Jan Dittberner
2833b78c8a
- setup listener and pg_hba.conf for PostgreSQL server - add state code for gva - add macros for nginx and uwsgi with Python 3 support - add pillar data for gva
32 lines
1.1 KiB
Plaintext
32 lines
1.1 KiB
Plaintext
{%- macro key_cert(domain_name) %}
|
|
{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
|
|
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
|
|
{% set keyfile = nginx_ssl_keydir + '/' + domain_name + '.key.pem' %}
|
|
{% set certfile = nginx_ssl_certdir + '/' + domain_name + '.crt.pem' %}
|
|
|
|
{{ keyfile }}:
|
|
rsa_key.valid_key:
|
|
- bits: {{ salt['pillar.get']('nginx:keylength:' + domain_name, 2048) }}
|
|
- require:
|
|
- file: {{ nginx_ssl_keydir }}
|
|
- pkg: python3-cryptography
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
|
|
{{ certfile }}:
|
|
cmd.run:
|
|
- name: openssl req -new -x509 -key {{ keyfile }} -subj '/CN={{ domain_name }}' -days 730 -out {{ certfile }}
|
|
- require:
|
|
- rsa_key: {{ keyfile }}
|
|
- creates: {{ certfile }}
|
|
x509_certificate.valid_certificate:
|
|
- require:
|
|
- file: {{ nginx_ssl_certdir }}
|
|
- cmd: {{ certfile }}
|
|
- pkg: python3-cryptography
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
{% endmacro %}
|