gvasalt/roots/webserver/init.sls
Jan Dittberner 8396a0788d Improve salt setup
This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap
2016-01-31 21:08:32 +01:00

50 lines
1.1 KiB
Text

include:
- nginx
/etc/nginx/conf.d/logformat.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-logformat.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx
{% set ssldir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
generate-dhparam-nginx:
cmd.run:
- name: openssl dhparam -out {{ ssldir }}/dhparams.pem 2048
- umask: 022
- user: root
- group: root
- creates: {{ ssldir }}/dhparams.pem
- require_in:
- file: /etc/nginx/conf.d/ssl.conf
- watch_in:
- service: nginx
/etc/nginx/conf.d/ssl.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-ssl.conf
- template: jinja
- require:
- pkg: nginx
- watch_in:
- service: nginx
/etc/nginx/snippets/security.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-security.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx