf`
setup vagrant box roles and nginx package 2015-10-04 19:00:46 +02:00			`- user: root`
			`- group: root`
			`- mode: 0644`
			`- require:`
			`- pkg: nginx-common`
			`- watch_in:`
			`- service: nginx`
setup default nginx ssl/security configuration for vagrant 2015-10-04 19:32:42 +02:00
			`{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}`
			`{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}`

			`{{ nginx_ssl_certdir }}:`
			`file.directory:`
			`- user: root`
			`- group: root`
			`- mode: 0755`
			`- makedirs: True`

			`{{ nginx_ssl_keydir }}:`
			`file.directory:`
			`- user: root`
			`- group: root`
			`- mode: 0750`
			`- makedirs: True`
Move webserver configuration to nginx state 2017-08-20 13:56:10 +02:00
			`generate-dhparam-nginx:`
			`cmd.run:`
			`- name: openssl dhparam -out {{ nginx_ssl_keydir }}/dhparams.pem 2048`
			`- umask: 022`
			`- runas: root`
			`- timeout: 300`
			`- output_loglevel: debug`
			`- creates: {{ nginx_ssl_keydir }}/dhparams.pem`
			`- require:`
			`- file: {{ nginx_ssl_keydir }}`
			`- require_in:`
			`- file: /etc/nginx/conf.d/ssl.conf`
			`- watch_in:`
			`- service: nginx`

			`/etc/nginx/conf.d/ssl.conf:`
			`file.managed:`
			`- user: root`
			`- group: root`
			`- mode: 0644`
			`- source: salt://nginx/nginx-ssl.conf`
			`- template: jinja`
			`- require:`
			`- pkg: nginx`
			`- watch_in:`
			`- service: nginx`

			`/etc/nginx/snippets/security.conf:`
			`file.managed:`
			`- user: root`
			`- group: root`
			`- mode: 0644`
			`- source: salt://nginx/nginx-security.conf`
			`- require:`
			`- pkg: nginx`
			`- watch_in:`
			`- service: nginx`

			`/etc/nginx/conf.d/logformat.conf:`
			`file.managed:`
			`- user: root`
			`- group: root`
			`- mode: 0644`
			`- source: salt://nginx/nginx-logformat.conf`
			`- require:`
			`- pkg: nginx`
			`- watch_in:`
			`- service: nginx`