diff --git a/hotfixes/T1261-srv-data.sls b/hotfixes/T1261-srv-data.sls new file mode 100644 --- /dev/null +++ b/hotfixes/T1261-srv-data.sls @@ -0,0 +1,21 @@ +# ------------------------------------------------------------- +# Salt — Hotfixes to mitigate bugs and security issues +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Project: Nasqueron +# Created: 2017-10-17 +# License: Trivial work, not eligible to copyright +# ------------------------------------------------------------- + +# ------------------------------------------------------------- +# T1261 +# We now provision /srv/data instead of /data for Docker +# containers data. As such, we ensure a symlink exists +# on servers still using /data. +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +{% if not salt['file.directory_exists']('/srv/data') and salt['file.directory_exists']('/data') %} +srv_data_symlink: + file.symlink: + - name: /srv/data + - target: /data +{% endif %} diff --git a/hotfixes/init.sls b/hotfixes/init.sls --- a/hotfixes/init.sls +++ b/hotfixes/init.sls @@ -8,3 +8,4 @@ include: - .CVE-2017-6074 + - .T1261-srv-data diff --git a/roles/mailserver/certificates/files/update-smtp-certificates.sh b/roles/mailserver/certificates/files/update-smtp-certificates.sh --- a/roles/mailserver/certificates/files/update-smtp-certificates.sh +++ b/roles/mailserver/certificates/files/update-smtp-certificates.sh @@ -17,7 +17,7 @@ # : ${CONTAINER_NAME='mailserver'} -: ${CERT_DIR='/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} +: ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'} : ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"} cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt diff --git a/roles/mastodon/public/init.sls b/roles/mastodon/public/init.sls --- a/roles/mastodon/public/init.sls +++ b/roles/mastodon/public/init.sls @@ -6,7 +6,7 @@ # License: Trivial work, not eligible to copyright # ------------------------------------------------------------- -/data/mastodon/public/support: +/srv/data/mastodon/public/support: file.recurse: - source: salt://wwwroot/nasqueron.org/mastodon/support - exclude_pat: E@.git diff --git a/roles/phabricator/containers/files/run-devcentral.sh b/roles/phabricator/containers/files/run-devcentral.sh --- a/roles/phabricator/containers/files/run-devcentral.sh +++ b/roles/phabricator/containers/files/run-devcentral.sh @@ -26,7 +26,7 @@ INSTANCE_NAME=devcentral PORT=31080 DOMAIN=$INSTANCE_NAME.nasqueron.org -DATA_DIRECTORY=/data/$INSTANCE_NAME +DATA_DIRECTORY=/srv/data/$INSTANCE_NAME MYSQL_INSTANCE=acquisitariat # ------------------------------------------------------------- diff --git a/roles/phabricator/containers/files/run-wolfphab.sh b/roles/phabricator/containers/files/run-wolfphab.sh --- a/roles/phabricator/containers/files/run-wolfphab.sh +++ b/roles/phabricator/containers/files/run-wolfphab.sh @@ -26,7 +26,7 @@ INSTANCE_NAME=wolfphab PORT=35080 DOMAIN=phabricator.wolfplex.be -DATA_DIRECTORY=/data/$INSTANCE_NAME +DATA_DIRECTORY=/srv/data/$INSTANCE_NAME MYSQL_INSTANCE=acquisitariat MYSQL_NAMESPACE=wolfphab diff --git a/scripts/byTasks/HTTP/check-letsencrypt-certificates b/scripts/byTasks/HTTP/check-letsencrypt-certificates --- a/scripts/byTasks/HTTP/check-letsencrypt-certificates +++ b/scripts/byTasks/HTTP/check-letsencrypt-certificates @@ -36,7 +36,7 @@ dirs = { "/usr/local/etc/letsencrypt/renewal", - "/data/letsencrypt/etc/renewal" + "/srv/data/letsencrypt/etc/renewal" }