Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F25194150
D4046.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
192 KB
Referenced Files
None
Subscribers
None
D4046.diff
View Options
diff --git a/_modules/paas_docker.py b/_modules/paas_docker.py
--- a/_modules/paas_docker.py
+++ b/_modules/paas_docker.py
@@ -15,7 +15,7 @@
State Example::
- {% image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
+ {% image = salt["paas_docker.get_image"]("nasqueron/mysql", container) %}
"""
image = default_image
diff --git a/hotfixes/CVE-2017-6074.sls b/hotfixes/CVE-2017-6074.sls
--- a/hotfixes/CVE-2017-6074.sls
+++ b/hotfixes/CVE-2017-6074.sls
@@ -9,14 +9,14 @@
# CVE-2017-6074
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
/etc/modprobe.d/blocklist-dccp.conf:
file.managed:
- source: salt://hotfixes/files/CVE-2017-6074-blocklist-dccp.conf
- mode: 644
{% endif %}
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
/etc/modprobe.d/disable-dccp.conf:
file.managed:
- source: salt://hotfixes/files/CVE-2017-6074-disable-dccp.conf
diff --git a/hotfixes/MariaDB.sls b/hotfixes/MariaDB.sls
--- a/hotfixes/MariaDB.sls
+++ b/hotfixes/MariaDB.sls
@@ -14,7 +14,7 @@
# The new cluster db-b needs it for proper Unicode collation.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has_role']('dbserver-mysql') %}
+{% if salt["node.has_role"]("dbserver-mysql") %}
/etc/pkg/FreeBSD.conf:
file.replace:
diff --git a/hotfixes/T1261-srv-data.sls b/hotfixes/T1261-srv-data.sls
--- a/hotfixes/T1261-srv-data.sls
+++ b/hotfixes/T1261-srv-data.sls
@@ -12,7 +12,7 @@
# on servers still using /data.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if not salt['file.directory_exists']('/srv/data') and salt['file.directory_exists']('/data') %}
+{% if not salt["file.directory_exists"]("/srv/data") and salt["file.directory_exists"]("/data") %}
srv_data_symlink:
file.symlink:
- name: /srv/data
diff --git a/hotfixes/T1345-drop-jails-from-ysul.sls b/hotfixes/T1345-drop-jails-from-ysul.sls
--- a/hotfixes/T1345-drop-jails-from-ysul.sls
+++ b/hotfixes/T1345-drop-jails-from-ysul.sls
@@ -12,9 +12,9 @@
# Keep jails directories' content.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['id'] in pillar['roles_disabled']['paas_jails'] %}
+{% if grains["id"] in pillar["roles_disabled"]["paas_jails"] %}
-{% for jail_rc_config_file in ['jail', 'netif/jails', 'ezjail'] %}
+{% for jail_rc_config_file in ["jail", "netif/jails", "ezjail"] %}
/etc/rc.conf.d/{{ jail_rc_config_file }}:
file.absent
{% endfor %}
diff --git a/hotfixes/leap-seconds.sls b/hotfixes/leap-seconds.sls
--- a/hotfixes/leap-seconds.sls
+++ b/hotfixes/leap-seconds.sls
@@ -11,7 +11,7 @@
# Known issue - https://bugs.ntp.org/show_bug.cgi?id=3898
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/var/db/ntpd.leap-seconds.list:
file.managed:
diff --git a/hotfixes/old-directories.sls b/hotfixes/old-directories.sls
--- a/hotfixes/old-directories.sls
+++ b/hotfixes/old-directories.sls
@@ -14,7 +14,7 @@
# role can be pruned.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has_role']('shellserver') %}
+{% if salt["node.has_role"]("shellserver") %}
/var/www/html:
file.absent
diff --git a/hotfixes/python3.sls b/hotfixes/python3.sls
--- a/hotfixes/python3.sls
+++ b/hotfixes/python3.sls
@@ -13,7 +13,7 @@
# it's probably best to ensure an alias by looking for an interpreter.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/usr/local/bin/python3:
cmd.script:
- source: salt://hotfixes/files/alias-python3-interpreter.sh
diff --git a/hotfixes/salt.sls b/hotfixes/salt.sls
--- a/hotfixes/salt.sls
+++ b/hotfixes/salt.sls
@@ -18,7 +18,7 @@
# GNU grep deprecated egrep separate utility.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['kernel'] == 'Linux' %}
+{% if grains["kernel"] == "Linux" %}
{% if salt["pkg.version_cmp"](grains["saltversion"], "3007") >= 0 %}
T1991_egrep_patch:
diff --git a/map.jinja b/map.jinja
--- a/map.jinja
+++ b/map.jinja
@@ -1,225 +1,225 @@
-{% set dirs = salt['grains.filter_by']({
- 'Debian': {
- 'etc': '/etc',
- 'bin': '/usr/bin',
- 'home': '/home',
- 'include': '/usr/include',
- 'lib': '/usr/lib',
- 'libexec': '/usr/libexec',
- 'man': '/usr/share/man',
- 'sbin': '/usr/sbin',
- 'share': '/usr/share',
- },
- 'FreeBSD' : {
- 'etc': '/usr/local/etc',
- 'bin': '/usr/local/bin',
- 'home': '/home',
- 'include': '/usr/local/include',
- 'lib': '/usr/local/lib',
- 'libexec': '/usr/local/libexec',
- 'man': '/usr/local/share/man',
- 'sbin': '/usr/local/sbin',
- 'share': '/usr/local/share',
- },
-}, default='Debian') %}
+{% set dirs = salt["grains.filter_by"]({
+ "Debian": {
+ "etc": "/etc",
+ "bin": "/usr/bin",
+ "home": "/home",
+ "include": "/usr/include",
+ "lib": "/usr/lib",
+ "libexec": "/usr/libexec",
+ "man": "/usr/share/man",
+ "sbin": "/usr/sbin",
+ "share": "/usr/share",
+ },
+ "FreeBSD" : {
+ "etc": "/usr/local/etc",
+ "bin": "/usr/local/bin",
+ "home": "/home",
+ "include": "/usr/local/include",
+ "lib": "/usr/local/lib",
+ "libexec": "/usr/local/libexec",
+ "man": "/usr/local/share/man",
+ "sbin": "/usr/local/sbin",
+ "share": "/usr/local/share",
+ },
+}, default="Debian") %}
-{% set services = salt['grains.filter_by']({
- 'Debian': {
- 'manager': 'systemd',
- 'firewall': 'iptables',
+{% set services = salt["grains.filter_by"]({
+ "Debian": {
+ "manager": "systemd",
+ "firewall": "iptables",
},
- 'RedHat': {
- 'manager': 'systemd',
- 'firewall': 'firewalld',
+ "RedHat": {
+ "manager": "systemd",
+ "firewall": "firewalld",
},
- 'FreeBSD' : {
- 'manager': 'rc',
- 'firewall': 'pf',
+ "FreeBSD" : {
+ "manager": "rc",
+ "firewall": "pf",
},
-}, default='Debian') %}
+}, default="Debian") %}
-{% set shells = salt['grains.filter_by']({
- 'Debian': {
- 'bash': '/bin/bash',
- 'fish': '/usr/bin/fish',
- 'nologin': '/usr/sbin/nologin',
- 'tcsh': '/usr/bin/tcsh',
- 'zsh': '/bin/zsh',
- },
- 'FreeBSD' : {
- 'bash': '/usr/local/bin/bash',
- 'fish': '/usr/local/bin/fish',
- 'nologin': '/sbin/nologin',
- 'tcsh': '/bin/tcsh',
- 'zsh': '/usr/local/bin/zsh',
- },
- 'Arch': {
- 'bash': '/bin/bash',
- 'fish': '/usr/bin/fish',
- 'nologin': '/sbin/nologin',
- 'tcsh': '/usr/bin/tcsh',
- 'zsh': '/bin/zsh',
- },
-}, default='Debian') %}
+{% set shells = salt["grains.filter_by"]({
+ "Debian": {
+ "bash": "/bin/bash",
+ "fish": "/usr/bin/fish",
+ "nologin": "/usr/sbin/nologin",
+ "tcsh": "/usr/bin/tcsh",
+ "zsh": "/bin/zsh",
+ },
+ "FreeBSD" : {
+ "bash": "/usr/local/bin/bash",
+ "fish": "/usr/local/bin/fish",
+ "nologin": "/sbin/nologin",
+ "tcsh": "/bin/tcsh",
+ "zsh": "/usr/local/bin/zsh",
+ },
+ "Arch": {
+ "bash": "/bin/bash",
+ "fish": "/usr/bin/fish",
+ "nologin": "/sbin/nologin",
+ "tcsh": "/usr/bin/tcsh",
+ "zsh": "/bin/zsh",
+ },
+}, default="Debian") %}
-{% set paths = salt['grains.filter_by']({
- 'FreeBSD': {
- 'sshd': '/usr/sbin/sshd',
- 'sftp': '/usr/libexec/sftp-server',
+{% set paths = salt["grains.filter_by"]({
+ "FreeBSD": {
+ "sshd": "/usr/sbin/sshd",
+ "sftp": "/usr/libexec/sftp-server",
},
- 'Debian': {
- 'sshd': '/usr/sbin/sshd',
- 'sftp': '/usr/lib/openssh/sftp-server',
+ "Debian": {
+ "sshd": "/usr/sbin/sshd",
+ "sftp": "/usr/lib/openssh/sftp-server",
},
- 'RedHat': {
- 'sshd': '/sbin/sshd',
- 'sftp': '/usr/libexec/openssh/sftp-server',
+ "RedHat": {
+ "sshd": "/sbin/sshd",
+ "sftp": "/usr/libexec/openssh/sftp-server",
},
- 'Arch': {
- 'sshd': '/usr/sbin/sshd',
- 'sftp': '/usr/lib/ssh/sftp-server',
+ "Arch": {
+ "sshd": "/usr/sbin/sshd",
+ "sftp": "/usr/lib/ssh/sftp-server",
},
-}, default='FreeBSD') %}
+}, default="FreeBSD") %}
-{% set packages_prefixes = salt['grains.filter_by']({
- 'Debian': {
- 'pecl': 'php-',
- 'php': 'php7.4-',
- 'python3': 'python3-',
- 'rubygem': '',
- },
- 'RedHat': {
- 'pecl': 'php-pecl-',
- 'python3': 'python3-',
- 'rubygem': 'rubygem-',
- },
- 'FreeBSD' : {
- 'pecl': 'php83-pecl-',
- 'php': 'php83-',
- 'python3': 'py311-',
- 'rubygem': 'rubygem-',
- },
-}, default='Debian') %}
+{% set packages_prefixes = salt["grains.filter_by"]({
+ "Debian": {
+ "pecl": "php-",
+ "php": "php7.4-",
+ "python3": "python3-",
+ "rubygem": "",
+ },
+ "RedHat": {
+ "pecl": "php-pecl-",
+ "python3": "python3-",
+ "rubygem": "rubygem-",
+ },
+ "FreeBSD" : {
+ "pecl": "php83-pecl-",
+ "php": "php83-",
+ "python3": "py311-",
+ "rubygem": "rubygem-",
+ },
+}, default="Debian") %}
-{% set packages = salt['grains.filter_by']({
- 'Debian' : {
- '7zip': '7zip',
- 'ag': 'silversearcher-ag',
- 'aspell-fr': 'aspell-fr',
- 'aspell-en': 'aspell-en',
- 'bats': 'bats',
- 'boost': 'libboost-all-dev',
- 'c-ares': 'libc-ares-dev',
- 'certbot': 'certbot',
- 'composer': 'composer',
- 'cppunit': 'libcppunit-dev',
- 'djvulibre': 'djvulibre-bin',
- 'exiftool': 'libimage-exiftool-perl',
- 'gpg': 'gpg',
- 'imagemagick': 'imagemagick',
- 'jpeg-turbo' : 'libjpeg-turbo',
- 'librabbitmq': 'librabbitmq-dev',
- 'lua': 'lua5.1',
- 'mariadb': 'mariadb-server',
- 'mtr': 'mtr',
- 'netcat': 'netcat-openbsd',
- 'node': 'nodejs',
- 'pandoc': 'pandoc',
- 'pear': 'php-pear',
- 'phpcs': 'php-codesniffer',
- 'postgresql': 'postgresql-17',
- 'prometheus-node-exporter': 'prometheus-node-exporter',
- 'sphinx': 'python3-sphinx',
- 'tcl': 'tcl8.6-dev',
- 'tcltls': 'tcl-tls',
- 'tdom': 'tdom',
- 'varnish': 'varnish',
- 'verbiste': 'verbiste',
- 'yubico-pam': 'libpam-yubico',
- },
- 'RedHat': {
- 'ag': 'the_silver_searcher',
- 'aspell-fr': 'aspell-fr',
- 'c-ares': 'c-ares-devel',
- 'certbot': 'python3-certbot',
- 'cppunit': 'cppunit-devel',
- 'djvulibre': 'djvulibre',
- 'exiftool': 'perl-Image-ExifTool',
- 'jpeg-turbo' : 'libjpeg-turbo',
- 'librabbitmq': 'librabbitmq',
- 'lua': 'lua',
- 'mariadb': 'mariadb-server',
- 'mtr': 'mtr',
- 'netcat': 'nmap-ncat',
- 'node': 'nodejs',
- 'pandoc': 'pandoc',
- 'pear': 'php-pear',
- 'phpcs': 'php-pear-PHP-CodeSniffer',
- 'prometheus-node-exporter': 'golang-github-prometheus-node-exporter',
- 'sphinx': 'python3-sphinx',
- 'tcl': 'tcl',
- 'tcltls': 'tcltls',
- 'varnish': 'varnish',
- 'yubico-pam': 'pam_yubico',
- },
- 'Arch': {
- 'ag': 'the_silver_searcher',
- 'aspell-fr': 'aspell-fr',
- 'certbot': 'certbot',
- 'cppunit': 'cppunit',
- 'mariadb': 'mariadb',
- 'mtr': 'mtr',
- 'sphinx': 'python-sphinx',
- 'tcltls': 'tcltls',
- 'varnish': 'varnish',
- 'yubico-pam': 'yubico-pam',
- },
- 'FreeBSD' : {
- '7zip': '7-zip',
- 'ag': 'the_silver_searcher',
- 'aspell-fr': 'fr-aspell',
- 'aspell-en': 'en-aspell',
- 'bats': 'bats-core',
- 'boost': 'boost-all',
- 'c-ares': 'c-ares',
- 'certbot': 'py311-certbot',
- 'composer': 'php83-composer',
- 'cppunit': 'cppunit',
- 'djvulibre': 'djvulibre',
- 'exiftool': 'p5-Image-ExifTool-devel',
- 'gpg': 'gnupg',
- 'imagemagick': 'ImageMagick6-nox11',
- 'jpeg-turbo' : 'jpeg-turbo',
- 'librabbitmq': 'rabbitmq-c',
- 'lua': 'lua51',
- 'mariadb': 'mariadb1011-server',
- 'mariadb-client': 'mariadb1011-client',
- 'mtr': 'mtr-nox11',
- 'node': 'node',
- 'pandoc': 'hs-pandoc',
- 'pear': 'pear',
- 'phpcs': 'pear-PHP_CodeSniffer',
- 'postgresql': 'postgresql17-server',
- 'postgresql-contrib': 'postgresql17-contrib',
- 'prometheus-node-exporter': 'node_exporter',
- 'sphinx': 'py311-sphinx',
- 'tcl': 'tcl86',
- 'tcltls': 'tcltls',
- 'tdom': 'tDOM',
- 'varnish': 'varnish5',
- 'verbiste': 'fr-verbiste',
- 'yubico-pam': 'pam_yubico',
- },
-}, default='Debian') %}
+{% set packages = salt["grains.filter_by"]({
+ "Debian" : {
+ "7zip": "7zip",
+ "ag": "silversearcher-ag",
+ "aspell-fr": "aspell-fr",
+ "aspell-en": "aspell-en",
+ "bats": "bats",
+ "boost": "libboost-all-dev",
+ "c-ares": "libc-ares-dev",
+ "certbot": "certbot",
+ "composer": "composer",
+ "cppunit": "libcppunit-dev",
+ "djvulibre": "djvulibre-bin",
+ "exiftool": "libimage-exiftool-perl",
+ "gpg": "gpg",
+ "imagemagick": "imagemagick",
+ "jpeg-turbo" : "libjpeg-turbo",
+ "librabbitmq": "librabbitmq-dev",
+ "lua": "lua5.1",
+ "mariadb": "mariadb-server",
+ "mtr": "mtr",
+ "netcat": "netcat-openbsd",
+ "node": "nodejs",
+ "pandoc": "pandoc",
+ "pear": "php-pear",
+ "phpcs": "php-codesniffer",
+ "postgresql": "postgresql-17",
+ "prometheus-node-exporter": "prometheus-node-exporter",
+ "sphinx": "python3-sphinx",
+ "tcl": "tcl8.6-dev",
+ "tcltls": "tcl-tls",
+ "tdom": "tdom",
+ "varnish": "varnish",
+ "verbiste": "verbiste",
+ "yubico-pam": "libpam-yubico",
+ },
+ "RedHat": {
+ "ag": "the_silver_searcher",
+ "aspell-fr": "aspell-fr",
+ "c-ares": "c-ares-devel",
+ "certbot": "python3-certbot",
+ "cppunit": "cppunit-devel",
+ "djvulibre": "djvulibre",
+ "exiftool": "perl-Image-ExifTool",
+ "jpeg-turbo" : "libjpeg-turbo",
+ "librabbitmq": "librabbitmq",
+ "lua": "lua",
+ "mariadb": "mariadb-server",
+ "mtr": "mtr",
+ "netcat": "nmap-ncat",
+ "node": "nodejs",
+ "pandoc": "pandoc",
+ "pear": "php-pear",
+ "phpcs": "php-pear-PHP-CodeSniffer",
+ "prometheus-node-exporter": "golang-github-prometheus-node-exporter",
+ "sphinx": "python3-sphinx",
+ "tcl": "tcl",
+ "tcltls": "tcltls",
+ "varnish": "varnish",
+ "yubico-pam": "pam_yubico",
+ },
+ "Arch": {
+ "ag": "the_silver_searcher",
+ "aspell-fr": "aspell-fr",
+ "certbot": "certbot",
+ "cppunit": "cppunit",
+ "mariadb": "mariadb",
+ "mtr": "mtr",
+ "sphinx": "python-sphinx",
+ "tcltls": "tcltls",
+ "varnish": "varnish",
+ "yubico-pam": "yubico-pam",
+ },
+ "FreeBSD" : {
+ "7zip": "7-zip",
+ "ag": "the_silver_searcher",
+ "aspell-fr": "fr-aspell",
+ "aspell-en": "en-aspell",
+ "bats": "bats-core",
+ "boost": "boost-all",
+ "c-ares": "c-ares",
+ "certbot": "py311-certbot",
+ "composer": "php83-composer",
+ "cppunit": "cppunit",
+ "djvulibre": "djvulibre",
+ "exiftool": "p5-Image-ExifTool-devel",
+ "gpg": "gnupg",
+ "imagemagick": "ImageMagick6-nox11",
+ "jpeg-turbo" : "jpeg-turbo",
+ "librabbitmq": "rabbitmq-c",
+ "lua": "lua51",
+ "mariadb": "mariadb1011-server",
+ "mariadb-client": "mariadb1011-client",
+ "mtr": "mtr-nox11",
+ "node": "node",
+ "pandoc": "hs-pandoc",
+ "pear": "pear",
+ "phpcs": "pear-PHP_CodeSniffer",
+ "postgresql": "postgresql17-server",
+ "postgresql-contrib": "postgresql17-contrib",
+ "prometheus-node-exporter": "node_exporter",
+ "sphinx": "py311-sphinx",
+ "tcl": "tcl86",
+ "tcltls": "tcltls",
+ "tdom": "tDOM",
+ "varnish": "varnish5",
+ "verbiste": "fr-verbiste",
+ "yubico-pam": "pam_yubico",
+ },
+}, default="Debian") %}
-{% set utilities = salt['grains.filter_by']({
- 'FreeBSD': {
- 'gmake': 'gmake',
+{% set utilities = salt["grains.filter_by"]({
+ "FreeBSD": {
+ "gmake": "gmake",
},
- 'Debian': {
- 'gmake': 'make',
+ "Debian": {
+ "gmake": "make",
},
-}, default='Debian') %}
+}, default="Debian") %}
{# -------------------------------------------------------------
Capabilities of OS and distributions
@@ -231,11 +231,11 @@
When at False, OpenSSH will take care of it.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #}
-{% set capabilities = salt['grains.filter_by']({
- 'Debian': {
- 'MOTD-printed-at-login': True,
+{% set capabilities = salt["grains.filter_by"]({
+ "Debian": {
+ "MOTD-printed-at-login": True,
},
- 'FreeBSD' : {
- 'MOTD-printed-at-login': False,
+ "FreeBSD" : {
+ "MOTD-printed-at-login": False,
},
-}, default='Debian') %}
+}, default="Debian") %}
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -80,7 +80,7 @@
# In addition to those extra policies, the vault_secrets_by_role
# will be parsed for the keys.
#
-# IMPORTANT: as grains['roles'] can be modified by the node,
+# IMPORTANT: as grains["roles"] can be modified by the node,
# roles are extracted directly from the pillar.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/roles/bastion/pam/init.sls b/roles/bastion/pam/init.sls
--- a/roles/bastion/pam/init.sls
+++ b/roles/bastion/pam/init.sls
@@ -11,7 +11,7 @@
# FreeBSD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/pam.d/sshd-otp:
file.managed:
diff --git a/roles/bastion/sshd-otp/service.sls b/roles/bastion/sshd-otp/service.sls
--- a/roles/bastion/sshd-otp/service.sls
+++ b/roles/bastion/sshd-otp/service.sls
@@ -16,7 +16,7 @@
# :: * / systemd
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
sshd_otp_service:
file.managed:
@@ -35,7 +35,7 @@
- watch:
- file: sshd_otp_service
-{% elif services['manager'] == 'systemd' %}
+{% elif services["manager"] == "systemd" %}
sshd_otp_service:
file.managed:
diff --git a/roles/bastion/sshd-otp/software.sls b/roles/bastion/sshd-otp/software.sls
--- a/roles/bastion/sshd-otp/software.sls
+++ b/roles/bastion/sshd-otp/software.sls
@@ -29,4 +29,4 @@
- template: jinja
- context:
sftp: {{ paths.sftp }}
- print_motd: {{ not capabilities['MOTD-printed-at-login'] }}
+ print_motd: {{ not capabilities["MOTD-printed-at-login"] }}
diff --git a/roles/bastion/yubico/authorized_yubikeys.sls b/roles/bastion/yubico/authorized_yubikeys.sls
--- a/roles/bastion/yubico/authorized_yubikeys.sls
+++ b/roles/bastion/yubico/authorized_yubikeys.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for username, user in salt['forest.get_users']().items() %}
+{% for username, user in salt["forest.get_users"]().items() %}
-{% if 'yubico_keys' in user %}
+{% if "yubico_keys" in user %}
/home/{{ username }}/.yubico:
file.directory:
- user: {{ username }}
@@ -17,7 +17,7 @@
file.managed:
- user: {{ username }}
- mode: 600
- - contents: {{ username + ':' + ':'.join(user['yubico_keys']) }}
+ - contents: {{ username + ":" + ":".join(user["yubico_keys"]) }}
{% endif %}
{% endfor %}
diff --git a/roles/bastion/yubico/pam.sls b/roles/bastion/yubico/pam.sls
--- a/roles/bastion/yubico/pam.sls
+++ b/roles/bastion/yubico/pam.sls
@@ -14,4 +14,4 @@
yubico_pam_software:
pkg.installed:
- pkgs:
- - {{ packages['yubico-pam'] }}
+ - {{ packages["yubico-pam"] }}
diff --git a/roles/bastion/yubico/selinux.sls b/roles/bastion/yubico/selinux.sls
--- a/roles/bastion/yubico/selinux.sls
+++ b/roles/bastion/yubico/selinux.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
# On Fedora and downstreams, SELinux restricts the capability
# of SSHD to connect to external servers.
diff --git a/roles/core/certificates/letsencrypt.sls b/roles/core/certificates/letsencrypt.sls
--- a/roles/core/certificates/letsencrypt.sls
+++ b/roles/core/certificates/letsencrypt.sls
@@ -7,7 +7,7 @@
{% from "map.jinja" import dirs, packages with context %}
-{% set has_nginx = salt['node']['has_nginx']() %}
+{% set has_nginx = salt["node"]["has_nginx"]() %}
{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
diff --git a/roles/core/hostname/init.sls b/roles/core/hostname/init.sls
--- a/roles/core/hostname/init.sls
+++ b/roles/core/hostname/init.sls
@@ -13,7 +13,7 @@
/etc/hostname:
file.managed:
- name: /etc/hostname
- - contents: {{ salt['node.get']('hostname') }}
+ - contents: {{ salt["node.get"]("hostname") }}
# -------------------------------------------------------------
# When the hostname is changed, what to run afterwards?
@@ -25,7 +25,7 @@
- onchanges:
- file: /etc/hostname
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
after_hostname_change_debian:
cmd.run:
- name: invoke-rc.d hostname.sh start
diff --git a/roles/core/login/init.sls b/roles/core/login/init.sls
--- a/roles/core/login/init.sls
+++ b/roles/core/login/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/login.conf:
file.managed:
@@ -33,7 +33,7 @@
# Any being is welcome to add any locale in this section.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
locales_packages:
pkg.installed:
@@ -42,7 +42,7 @@
{% endif %}
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
locales-all:
pkg.installed
diff --git a/roles/core/memory/init.sls b/roles/core/memory/init.sls
--- a/roles/core/memory/init.sls
+++ b/roles/core/memory/init.sls
@@ -15,7 +15,7 @@
{% set swap_size = 8 * 1024 %}
-{% if grains['swap_total'] == 0 %}
+{% if grains["swap_total"] == 0 %}
create_swap_file:
cmd.run:
diff --git a/roles/core/motd/init.sls b/roles/core/motd/init.sls
--- a/roles/core/motd/init.sls
+++ b/roles/core/motd/init.sls
@@ -5,17 +5,17 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set motd_path = salt['motd.get_path']() %}
-{% set network = salt['node.resolve_network']() %}
+{% set motd_path = salt["motd.get_path"]() %}
+{% set network = salt["node.resolve_network"]() %}
motd:
file.managed:
- name: {{ motd_path }}
- - source: salt://roles/core/motd/files/{{ grains['id'] }}
+ - source: salt://roles/core/motd/files/{{ grains["id"] }}
- template: jinja
- context:
- ipv4_address: {{ network['ipv4_address'] }}
- ipv4_gateway: {{ network['ipv4_gateway'] }}
+ ipv4_address: {{ network["ipv4_address"] }}
+ ipv4_gateway: {{ network["ipv4_gateway"] }}
os_info: {{ grains["osfinger"].replace("-", " ") }}
# -------------------------------------------------------------
@@ -47,7 +47,7 @@
# Generate MOTD from templates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'FreeBSD' and grains['osmajorrelease'] >= 13 %}
+{% if grains["os_family"] == "FreeBSD" and grains["osmajorrelease"] >= 13 %}
update_motd:
cmd.run:
diff --git a/roles/core/network/files/ipv6-tunnels/eglide.sh.jinja b/roles/core/network/files/ipv6-tunnels/eglide.sh.jinja
--- a/roles/core/network/files/ipv6-tunnels/eglide.sh.jinja
+++ b/roles/core/network/files/ipv6-tunnels/eglide.sh.jinja
@@ -42,5 +42,5 @@
# Short block
{%- for n in range (1, 64) %}
-$IP addr add 2001:470:1f13:896::{{ '%x' | format(n) }}/64 dev sit1 preferred_lft 0
+$IP addr add 2001:470:1f13:896::{{ "%x" | format(n) }}/64 dev sit1 preferred_lft 0
{%- endfor %}
diff --git a/roles/core/network/files/ipv6-tunnels/ysul.sh.jinja b/roles/core/network/files/ipv6-tunnels/ysul.sh.jinja
--- a/roles/core/network/files/ipv6-tunnels/ysul.sh.jinja
+++ b/roles/core/network/files/ipv6-tunnels/ysul.sh.jinja
@@ -41,12 +41,12 @@
# Canonical block
{%- for n in range (2, 16) %}
-$IFCONFIG gif0 inet6 add 2001:470:1f13:9e1:0:c0ff:ee:{{ '%x' | format(n) }}/64 alias
+$IFCONFIG gif0 inet6 add 2001:470:1f13:9e1:0:c0ff:ee:{{ "%x" | format(n) }}/64 alias
{%- endfor %}
# Short block
{%- for n in range (1, 26) %}
-$IFCONFIG gif0 inet6 add 2001:470:1f13:9e1::{{ '%x' | format(n) }}/64 alias
+$IFCONFIG gif0 inet6 add 2001:470:1f13:9e1::{{ "%x" | format(n) }}/64 alias
{%- endfor %}
# Varnish cache
diff --git a/roles/core/network/gre.sls b/roles/core/network/gre.sls
--- a/roles/core/network/gre.sls
+++ b/roles/core/network/gre.sls
@@ -13,7 +13,7 @@
# Tunnels network configuration files
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for tunnel in salt['node.resolve_gre_tunnels']() %}
+{% for tunnel in salt["node.resolve_gre_tunnels"]() %}
{% set boot_loader.gre = True %}
@@ -23,13 +23,13 @@
- makedirs: True
- template: jinja
- defaults: {{ tunnel }}
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
- context:
interface: gre-{{ tunnel["network"] }}
{% endif %}
-{% if not is_router and grains['os'] == 'FreeBSD' %}
+{% if not is_router and grains["os"] == "FreeBSD" %}
# Only once iteration of the loop is expected, as it's not a router
/usr/local/etc/rc.d/route-drake:
@@ -53,14 +53,14 @@
{% if boot_loader.gre %}
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/boot/loader.conf.d/gre.conf:
file.managed:
- source: salt://roles/core/network/files/FreeBSD/gre.conf
- mode: '0644'
{% endif %}
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
ip_gre:
kmod.present:
- persist: True
diff --git a/roles/core/network/ipv4.sls b/roles/core/network/ipv4.sls
--- a/roles/core/network/ipv4.sls
+++ b/roles/core/network/ipv4.sls
@@ -6,7 +6,7 @@
# -------------------------------------------------------------
{% from "roles/core/network/map.jinja" import interface_config with context %}
-{% set network = salt['node.get']('network') %}
+{% set network = salt["node.get"]("network") %}
# -------------------------------------------------------------
# Interface
@@ -27,8 +27,8 @@
- template: jinja
- defaults:
interface: {{ interface }}
-{% if grains['os_family'] == 'RedHat' %}
- prefix: {{ salt['network_utils.netmask_to_cidr_prefix'](interface['ipv4']['netmask']) }}
+{% if grains["os_family"] == "RedHat" %}
+ prefix: {{ salt["network_utils.netmask_to_cidr_prefix"](interface["ipv4"]["netmask"]) }}
{% endif %}
{% endif %}
diff --git a/roles/core/network/ipv6.sls b/roles/core/network/ipv6.sls
--- a/roles/core/network/ipv6.sls
+++ b/roles/core/network/ipv6.sls
@@ -7,7 +7,7 @@
{% from "map.jinja" import dirs with context %}
-{% set network = salt['node.get']('network') %}
+{% set network = salt["node.get"]("network") %}
# -------------------------------------------------------------
# Native IPv6
@@ -21,17 +21,17 @@
{% for interface_name, interface in network["interfaces"].items() %}
{% if "ipv6" in interface %}
- {% if grains['os'] == 'FreeBSD' %}
- /etc/rc.conf.d/netif/ipv6_{{ interface['device'] }}:
+ {% if grains["os"] == "FreeBSD" %}
+ /etc/rc.conf.d/netif/ipv6_{{ interface["device"] }}:
file.managed:
- source: salt://roles/core/network/files/FreeBSD/netif_ipv6.rc
- makedirs: True
- template: jinja
- context:
- interface: {{ interface['device'] }}
- ipv6_address: {{ interface['ipv6']['address'] }}
- ipv6_prefix: {{ interface['ipv6']['prefix'] | default(64) }}
- ipv6_aliases: {{ interface['ipv6']['aliases'] | default([]) }}
+ interface: {{ interface["device"] }}
+ ipv6_address: {{ interface["ipv6"]["address"] }}
+ ipv6_prefix: {{ interface["ipv6"]["prefix"] | default(64) }}
+ ipv6_aliases: {{ interface["ipv6"]["aliases"] | default([]) }}
has_native_ipv6: True
{% if "gateway" in interface["ipv6"] %}
@@ -41,10 +41,10 @@
- makedirs: True
- template: jinja
- context:
- interface: {{ interface['device'] }}
- ipv6_address: {{ interface['ipv6']['address'] }}
- ipv6_prefix: {{ interface['ipv6']['prefix'] | default(64) }}
- ipv6_gateway: {{ interface['ipv6']['gateway'] }}
+ interface: {{ interface["device"] }}
+ ipv6_address: {{ interface["ipv6"]["address"] }}
+ ipv6_prefix: {{ interface["ipv6"]["prefix"] | default(64) }}
+ ipv6_gateway: {{ interface["ipv6"]["gateway"] }}
{% endif %}
{% endif %}
diff --git a/roles/core/network/ipv6_fixes.sls b/roles/core/network/ipv6_fixes.sls
--- a/roles/core/network/ipv6_fixes.sls
+++ b/roles/core/network/ipv6_fixes.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set network = salt['node.get']('network') %}
+{% set network = salt["node.get"]("network") %}
# -------------------------------------------------------------
# Routes - legacy configuration for ipv6_gateway
@@ -13,7 +13,7 @@
{% if "ipv6_gateway" in network %}
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/routing/ipv6:
file.managed:
- source: salt://roles/core/network/files/FreeBSD/routing_ipv6.rc
diff --git a/roles/core/network/ipv6_tunnel.sls b/roles/core/network/ipv6_tunnel.sls
--- a/roles/core/network/ipv6_tunnel.sls
+++ b/roles/core/network/ipv6_tunnel.sls
@@ -11,16 +11,16 @@
# 4to6 tunnel
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has']('network:ipv6_tunnel') %}
+{% if salt["node.has"]("network:ipv6_tunnel") %}
network_ipv6:
file.managed:
- name : {{ dirs.sbin }}/ipv6-setup-tunnel
- - source: salt://roles/core/network/files/ipv6-tunnels/{{ grains['id'] }}.sh.jinja
+ - source: salt://roles/core/network/files/ipv6-tunnels/{{ grains["id"] }}.sh.jinja
- template: jinja
- mode: 755
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
/etc/systemd/system/ipv6-tunnel.service:
file.managed:
- source: salt://roles/core/network/files/ipv6-tunnels/ipv6-tunnel.service
diff --git a/roles/core/network/map.jinja b/roles/core/network/map.jinja
--- a/roles/core/network/map.jinja
+++ b/roles/core/network/map.jinja
@@ -15,18 +15,18 @@
# for EACH os/distro.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% set interface_config = salt['grains.filter_by']({
- 'FreeBSD': {
+{% set interface_config = salt["grains.filter_by"]({
+ "FreeBSD": {
"config_path": "/etc/rc.conf.d/netif/ipv4_",
"source_path": "FreeBSD/netif_ipv4.rc",
"suffix": "interface",
},
- 'RedHat': {
+ "RedHat": {
"config_path": "/etc/sysconfig/network-scripts/ifcfg-",
"source_path": "RedHat/ifcfg",
"suffix": "device",
},
- 'Debian': {
+ "Debian": {
"config_path": "/etc/network/interfaces.d/10-net-",
"source_path": "Debian/10-net.jinja",
"suffix": "device",
@@ -39,12 +39,12 @@
# See interface configuration for the documentation.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% set gre = salt['grains.filter_by']({
- 'FreeBSD': {
+{% set gre = salt["grains.filter_by"]({
+ "FreeBSD": {
"config_path": "/etc/rc.conf.d/netif/gre_",
"source_path": "FreeBSD/netif_gre.rc",
},
- 'Debian': {
+ "Debian": {
"config_path": "/etc/network/interfaces.d/10-gre-",
"source_path": "Debian/10-gre.jinja",
},
@@ -54,13 +54,13 @@
# Routes configuration by OS/distro
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% set routes_config = salt['grains.filter_by']({
- 'FreeBSD': {
+{% set routes_config = salt["grains.filter_by"]({
+ "FreeBSD": {
"config_path": "/etc/rc.conf.d/routing/managed",
"source_path": "FreeBSD/routing_ipv4.rc",
"provider": "os"
},
- 'RedHat': {
+ "RedHat": {
"config_path": "/etc/routes.conf",
"source_path": "Linux/routes.conf",
"provider": "custom-service"
diff --git a/roles/core/network/routes.sls b/roles/core/network/routes.sls
--- a/roles/core/network/routes.sls
+++ b/roles/core/network/routes.sls
@@ -23,8 +23,8 @@
# Enable packet forwarding for routers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has_role']("router") %}
-{% if grains['os'] == 'FreeBSD' %}
+{% if salt["node.has_role"]("router") %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/routing/router:
file.managed:
diff --git a/roles/core/rc/init.sls b/roles/core/rc/init.sls
--- a/roles/core/rc/init.sls
+++ b/roles/core/rc/init.sls
@@ -5,13 +5,13 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set use_zfs = salt['node.has']('zfs:pool') %}
+{% set use_zfs = salt["node.has"]("zfs:pool") %}
# -------------------------------------------------------------
# IPv6
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
rc:
file.managed:
- name : /etc/rc.local
@@ -23,7 +23,7 @@
# Periodic tasks configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/periodic.conf:
file.managed:
- source: salt://roles/core/rc/files/periodic.conf
diff --git a/roles/core/rsyslog/init.sls b/roles/core/rsyslog/init.sls
--- a/roles/core/rsyslog/init.sls
+++ b/roles/core/rsyslog/init.sls
@@ -11,7 +11,7 @@
# See http://kb.monitorware.com/kbeventdb-detail-id-6925.html
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has']('fixes:rsyslog_xconsole') %}
+{% if salt["node.has"]("fixes:rsyslog_xconsole") %}
/etc/rsyslog.d/50-default.conf:
file.managed:
- source: salt://roles/core/rsyslog/files/default.conf
diff --git a/roles/core/salt/init.sls b/roles/core/salt/init.sls
--- a/roles/core/salt/init.sls
+++ b/roles/core/salt/init.sls
@@ -11,19 +11,19 @@
salt_roles:
grains.list_present:
- name: roles
- - value: {{ salt['node.get_list']("roles") }}
+ - value: {{ salt["node.get_list"]("roles") }}
# -------------------------------------------------------------
# Repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
/etc/yum.repos.d/salt.repo:
file.managed:
- source: salt://roles/core/salt/files/salt.repo
{% endif %}
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
file.managed:
- source: salt://roles/core/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.gpg
@@ -39,7 +39,7 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/salt_minion:
file.managed:
- source: salt://roles/core/salt/files/rc.conf
diff --git a/roles/core/src/init.sls b/roles/core/src/init.sls
--- a/roles/core/src/init.sls
+++ b/roles/core/src/init.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
-{% set version = grains['kernelrelease'].split("-")[0] %}
+{% set version = grains["kernelrelease"].split("-")[0] %}
freebsd_src:
cmd.run:
diff --git a/roles/core/sshd/files/sshd_config b/roles/core/sshd/files/sshd_config
--- a/roles/core/sshd/files/sshd_config
+++ b/roles/core/sshd/files/sshd_config
@@ -29,7 +29,7 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
-{% if grains['os_family'] == 'RedHat' -%}
+{% if grains["os_family"] == "RedHat" -%}
# Don't use host DSA key (CentOS by default uses it, see T1352)
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
diff --git a/roles/core/sshd/init.sls b/roles/core/sshd/init.sls
--- a/roles/core/sshd/init.sls
+++ b/roles/core/sshd/init.sls
@@ -21,13 +21,13 @@
listen_private_address: {{ network["private_ipv4_address"] | default("localhost") }}
should_listen_to_private_address: {{ network["is_private_network_stable"] | default(false) }}
sftp: {{ paths.sftp }}
- print_motd: {{ not capabilities['MOTD-printed-at-login'] }}
+ print_motd: {{ not capabilities["MOTD-printed-at-login"] }}
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/sshd:
file.managed:
- source: salt://roles/core/sshd/files/rc.conf
diff --git a/roles/core/storage/snapshots.sls b/roles/core/storage/snapshots.sls
--- a/roles/core/storage/snapshots.sls
+++ b/roles/core/storage/snapshots.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set zfs_tank = salt['node.get']("zfs:pool") %}
+{% set zfs_tank = salt["node.get"]("zfs:pool") %}
{% if zfs_tank %}
zfstools:
diff --git a/roles/core/sudo/init.sls b/roles/core/sudo/init.sls
--- a/roles/core/sudo/init.sls
+++ b/roles/core/sudo/init.sls
@@ -11,7 +11,7 @@
# Software
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
sudo:
pkg.installed
{% endif %}
diff --git a/roles/core/sysctl/init.sls b/roles/core/sysctl/init.sls
--- a/roles/core/sysctl/init.sls
+++ b/roles/core/sysctl/init.sls
@@ -6,9 +6,9 @@
#
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
-{% set use_zfs = salt['node.has']('zfs:pool') %}
+{% set use_zfs = salt["node.has"]("zfs:pool") %}
/etc/sysctl.conf:
file.managed:
@@ -16,6 +16,6 @@
- template: jinja
- context:
use_zfs: {{ use_zfs }}
- mem: {{ grains['mem_total'] }}
+ mem: {{ grains["mem_total"] }}
is_router: {{ salt[ "node.has_role" ]("router") }}
{% endif %}
diff --git a/roles/core/timezone/init.sls b/roles/core/timezone/init.sls
--- a/roles/core/timezone/init.sls
+++ b/roles/core/timezone/init.sls
@@ -13,7 +13,7 @@
# Well no, dpkg-reconfigure after
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
/etc/timezone:
file.managed:
- contents: Etc/UTC
@@ -29,7 +29,7 @@
# Symbolic link style
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
/etc/localtime:
file.symlink:
- target: /usr/share/zoneinfo/Etc/UTC
@@ -40,7 +40,7 @@
# Okay, but WE need to know WHEN start this
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/var/db/zoneinfo:
file.managed:
- contents: Etc/UTC
diff --git a/roles/core/userland-home/init.sls b/roles/core/userland-home/init.sls
--- a/roles/core/userland-home/init.sls
+++ b/roles/core/userland-home/init.sls
@@ -9,10 +9,10 @@
{% from "map.jinja" import dirs with context %}
-{% for username, user in salt['forest.get_users']().items() %}
-{% set tasks = user.get('everywhere_tasks', []) %}
+{% for username, user in salt["forest.get_users"]().items() %}
+{% set tasks = user.get("everywhere_tasks", []) %}
-{% if 'deploy_dotfiles' in tasks %}
+{% if "deploy_dotfiles" in tasks %}
dotfiles_to_core_{{ username }}:
file.recurse:
- name: /home/{{ username }}
diff --git a/roles/core/userland-software/base.sls b/roles/core/userland-software/base.sls
--- a/roles/core/userland-software/base.sls
+++ b/roles/core/userland-software/base.sls
@@ -17,7 +17,7 @@
- pkgs:
- bash
- zsh
- {% if grains['kernel'] == 'Linux' %}
+ {% if grains["kernel"] == "Linux" %}
- tcsh
{% endif %}
@@ -72,31 +72,31 @@
- ripgrep
- tree
- wget
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- gnu-watch
{% else %}
- {{ packages.netcat }}
- net-tools
{% endif %}
- {% if grains['os_family'] == 'RedHat' %}
+ {% if grains["os_family"] == "RedHat" %}
- patch
- psmisc
- tar
{% endif %}
-{% if grains['os'] == 'Debian' %}
+{% if grains["os"] == "Debian" %}
/usr/bin/bat:
file.symlink:
- target: /usr/bin/batcat
{% endif %}
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/usr/local/bin/gwatch:
file.symlink:
- target: /usr/local/bin/gnu-watch
{% endif %}
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
{{ dirs.bin }}/new-partition:
file.managed:
- source: salt://roles/core/userland-software/files/new-partition.sh
@@ -118,7 +118,7 @@
# As checked 2023-04-19, it's not available on Debian and Rocky.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['file.file_exists'](dirs["share"] + "/nano/yaml.nanorc") %}
+{% if salt["file.file_exists"](dirs["share"] + "/nano/yaml.nanorc") %}
nano_sls_support:
file.replace:
- name: {{ dirs.share }}/nano/yaml.nanorc
diff --git a/roles/core/userland-software/sources.sls b/roles/core/userland-software/sources.sls
--- a/roles/core/userland-software/sources.sls
+++ b/roles/core/userland-software/sources.sls
@@ -10,7 +10,7 @@
# FreeBSD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
{% for repo in ["FreeBSD.conf", "Nasqueron.conf"] %}
/usr/local/etc/pkg/repos/{{ repo }}:
file.managed:
@@ -36,7 +36,7 @@
# Redhat family
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' and grains['os'] != 'Fedora' %}
+{% if grains["os_family"] == "RedHat" and grains["os"] != "Fedora" %}
epel-release:
pkg.installed
@@ -49,13 +49,13 @@
# Debian
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'Debian' %}
+{% if grains["os"] == "Debian" %}
/etc/apt/sources.list:
file.managed:
- source: salt://roles/core/userland-software/files/sources/sources.list
- template: jinja
- context:
- debian_version: {{ grains['oscodename'] }}
+ debian_version: {{ grains["oscodename"] }}
apt_update_debian_sources:
cmd.run:
@@ -68,12 +68,12 @@
# Snapcraft
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['kernel'] == 'Linux' %}
+{% if grains["kernel"] == "Linux" %}
snapd:
pkg.installed
{% endif %}
-{% if grains['os_family'] == 'RedHat' or grains['os'] == 'Arch' %}
+{% if grains["os_family"] == "RedHat" or grains["os"] == "Arch" %}
snap_enable:
cmd.run:
- name: |
diff --git a/roles/core/userland-software/starship.sls b/roles/core/userland-software/starship.sls
--- a/roles/core/userland-software/starship.sls
+++ b/roles/core/userland-software/starship.sls
@@ -12,12 +12,12 @@
# Starship installation
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
starship:
pkg.installed
{% endif %}
-{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
+{% if grains["kernel"] == "Linux" and grains["osarch"] == "x86_64" %}
install_starship:
cmd.run:
- name: snap install starship
@@ -28,7 +28,7 @@
# SELinux
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
/usr/local/share/selinux/systemd-hostnamed.te:
file.managed:
diff --git a/roles/core/users/init.sls b/roles/core/users/init.sls
--- a/roles/core/users/init.sls
+++ b/roles/core/users/init.sls
@@ -22,15 +22,15 @@
{% from "map.jinja" import dirs, shells with context %}
-{% set users = salt['forest.get_users']() %}
-{% set zfs_tank = salt['node.get']("zfs:pool") %}
-{% set forest = salt['node.get']['forest'] %}
+{% set users = salt["forest.get_users"]() %}
+{% set zfs_tank = salt["node.get"]("zfs:pool") %}
+{% set forest = salt["node.get"]["forest"] %}
# -------------------------------------------------------------
# Disabled accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for username in pillar.get('revokedusers') %}
+{% for username in pillar.get("revokedusers") %}
{{ username }}:
user.absent
{% endfor %}
@@ -53,7 +53,7 @@
- creates: {{ dirs.home }}/.zfs-permissions-set
{% for username in users %}
-{% set home_directory = zfs_tank + dirs['home'] + '/' + username %}
+{% set home_directory = zfs_tank + dirs["home"] + "/" + username %}
{{ home_directory }}:
zfs.filesystem_present:
@@ -94,22 +94,22 @@
{% for username, user in users.items() %}
{{ username }}:
user.present:
- - fullname: {{ user['fullname'] }}
- - shell: {{ shells[user['shell']|default('bash')] }}
- - uid: {{ user['uid'] }}
- - loginclass: {{ user['class']|default('english') }}
+ - fullname: {{ user["fullname"] }}
+ - shell: {{ shells[user["shell"]|default("bash")] }}
+ - uid: {{ user["uid"] }}
+ - loginclass: {{ user["class"]|default("english") }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for groupname, group in salt['forest.get_groups']().items() %}
+{% for groupname, group in salt["forest.get_groups"]().items() %}
group_{{ groupname }}:
group.present:
- name: {{ groupname }}
- - gid: {{ group['gid'] }}
- - members: {{ group['members'] }}
+ - gid: {{ group["gid"] }}
+ - members: {{ group["members"] }}
{% endfor %}
{% if grains["os"] == "FreeBSD" %}
@@ -140,6 +140,6 @@
- mode: 600
- template: jinja
- context:
- keys: {{ user['ssh_keys'] }}
+ keys: {{ user["ssh_keys"] }}
{% endfor %}
diff --git a/roles/dbserver-mysql/content/init.sls b/roles/dbserver-mysql/content/init.sls
--- a/roles/dbserver-mysql/content/init.sls
+++ b/roles/dbserver-mysql/content/init.sls
@@ -7,8 +7,8 @@
# If eligible, licensed under BSD-2-Clause
# -------------------------------------------------------------
-{% set users = salt['pillar.get']("dbserver_mysql:users", {}) %}
-{% set databases = salt['pillar.get']("dbserver_mysql:databases", {}) %}
+{% set users = salt["pillar.get"]("dbserver_mysql:users", {}) %}
+{% set databases = salt["pillar.get"]("dbserver_mysql:databases", {}) %}
# -------------------------------------------------------------
# Users
diff --git a/roles/dbserver-mysql/mysql-server/cnf.sls b/roles/dbserver-mysql/mysql-server/cnf.sls
--- a/roles/dbserver-mysql/mysql-server/cnf.sls
+++ b/roles/dbserver-mysql/mysql-server/cnf.sls
@@ -7,8 +7,8 @@
{% from "map.jinja" import dirs with context %}
-{% set use_zfs = salt['node.has']('zfs:pool') %}
-{% set is_devserver = salt['node.has_role']('devserver') %}
+{% set use_zfs = salt["node.has"]("zfs:pool") %}
+{% set is_devserver = salt["node.has_role"]("devserver") %}
# -------------------------------------------------------------
# Required directories
@@ -36,7 +36,7 @@
- clean: True # remove wsrep.cnf values (and empty config files)
- template: jinja
- context:
- nodename: {{ grains['id'] }}
+ nodename: {{ grains["id"] }}
etc: {{ dirs.etc }}
share: {{ dirs.share }}
use_zfs: {{ use_zfs }}
@@ -55,7 +55,7 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/mysql:
file.managed:
diff --git a/roles/dbserver-mysql/mysql-server/zfs.sls b/roles/dbserver-mysql/mysql-server/zfs.sls
--- a/roles/dbserver-mysql/mysql-server/zfs.sls
+++ b/roles/dbserver-mysql/mysql-server/zfs.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has']('zfs:pool') %}
+{% if salt["node.has"]("zfs:pool") %}
-{% set tank = salt['node.get']("zfs:pool") %}
+{% set tank = salt["node.get"]("zfs:pool") %}
{{ tank }}/mysql-root:
zfs.filesystem_present:
@@ -17,7 +17,7 @@
compression: lz4
recordsize: 8K
-{% for mysqldir in ['innodb-data', 'innodb-logs'] %}
+{% for mysqldir in ["innodb-data", "innodb-logs"] %}
/var/db/mysql/mysql-{{ mysqldir }}:
file.directory:
- user: mysql
diff --git a/roles/dbserver-pgsql/server/content.sls b/roles/dbserver-pgsql/server/content.sls
--- a/roles/dbserver-pgsql/server/content.sls
+++ b/roles/dbserver-pgsql/server/content.sls
@@ -7,8 +7,8 @@
# If eligible, licensed under BSD-2-Clause
# -------------------------------------------------------------
-{% set users = salt['pillar.get']("dbserver_postgresql:users", {}) %}
-{% set databases = salt['pillar.get']("dbserver_postgresql:databases", {}) %}
+{% set users = salt["pillar.get"]("dbserver_postgresql:users", {}) %}
+{% set databases = salt["pillar.get"]("dbserver_postgresql:databases", {}) %}
# -------------------------------------------------------------
# Users
diff --git a/roles/dbserver-pgsql/server/service.sls b/roles/dbserver-pgsql/server/service.sls
--- a/roles/dbserver-pgsql/server/service.sls
+++ b/roles/dbserver-pgsql/server/service.sls
@@ -9,7 +9,7 @@
# PostgreSQL service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/postgresql:
file.managed:
diff --git a/roles/devserver/api-exec/config.sls b/roles/devserver/api-exec/config.sls
--- a/roles/devserver/api-exec/config.sls
+++ b/roles/devserver/api-exec/config.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set network = salt['node.resolve_network']() %}
+{% set network = salt["node.resolve_network"]() %}
{% set half_num_cpus = grains["num_cpus"] / 2 %}
/usr/local/etc/api-exec.conf:
diff --git a/roles/devserver/datacube/init.sls b/roles/devserver/datacube/init.sls
--- a/roles/devserver/datacube/init.sls
+++ b/roles/devserver/datacube/init.sls
@@ -17,7 +17,7 @@
# ZFS
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if salt['node.has']('zfs:pool') %}
+{% if salt["node.has"]("zfs:pool") %}
{% if "datacube_zfs_pool" in pillar %}
{% set tank = pillar["datacube_zfs_pool"] %}
diff --git a/roles/devserver/mail/init.sls b/roles/devserver/mail/init.sls
--- a/roles/devserver/mail/init.sls
+++ b/roles/devserver/mail/init.sls
@@ -9,7 +9,7 @@
# Enable incoming mail (T1317)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/sendmail:
file.managed:
diff --git a/roles/devserver/pkg/init.sls b/roles/devserver/pkg/init.sls
--- a/roles/devserver/pkg/init.sls
+++ b/roles/devserver/pkg/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
# -------------------------------------------------------------
# Declare repository
diff --git a/roles/devserver/userland-home/homefiles.sls b/roles/devserver/userland-home/homefiles.sls
--- a/roles/devserver/userland-home/homefiles.sls
+++ b/roles/devserver/userland-home/homefiles.sls
@@ -6,12 +6,12 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set triplet = salt['rust.get_rustc_triplet']() %}
+{% set triplet = salt["rust.get_rustc_triplet"]() %}
-{% for username, user in salt['forest.get_users']().items() %}
-{% set tasks = user.get('devserver_tasks', []) %}
+{% for username, user in salt["forest.get_users"]().items() %}
+{% set tasks = user.get("devserver_tasks", []) %}
-{% if 'deploy_dotfiles' in tasks %}
+{% if "deploy_dotfiles" in tasks %}
dotfiles_to_devserver_{{ username }}:
file.recurse:
- name: /home/{{ username }}
@@ -22,7 +22,7 @@
- group: {{ username }}
{% endif %}
-{% if 'deploy_nanotab' in tasks %}
+{% if "deploy_nanotab" in tasks %}
/home/{{ username }}/bin/nanotab:
file.managed:
- source: salt://roles/devserver/userland-home/files/_tasks/nanotab.sh
@@ -37,8 +37,8 @@
- unset tabstospaces
{% endif %}
-{% if 'install_rustup' in tasks %}
-{% set rustup_path = '/home/' + username + '/.cargo/bin/rustup' %}
+{% if "install_rustup" in tasks %}
+{% set rustup_path = "/home/" + username + "/.cargo/bin/rustup" %}
devserver_rustup_{{ username }}:
cmd.run:
@@ -46,7 +46,7 @@
- runas: {{ username }}
- creates: {{ rustup_path }}
-{% for toolchain in ['stable', 'nightly'] %}
+{% for toolchain in ["stable", "nightly"] %}
devserver_rustup_{{ toolchain }}_{{ username }}:
cmd.run:
- name: {{ rustup_path }} install {{ toolchain }}
@@ -55,7 +55,7 @@
{% endfor %}
{% endif %}
-{% if 'install_diesel' in tasks %}
+{% if "install_diesel" in tasks %}
devserver_diesel_{{ username }}:
cmd.run:
- name: /home/{{ username }}/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres,sqlite
diff --git a/roles/devserver/userland-home/repos.sls b/roles/devserver/userland-home/repos.sls
--- a/roles/devserver/userland-home/repos.sls
+++ b/roles/devserver/userland-home/repos.sls
@@ -9,20 +9,20 @@
# Clone user repositories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for username, user in salt['forest.get_users']().items() %}
+{% for username, user in salt["forest.get_users"]().items() %}
-{% set repositories = salt['pillar.get']('user_repositories:' + username, {}) %}
+{% set repositories = salt["pillar.get"]("user_repositories:" + username, {}) %}
{% for target, repo in repositories.items() %}
{{ target }}:
file.directory:
- user: {{ username }}
- group: {{ username }}
- {{ repo['vcs'] | default('git') }}.latest:
- - name: {{ repo['source'] }}
+ {{ repo["vcs"] | default("git") }}.latest:
+ - name: {{ repo["source"] }}
- target: {{ target }}
- update_head: False
- {% if salt['node.has_role']('salt-primary') %}
+ {% if salt["node.has_role"]("salt-primary") %}
# TODO: find an alternative solution for other servers (suggest rSTAGING?)
- identity: /opt/salt/security/id_ed25519
{% endif %}
diff --git a/roles/devserver/userland-software/dev.sls b/roles/devserver/userland-software/dev.sls
--- a/roles/devserver/userland-software/dev.sls
+++ b/roles/devserver/userland-software/dev.sls
@@ -271,4 +271,4 @@
pkg.installed:
- pkgs:
- netpbm
- - {{ packages['djvulibre'] }}
+ - {{ packages["djvulibre"] }}
diff --git a/roles/devserver/userland-software/files/notifications.conf b/roles/devserver/userland-software/files/notifications.conf
--- a/roles/devserver/userland-software/files/notifications.conf
+++ b/roles/devserver/userland-software/files/notifications.conf
@@ -15,7 +15,7 @@
[Broker]
Host={{ host }}
-User=notifications-{{ grains['id'] }}
+User=notifications-{{ grains["id"] }}
Password={{ password }}
Vhost=dev
diff --git a/roles/devserver/userland-software/files/port_options b/roles/devserver/userland-software/files/port_options
--- a/roles/devserver/userland-software/files/port_options
+++ b/roles/devserver/userland-software/files/port_options
@@ -1,15 +1,15 @@
# -------------------------------------------------------------
-# Port options for {{ args['category'] }}/{{ args['name'] }}
+# Port options for {{ args["category"] }}/{{ args["name"] }}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/devserver/userland-software/files/port_options
# -------------------------------------------------------------
-{% for option in args.get('options', {}).get('set', []) -%}
+{% for option in args.get("options", {}).get("set", []) -%}
OPTIONS_FILE_SET+={{ option }}
{% endfor -%}
-{% for option in args.get('options', {}).get('unset', []) -%}
+{% for option in args.get("options", {}).get("unset", []) -%}
OPTIONS_FILE_UNSET+={{ option }}
{% endfor -%}
diff --git a/roles/devserver/userland-software/map.jinja b/roles/devserver/userland-software/map.jinja
--- a/roles/devserver/userland-software/map.jinja
+++ b/roles/devserver/userland-software/map.jinja
@@ -5,15 +5,15 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set php = salt['grains.filter_by']({
- 'Debian': {
- 'current_api': '20170718',
- 'extension_dir': '/usr/lib/php/20170718',
- 'cli_conf_dir': '/etc/php/7.2/cli/conf.d/',
+{% set php = salt["grains.filter_by"]({
+ "Debian": {
+ "current_api": "20170718",
+ "extension_dir": "/usr/lib/php/20170718",
+ "cli_conf_dir": "/etc/php/7.2/cli/conf.d/",
},
- 'FreeBSD' : {
- 'current_api': '20170718',
- 'extension_dir': '/usr/local/lib/php/20170718',
- 'cli_conf_dir': '/usr/local/etc/php/',
+ "FreeBSD" : {
+ "current_api": "20170718",
+ "extension_dir": "/usr/local/lib/php/20170718",
+ "cli_conf_dir": "/usr/local/etc/php/",
},
-}, default='Debian') %}
+}, default="Debian") %}
diff --git a/roles/devserver/userland-software/misc.sls b/roles/devserver/userland-software/misc.sls
--- a/roles/devserver/userland-software/misc.sls
+++ b/roles/devserver/userland-software/misc.sls
@@ -57,11 +57,11 @@
- primegen
- rsync
- unix2dos
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- gawk
{% endif %}
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
devserver_software_misc_ports:
pkg.installed:
- pkgs:
@@ -132,7 +132,7 @@
- pkgs:
- bsdgames
- textmaze
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- roll
{% endif %}
@@ -143,7 +143,7 @@
- getdns
- iftop
- trippy
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- sockstat
{% endif %}
@@ -180,7 +180,7 @@
- source: salt://roles/devserver/userland-software/files/url.yml
- mode: 644
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/transmission:
file.managed:
- source: salt://roles/devserver/userland-software/files/transmission.rc
diff --git a/roles/devserver/userland-software/notifications.sls b/roles/devserver/userland-software/notifications.sls
--- a/roles/devserver/userland-software/notifications.sls
+++ b/roles/devserver/userland-software/notifications.sls
@@ -37,4 +37,4 @@
- template: jinja
- context:
host: {{ pillar["nasqueron_services"]["docker"]["notifications"] }}
- password: {{ salt['credentials.get_password']("nasqueron/notifications/notifications-cli/" + grains["id"]) }}
+ password: {{ salt["credentials.get_password"]("nasqueron/notifications/notifications-cli/" + grains["id"]) }}
diff --git a/roles/devserver/userland-software/ports.sls b/roles/devserver/userland-software/ports.sls
--- a/roles/devserver/userland-software/ports.sls
+++ b/roles/devserver/userland-software/ports.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
{% for port, args in pillar.get("ports", {}).items() %}
@@ -13,9 +13,9 @@
# Provision port options
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if 'options' in args %}
+{% if "options" in args %}
-/var/db/ports/{{ args['category'] }}_{{ args['name'] }}/options:
+/var/db/ports/{{ args["category"] }}_{{ args["name"] }}/options:
file.managed:
- source: salt://roles/devserver/userland-software/files/port_options
- template: jinja
@@ -29,7 +29,7 @@
# Build and install package
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if 'package_dependencies' in args %}
+{% if "package_dependencies" in args %}
port_{{ port }}_dependencies:
pkg.installed:
@@ -42,8 +42,8 @@
- name: |
make build package deinstall reinstall
pkg lock {{ port }}
- - cwd: /usr/ports/{{ args['category'] }}/{{ args['name'] }}
- - creates: {{ args['creates'] }}
+ - cwd: /usr/ports/{{ args["category"] }}/{{ args["name"] }}
+ - creates: {{ args["creates"] }}
{% endfor %}
{% endif %}
diff --git a/roles/devserver/webserver-wwwroot51/sites.sls b/roles/devserver/webserver-wwwroot51/sites.sls
--- a/roles/devserver/webserver-wwwroot51/sites.sls
+++ b/roles/devserver/webserver-wwwroot51/sites.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set basedir = pillar['wwwroot51_basedir'] %}
+{% set basedir = pillar["wwwroot51_basedir"] %}
# -------------------------------------------------------------
# Base directory
@@ -18,8 +18,8 @@
- dir_mode: 711
- user: deploy
-{% if salt['node.has']('zfs:pool') %}
-{% set tank = salt['node.get']("zfs:pool") %}
+{% if salt["node.has"]("zfs:pool") %}
+{% set tank = salt["node.get"]("zfs:pool") %}
{{ tank }}/wwwroot51:
zfs.filesystem_present:
@@ -36,19 +36,19 @@
{% set identities = pillar["wwwroot_identities"] %}
-{% for sitename, site in pillar['wwwroot51_directories'].items() %}
+{% for sitename, site in pillar["wwwroot51_directories"].items() %}
{{ basedir }}/{{ sitename }}:
file.directory:
- dir_mode: 711
-{% if 'repository' not in site %}
- - user: {{ site['user'] }}
- - group: {{ site['group'] }}
+{% if "repository" not in site %}
+ - user: {{ site["user"] }}
+ - group: {{ site["group"] }}
{% else %}
# Credentials belong to deploy user
- user: deploy
git.latest:
- - name: {{ site['repository'] }}
+ - name: {{ site["repository"] }}
- target: {{ basedir }}/{{ sitename }}
- user: deploy
- identity: {{ identities[site["identity"]]["path"] }}
@@ -57,8 +57,8 @@
fix_rights_{{ basedir }}/{{ sitename }}:
file.directory:
- name: {{ basedir }}/{{ sitename }}
- - user: {{ site['user'] }}
- - group: {{ site['group'] }}
+ - user: {{ site["user"] }}
+ - group: {{ site["group"] }}
- recurse:
- user
- group
diff --git a/roles/dns/knot/config.sls b/roles/dns/knot/config.sls
--- a/roles/dns/knot/config.sls
+++ b/roles/dns/knot/config.sls
@@ -35,7 +35,7 @@
- template: jinja
- context:
zones: {{ pillar["dns_zones"] }}
- all_ips: {{ [ salt['node.resolve_network']()['ipv4_address'] ] + salt['node.get_public_ipv6']() }}
+ all_ips: {{ [ salt["node.resolve_network"]()["ipv4_address"] ] + salt["node.get_public_ipv6"]() }}
identity: {{ pillar["dns_identity"] }}
# -------------------------------------------------------------
diff --git a/roles/freebsd-repo/map.jinja b/roles/freebsd-repo/map.jinja
--- a/roles/freebsd-repo/map.jinja
+++ b/roles/freebsd-repo/map.jinja
@@ -6,6 +6,6 @@
# -------------------------------------------------------------
{% set repo = {
- 'signing_key_dir': '/usr/local/etc/freebsd-pkg-repo/key',
- 'repo_dir': '/var/repo'
+ "signing_key_dir": "/usr/local/etc/freebsd-pkg-repo/key",
+ "repo_dir": "/var/repo"
} %}
diff --git a/roles/grafana/grafana/init.sls b/roles/grafana/grafana/init.sls
--- a/roles/grafana/grafana/init.sls
+++ b/roles/grafana/grafana/init.sls
@@ -71,7 +71,7 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/grafana:
file.managed:
diff --git a/roles/mailserver/dkim/software.sls b/roles/mailserver/dkim/software.sls
--- a/roles/mailserver/dkim/software.sls
+++ b/roles/mailserver/dkim/software.sls
@@ -15,7 +15,7 @@
pkg.installed:
- pkgs:
- opendkim
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- opendkim-tools
{% endif %}
diff --git a/roles/mailserver/dovecot/config.sls b/roles/mailserver/dovecot/config.sls
--- a/roles/mailserver/dovecot/config.sls
+++ b/roles/mailserver/dovecot/config.sls
@@ -8,7 +8,7 @@
{% from "map.jinja" import dirs with context %}
{% set db = pillar["dovecot_config"]["db"] %}
-{% set network = salt['node.resolve_network']() %}
+{% set network = salt["node.resolve_network"]() %}
{{ dirs.etc }}/dovecot/conf.d:
diff --git a/roles/mailserver/dovecot/software.sls b/roles/mailserver/dovecot/software.sls
--- a/roles/mailserver/dovecot/software.sls
+++ b/roles/mailserver/dovecot/software.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
# -------------------------------------------------------------
# Port options
diff --git a/roles/mailserver/map.jinja b/roles/mailserver/map.jinja
--- a/roles/mailserver/map.jinja
+++ b/roles/mailserver/map.jinja
@@ -1,16 +1,16 @@
-{% set postfix_dirs = salt['grains.filter_by']({
- 'FreeBSD' : {
- 'daemon': '/usr/local/libexec/postfix',
- 'queue': '/var/spool/postfix',
- 'data': '/var/db/postfix',
- 'shlib': '/usr/local/lib/postfix',
- 'cacerts': '/etc/ssl/certs',
+{% set postfix_dirs = salt["grains.filter_by"]({
+ "FreeBSD" : {
+ "daemon": "/usr/local/libexec/postfix",
+ "queue": "/var/spool/postfix",
+ "data": "/var/db/postfix",
+ "shlib": "/usr/local/lib/postfix",
+ "cacerts": "/etc/ssl/certs",
},
- 'Debian' : {
- 'daemon': '/usr/lib/postfix',
- 'queue': '/var/spool/postfix',
- 'data': '/var/lib/postfix',
- 'shlib': '/usr/lib/postfix',
- 'cacerts': '/etc/ssl/certs',
+ "Debian" : {
+ "daemon": "/usr/lib/postfix",
+ "queue": "/var/spool/postfix",
+ "data": "/var/lib/postfix",
+ "shlib": "/usr/lib/postfix",
+ "cacerts": "/etc/ssl/certs",
}
-}, default='Debian') %}
+}, default="Debian") %}
diff --git a/roles/mailserver/vimbadmin/config.sls b/roles/mailserver/vimbadmin/config.sls
--- a/roles/mailserver/vimbadmin/config.sls
+++ b/roles/mailserver/vimbadmin/config.sls
@@ -43,7 +43,7 @@
- mode: 710
- makedirs: True
-{% for subdir in ['cache', 'log', 'session', 'template_c', 'tmp/captchas'] %}
+{% for subdir in ["cache", "log", "session", "template_c", "tmp/captchas"] %}
/var/vimbadmin/{{ subdir }}:
file.directory:
diff --git a/roles/opensearch/dashboards/config.sls b/roles/opensearch/dashboards/config.sls
--- a/roles/opensearch/dashboards/config.sls
+++ b/roles/opensearch/dashboards/config.sls
@@ -4,7 +4,7 @@
# Project: Nasqueron
# -------------------------------------------------------------
-{% set config = salt['opensearch.get_config']() %}
+{% set config = salt["opensearch.get_config"]() %}
# -------------------------------------------------------------
# OpenSearch
@@ -20,5 +20,5 @@
- show_changes: False
- context:
config: {{ config }}
- username: {{ salt['credentials.get_username'](config['users']['dashboards']) }}
- password: {{ salt['credentials.get_password'](config['users']['dashboards']) }}
+ username: {{ salt["credentials.get_username"](config["users"]["dashboards"]) }}
+ password: {{ salt["credentials.get_password"](config["users"]["dashboards"]) }}
diff --git a/roles/opensearch/dashboards/service.sls b/roles/opensearch/dashboards/service.sls
--- a/roles/opensearch/dashboards/service.sls
+++ b/roles/opensearch/dashboards/service.sls
@@ -15,7 +15,7 @@
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
opensearch_dashboards_unit:
file.managed:
diff --git a/roles/opensearch/opensearch/config.sls b/roles/opensearch/opensearch/config.sls
--- a/roles/opensearch/opensearch/config.sls
+++ b/roles/opensearch/opensearch/config.sls
@@ -4,7 +4,7 @@
# Project: Nasqueron
# -------------------------------------------------------------
-{% set config = salt['opensearch.get_config']() %}
+{% set config = salt["opensearch.get_config"]() %}
# -------------------------------------------------------------
# OpenSearch
@@ -26,7 +26,7 @@
- group: opensearch
- template: jinja
- context:
- heap_size: {{ config['heap_size'] }}
+ heap_size: {{ config["heap_size"] }}
# -------------------------------------------------------------
# TLS certificates
@@ -58,8 +58,8 @@
- template: jinja
- context:
config: {{ config }}
- domain_name: {{ grains['domain'] }}
- node_full_domain_name: {{ grains['fqdn'] }}
+ domain_name: {{ grains["domain"] }}
+ node_full_domain_name: {{ grains["fqdn"] }}
opensearch_generate_certificates:
cmd.run:
@@ -68,7 +68,7 @@
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/tlstool/config/root-ca.pem
-{% for certificate in salt['opensearch.list_certificates']() %}
+{% for certificate in salt["opensearch.list_certificates"]() %}
opensearch_deploy_certificate_{{ certificate }}:
cmd.run:
diff --git a/roles/opensearch/opensearch/files/internal_users.yml.jinja b/roles/opensearch/opensearch/files/internal_users.yml.jinja
--- a/roles/opensearch/opensearch/files/internal_users.yml.jinja
+++ b/roles/opensearch/opensearch/files/internal_users.yml.jinja
@@ -21,8 +21,8 @@
# Reserved users to ensure access continuity
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{{ users['admin']['username'] }}:
- hash: {{ salt['opensearch.hash_password'](users['admin']['password']) }}
+{{ users["admin"]["username"] }}:
+ hash: {{ salt["opensearch.hash_password"](users["admin"]["password"]) }}
reserved: true
backend_roles:
- "admin"
@@ -35,7 +35,7 @@
# instead of assign a backend role.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{{ users['dashboards']['username'] }}:
- hash: {{ salt['opensearch.hash_password'](users['dashboards']['password']) }}
+{{ users["dashboards"]["username"] }}:
+ hash: {{ salt["opensearch.hash_password"](users["dashboards"]["password"]) }}
reserved: true
description: "Dashboards to OpenSearch machine user"
diff --git a/roles/opensearch/opensearch/files/opensearch.conf b/roles/opensearch/opensearch/files/opensearch.conf
--- a/roles/opensearch/opensearch/files/opensearch.conf
+++ b/roles/opensearch/opensearch/files/opensearch.conf
@@ -1,10 +1,10 @@
-cluster.name: {{ config['cluster_name'] }}
-node.name: {{ config['node_name'] }}
-network.host: {{ config['network_host'] }}
+cluster.name: {{ config["cluster_name"] }}
+node.name: {{ config["node_name"] }}
+network.host: {{ config["network_host"] }}
http.port: 9200
bootstrap.memory_lock: true
-{% if config['cluster_type'] == 'single-node' %}
+{% if config["cluster_type"] == "single-node" %}
discovery.type: single-node
{% else %}
discovery.seed_hosts:
diff --git a/roles/opensearch/opensearch/files/tlsconfig.yml.jinja b/roles/opensearch/opensearch/files/tlsconfig.yml.jinja
--- a/roles/opensearch/opensearch/files/tlsconfig.yml.jinja
+++ b/roles/opensearch/opensearch/files/tlsconfig.yml.jinja
@@ -19,7 +19,7 @@
ca:
root:
- dn: CN=root.ca-{{ config['cluster_name'] }}.{{ domain_name }},OU=CA,DC=nasqueron,DC=org
+ dn: CN=root.ca-{{ config["cluster_name"] }}.{{ domain_name }},OU=CA,DC=nasqueron,DC=org
keysize: 2048
validityDays: 730
pkPassword: none
@@ -38,11 +38,11 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nodes:
-{% for node in config['nodes_certificates'] %}
- - name: {{ node['id'] }}
- dn: CN={{ node['fqdn'] }},OU=Infrastructure,DC=nasqueron,DC=org
- dns: {{ node['fqdn'] }}
- ip: {{ node['ip'] }}
+{% for node in config["nodes_certificates"] %}
+ - name: {{ node["id"] }}
+ dn: CN={{ node["fqdn"] }},OU=Infrastructure,DC=nasqueron,DC=org
+ dns: {{ node["fqdn"] }}
+ ip: {{ node["ip"] }}
{% endfor %}
# -------------------------------------------------------------
@@ -51,5 +51,5 @@
clients:
- name: admin
- dn: CN=admin.{{ config['cluster_name'] }}.{{ domain_name }},OU=CA,DC=nasqueron,DC=org
+ dn: CN=admin.{{ config["cluster_name"] }}.{{ domain_name }},OU=CA,DC=nasqueron,DC=org
admin: True
diff --git a/roles/opensearch/opensearch/kernel.sls b/roles/opensearch/opensearch/kernel.sls
--- a/roles/opensearch/opensearch/kernel.sls
+++ b/roles/opensearch/opensearch/kernel.sls
@@ -11,7 +11,7 @@
# https://opensearch.org/docs/latest/opensearch/install/important-settings/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['kernel'] == 'Linux' %}
+{% if grains["kernel"] == "Linux" %}
vm.max_map_count:
sysctl.present:
diff --git a/roles/opensearch/opensearch/security.sls b/roles/opensearch/opensearch/security.sls
--- a/roles/opensearch/opensearch/security.sls
+++ b/roles/opensearch/opensearch/security.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set config = salt['opensearch.get_config']() %}
+{% set config = salt["opensearch.get_config"]() %}
# -------------------------------------------------------------
# Security plugin
@@ -21,16 +21,16 @@
- show_changes: False
- context:
users:
- {% for user, credential in config['users'].items() %}
+ {% for user, credential in config["users"].items() %}
{{ user }}:
- username: {{ salt['credentials.get_username'](credential) }}
- password: {{ salt['credentials.get_password'](credential) }}
+ username: {{ salt["credentials.get_username"](credential) }}
+ password: {{ salt["credentials.get_password"](credential) }}
{% endfor %}
opensearch_security_initialize:
cmd.script:
- source: salt://roles/opensearch/opensearch/files/security_initialize.sh
- - args: {{ config['network_host'] }}
+ - args: {{ config["network_host"] }}
- env:
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized
diff --git a/roles/opensearch/opensearch/service.sls b/roles/opensearch/opensearch/service.sls
--- a/roles/opensearch/opensearch/service.sls
+++ b/roles/opensearch/opensearch/service.sls
@@ -15,7 +15,7 @@
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
opensearch_unit:
file.managed:
diff --git a/roles/opensearch/opensearch/software.sls b/roles/opensearch/opensearch/software.sls
--- a/roles/opensearch/opensearch/software.sls
+++ b/roles/opensearch/opensearch/software.sls
@@ -23,7 +23,7 @@
- uid: 835
- gid: opensearch
- home: /opt/opensearch
- - shell: {{ shells['bash'] }}
+ - shell: {{ shells["bash"] }}
# -------------------------------------------------------------
# Download and extract tarballs
@@ -32,15 +32,15 @@
/usr/local/dl:
file.directory
-{% if grains['kernel'] == 'Linux' and grains['cpuarch'] == 'x86_64' %}
-{% for product, info in pillar['opensearch_products'].items() %}
+{% if grains["kernel"] == "Linux" and grains["cpuarch"] == "x86_64" %}
+{% for product, info in pillar["opensearch_products"].items() %}
-{% set distname = product + "-" + info['version'] %}
+{% set distname = product + "-" + info["version"] %}
/usr/local/dl/{{ distname }}.tar.gz:
file.managed:
- - source: https://artifacts.opensearch.org/releases/bundle/{{ product }}/{{ info['version'] }}/{{ distname }}-linux-x64.tar.gz
- - source_hash: {{ info['hash'] }}
+ - source: https://artifacts.opensearch.org/releases/bundle/{{ product }}/{{ info["version"] }}/{{ distname }}-linux-x64.tar.gz
+ - source_hash: {{ info["hash"] }}
/opt/{{ product }}:
file.directory:
@@ -67,7 +67,7 @@
# Cleanup legacy versions
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for product, versions in pillar['opensearch_legacy_products'].items() %}
+{% for product, versions in pillar["opensearch_legacy_products"].items() %}
{% for version in versions %}
/usr/local/dl/{{ product }}-{{ version }}.tar.gz:
diff --git a/roles/opensearch/opensearch/wrapper.sls b/roles/opensearch/opensearch/wrapper.sls
--- a/roles/opensearch/opensearch/wrapper.sls
+++ b/roles/opensearch/opensearch/wrapper.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set config = salt['opensearch.get_config']() %}
+{% set config = salt["opensearch.get_config"]() %}
# -------------------------------------------------------------
# Wrapper for curl
@@ -20,7 +20,7 @@
- mode: 755
- template: jinja
- context:
- url: https://{{ config['network_host'] }}:9200
+ url: https://{{ config["network_host"] }}:9200
/root/.opensearch-account:
file.managed:
@@ -29,5 +29,5 @@
- template: jinja
- show_changes: False
- context:
- username: {{ salt['credential.get_username'](config['users']['admin']) }}
- password: {{ salt['credential.get_password'](config['users']['admin']) }}
+ username: {{ salt["credential.get_username"](config["users"]["admin"]) }}
+ password: {{ salt["credential.get_password"](config["users"]["admin"]) }}
diff --git a/roles/paas-docker/containers/acme_dns.sls b/roles/paas-docker/containers/acme_dns.sls
--- a/roles/paas-docker/containers/acme_dns.sls
+++ b/roles/paas-docker/containers/acme_dns.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['acme_dns'].items() %}
+{% for instance, container in pillar["docker_containers"]["acme_dns"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -43,9 +43,9 @@
- source: salt://roles/paas-docker/containers/files/acme/config.cfg
- template: jinja
- context:
- ip: {{ container['ip'] }}
- domain: {{ container['host'] }}
- nsadmin: {{ container['nsadmin'] }}
+ ip: {{ container["ip"] }}
+ domain: {{ container["host"] }}
+ nsadmin: {{ container["nsadmin"] }}
# -------------------------------------------------------------
# Container
@@ -66,7 +66,7 @@
- port_bindings:
- 53:53
- 53:53/udp
- - 127.0.0.1:{{ container['app_port'] }}:80
+ - 127.0.0.1:{{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/airflow.sls b/roles/paas-docker/containers/airflow.sls
--- a/roles/paas-docker/containers/airflow.sls
+++ b/roles/paas-docker/containers/airflow.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for realm, realm_args in pillar['airflow_realms'].items() %}
+{% for realm, realm_args in pillar["airflow_realms"].items() %}
# -------------------------------------------------------------
# Data directory
@@ -96,7 +96,7 @@
# Containers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in pillar['docker_containers']['airflow'].items() %}
+{% for instance, container in pillar["docker_containers"]["airflow"].items() %}
{% set realm = container["realm"] %}
@@ -114,11 +114,11 @@
- /srv/airflow/{{ realm }}/airflow.cfg:/opt/airflow/airflow.cfg
{% if "app_port" in container %}
- ports:
- - {{ container['command_port'] }}
+ - {{ container["command_port"] }}
- port_bindings:
- - 127.0.0.1:{{ container['app_port'] }}:{{ container['command_port'] }}
+ - 127.0.0.1:{{ container["app_port"] }}:{{ container["command_port"] }}
{% endif %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/aphlict.sls b/roles/paas-docker/containers/aphlict.sls
--- a/roles/paas-docker/containers/aphlict.sls
+++ b/roles/paas-docker/containers/aphlict.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['aphlict'].items() %}
+{% for instance, container in pillar["docker_containers"]["aphlict"].items() %}
# -------------------------------------------------------------
# Container
@@ -24,7 +24,7 @@
- 22280
- 22281
- port_bindings:
- - {{ container['ports']['client'] }}:22280
- - {{ container['ports']['admin'] }}:22281
+ - {{ container["ports"]["client"] }}:22280
+ - {{ container["ports"]["admin"] }}:22281
{% endfor %}
diff --git a/roles/paas-docker/containers/api-datasources.sls b/roles/paas-docker/containers/api-datasources.sls
--- a/roles/paas-docker/containers/api-datasources.sls
+++ b/roles/paas-docker/containers/api-datasources.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['api-datasources'].items() %}
+{% for instance, container in pillar["docker_containers"]["api-datasources"].items() %}
# -------------------------------------------------------------
# Container
@@ -17,10 +17,10 @@
- interactive: True
- image: nasqueron/api-datasources
- env:
- - API_ENTRY_POINT: {{ container['api_entry_point'] }}
+ - API_ENTRY_POINT: {{ container["api_entry_point"] }}
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/auth-grove.sls b/roles/paas-docker/containers/auth-grove.sls
--- a/roles/paas-docker/containers/auth-grove.sls
+++ b/roles/paas-docker/containers/auth-grove.sls
@@ -9,9 +9,9 @@
# Docker volume (/data/login/storage)
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['auth-grove'].items() %}
+{% for instance, container in pillar["docker_containers"]["auth-grove"].items() %}
# -------------------------------------------------------------
# Data directory
@@ -51,21 +51,21 @@
- detach: True
- interactive: True
- image: nasqueron/auth-grove
- - links: {{ container['mysql_link'] }}:mysql
+ - links: {{ container["mysql_link"] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: {{ instance }}
- - DB_USERNAME: {{ salt['credentials.get_username'](container['credential']) }}
- - DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+ - DB_USERNAME: {{ salt["credentials.get_username"](container["credential"]) }}
+ - DB_PASSWORD: {{ salt["credentials.get_password"](container["credential"]) }}
- - CANONICAL_URL: https://{{ container['host'] }}
+ - CANONICAL_URL: https://{{ container["host"] }}
- TRUST_ALL_PROXIES: 1
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- ports:
- 80
- port_bindings:
- - 127.0.0.1:{{ container['app_port'] }}:80
+ - 127.0.0.1:{{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/bugzilla.sls b/roles/paas-docker/containers/bugzilla.sls
--- a/roles/paas-docker/containers/bugzilla.sls
+++ b/roles/paas-docker/containers/bugzilla.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['bugzilla'].items() %}
+{% for instance, container in pillar["docker_containers"]["bugzilla"].items() %}
# -------------------------------------------------------------
# Container
@@ -17,16 +17,16 @@
- interactive: True
- image: nasqueron/bugzilla
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
- environment:
- DB_HOST: {{ container['mysql']['host'] }}
- DB_DATABASE: {{ container['mysql']['db'] }}
- DB_USER: {{ salt['credentials.get_username'](container['credential']) }}
- DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
- BUGZILLA_URL: https://{{ container['host'] }}/
+ DB_HOST: {{ container["mysql"]["host"] }}
+ DB_DATABASE: {{ container["mysql"]["db"] }}
+ DB_USER: {{ salt["credentials.get_username"](container["credential"]) }}
+ DB_PASSWORD: {{ salt["credentials.get_password"](container["credential"]) }}
+ BUGZILLA_URL: https://{{ container["host"] }}/
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/cachet.sls b/roles/paas-docker/containers/cachet.sls
--- a/roles/paas-docker/containers/cachet.sls
+++ b/roles/paas-docker/containers/cachet.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['cachet'].items() %}
+{% for instance, container in pillar["docker_containers"]["cachet"].items() %}
# -------------------------------------------------------------
# Container
@@ -20,21 +20,21 @@
- detach: True
- interactive: True
- image: nasqueron/cachet:latest
- - links: {{ container['mysql_link'] }}:mysql
+ - links: {{ container["mysql_link"] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: cachet
- - DB_USERNAME: {{ salt['credentials.get_username'](container['credential']) }}
- - DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+ - DB_USERNAME: {{ salt["credentials.get_username"](container["credential"]) }}
+ - DB_PASSWORD: {{ salt["credentials.get_password"](container["credential"]) }}
- - APP_KEY: {{ salt['credentials.get_token'](container['app_key']) }}
+ - APP_KEY: {{ salt["credentials.get_token"](container["app_key"]) }}
- APP_LOG: errorlog
- APP_DEBUG: "false"
- ports:
- 8000
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/clickhouse.sls b/roles/paas-docker/containers/clickhouse.sls
--- a/roles/paas-docker/containers/clickhouse.sls
+++ b/roles/paas-docker/containers/clickhouse.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['clickhouse'].items() %}
-{% set image = salt['paas_docker.get_image']("yandex/clickhouse-server", container) %}
+{% for instance, container in pillar["docker_containers"]["clickhouse"].items() %}
+{% set image = salt["paas_docker.get_image"]("yandex/clickhouse-server", container) %}
# -------------------------------------------------------------
# Data directory
@@ -18,16 +18,16 @@
file.directory:
- makedirs: True
-{% for subdir in ['lib', 'log'] %}
+{% for subdir in ["lib", "log"] %}
/srv/clickhouse/{{ instance }}/{{ subdir }}:
file.directory:
- user: 101
- group: 101
{% endfor %}
-/srv/clickhouse/{{ instance }}/{{ container['config'] }}:
+/srv/clickhouse/{{ instance }}/{{ container["config"] }}:
file.managed:
- - source: salt://roles/paas-docker/containers/files/clickhouse/{{ instance }}/{{ container['config'] }}
+ - source: salt://roles/paas-docker/containers/files/clickhouse/{{ instance }}/{{ container["config"] }}
- user: 101
- group: 101
@@ -54,18 +54,18 @@
- binds:
- /srv/clickhouse/{{ instance }}/lib:/var/lib/clickhouse
- /srv/clickhouse/{{ instance }}/log:/var/log/clickhouse-server
- - /srv/clickhouse/{{ instance }}/{{ container['config'] }}:/etc/clickhouse-server/config.d/{{ container['config'] }}
+ - /srv/clickhouse/{{ instance }}/{{ container["config"] }}:/etc/clickhouse-server/config.d/{{ container["config"] }}
- environment:
# Should be increased if search returns incomplete results
- MAX_MEMORY_USAGE_RATIO: {{ container['max_memory_ratio'] | default(0.3) }}
+ MAX_MEMORY_USAGE_RATIO: {{ container["max_memory_ratio"] | default(0.3) }}
- ulimits:
- nofile=262144:262144
- healthcheck:
Test: http_proxy='' wget -nv -t1 --spider 'http://localhost:8123/' || exit 1
Interval: 30000000000
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
- cap_add:
- SYS_NICE
diff --git a/roles/paas-docker/containers/docker-registry-api.sls b/roles/paas-docker/containers/docker-registry-api.sls
--- a/roles/paas-docker/containers/docker-registry-api.sls
+++ b/roles/paas-docker/containers/docker-registry-api.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['docker-registry-api'].items() %}
+{% for instance, container in pillar["docker_containers"]["docker-registry-api"].items() %}
# -------------------------------------------------------------
# Container
@@ -18,10 +18,10 @@
- detach: True
- interactive: True
- image: nasqueron/docker-registry-api
- - binds: /srv/{{ container['registry_instance'] }}:/var/lib/registry
+ - binds: /srv/{{ container["registry_instance"] }}:/var/lib/registry
- ports:
- 8000
- port_bindings:
- - {{ container['app_port'] }}:8000
+ - {{ container["app_port"] }}:8000
{% endfor %}
diff --git a/roles/paas-docker/containers/etherpad.sls b/roles/paas-docker/containers/etherpad.sls
--- a/roles/paas-docker/containers/etherpad.sls
+++ b/roles/paas-docker/containers/etherpad.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['etherpad'].items() %}
+{% for instance, container in pillar["docker_containers"]["etherpad"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -63,12 +63,12 @@
- detach: True
- interactive: True
- image: nasqueron/etherpad:production
- - links: {{ container['mysql_link'] }}:mysql
+ - links: {{ container["mysql_link"] }}:mysql
- binds: /srv/{{ instance }}/var:/opt/etherpad-lite/var
- ports:
- 9001
- port_bindings:
- - {{ container['app_port'] }}:9001
+ - {{ container["app_port"] }}:9001
# -------------------------------------------------------------
# API key
@@ -81,7 +81,7 @@
- mode: 400
- user: 9001
- show_changes: False
- - contents: {{ salt['credentials.get_token'](container['credential']) }}
+ - contents: {{ salt["credentials.get_token"](container["credential"]) }}
deploy_api_key_{{ instance }}:
cmd.run:
diff --git a/roles/paas-docker/containers/exim.sls b/roles/paas-docker/containers/exim.sls
--- a/roles/paas-docker/containers/exim.sls
+++ b/roles/paas-docker/containers/exim.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['exim'].items() %}
+{% for instance, container in pillar["docker_containers"]["exim"].items() %}
# -------------------------------------------------------------
# Data directory
@@ -19,17 +19,17 @@
- group: 101
- makedirs: True
-{% for subdir in ['spool', 'log'] %}
+{% for subdir in ["spool", "log"] %}
/srv/exim/{{ instance }}/{{ subdir }}:
file.directory:
- user: 101
- group: 101
{% endfor %}
-{% if 'mailname' in container %}
+{% if "mailname" in container %}
/srv/exim/{{ instance }}/mailname:
file.managed:
- - contents: {{ container['mailname'] }}
+ - contents: {{ container["mailname"] }}
{% endif %}
{% if has_selinux %}
@@ -55,17 +55,17 @@
- interactive: True
- image: tianon/exim4
- binds:
-{% if 'mailname' in container %}
+{% if "mailname" in container %}
- /srv/exim/{{ instance }}/mailname:/etc/mailname:ro
{% endif %}
- /srv/exim/{{ instance }}/spool:/var/spool/exim4
- /srv/exim/{{ instance }}/log:/var/log/exim4
-{% if 'host' in container %}
- - hostname: {{ container['mailname'] }}
+{% if "host" in container %}
+ - hostname: {{ container["mailname"] }}
{% endif %}
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml b/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
--- a/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
+++ b/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
@@ -34,7 +34,7 @@
<user
username="{{ username }}"
password="{{ user_args.password }}"
- roles="{{ user_args.roles | join(' ') }}"
+ roles="{{ user_args.roles | join(" ") }}"
/>
{% endfor %}
</tomcat-users>
diff --git a/roles/paas-docker/containers/hauk.sls b/roles/paas-docker/containers/hauk.sls
--- a/roles/paas-docker/containers/hauk.sls
+++ b/roles/paas-docker/containers/hauk.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['hauk'].items() %}
+{% for instance, container in pillar["docker_containers"]["hauk"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -24,7 +24,7 @@
- template: jinja
- mode: 644
- context:
- url: https://{{ container['host'] }}{{ container['api_entry_point'] }}/
+ url: https://{{ container["host"] }}{{ container["api_entry_point"] }}/
{% if has_selinux %}
selinux_context_{{ instance }}_data:
@@ -50,7 +50,7 @@
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
# Prevent the container from using swap
# Privacy: data is so only stored on RAM, not on disk
diff --git a/roles/paas-docker/containers/hound.sls b/roles/paas-docker/containers/hound.sls
--- a/roles/paas-docker/containers/hound.sls
+++ b/roles/paas-docker/containers/hound.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
# Configuration provider
@@ -17,7 +17,7 @@
- mode: 755
-{% for instance, container in pillar['docker_containers']['hound'].items() %}
+{% for instance, container in pillar["docker_containers"]["hound"].items() %}
# -------------------------------------------------------------
# Home directory
@@ -47,12 +47,12 @@
hound_{{ instance }}_repositories:
cmd.run:
- - name: docker run --rm nasqueron/devtools github/list-repositories.py {{ container['github_account'] }} -b > {{ repos_path }}
+ - name: docker run --rm nasqueron/devtools github/list-repositories.py {{ container["github_account"] }} -b > {{ repos_path }}
- creates: {{ repos_path }}
hound_{{ instance }}_config:
cmd.run:
- - name: hound-generate-config {{ container['github_account'] }} < {{ repos_path }} > {{ config_path }}
+ - name: hound-generate-config {{ container["github_account"] }} < {{ repos_path }} > {{ config_path }}
- creates: {{ config_path }}
# -------------------------------------------------------------
@@ -68,6 +68,6 @@
- ports:
- 6080
- port_bindings:
- - {{ container['app_port'] }}:6080
+ - {{ container["app_port"] }}:6080
{% endfor %}
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set services = pillar.get('docker_containers', {}) %}
+{% set services = pillar.get("docker_containers", {}) %}
{% if services %}
diff --git a/roles/paas-docker/containers/jenkins.sls b/roles/paas-docker/containers/jenkins.sls
--- a/roles/paas-docker/containers/jenkins.sls
+++ b/roles/paas-docker/containers/jenkins.sls
@@ -5,12 +5,12 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['jenkins'].items() %}
+{% for instance, container in pillar["docker_containers"]["jenkins"].items() %}
-{% set realm = pillar['jenkins_realms'][container['realm']] %}
-{% set home = "/srv/jenkins/" + container['realm'] + "/jenkins_home" %}
+{% set realm = pillar["jenkins_realms"][container["realm"]] %}
+{% set home = "/srv/jenkins/" + container["realm"] + "/jenkins_home" %}
# -------------------------------------------------------------
# Home directory
@@ -44,12 +44,12 @@
- image: jenkins/jenkins
- binds: {{ home }}:/var/jenkins_home
- networks:
- - {{ realm['network'] }}
+ - {{ realm["network"] }}
- ports:
- 8080
- 50000
- port_bindings:
- - {{ container['app_port'] }}:8080 # HTTP
- - {{ container['jnlp_port'] }}:50000 # Jenkins controller's port for JNLP-based Jenkins agents
+ - {{ container["app_port"] }}:8080 # HTTP
+ - {{ container["jnlp_port"] }}:50000 # Jenkins controller's port for JNLP-based Jenkins agents
{% endfor %}
diff --git a/roles/paas-docker/containers/jenkins_agent.sls b/roles/paas-docker/containers/jenkins_agent.sls
--- a/roles/paas-docker/containers/jenkins_agent.sls
+++ b/roles/paas-docker/containers/jenkins_agent.sls
@@ -5,14 +5,14 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['jenkins_agent'].items() %}
+{% for instance, container in pillar["docker_containers"]["jenkins_agent"].items() %}
-{% set realm = pillar['jenkins_realms'][container['realm']] %}
-{% set home = "/srv/jenkins/" + container['realm'] + "/agents_homes/" + instance %}
-{% set image = pillar['jenkins_images'][container['image_flavour']] %}
-{% set image = salt['paas_docker.get_image'](image, container) %}
+{% set realm = pillar["jenkins_realms"][container["realm"]] %}
+{% set home = "/srv/jenkins/" + container["realm"] + "/agents_homes/" + instance %}
+{% set image = pillar["jenkins_images"][container["image_flavour"]] %}
+{% set image = salt["paas_docker.get_image"](image, container) %}
# -------------------------------------------------------------
# Home directory
@@ -42,7 +42,7 @@
{{ home }}/.ssh/authorized_keys:
file.managed:
- - contents: {{ realm['ssh_key'] }}
+ - contents: {{ realm["ssh_key"] }}
- user: 431
- group: 433
@@ -57,6 +57,6 @@
- image: {{ image }}
- binds: {{ home }}:/home/app
- networks:
- - {{ realm['network'] }}
+ - {{ realm["network"] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/kafka.sls b/roles/paas-docker/containers/kafka.sls
--- a/roles/paas-docker/containers/kafka.sls
+++ b/roles/paas-docker/containers/kafka.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['kafka'].items() %}
-{% set image = salt['paas_docker.get_image']("confluentinc/cp-kafka", container) %}
+{% for instance, container in pillar["docker_containers"]["kafka"].items() %}
+{% set image = salt["paas_docker.get_image"]("confluentinc/cp-kafka", container) %}
# -------------------------------------------------------------
# Data directory
@@ -18,7 +18,7 @@
file.directory:
- makedirs: True
-{% for subdir in ['data', 'log'] %}
+{% for subdir in ["data", "log"] %}
# There are several releases of the cp-kafka instance,
# Some using "appuser", some "cp-kafka" and some "root".
/srv/kafka/{{ instance }}/{{ subdir }}:
@@ -74,7 +74,7 @@
Test: nc -z localhost 9092
Interval: 30000000000
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
# -------------------------------------------------------------
# Kafka topics
diff --git a/roles/paas-docker/containers/mastodon_sidekiq.sls b/roles/paas-docker/containers/mastodon_sidekiq.sls
--- a/roles/paas-docker/containers/mastodon_sidekiq.sls
+++ b/roles/paas-docker/containers/mastodon_sidekiq.sls
@@ -22,7 +22,7 @@
# Provision extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance in pillar['docker_containers']['mastodon_sidekiq'] %}
+{% for instance in pillar["docker_containers"]["mastodon_sidekiq"] %}
provision_clear_video_queue_{{ instance }}:
cmd.run:
diff --git a/roles/paas-docker/containers/memcached.sls b/roles/paas-docker/containers/memcached.sls
--- a/roles/paas-docker/containers/memcached.sls
+++ b/roles/paas-docker/containers/memcached.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['memcached'].items() %}
-{% set image = salt['paas_docker.get_image']("memcached", container) %}
+{% for instance, container in pillar["docker_containers"]["memcached"].items() %}
+{% set image = salt["paas_docker.get_image"]("memcached", container) %}
# -------------------------------------------------------------
# Container
@@ -24,9 +24,9 @@
- CMD-SHELL
- echo stats | nc 127.0.0.1 11211
Interval: 30000000000
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/mysql.sls b/roles/paas-docker/containers/mysql.sls
--- a/roles/paas-docker/containers/mysql.sls
+++ b/roles/paas-docker/containers/mysql.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['mysql'].items() %}
-{% set image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
+{% for instance, container in pillar["docker_containers"]["mysql"].items() %}
+{% set image = salt["paas_docker.get_image"]("nasqueron/mysql", container) %}
# -------------------------------------------------------------
# Home directory
@@ -42,10 +42,10 @@
- image: {{ image }}
- binds: /srv/{{ instance }}/mysql:/var/lib/mysql
- environment:
- MYSQL_ROOT_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['root']) }}
-{% if 'network' in container %}
+ MYSQL_ROOT_PASSWORD: {{ salt["credentials.get_password"](container["credentials"]["root"]) }}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
- cap_add:
- SYS_NICE # T1672
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['notifications'].items() %}
+{% for instance, container in pillar["docker_containers"]["notifications"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -35,7 +35,7 @@
- makedirs: True
- show_changes: False
- contents: |
- {{ salt['notifications.get_credentials']() | json }}
+ {{ salt["notifications.get_credentials"]() | json }}
/srv/{{ instance }}/storage/app/DockerHubTriggers.json:
file.managed:
@@ -44,9 +44,9 @@
- mode: 400
- show_changes: False
- contents: |
- {{ salt['notifications.get_dockerhub_triggers']() | json }}
+ {{ salt["notifications.get_dockerhub_triggers"]() | json }}
-{% for folder, configs in salt['pillar.get']("notifications_configuration", {}).items() %}
+{% for folder, configs in salt["pillar.get"]("notifications_configuration", {}).items() %}
{% for config_file, config in configs.items() %}
/srv/{{ instance }}/storage/app/{{ folder }}/{{ config_file }}.json:
file.managed:
@@ -80,7 +80,7 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if "network" in container %}
-{% set broker = container['broker'] %}
+{% set broker = container["broker"] %}
{% else %}
{% set broker = "mq" %}
{% endif %}
@@ -93,28 +93,28 @@
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% else %}
- links:
- - {{ container['broker_link'] }}:mq
+ - {{ container["broker_link"] }}:mq
{% endif %}
- environment:
- BROKER_HOST: {{ broker }}
- - BROKER_USERNAME: {{ salt['credentials.get_username'](container['credentials']['broker']) }}
- - BROKER_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['broker']) }}
+ - BROKER_USERNAME: {{ salt["credentials.get_username"](container["credentials"]["broker"]) }}
+ - BROKER_PASSWORD: {{ salt["credentials.get_password"](container["credentials"]["broker"]) }}
- BROKER_VHOST: dev
{% if "mailgun" in container["credentials"] %}
- - MAILGUN_DOMAIN: {{ salt['credentials.get_username'](container['credentials']['mailgun']) }}
- - MAILGUN_APIKEY: {{ salt['credentials.get_password'](container['credentials']['mailgun']) }}
+ - MAILGUN_DOMAIN: {{ salt["credentials.get_username"](container["credentials"]["mailgun"]) }}
+ - MAILGUN_APIKEY: {{ salt["credentials.get_password"](container["credentials"]["mailgun"]) }}
{% endif %}
- - SENTRY_DSN: {{ salt['credentials.get_sentry_dsn'](container["sentry"]) }}
+ - SENTRY_DSN: {{ salt["credentials.get_sentry_dsn"](container["sentry"]) }}
- SENTRY_TRACES_SAMPLE_RATE: 1.0
- SENTRY_ENVIRONMENT: {{ container["sentry"].get("environment", "production") }}
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/openfire.sls b/roles/paas-docker/containers/openfire.sls
--- a/roles/paas-docker/containers/openfire.sls
+++ b/roles/paas-docker/containers/openfire.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['openfire'].items() %}
+{% for instance, container in pillar["docker_containers"]["openfire"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -40,21 +40,21 @@
- interactive: True
- image: nasqueron/openfire
- binds: /srv/{{ instance }}:/var/lib/openfire
- - hostname: {{ container['host'] }}
- - ports: {{ pillar['xmpp_ports'] }}
+ - hostname: {{ container["host"] }}
+ - ports: {{ pillar["xmpp_ports"] }}
- port_bindings:
-{% for port in pillar['xmpp_ports'] %}
- - {{ container['ip'] }}:{{ port }}:{{ port }}
+{% for port in pillar["xmpp_ports"] %}
+ - {{ container["ip"] }}:{{ port }}:{{ port }}
{% endfor %}
# -------------------------------------------------------------
# Certificate propagation
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-/srv/letsencrypt/etc/renewal/{{ container['host'] }}.conf:
+/srv/letsencrypt/etc/renewal/{{ container["host"] }}.conf:
file.append:
- text:
- "# Propagate certificates to Openfire container"
- - post-hook = openfire propagate-certificate {{ instance }} {{ container['host'] }}
+ - post-hook = openfire propagate-certificate {{ instance }} {{ container["host"] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/orbeon.sls b/roles/paas-docker/containers/orbeon.sls
--- a/roles/paas-docker/containers/orbeon.sls
+++ b/roles/paas-docker/containers/orbeon.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['orbeon'].items() %}
+{% for instance, container in pillar["docker_containers"]["orbeon"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -101,8 +101,8 @@
- ports:
- 8080
- port_bindings:
- - 127.0.0.1:{{ container['app_port'] }}:8080
+ - 127.0.0.1:{{ container["app_port"] }}:8080
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_exporter.sls b/roles/paas-docker/containers/penpot_exporter.sls
--- a/roles/paas-docker/containers/penpot_exporter.sls
+++ b/roles/paas-docker/containers/penpot_exporter.sls
@@ -27,6 +27,6 @@
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/penpot_web.sls b/roles/paas-docker/containers/penpot_web.sls
--- a/roles/paas-docker/containers/penpot_web.sls
+++ b/roles/paas-docker/containers/penpot_web.sls
@@ -127,6 +127,6 @@
- ports:
- 6060
- port_bindings:
- - {{ container['app_port'] }}:6060
+ - {{ container["app_port"] }}:6060
{% endfor %}
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['phabricator'].items() %}
-{% set create_container = "skip_container" not in container or not container['skip_container'] %}
+{% for instance, container in pillar["docker_containers"]["phabricator"].items() %}
+{% set create_container = "skip_container" not in container or not container["skip_container"] %}
# -------------------------------------------------------------
# Storage directory
@@ -91,29 +91,29 @@
- /srv/phabricator/{{ instance }}/repo:/var/repo
- /srv/phabricator/{{ instance }}/files:/var/files
- environment:
- PHABRICATOR_URL: https://{{ container['host'] }}
- PHABRICATOR_TITLE: {{ container['title'] }}
- PHABRICATOR_DOMAIN: {{ container['host'] }}
- PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container['static_host'] }}
+ PHABRICATOR_URL: https://{{ container["host"] }}
+ PHABRICATOR_TITLE: {{ container["title"] }}
+ PHABRICATOR_DOMAIN: {{ container["host"] }}
+ PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container["static_host"] }}
- DB_USER: {{ salt['credentials.get_username'](container['credentials']['mysql']) }}
- DB_PASS: {{ salt['credentials.get_password'](container['credentials']['mysql']) }}
- PHABRICATOR_STORAGE_NAMESPACE: {{ container['storage']['namespace'] }}
+ DB_USER: {{ salt["credentials.get_username"](container["credentials"]["mysql"]) }}
+ DB_PASS: {{ salt["credentials.get_password"](container["credentials"]["mysql"]) }}
+ PHABRICATOR_STORAGE_NAMESPACE: {{ container["storage"]["namespace"] }}
- {% if container['mailer'] == 'sendgrid' %}
+ {% if container["mailer"] == "sendgrid" %}
PHABRICATOR_USE_SENDGRID: 1
- PHABRICATOR_SENDGRID_APIUSER: {{ salt['credentials.get_username'](container['credentials']['sendgrid']) }}
- PHABRICATOR_SENDGRID_APIKEY: {{ salt['credentials.get_password'](container['credentials']['sendgrid']) }}
- {% elif container['mailer'] == 'mailgun' %}
+ PHABRICATOR_SENDGRID_APIUSER: {{ salt["credentials.get_username"](container["credentials"]["sendgrid"]) }}
+ PHABRICATOR_SENDGRID_APIKEY: {{ salt["credentials.get_password"](container["credentials"]["sendgrid"]) }}
+ {% elif container["mailer"] == "mailgun" %}
PHABRICATOR_USE_MAILGUN: 1
- PHABRICATOR_MAILGUN_APIKEY: {{ salt['credentials.get_token'](container['credentials']['mailgun']) }}
+ PHABRICATOR_MAILGUN_APIKEY: {{ salt["credentials.get_token"](container["credentials"]["mailgun"]) }}
{% endif %}
- - links: {{ container['mysql_link'] }}:mysql
+ - links: {{ container["mysql_link"] }}:mysql
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endif %}
diff --git a/roles/paas-docker/containers/phpbb.sls b/roles/paas-docker/containers/phpbb.sls
--- a/roles/paas-docker/containers/phpbb.sls
+++ b/roles/paas-docker/containers/phpbb.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
# Data directory
@@ -28,13 +28,13 @@
- name: /srv/phpbb/data
{% endif %}
-{% for store in pillar['phpbb_datastores'] %}
+{% for store in pillar["phpbb_datastores"] %}
/srv/phpbb/data/{{ store }}:
file.directory:
- user: 431
- group: 433
-{% for subdir in ['cache', 'config', 'ext', 'files', 'images', 'store'] %}
+{% for subdir in ["cache", "config", "ext", "files", "images", "store"] %}
/srv/phpbb/data/{{ store }}/{{ subdir }}:
file.recurse:
- source: salt://software/phpbb/phpBB/{{ subdir }}
diff --git a/roles/paas-docker/containers/pixelfed.sls b/roles/paas-docker/containers/pixelfed.sls
--- a/roles/paas-docker/containers/pixelfed.sls
+++ b/roles/paas-docker/containers/pixelfed.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['pixelfed'].items() %}
+{% for instance, container in pillar["docker_containers"]["pixelfed"].items() %}
# -------------------------------------------------------------
# Data directory
@@ -46,15 +46,15 @@
- interactive: True
- image: nasqueron/pixelfed
- links:
- - {{ container['links']['redis'] }}:redis
- - {{ container['links']['mysql'] }}:mysql
+ - {{ container["links"]["redis"] }}:redis
+ - {{ container["links"]["mysql"] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: {{ instance }}
- - DB_USERNAME: {{ salt['credentials.get_username'](container['credentials']['mysql']) }}
- - DB_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['mysql']) }}
+ - DB_USERNAME: {{ salt["credentials.get_username"](container["credentials"]["mysql"]) }}
+ - DB_PASSWORD: {{ salt["credentials.get_password"](container["credentials"]["mysql"]) }}
# Port must be defined, as Docker link populates REDIS_PORT to tcp://...:6379
# That gives the following rather strange connection string:
@@ -62,10 +62,10 @@
- REDIS_HOST: redis
- REDIS_PORT: 6379
- - APP_DOMAIN: {{ container['host'] }}
- - APP_KEY: {{ salt['credentials.get_token'](container['credentials']['app_key']) }}
- - APP_NAME: {{ container['app']['title'] }}
- - APP_URL: https://{{ container['host'] }}
+ - APP_DOMAIN: {{ container["host"] }}
+ - APP_KEY: {{ salt["credentials.get_token"](container["credentials"]["app_key"]) }}
+ - APP_NAME: {{ container["app"]["title"] }}
+ - APP_URL: https://{{ container["host"] }}
- BROADCAST_DRIVER: redis
- CACHE_DRIVER: redis
@@ -76,23 +76,23 @@
- MAIL_DRIVER: smtp
- MAIL_HOST: smtp.eu.mailgun.org
- MAIL_PORT: 587
- - MAIL_USERNAME: {{ salt['credentials.get_username'](container['credentials']['mailgun']) }}
- - MAIL_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['mailgun']) }}
- - MAIL_FROM_ADDRESS: no-reply@{{ container['host'] }}
- - MAIL_FROM_NAME: {{ container['app']['title'] }}
+ - MAIL_USERNAME: {{ salt["credentials.get_username"](container["credentials"]["mailgun"]) }}
+ - MAIL_PASSWORD: {{ salt["credentials.get_password"](container["credentials"]["mailgun"]) }}
+ - MAIL_FROM_ADDRESS: no-reply@{{ container["host"] }}
+ - MAIL_FROM_NAME: {{ container["app"]["title"] }}
- SESSION_DRIVER: redis
- - SESSION_DOMAIN: {{ container['host'] }}
+ - SESSION_DOMAIN: {{ container["host"] }}
- SESSION_SECURE_COOKIE: true
- TRUST_PROXIES: '*'
- HTTPS: 1
- - MAX_ALBUM_LENGTH: {{ container['app']['max_album_length'] }}
+ - MAX_ALBUM_LENGTH: {{ container["app"]["max_album_length"] }}
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- ports:
- 80
- port_bindings:
- - {{ container['app_port'] }}:80
+ - {{ container["app_port"] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['postgresql'].items() %}
-{% set image = salt['paas_docker.get_image']("library/postgres", container) %}
+{% for instance, container in pillar["docker_containers"]["postgresql"].items() %}
+{% set image = salt["paas_docker.get_image"]("library/postgres", container) %}
# -------------------------------------------------------------
# Home directory
@@ -44,20 +44,20 @@
- image: {{ image }}
- binds: /srv/{{ instance }}/postgresql:/var/lib/postgresql/data
- environment:
- POSTGRES_USER: {{ salt['credentials.get_username'](container['credential']) }}
- POSTGRES_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
+ POSTGRES_USER: {{ salt["credentials.get_username"](container["credential"]) }}
+ POSTGRES_PASSWORD: {{ salt["credentials.get_password"](container["credential"]) }}
- {% if 'db' in container %}
- POSTGRES_DB: {{ container['db'] }}
+ {% if "db" in container %}
+ POSTGRES_DB: {{ container["db"] }}
{% endif %}
- {% if 'initdb_args' in container %}
- POSTGRES_INITDB_ARGS: {{ container['initdb_args'] }}
+ {% if "initdb_args" in container %}
+ POSTGRES_INITDB_ARGS: {{ container["initdb_args"] }}
{% endif %}
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
--- a/roles/paas-docker/containers/rabbitmq.sls
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['rabbitmq'].items() %}
+{% for instance, container in pillar["docker_containers"]["rabbitmq"].items() %}
# -------------------------------------------------------------
# Storage directory
@@ -25,7 +25,7 @@
- group: 999
- mode: 400
- show_changes: False
- - contents: {{ salt['credentials.get_token'](container['credentials']['erlang_cookie']) }}
+ - contents: {{ salt["credentials.get_token"](container["credentials"]["erlang_cookie"]) }}
{% if has_selinux %}
selinux_context_rabbitmq_data_{{ instance }}:
@@ -49,11 +49,11 @@
- image: nasqueron/rabbitmq
- binds:
- /srv/rabbitmq/{{ instance }}/lib:/var/lib/rabbitmq
- - hostname: {{ container['host'] }}
- - ports: {{ pillar['rabbitmq_ports'] }}
+ - hostname: {{ container["host"] }}
+ - ports: {{ pillar["rabbitmq_ports"] }}
- port_bindings:
-{% for port in pillar['rabbitmq_ports'] %}
- - {{ container['ip'] }}:{{ port }}:{{ port }}
+{% for port in pillar["rabbitmq_ports"] %}
+ - {{ container["ip"] }}:{{ port }}:{{ port }}
{% endfor %}
@@ -67,7 +67,7 @@
- template: jinja
- context:
instance: {{ instance }}
- password: {{ salt['credentials.get_token'](container['credentials']['root']) }}
+ password: {{ salt["credentials.get_token"](container["credentials"]["root"]) }}
- require:
- {{ instance }}
- creates: /srv/rabbitmq/{{ instance }}/.auth-configured
diff --git a/roles/paas-docker/containers/redis.sls b/roles/paas-docker/containers/redis.sls
--- a/roles/paas-docker/containers/redis.sls
+++ b/roles/paas-docker/containers/redis.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['redis'].items() %}
-{% set image = salt['paas_docker.get_image']("library/redis", container) %}
+{% for instance, container in pillar["docker_containers"]["redis"].items() %}
+{% set image = salt["paas_docker.get_image"]("library/redis", container) %}
# -------------------------------------------------------------
# Data directory
@@ -44,9 +44,9 @@
- healthcheck:
Test: redis-cli ping
Interval: 30000000000
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/registry.sls b/roles/paas-docker/containers/registry.sls
--- a/roles/paas-docker/containers/registry.sls
+++ b/roles/paas-docker/containers/registry.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['registry'].items() %}
+{% for instance, container in pillar["docker_containers"]["registry"].items() %}
# -------------------------------------------------------------
# Data directory
@@ -41,6 +41,6 @@
- ports:
- 5000
- port_bindings:
- - 127.0.0.1:{{ container['app_port'] }}:5000 # HTTP
+ - 127.0.0.1:{{ container["app_port"] }}:5000 # HTTP
{% endfor %}
diff --git a/roles/paas-docker/containers/relay.sls b/roles/paas-docker/containers/relay.sls
--- a/roles/paas-docker/containers/relay.sls
+++ b/roles/paas-docker/containers/relay.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['relay'].items() %}
+{% for instance, container in pillar["docker_containers"]["relay"].items() %}
{% set flavour = container.get("flavour", "production") %}
# -------------------------------------------------------------
@@ -67,10 +67,10 @@
- ports:
- 3000
- port_bindings:
- - {{ container['app_port'] }}:3000
+ - {{ container["app_port"] }}:3000
{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/sentry.sls b/roles/paas-docker/containers/sentry.sls
--- a/roles/paas-docker/containers/sentry.sls
+++ b/roles/paas-docker/containers/sentry.sls
@@ -5,13 +5,13 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for realm, realm_args in pillar['sentry_realms'].items() %}
+{% for realm, realm_args in pillar["sentry_realms"].items() %}
/srv/sentry/{{ realm }}:
file.directory:
@@ -77,7 +77,7 @@
# Web application
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in pillar['docker_containers']['sentry'].items() %}
+{% for instance, container in pillar["docker_containers"]["sentry"].items() %}
{{ instance }}:
docker_container.running:
@@ -96,9 +96,9 @@
- ports:
- 9000
- port_bindings:
- - {{ container['app_port'] }}:9000
+ - {{ container["app_port"] }}:9000
{% endif %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/snuba.sls b/roles/paas-docker/containers/snuba.sls
--- a/roles/paas-docker/containers/snuba.sls
+++ b/roles/paas-docker/containers/snuba.sls
@@ -6,7 +6,7 @@
# Notes: Environment follows getsentry/self-hosted
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['snuba'].items() %}
+{% for instance, container in pillar["docker_containers"]["snuba"].items() %}
{% set is_api = container.get("api", False) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/symbolicator.sls b/roles/paas-docker/containers/symbolicator.sls
--- a/roles/paas-docker/containers/symbolicator.sls
+++ b/roles/paas-docker/containers/symbolicator.sls
@@ -6,15 +6,15 @@
# Notes: Environment follows getsentry/self-hosted
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['symbolicator'].items() %}
+{% for instance, container in pillar["docker_containers"]["symbolicator"].items() %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for subdir in ['data', 'etc'] %}
+{% for subdir in ["data", "etc"] %}
/srv/symbolicator/{{ instance }}/{{ subdir }}:
file.directory:
- makedirs: True
diff --git a/roles/paas-docker/containers/tommy.sls b/roles/paas-docker/containers/tommy.sls
--- a/roles/paas-docker/containers/tommy.sls
+++ b/roles/paas-docker/containers/tommy.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for instance, container in pillar['docker_containers']['tommy'].items() %}
+{% for instance, container in pillar["docker_containers"]["tommy"].items() %}
# -------------------------------------------------------------
# Container
@@ -17,14 +17,14 @@
- interactive: True
- image: nasqueron/tommy
- environment:
- - JENKINS_URL: {{ container['jenkins_url'] }}
+ - JENKINS_URL: {{ container["jenkins_url"] }}
{% if "jenkins_multi_branch" in container %}
# We don't use default value, as Ruby idea of truthy is pretty large, including 0
- - JENKINS_MULTI_BRANCH: {{ container['jenkins_multi_branch'] }}
+ - JENKINS_MULTI_BRANCH: {{ container["jenkins_multi_branch"] }}
{% endif %}
- ports:
- 4567
- port_bindings:
- - {{ container['app_port'] }}:4567 # HTTP
+ - {{ container["app_port"] }}:4567 # HTTP
{% endfor %}
diff --git a/roles/paas-docker/containers/zookeeper.sls b/roles/paas-docker/containers/zookeeper.sls
--- a/roles/paas-docker/containers/zookeeper.sls
+++ b/roles/paas-docker/containers/zookeeper.sls
@@ -5,10 +5,10 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
-{% for instance, container in pillar['docker_containers']['zookeeper'].items() %}
-{% set image = salt['paas_docker.get_image']("confluentinc/cp-zookeeper", container) %}
+{% for instance, container in pillar["docker_containers"]["zookeeper"].items() %}
+{% set image = salt["paas_docker.get_image"]("confluentinc/cp-zookeeper", container) %}
# -------------------------------------------------------------
# Data directory
@@ -18,7 +18,7 @@
file.directory:
- makedirs: True
-{% for subdir in ['data', 'log', 'secrets'] %}
+{% for subdir in ["data", "log", "secrets"] %}
# There are several releases of the cp-zookeeper instance,
# Some using "appuser", some "cp-kafka" and some "root".
/srv/zookeeper/{{ instance }}/{{ subdir }}:
@@ -66,8 +66,8 @@
- healthcheck:
Test: echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok
Interval: 30000000000
-{% if 'network' in container %}
+{% if "network" in container %}
- networks:
- - {{ container['network'] }}
+ - {{ container["network"] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/docker/firewall.sls b/roles/paas-docker/docker/firewall.sls
--- a/roles/paas-docker/docker/firewall.sls
+++ b/roles/paas-docker/docker/firewall.sls
@@ -11,7 +11,7 @@
# Firewalld
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['firewall'] == 'firewalld' %}
+{% if services["firewall"] == "firewalld" %}
{{ dirs.etc }}/firewalld/services/prometheus-docker.xml:
file.managed:
@@ -23,6 +23,6 @@
- source: salt://roles/paas-docker/docker/files/firewalld-zones-public.xml.jinja
- template: jinja
- context:
- subnets: {{ salt['paas_docker.get_subnets']() }}
+ subnets: {{ salt["paas_docker.get_subnets"]() }}
{% endif %}
diff --git a/roles/paas-docker/docker/images.sls b/roles/paas-docker/docker/images.sls
--- a/roles/paas-docker/docker/images.sls
+++ b/roles/paas-docker/docker/images.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set images = salt['paas_docker.list_images']() %}
+{% set images = salt["paas_docker.list_images"]() %}
# -------------------------------------------------------------
# Fetch Docker images
diff --git a/roles/paas-docker/docker/networks.sls b/roles/paas-docker/docker/networks.sls
--- a/roles/paas-docker/docker/networks.sls
+++ b/roles/paas-docker/docker/networks.sls
@@ -17,6 +17,6 @@
docker_network.present:
- name: {{ network }}
- driver: bridge
- - subnet: {{ args['subnet'] }}
+ - subnet: {{ args["subnet"] }}
{% endfor %}
diff --git a/roles/paas-docker/docker/software.sls b/roles/paas-docker/docker/software.sls
--- a/roles/paas-docker/docker/software.sls
+++ b/roles/paas-docker/docker/software.sls
@@ -11,7 +11,7 @@
# Install Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'RedHat' and grains['os'] != 'Fedora' %}
+{% if grains["os_family"] == "RedHat" and grains["os"] != "Fedora" %}
remove_legacy_docker_packages:
pkg.removed:
- pkgs:
diff --git a/roles/paas-docker/init.sls b/roles/paas-docker/init.sls
--- a/roles/paas-docker/init.sls
+++ b/roles/paas-docker/init.sls
@@ -19,6 +19,6 @@
- .nginx
- .monitoring
- .wrappers
-{% if salt['node.has']('flags:install_docker_devel_tools') %}
+{% if salt["node.has"]("flags:install_docker_devel_tools") %}
- .devel
{% endif %}
diff --git a/roles/paas-docker/kernel/init.sls b/roles/paas-docker/kernel/init.sls
--- a/roles/paas-docker/kernel/init.sls
+++ b/roles/paas-docker/kernel/init.sls
@@ -5,8 +5,8 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
-{% if salt['file.file_exists']("/etc/tuned") %}
+{% if grains["os_family"] == "RedHat" %}
+{% if salt["file.file_exists"]("/etc/tuned") %}
/etc/tuned/paas-docker:
file.directory
diff --git a/roles/paas-docker/monitoring/init.sls b/roles/paas-docker/monitoring/init.sls
--- a/roles/paas-docker/monitoring/init.sls
+++ b/roles/paas-docker/monitoring/init.sls
@@ -26,5 +26,5 @@
- template: jinja
- context:
checks:
- - {{ salt['paas_docker.get_health_checks']() }}
- - check_docker_containers: {{ salt['paas_docker.list_containers']() }}
+ - {{ salt["paas_docker.get_health_checks"]() }}
+ - check_docker_containers: {{ salt["paas_docker.list_containers"]() }}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -6,7 +6,7 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set containers = pillar.get('docker_containers', {}) %}
+{% set containers = pillar.get("docker_containers", {}) %}
# -------------------------------------------------------------
# vhosts folder
@@ -25,9 +25,9 @@
- source: salt://roles/paas-docker/nginx/files/vhosts/base/server.conf
- template: jinja
- context:
- fqdn: {{ grains['fqdn'] }}
- ipv4: {{ grains['ipv4'] | join(" ") }}
- ipv6: "{{ salt['node.get_ipv6_list']() }}"
+ fqdn: {{ grains["fqdn"] }}
+ ipv4: {{ grains["ipv4"] | join(" ") }}
+ ipv6: "{{ salt["node.get_ipv6_list"]() }}"
/var/log/www/_server:
file.directory:
@@ -43,7 +43,7 @@
- group: root
{% for instance, container in instances.items() %}
-{% if 'host' in container %}
+{% if "host" in container %}
{% set vhost_config = salt["paas_docker.resolve_vhost_config_file"](service) %}
@@ -56,9 +56,9 @@
- context:
service: {{ service }}
instance: {{ instance }}
- fqdn: {{ container['host'] }}
- app_port: {{ container['app_port'] }}
- aliases: {{ container['aliases'] | default('', true) | join(" ") }}
+ fqdn: {{ container["host"] }}
+ app_port: {{ container["app_port"] }}
+ aliases: {{ container["aliases"] | default("", true) | join(" ") }}
# If the nginx configuration needs more key,
# pass directly the container dictionary.
args: {{ container }}
diff --git a/roles/paas-docker/nginx/files/vhosts/hauk.conf b/roles/paas-docker/nginx/files/vhosts/hauk.conf
--- a/roles/paas-docker/nginx/files/vhosts/hauk.conf
+++ b/roles/paas-docker/nginx/files/vhosts/hauk.conf
@@ -34,14 +34,14 @@
include includes/letsencrypt;
- location {{ args['api_entry_point'] }}/ {
+ location {{ args["api_entry_point"] }}/ {
add_header Referrer-Policy same-origin always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag "noindex, nofollow" always;
- rewrite ^{{ args['api_entry_point'] }}(/.*)$ $1 break;
+ rewrite ^{{ args["api_entry_point"] }}(/.*)$ $1 break;
proxy_pass http://localhost:{{ app_port }};
diff --git a/roles/paas-docker/nginx/files/vhosts/openfire.conf b/roles/paas-docker/nginx/files/vhosts/openfire.conf
--- a/roles/paas-docker/nginx/files/vhosts/openfire.conf
+++ b/roles/paas-docker/nginx/files/vhosts/openfire.conf
@@ -35,7 +35,7 @@
include includes/letsencrypt;
location / {
- proxy_pass http://{{ args['ip'] }}:{{ app_port }};
+ proxy_pass http://{{ args["ip"] }}:{{ app_port }};
include includes/proxy_params;
proxy_redirect off;
diff --git a/roles/paas-docker/nginx/files/vhosts/phabricator.conf b/roles/paas-docker/nginx/files/vhosts/phabricator.conf
--- a/roles/paas-docker/nginx/files/vhosts/phabricator.conf
+++ b/roles/paas-docker/nginx/files/vhosts/phabricator.conf
@@ -80,13 +80,13 @@
server {
listen 80;
listen [::]:80;
- server_name {{ args['static_host'] }};
+ server_name {{ args["static_host"] }};
return 301 https://$host$request_uri;
}
server {
- server_name {{ args['static_host'] }};
+ server_name {{ args["static_host"] }};
include includes/tls;
ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
@@ -105,8 +105,8 @@
access_log /var/log/www/{{ service }}/{{ instance }}-access.log;
}
-{%- if 'blogs' in args %}
-{%- for blog_name, blog in args['blogs'].items() %}
+{%- if "blogs" in args %}
+{%- for blog_name, blog in args["blogs"].items() %}
# -------------------------------------------------------------
# Phame domains for {{ blog_name }}
@@ -115,13 +115,13 @@
server {
listen 80;
listen [::]:80;
- server_name {{ blog['host'] }};
+ server_name {{ blog["host"] }};
return 301 https://$host$request_uri;
}
server {
- server_name {{ blog['host'] }};
+ server_name {{ blog["host"] }};
include includes/tls;
ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
@@ -162,7 +162,7 @@
server {
listen 80;
listen [::]:80;
- server_name {{ blog['aliases']|join(' ') }};
+ server_name {{ blog["aliases"]|join(" ") }};
include includes/tls;
ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
@@ -173,7 +173,7 @@
error_log /var/log/www/{{ service }}/{{ instance }}-error.log;
access_log /var/log/www/{{ service }}/{{ instance }}-access.log;
- return 301 https://{{ blog['host'] }}$request_uri;
+ return 301 https://{{ blog["host"] }}$request_uri;
}
{%- endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf b/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
--- a/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
+++ b/roles/paas-docker/nginx/files/vhosts/rabbitmq.conf
@@ -35,7 +35,7 @@
include includes/letsencrypt;
location / {
- proxy_pass http://{{ args['ip'] }}:{{ app_port }};
+ proxy_pass http://{{ args["ip"] }}:{{ app_port }};
include includes/proxy_params;
proxy_redirect off;
diff --git a/roles/paas-docker/nginx/files/vhosts/registry.conf b/roles/paas-docker/nginx/files/vhosts/registry.conf
--- a/roles/paas-docker/nginx/files/vhosts/registry.conf
+++ b/roles/paas-docker/nginx/files/vhosts/registry.conf
@@ -31,7 +31,7 @@
include includes/letsencrypt;
location / {
-{%- for ip in args['allowed_ips'] %}
+{%- for ip in args["allowed_ips"] %}
allow {{ ip }};
{%- endfor %}
deny all;
diff --git a/roles/paas-docker/nginx/files/vhosts/vault.conf b/roles/paas-docker/nginx/files/vhosts/vault.conf
--- a/roles/paas-docker/nginx/files/vhosts/vault.conf
+++ b/roles/paas-docker/nginx/files/vhosts/vault.conf
@@ -32,7 +32,7 @@
include includes/letsencrypt;
location / {
- proxy_pass https://{{ args['ip'] }}:{{ app_port }};
+ proxy_pass https://{{ args["ip"] }}:{{ app_port }};
include includes/proxy_params;
}
diff --git a/roles/paas-docker/nginx/firewall.sls b/roles/paas-docker/nginx/firewall.sls
--- a/roles/paas-docker/nginx/firewall.sls
+++ b/roles/paas-docker/nginx/firewall.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
nginx_enable_firewall:
firewalld.present:
diff --git a/roles/paas-docker/nginx/selinux.sls b/roles/paas-docker/nginx/selinux.sls
--- a/roles/paas-docker/nginx/selinux.sls
+++ b/roles/paas-docker/nginx/selinux.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if grains['os_family'] == 'RedHat' %}
+{% if grains["os_family"] == "RedHat" %}
# On Fedora and downstreams, SELinux restricts the capability
# of HTTP server to connect to external servers.
diff --git a/roles/paas-docker/systemd-unit/init.sls b/roles/paas-docker/systemd-unit/init.sls
--- a/roles/paas-docker/systemd-unit/init.sls
+++ b/roles/paas-docker/systemd-unit/init.sls
@@ -11,7 +11,7 @@
# Helper executables to start and stop containers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for action in ['start', 'stop'] %}
+{% for action in ["start", "stop"] %}
{{ dirs.bin }}/docker-paas-{{ action }}-containers:
file.managed:
@@ -24,7 +24,7 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
docker-containers_unit:
file.managed:
diff --git a/roles/paas-docker/wrappers/init.sls b/roles/paas-docker/wrappers/init.sls
--- a/roles/paas-docker/wrappers/init.sls
+++ b/roles/paas-docker/wrappers/init.sls
@@ -11,14 +11,14 @@
# Wrapper binaries
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for command in ['jenkins', 'phpbb', 'mysql', 'openfire', 'geoipupdate', 'run-report'] %}
+{% for command in ["jenkins", "phpbb", "mysql", "openfire", "geoipupdate", "run-report"] %}
{{ dirs.bin }}/{{ command }}:
file.managed:
- source: salt://roles/paas-docker/wrappers/files/{{ command }}.sh
- mode: 755
{% endfor %}
-{% for command in ['airflow', 'sentry'] %}
+{% for command in ["airflow", "sentry"] %}
{{ dirs.bin }}/{{ command }}:
file.managed:
- source: salt://roles/paas-docker/wrappers/files/run-by-realm.sh.jinja
@@ -28,7 +28,7 @@
service: {{ command }}
{% endfor %}
-{% for command in ['pad-delete'] %}
+{% for command in ["pad-delete"] %}
{{ dirs.bin }}/{{ command }}:
file.managed:
- source: salt://roles/paas-docker/wrappers/files/{{ command }}.py
@@ -39,7 +39,7 @@
# Required directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
/srv/geoip:
file.directory
diff --git a/roles/paas-docker/wwwroot-502/init.sls b/roles/paas-docker/wwwroot-502/init.sls
--- a/roles/paas-docker/wwwroot-502/init.sls
+++ b/roles/paas-docker/wwwroot-502/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
/var/wwwroot-502:
file.recurse:
diff --git a/roles/paas-docker/wwwroot-content/base.sls b/roles/paas-docker/wwwroot-content/base.sls
--- a/roles/paas-docker/wwwroot-content/base.sls
+++ b/roles/paas-docker/wwwroot-content/base.sls
@@ -5,9 +5,9 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-/var/wwwroot-content/{{ grains['fqdn'] }}/index.html:
+/var/wwwroot-content/{{ grains["fqdn"] }}/index.html:
file.managed:
- - contents: Welcome to {{ grains['fqdn'] }}.
+ - contents: Welcome to {{ grains["fqdn"] }}.
- replace: False
- makedirs: True
- mode: 644
diff --git a/roles/paas-docker/wwwroot-content/selinux.sls b/roles/paas-docker/wwwroot-content/selinux.sls
--- a/roles/paas-docker/wwwroot-content/selinux.sls
+++ b/roles/paas-docker/wwwroot-content/selinux.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
{% if has_selinux %}
wwwroot_content_selinux_context:
diff --git a/roles/paas-jails/jails/init.sls b/roles/paas-jails/jails/init.sls
--- a/roles/paas-jails/jails/init.sls
+++ b/roles/paas-jails/jails/init.sls
@@ -23,7 +23,7 @@
- source: salt://roles/paas-jails/jails/files/jail.rc
- template: jinja
- context:
- jails: {{ salt['jails.flatlist']() }}
+ jails: {{ salt["jails.flatlist"]() }}
jails_rc_netif:
file.managed:
@@ -53,8 +53,8 @@
# Build applications/services jails
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for jail in salt['jails.list_jails']() %}
-{% set ips = salt['jails.get_ezjail_ips_parameter'](jail) %}
+{% for jail in salt["jails.list_jails"]() %}
+{% set ips = salt["jails.get_ezjail_ips_parameter"](jail) %}
generate_jail_{{ jail }}:
cmd.run:
- name: ezjail-admin create {{ jail }} {{ ips | yaml_encode }}
diff --git a/roles/paas-lxc/lxc/init.sls b/roles/paas-lxc/lxc/init.sls
--- a/roles/paas-lxc/lxc/init.sls
+++ b/roles/paas-lxc/lxc/init.sls
@@ -13,7 +13,7 @@
pkg.installed:
- pkgs:
- lxc
- {% if grains['os_family'] == 'RedHat' %}
+ {% if grains["os_family"] == "RedHat" %}
- lxc-extra
- lxc-templates
{% endif %}
diff --git a/roles/prometheus/prometheus/service.sls b/roles/prometheus/prometheus/service.sls
--- a/roles/prometheus/prometheus/service.sls
+++ b/roles/prometheus/prometheus/service.sls
@@ -9,7 +9,7 @@
# Prometheus service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/usr/local/etc/rc.d/prometheus:
file.managed:
diff --git a/roles/redis/server/service.sls b/roles/redis/server/service.sls
--- a/roles/redis/server/service.sls
+++ b/roles/redis/server/service.sls
@@ -9,7 +9,7 @@
# Redis service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/redis:
file.managed:
diff --git a/roles/router/carp/files/carp.rc b/roles/router/carp/files/carp.rc
--- a/roles/router/carp/files/carp.rc
+++ b/roles/router/carp/files/carp.rc
@@ -15,8 +15,8 @@
{% for entry in carp_entries %}
-{% set carp_pass = salt['credentials.get_password']('network/carp/' ~ entry.vhid) %}
-{% set prefix = 27 if entry.interface_name == 'intranought' else 32 %}
+{% set carp_pass = salt["credentials.get_password"]("network/carp/" ~ entry.vhid) %}
+{% set prefix = 27 if entry.interface_name == "intranought" else 32 %}
ifconfig_{{ entry.device }}_alias0="inet vhid {{ entry.vhid }} advskew {{ entry.advskew }} pass {{ carp_pass }}{% if entry.peer is defined %} peer {{ entry.peer }}{% endif %} alias {{ entry.vip }}/{{ prefix }}"
diff --git a/roles/router/carp/init.sls b/roles/router/carp/init.sls
--- a/roles/router/carp/init.sls
+++ b/roles/router/carp/init.sls
@@ -12,7 +12,7 @@
- source: salt://roles/router/carp/files/carp.rc
- template: jinja
- context:
- carp_entries: {{ salt['node.get_carp_entries']() }}
+ carp_entries: {{ salt["node.get_carp_entries"]() }}
- mode: '0644'
/boot/loader.conf.d/carp.conf:
@@ -27,7 +27,7 @@
carp_switch_dependencies:
cmd.run:
- name: python3 -m pip install ovh secretsmith
- - creates: {{ salt['python.get_site_packages_directory']() }}/secretsmith
+ - creates: {{ salt["python.get_site_packages_directory"]() }}/secretsmith
/usr/local/etc/secrets/carp-secretsmith.yaml:
file.managed:
diff --git a/roles/saas-mediawiki/data/init.sls b/roles/saas-mediawiki/data/init.sls
--- a/roles/saas-mediawiki/data/init.sls
+++ b/roles/saas-mediawiki/data/init.sls
@@ -8,7 +8,7 @@
/var/dataroot:
file.directory
-{% for store in pillar['mediawiki_datastores'] %}
+{% for store in pillar["mediawiki_datastores"] %}
# $wgUploadDirectory
/var/dataroot/{{ store }}/images:
diff --git a/roles/saas-mediawiki/mediawiki/config.sls b/roles/saas-mediawiki/mediawiki/config.sls
--- a/roles/saas-mediawiki/mediawiki/config.sls
+++ b/roles/saas-mediawiki/mediawiki/config.sls
@@ -17,7 +17,7 @@
- mode: 644
- template: jinja
- context:
- directory: {{ pillar['mediawiki_saas']['directory'] }}
+ directory: {{ pillar["mediawiki_saas"]["directory"] }}
# -------------------------------------------------------------
# MediaWiki logs
diff --git a/roles/saas-mediawiki/mediawiki/interwiki.sls b/roles/saas-mediawiki/mediawiki/interwiki.sls
--- a/roles/saas-mediawiki/mediawiki/interwiki.sls
+++ b/roles/saas-mediawiki/mediawiki/interwiki.sls
@@ -18,7 +18,7 @@
- mode: 644
- template: jinja
- context:
- interwiki: {{ pillar['mediawiki_interwikis'] }}
+ interwiki: {{ pillar["mediawiki_interwikis"] }}
mediawiki_populate_interwiki:
cmd.run:
diff --git a/roles/saas-mediawiki/mediawiki/software.sls b/roles/saas-mediawiki/mediawiki/software.sls
--- a/roles/saas-mediawiki/mediawiki/software.sls
+++ b/roles/saas-mediawiki/mediawiki/software.sls
@@ -37,8 +37,8 @@
# MediaWiki extensions and skins
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for type in ['extensions', 'skins'] %}
-{% for item in salt['pillar.get']('mediawiki_' + type, []) %}
+{% for type in ["extensions", "skins"] %}
+{% for item in salt["pillar.get"]("mediawiki_" + type, []) %}
mediawiki_{{ type }}_repository_{{ item }}:
git.latest:
- name: https://gerrit.wikimedia.org/r/p/mediawiki/{{ type }}/{{ item }}.git
diff --git a/roles/saas-mediawiki/nginx/config.sls b/roles/saas-mediawiki/nginx/config.sls
--- a/roles/saas-mediawiki/nginx/config.sls
+++ b/roles/saas-mediawiki/nginx/config.sls
@@ -21,7 +21,7 @@
- file_mode: 644
- template: jinja
- context:
- saas: {{ pillar['mediawiki_saas'] }}
+ saas: {{ pillar["mediawiki_saas"] }}
# -------------------------------------------------------------
# vhosts folder
diff --git a/roles/saas-mediawiki/software/init.sls b/roles/saas-mediawiki/software/init.sls
--- a/roles/saas-mediawiki/software/init.sls
+++ b/roles/saas-mediawiki/software/init.sls
@@ -17,10 +17,10 @@
- {{ packages.exiftool }}
- exiv2
- {{ packages.imagemagick }}
- - {{ packages['jpeg-turbo'] }}
+ - {{ packages["jpeg-turbo"] }}
- librsvg2
- {{ packages.lua }}
- - {{ packages['mariadb-client'] }}
+ - {{ packages["mariadb-client"] }}
- {{ packages_prefixes.php }}opcache
- rlwrap
@@ -34,4 +34,4 @@
- mode: 755
- template: jinja
- context:
- saas: {{ pillar['mediawiki_saas'] }}
+ saas: {{ pillar["mediawiki_saas"] }}
diff --git a/roles/salt-primary/account/init.sls b/roles/salt-primary/account/init.sls
--- a/roles/salt-primary/account/init.sls
+++ b/roles/salt-primary/account/init.sls
@@ -68,7 +68,7 @@
# Deployers should be able to sudo -u deploy <anything>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for sudofile in ['salt', 'deploy'] %}
+{% for sudofile in ["salt", "deploy"] %}
salt_sudo_capabilities_{{ sudofile }}:
file.managed:
- name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
diff --git a/roles/salt-primary/service/init.sls b/roles/salt-primary/service/init.sls
--- a/roles/salt-primary/service/init.sls
+++ b/roles/salt-primary/service/init.sls
@@ -15,7 +15,7 @@
# but isn't an endorsement of such terminology.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == "rc" %}
+{% if services["manager"] == "rc" %}
{{ dirs.etc }}/rc.d/salt_master:
file.patch:
diff --git a/roles/shellserver/odderon/service.sls b/roles/shellserver/odderon/service.sls
--- a/roles/shellserver/odderon/service.sls
+++ b/roles/shellserver/odderon/service.sls
@@ -12,7 +12,7 @@
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
odderon_unit:
file.managed:
diff --git a/roles/shellserver/quassel-core/changepassword.sls b/roles/shellserver/quassel-core/changepassword.sls
--- a/roles/shellserver/quassel-core/changepassword.sls
+++ b/roles/shellserver/quassel-core/changepassword.sls
@@ -34,4 +34,4 @@
- context:
dirs: {{ dirs }}
quassel: {{ quassel }}
- users: {{ pillar['quassel_users'] }}
+ users: {{ pillar["quassel_users"] }}
diff --git a/roles/shellserver/quassel-core/map.jinja b/roles/shellserver/quassel-core/map.jinja
--- a/roles/shellserver/quassel-core/map.jinja
+++ b/roles/shellserver/quassel-core/map.jinja
@@ -5,13 +5,13 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set quassel = salt['grains.filter_by']({
- 'Arch' : {
- 'user': 'quassel',
- 'group': 'quassel',
+{% set quassel = salt["grains.filter_by"]({
+ "Arch" : {
+ "user": "quassel",
+ "group": "quassel",
},
- 'Debian': {
- 'user': 'quasselcore',
- 'group': 'quassel',
+ "Debian": {
+ "user": "quasselcore",
+ "group": "quassel",
},
-}, default='Arch') %}
+}, default="Arch") %}
diff --git a/roles/shellserver/quassel-core/software.sls b/roles/shellserver/quassel-core/software.sls
--- a/roles/shellserver/quassel-core/software.sls
+++ b/roles/shellserver/quassel-core/software.sls
@@ -16,7 +16,7 @@
# Dependencies
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
libqt5sql5-psql:
pkg.installed
{% endif %}
diff --git a/roles/shellserver/userland-software/base.sls b/roles/shellserver/userland-software/base.sls
--- a/roles/shellserver/userland-software/base.sls
+++ b/roles/shellserver/userland-software/base.sls
@@ -48,14 +48,14 @@
- unrar
- whois
- zip
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- bsdmainutils
- dnsutils
- sockstat
- sysvbanner
- toilet-fonts
{% endif %}
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- bind-tools
- coreutils
- figlet-fonts
@@ -112,7 +112,7 @@
- git-lfs
- jq
- valgrind
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- hub
{% else %}
- arcanist
@@ -121,7 +121,7 @@
- strace
{% endif %}
-{% if grains['os_family'] == 'Debian' %}
+{% if grains["os_family"] == "Debian" %}
dev_popular_libs:
pkg.installed:
- pkgs:
@@ -135,7 +135,7 @@
languages_removed:
pkg.removed:
- pkgs:
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- php7.0
- php7.1
- php7.2
@@ -143,7 +143,7 @@
- php7.4
- php8.0
- php8.1
- {% elif grains['os'] == 'FreeBSD' %}
+ {% elif grains["os"] == "FreeBSD" %}
- php70
- php71
- php72
@@ -159,9 +159,9 @@
- python3
- name: {{ packages_prefixes.python3 }}pip
- {{ packages.tcl }}
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- php8.2
- {% elif grains['os'] == 'FreeBSD' %}
+ {% elif grains["os"] == "FreeBSD" %}
- php83
{% endif %}
@@ -182,7 +182,7 @@
- {{ packages_prefixes.php }}xml
- {{ packages_prefixes.php }}xsl
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- {{ packages_prefixes.php }}json
# On Debian, these PDO extensions doesn't follow regular names
@@ -224,7 +224,7 @@
# PHP utilities
- {{ packages.composer }}
- {% if grains['os'] != 'FreeBSD' %}
+ {% if grains["os"] != "FreeBSD" %}
# On FreeBSD, PEAR is still a PHP 5.6 package (last tested 2018-02-17).
# Same for Composer (last tested 2018-02-28)
- {{ packages.pear }}
@@ -232,7 +232,7 @@
{% endif %}
# Standard Python modules
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
- {{ packages_prefixes.python3 }}gdbm
- {{ packages_prefixes.python3 }}sqlite3
{% endif %}
@@ -250,11 +250,11 @@
# Workaround : install phpcs on FreeBSD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/opt/phpcs:
file.directory
-{% for command in ['phpcs', 'phpcbf'] %}
+{% for command in ["phpcs", "phpcbf"] %}
/opt/phpcs/{{ command }}:
file.managed:
- source: https://squizlabs.github.io/PHP_CodeSniffer/{{ command }}.phar
@@ -276,8 +276,8 @@
spelling:
pkg.installed:
- pkgs:
- - {{ packages['aspell-en'] }}
- - {{ packages['aspell-fr'] }}
+ - {{ packages["aspell-en"] }}
+ - {{ packages["aspell-fr"] }}
- {{ packages.verbiste }}
# -------------------------------------------------------------
diff --git a/roles/shellserver/userland-software/irc.sls b/roles/shellserver/userland-software/irc.sls
--- a/roles/shellserver/userland-software/irc.sls
+++ b/roles/shellserver/userland-software/irc.sls
@@ -17,7 +17,7 @@
- irssi
- irssi-scripts
- weechat
- {% if grains['os'] != 'Debian' and grains['os'] != 'Ubuntu' %}
+ {% if grains["os"] != "Debian" and grains["os"] != "Ubuntu" %}
# Reference: supremetechs.com/tag/bitchx-removed-from-debian
- bitchx
{% endif %}
@@ -37,10 +37,10 @@
- {{ packages["c-ares"] }}
- libtool
- swig
- {% if grains['os_family'] == 'Debian' %}
+ {% if grains["os_family"] == "Debian" %}
- tcl-dev
{% endif %}
- {% if grains['os_family'] == 'RedHat' %}
+ {% if grains["os_family"] == "RedHat" %}
- tcl-devel
{% endif %}
diff --git a/roles/shellserver/vault/config.sls b/roles/shellserver/vault/config.sls
--- a/roles/shellserver/vault/config.sls
+++ b/roles/shellserver/vault/config.sls
@@ -21,7 +21,7 @@
- template: jinja
- context:
certificates_dir: {{ dirs.etc }}/certificates/vault
- id: {{ grains['id'] }}
+ id: {{ grains["id"] }}
# -------------------------------------------------------------
# Vault directories
@@ -38,7 +38,7 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if services['manager'] == 'systemd' %}
+{% if services["manager"] == "systemd" %}
/lib/systemd/system/vault.service:
file.managed:
- source: salt://roles/shellserver/vault/files/vault.service
diff --git a/roles/shellserver/vhosts/init.sls b/roles/shellserver/vhosts/init.sls
--- a/roles/shellserver/vhosts/init.sls
+++ b/roles/shellserver/vhosts/init.sls
@@ -11,7 +11,7 @@
/etc/vhosts:
file.managed:
- - source: salt://roles/shellserver/vhosts/files/vhosts.{{ grains['id'] }}
+ - source: salt://roles/shellserver/vhosts/files/vhosts.{{ grains["id"] }}
- mode: 644
# -------------------------------------------------------------
diff --git a/roles/shellserver/web-hosting/init.sls b/roles/shellserver/web-hosting/init.sls
--- a/roles/shellserver/web-hosting/init.sls
+++ b/roles/shellserver/web-hosting/init.sls
@@ -15,7 +15,7 @@
nginx_config_files:
file.recurse:
- name: {{ dirs.etc }}/nginx
- - source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/nginx
+ - source: salt://roles/shellserver/web-hosting/files/{{ grains["id"] }}/nginx
- include_empty: True
- clean: False
- dir_mode: 755
@@ -51,6 +51,6 @@
unknown_domain_files:
file.recurse:
- name: /var/wwwroot/unknown_domains
- - source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/wwwroot-unknown
+ - source: salt://roles/shellserver/web-hosting/files/{{ grains["id"] }}/wwwroot-unknown
- dir_mode: 755
- file_mode: 644
diff --git a/roles/vault/policies/init.sls b/roles/vault/policies/init.sls
--- a/roles/vault/policies/init.sls
+++ b/roles/vault/policies/init.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set policies_path = pillar['vault_policies_path'] %}
+{% set policies_path = pillar["vault_policies_path"] %}
# -------------------------------------------------------------
# Policies storage folder
@@ -19,7 +19,7 @@
# Policies from vault_policies pillar entry
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for policy in pillar['vault_policies'] %}
+{% for policy in pillar["vault_policies"] %}
{% set policy_path = policies_path + "/" + policy + ".hcl" %}
{{ policy_path }}:
@@ -52,7 +52,7 @@
# Policies per nodes intended to be used through Salt
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for node, rules in salt['credentials.build_policies_by_node']().items() %}
+{% for node, rules in salt["credentials.build_policies_by_node"]().items() %}
salt-node-{{ node }}:
vault.policy_present:
- rules: |
diff --git a/roles/vault/vault/init.sls b/roles/vault/vault/init.sls
--- a/roles/vault/vault/init.sls
+++ b/roles/vault/vault/init.sls
@@ -6,7 +6,7 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set network = salt['node.resolve_network']() %}
+{% set network = salt["node.resolve_network"]() %}
# -------------------------------------------------------------
# Software
@@ -34,8 +34,8 @@
- mode: 644
- template: jinja
- context:
- id: {{ grains['id'] }}
- ip: {{ network['ipv4_address'] }}
+ id: {{ grains["id"] }}
+ ip: {{ network["ipv4_address"] }}
certificates_available: {{ salt["file.file_exists"]("/usr/local/etc/certificates/vault/fullchain.pem") }}
# -------------------------------------------------------------
diff --git a/roles/viperserv/account/init.sls b/roles/viperserv/account/init.sls
--- a/roles/viperserv/account/init.sls
+++ b/roles/viperserv/account/init.sls
@@ -12,19 +12,19 @@
# Service accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for username, user in pillar['viperserv_accounts'].items() %}
+{% for username, user in pillar["viperserv_accounts"].items() %}
viperserv_account_{{ username }}:
user.present:
- name: {{ username }}
- - fullname: {{ user['fullname'] }}
- - uid: {{ user['uid'] }}
+ - fullname: {{ user["fullname"] }}
+ - uid: {{ user["uid"] }}
- gid: nasqueron-irc
- home: {{ dirs.share }}/{{ username }}
/var/run/{{ username }}:
file.directory:
- - user: {{ user['uid'] }}
+ - user: {{ user["uid"] }}
- group: nasqueron-irc
- dir_mode: 711
@@ -47,5 +47,5 @@
- source: salt://roles/viperserv/account/files/viperserv.sudoers
- template: jinja
- context:
- accounts: {{ pillar['viperserv_accounts'] }}
- bots: {{ pillar['viperserv_bots'] }}
+ accounts: {{ pillar["viperserv_accounts"] }}
+ bots: {{ pillar["viperserv_bots"] }}
diff --git a/roles/viperserv/eggdrop/config.sls b/roles/viperserv/eggdrop/config.sls
--- a/roles/viperserv/eggdrop/config.sls
+++ b/roles/viperserv/eggdrop/config.sls
@@ -12,11 +12,11 @@
# and specific configuration file.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for botname, bot in pillar['viperserv_bots'].items() %}
+{% for botname, bot in pillar["viperserv_bots"].items() %}
/srv/viperserv/{{ botname }}:
file.directory:
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
- dir_mode: 770
@@ -26,16 +26,16 @@
# Logs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for botname, bot in pillar['viperserv_bots'].items() %}
+{% for botname, bot in pillar["viperserv_bots"].items() %}
/srv/viperserv/logs/{{ botname }}:
file.directory:
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
/srv/viperserv/logs/{{ botname }}.log:
file.managed:
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
- mode: 660
- replace: False
@@ -66,41 +66,41 @@
host: {{ pillar["nasqueron_services"]["db-b"] }}
database: Nasqueron
vault:
- approle: {{ salt['credentials.read_secret']('nasqueron/viperserv/vault') }}
+ approle: {{ salt["credentials.read_secret"]("nasqueron/viperserv/vault") }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
-{% for botname, bot in pillar['viperserv_bots'].items() %}
+{% for botname, bot in pillar["viperserv_bots"].items() %}
/srv/viperserv/{{ botname }}/eggdrop.conf:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/eggdrop-bot.conf
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
- mode: 755
- template: jinja
- context:
botname: {{ botname }}
- realname: {{ bot['realname'] | default(botname) }}
- scripts: {{ bot['scripts'] }}
- modules: {{ bot['modules'] | default([]) }}
- runas: {{ bot['runas'] | default('viperserv') }}
- nickserv: {{ bot['nickserv'] | default(False) }}
- listen: {{ bot['listen'] | default(False) }}
+ realname: {{ bot["realname"] | default(botname) }}
+ scripts: {{ bot["scripts"] }}
+ modules: {{ bot["modules"] | default([]) }}
+ runas: {{ bot["runas"] | default("viperserv") }}
+ nickserv: {{ bot["nickserv"] | default(False) }}
+ listen: {{ bot["listen"] | default(False) }}
/srv/viperserv/{{ botname }}/motd:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/motd/{{ botname }}
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
/srv/viperserv/{{ botname }}/banner:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/banner
- - user: {{ bot['runas'] | default('viperserv') }}
+ - user: {{ bot["runas"] | default("viperserv") }}
- group: nasqueron-irc
- template: jinja
- context:
bot: {{ botname }}
- server: {{ grains['id'] }}
+ server: {{ grains["id"] }}
{% endfor %}
diff --git a/roles/viperserv/eggdrop/cron.sls b/roles/viperserv/eggdrop/cron.sls
--- a/roles/viperserv/eggdrop/cron.sls
+++ b/roles/viperserv/eggdrop/cron.sls
@@ -13,14 +13,14 @@
def get_etc_dir():
- if __grains__['os'] == 'FreeBSD':
+ if __grains__["os"] == 'FreeBSD':
return "/usr/local/etc"
return "/etc"
def get_bin_dir():
- if __grains__['os'] == 'FreeBSD':
+ if __grains__["os"] == 'FreeBSD':
return "/usr/local/bin"
return "/bin"
@@ -30,8 +30,8 @@
'''Filter eggdrops to select the ones with ensure_is_live: True'''
return [botname
for botname, bot
- in __pillar__['viperserv_bots'].items()
- if 'ensure_is_live' in bot and bot['ensure_is_live']]
+ in __pillar__["viperserv_bots"].items()
+ if 'ensure_is_live' in bot and bot["ensure_is_live"]]
# -------------------------------------------------------------
diff --git a/roles/viperserv/eggdrop/service.sls b/roles/viperserv/eggdrop/service.sls
--- a/roles/viperserv/eggdrop/service.sls
+++ b/roles/viperserv/eggdrop/service.sls
@@ -5,13 +5,13 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set bots = ' '.join(pillar['viperserv_bots'].keys()) %}
+{% set bots = " ".join(pillar["viperserv_bots"].keys()) %}
# -------------------------------------------------------------
# Install service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/usr/local/etc/rc.d/eggdrop:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/rc/eggdrop
@@ -22,7 +22,7 @@
# Configure service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
/etc/rc.conf.d/eggdrop:
file.directory
@@ -34,13 +34,13 @@
- context:
bots: {{ bots }}
-{% for botname, bot in pillar['viperserv_bots'].items() %}
+{% for botname, bot in pillar["viperserv_bots"].items() %}
/etc/rc.conf.d/eggdrop/{{ botname }}:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/rc/per_instance
- template: jinja
- context:
- runas: {{ bot['runas'] | default('') }}
+ runas: {{ bot["runas"] | default("") }}
botname: {{ botname }}
{% endfor %}
diff --git a/roles/viperserv/eggdrop/software.sls b/roles/viperserv/eggdrop/software.sls
--- a/roles/viperserv/eggdrop/software.sls
+++ b/roles/viperserv/eggdrop/software.sls
@@ -59,7 +59,7 @@
- require:
- file: /srv/viperserv
-{% for eggdir in ['doc', 'help', 'language'] %}
+{% for eggdir in ["doc", "help", "language"] %}
/srv/viperserv/{{ eggdir }}:
file.symlink:
- target: /opt/eggdrop/{{ eggdir }}
diff --git a/roles/viperserv/fantoir/init.sls b/roles/viperserv/fantoir/init.sls
--- a/roles/viperserv/fantoir/init.sls
+++ b/roles/viperserv/fantoir/init.sls
@@ -28,8 +28,8 @@
/srv/viperserv/data/dist/fantoir.zip:
file.managed:
- - source: {{ pillar['fantoir']['dataset_url'] }}
- - source_hash: {{ pillar['fantoir']['dataset_hash'] }}
+ - source: {{ pillar["fantoir"]["dataset_url"] }}
+ - source_hash: {{ pillar["fantoir"]["dataset_hash"] }}
- user: viperserv
- group: nasqueron-irc
@@ -45,7 +45,7 @@
/srv/viperserv/data/FANTOIR.txt:
file.symlink:
- - target: /srv/viperserv/data/{{ pillar['fantoir']['distname'] }}
+ - target: /srv/viperserv/data/{{ pillar["fantoir"]["distname"] }}
- user: viperserv
- group: nasqueron-irc
- require:
diff --git a/roles/viperserv/rabbitmq-tcl/init.sls b/roles/viperserv/rabbitmq-tcl/init.sls
--- a/roles/viperserv/rabbitmq-tcl/init.sls
+++ b/roles/viperserv/rabbitmq-tcl/init.sls
@@ -28,7 +28,7 @@
- user: builder
rabbitmq-tcl_build:
- {% if grains['os'] == 'FreeBSD' %}
+ {% if grains["os"] == "FreeBSD" %}
file.managed:
- name: /opt/rabbitmq-tcl/Makefile-FreeBSD.patch
- source: salt://roles/viperserv/rabbitmq-tcl/files/Makefile-FreeBSD.patch
diff --git a/roles/viperserv/wikidata-access-layer/code.sls b/roles/viperserv/wikidata-access-layer/code.sls
--- a/roles/viperserv/wikidata-access-layer/code.sls
+++ b/roles/viperserv/wikidata-access-layer/code.sls
@@ -21,7 +21,7 @@
- user: viperserv
- group: nasqueron-irc
-{% for script in ['create_given_name', 'create_surname'] %}
+{% for script in ["create_given_name", "create_surname"] %}
{{ dirs.share }}/viperserv/bin/{{ script }}:
file.symlink:
- target: /srv/wikidata-access-layer/{{ script }}
diff --git a/roles/webserver-alkane/account/init.sls b/roles/webserver-alkane/account/init.sls
--- a/roles/webserver-alkane/account/init.sls
+++ b/roles/webserver-alkane/account/init.sls
@@ -19,8 +19,8 @@
# The 9003 group matches "web" group, see webserver-core/nginx
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for domains_group in pillar['web_domains'] %}
-{% for domain in pillar['web_domains'][domains_group] %}
+{% for domains_group in pillar["web_domains"] %}
+{% for domain in pillar["web_domains"][domains_group] %}
webserver_user_{{ domain }}:
user.present:
- name: {{ domain }}
@@ -36,15 +36,15 @@
# Those accounts are intended to serve content through php-fpm.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for fqdn, site in pillar['web_php_sites'].items() %}
-{% if 'skipCreateUser' not in site or not site['skipCreateUser'] %}
+{% for fqdn, site in pillar["web_php_sites"].items() %}
+{% if "skipCreateUser" not in site or not site["skipCreateUser"] %}
-webserver_user_{{ site['user'] }}:
+webserver_user_{{ site["user"] }}:
user.present:
- - name: {{ site['user' ] }}
+ - name: {{ site["user" ] }}
- fullname: {{ fqdn }}
-{% if 'uid' in site %}
- - uid: {{ site['uid'] }}
+{% if "uid" in site %}
+ - uid: {{ site["uid"] }}
{% endif %}
- gid: 9003
- system: True
diff --git a/roles/webserver-alkane/alkane/init.sls b/roles/webserver-alkane/alkane/init.sls
--- a/roles/webserver-alkane/alkane/init.sls
+++ b/roles/webserver-alkane/alkane/init.sls
@@ -6,7 +6,7 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages, services with context %}
-{% set network = salt['node.resolve_network']() %}
+{% set network = salt["node.resolve_network"]() %}
# -------------------------------------------------------------
# Software
diff --git a/roles/webserver-alkane/directories/init.sls b/roles/webserver-alkane/directories/init.sls
--- a/roles/webserver-alkane/directories/init.sls
+++ b/roles/webserver-alkane/directories/init.sls
@@ -10,8 +10,8 @@
- group: web
- dir_mode: 711
-{% for domains_group in pillar['web_domains'] %}
-{% for domain in pillar['web_domains'][domains_group] %}
+{% for domains_group in pillar["web_domains"] %}
+{% for domain in pillar["web_domains"][domains_group] %}
webserver_directory_{{ domain }}:
file.directory:
- name: /var/wwwroot/{{ domain }}
diff --git a/roles/webserver-alkane/php/cleanup.sls b/roles/webserver-alkane/php/cleanup.sls
--- a/roles/webserver-alkane/php/cleanup.sls
+++ b/roles/webserver-alkane/php/cleanup.sls
@@ -14,7 +14,7 @@
def get_etc_dir():
- if __grains__['os'] == 'FreeBSD':
+ if __grains__["os"] == "FreeBSD":
return "/usr/local/etc"
return "/etc"
@@ -23,10 +23,10 @@
def files_to_delete_if_they_exist():
files = []
etc_dir = get_etc_dir()
- for instance in __pillar__['php_fpm_instances']:
- files.extend([etc_dir + "/php-fpm.d/" + instance + "-pools/" + site['user'] + ".conf"
- for _, site in __pillar__['web_php_sites'].items()
- if site['php-fpm'] != instance])
+ for instance in __pillar__["php_fpm_instances"]:
+ files.extend([etc_dir + "/php-fpm.d/" + instance + "-pools/" + site["user"] + ".conf"
+ for _, site in __pillar__["web_php_sites"].items()
+ if site["php-fpm"] != instance])
return files
diff --git a/roles/webserver-alkane/php/files/php-fpm-pool.conf b/roles/webserver-alkane/php/files/php-fpm-pool.conf
--- a/roles/webserver-alkane/php/files/php-fpm-pool.conf
+++ b/roles/webserver-alkane/php/files/php-fpm-pool.conf
@@ -46,7 +46,7 @@
php_value[{{ key }}] = {{ value }}
{% endfor -%}
-{% if 'wordpress' in capabilities -%}
+{% if "wordpress" in capabilities -%}
; Allow Wordpress to process large images
php_value[memory_limit] = 1024M
{%- endif %}
diff --git a/roles/webserver-alkane/php/php-fpm.sls b/roles/webserver-alkane/php/php-fpm.sls
--- a/roles/webserver-alkane/php/php-fpm.sls
+++ b/roles/webserver-alkane/php/php-fpm.sls
@@ -11,7 +11,7 @@
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, config in pillar['php_fpm_instances'].items() %}
+{% for instance, config in pillar["php_fpm_instances"].items() %}
php-fpm_config_{{ instance }}:
file.managed:
@@ -37,29 +37,29 @@
- group: web
- dir_mode: 711
-{% for fqdn, site in pillar['web_php_sites'].items() %}
+{% for fqdn, site in pillar["web_php_sites"].items() %}
-php-fpm_pool_{{ site['user'] }}:
+php-fpm_pool_{{ site["user"] }}:
file.managed:
- - name: {{ dirs.etc }}/php-fpm.d/{{ site['php-fpm'] }}-pools/{{ site['user'] }}.conf
+ - name: {{ dirs.etc }}/php-fpm.d/{{ site["php-fpm"] }}-pools/{{ site["user"] }}.conf
- source: salt://roles/webserver-alkane/php/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
- domain: {{ site['domain'] }}
- subdomain: {{ site['subdomain'] }}
- user: {{ site['user' ] }}
- display_errors: {{ site['display_errors'] | default('off') }}
- slow_delay: {{ site['slow_delay'] | default('5s') }}
- php_flags: {{ site['php_flags'] | default({}) }}
- php_values: {{ site['php_values'] | default({}) }}
- env : {{ site['env'] | default({}) }}
- capabilities: {{ site['capabilities'] | default([]) }}
-
-/var/log/www/{{ site['domain' ] }}/{{ site['subdomain' ] }}-php.log:
+ domain: {{ site["domain"] }}
+ subdomain: {{ site["subdomain"] }}
+ user: {{ site["user" ] }}
+ display_errors: {{ site["display_errors"] | default("off") }}
+ slow_delay: {{ site["slow_delay"] | default("5s") }}
+ php_flags: {{ site["php_flags"] | default({}) }}
+ php_values: {{ site["php_values"] | default({}) }}
+ env : {{ site["env"] | default({}) }}
+ capabilities: {{ site["capabilities"] | default([]) }}
+
+/var/log/www/{{ site["domain" ] }}/{{ site["subdomain" ] }}-php.log:
file.managed:
- replace: False
- - user: {{ site['user'] }}
+ - user: {{ site["user"] }}
- group: web
- chmod: 600
@@ -79,9 +79,9 @@
- mode: 1770
- group: web
-{% for fqdn, site in pillar['web_php_sites'].items() %}
+{% for fqdn, site in pillar["web_php_sites"].items() %}
/var/tmp/php/sessions/{{ fqdn }}:
file.directory:
- mode: 700
- - user: {{ site['user'] }}
+ - user: {{ site["user"] }}
{% endfor %}
diff --git a/roles/webserver-alkane/php/php.sls b/roles/webserver-alkane/php/php.sls
--- a/roles/webserver-alkane/php/php.sls
+++ b/roles/webserver-alkane/php/php.sls
@@ -7,7 +7,7 @@
{% from "map.jinja" import dirs, packages, packages_prefixes with context %}
-{% set is_devserver = salt['node.has_role']('devserver') %}
+{% set is_devserver = salt["node.has_role"]("devserver") %}
# -------------------------------------------------------------
# Install PHP through packages
@@ -94,7 +94,7 @@
- optimize_opcache
{% endif %}
-{% for build in pillar.get('php_custom_builds', {}) %}
+{% for build in pillar.get("php_custom_builds", {}) %}
/opt/php/{{ build }}/lib/php.ini:
file.managed:
- source: {{ dirs.etc }}/php.ini:
diff --git a/roles/webserver-alkane/php/service.sls b/roles/webserver-alkane/php/service.sls
--- a/roles/webserver-alkane/php/service.sls
+++ b/roles/webserver-alkane/php/service.sls
@@ -9,9 +9,9 @@
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
+{% if grains["os"] == "FreeBSD" %}
-{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
+{% set instances = " ".join(pillar["php_fpm_instances"].keys()) %}
/usr/local/etc/rc.d/php-fpm:
file.managed:
@@ -36,14 +36,14 @@
- context:
instances: {{ instances }}
-{% for instance, config in pillar['php_fpm_instances'].items() %}
+{% for instance, config in pillar["php_fpm_instances"].items() %}
/etc/rc.conf.d/php_fpm/{{ instance }}:
file.managed:
- source: salt://roles/webserver-alkane/php/files/rc/per_instance
- template: jinja
- context:
instance: {{ instance }}
- command: {{ config['command'] | default('') }}
+ command: {{ config["command"] | default("") }}
{% endfor %}
{% endif %}
diff --git a/roles/webserver-content/org/eglide/www.sls b/roles/webserver-content/org/eglide/www.sls
--- a/roles/webserver-content/org/eglide/www.sls
+++ b/roles/webserver-content/org/eglide/www.sls
@@ -9,7 +9,7 @@
# Deploy /opt/staging/wwwroot/eglide.org/www to www.eglide.org
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% set wwwroot = salt['node.get_wwwroot']() %}
+{% set wwwroot = salt["node.get_wwwroot"]() %}
{% set wwwuser = "www-data" %}
{% set wwwgroup = "www-data" %}
diff --git a/roles/webserver-content/org/nasqueron/labs.sls b/roles/webserver-content/org/nasqueron/labs.sls
--- a/roles/webserver-content/org/nasqueron/labs.sls
+++ b/roles/webserver-content/org/nasqueron/labs.sls
@@ -30,7 +30,7 @@
# Labs directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for lab in pillar['web_labs'] %}
+{% for lab in pillar["web_labs"] %}
labs_lab_directory_{{ lab }}:
file.recurse:
- name: /var/wwwroot/nasqueron.org/labs/{{ lab }}
diff --git a/roles/webserver-content/org/wolfplex/api.sls b/roles/webserver-content/org/wolfplex/api.sls
--- a/roles/webserver-content/org/wolfplex/api.sls
+++ b/roles/webserver-content/org/wolfplex/api.sls
@@ -20,7 +20,7 @@
- show_changes: False
- context:
secrets:
- etherpad.api.key: {{ salt['credentials.get_token']("nasqueron/etherpad/api") }}
+ etherpad.api.key: {{ salt["credentials.get_token"]("nasqueron/etherpad/api") }}
# -------------------------------------------------------------
# Base part
diff --git a/roles/webserver-content/space/hypership/www.sls b/roles/webserver-content/space/hypership/www.sls
--- a/roles/webserver-content/space/hypership/www.sls
+++ b/roles/webserver-content/space/hypership/www.sls
@@ -57,7 +57,7 @@
file.directory:
- user: web-space-hypership-www
-{% for subdir in ['compiled', 'openid', 'sessions'] %}
+{% for subdir in ["compiled", "openid", "sessions"] %}
/var/dataroot/zed/cache/{{ subdir }}:
file.directory:
- user: web-space-hypership-www
diff --git a/roles/webserver-core/nginx/config.sls b/roles/webserver-core/nginx/config.sls
--- a/roles/webserver-core/nginx/config.sls
+++ b/roles/webserver-core/nginx/config.sls
@@ -8,7 +8,7 @@
{% from "map.jinja" import dirs with context %}
{% from "roles/webserver-core/map.jinja" import options with context %}
-{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
# Accounts - web group
diff --git a/roles/webserver-legacy/jenkins-cd/content.sls b/roles/webserver-legacy/jenkins-cd/content.sls
--- a/roles/webserver-legacy/jenkins-cd/content.sls
+++ b/roles/webserver-legacy/jenkins-cd/content.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set subdomains = salt['node.filter_by_role']('web_content_jenkins_cd') %}
+{% set subdomains = salt["node.filter_by_role"]("web_content_jenkins_cd") %}
{% for subdomain in subdomains %}
/var/run/deploy/{{ subdomain }}.nasqueron.org:
diff --git a/roles/webserver-legacy/php-sites/files.sls b/roles/webserver-legacy/php-sites/files.sls
--- a/roles/webserver-legacy/php-sites/files.sls
+++ b/roles/webserver-legacy/php-sites/files.sls
@@ -9,18 +9,18 @@
# Sites content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for site in pillar['web_php_sites'].values() %}
+{% for site in pillar["web_php_sites"].values() %}
-{% if 'target' in site %}
+{% if "target" in site %}
-{{ site['target'] }}:
+{{ site["target"] }}:
file.recurse:
- - source: salt://{{ site['source'] }}
+ - source: salt://{{ site["source"] }}
- exclude_pat: E@.git
- include_empty: True
- dir_mode: 711
- file_mode: keep
- - user: {{ site['user'] }}
+ - user: {{ site["user"] }}
- group: web
{% endif %}
diff --git a/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf b/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
--- a/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
+++ b/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
@@ -36,7 +36,7 @@
php_flag[display_startup_errors] = {{ display_errors }}
php_admin_flag[log_errors] = on
-{% if 'wordpress' in capabilities -%}
+{% if "wordpress" in capabilities -%}
; Allow Wordpress to process large images
php_value[memory_limit] = 1024M
{%- endif %}
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-legacy/php-sites/php-fpm.sls
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-legacy/php-sites/php-fpm.sls
@@ -11,7 +11,7 @@
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, config in pillar['php_fpm_instances'].items() %}
+{% for instance, config in pillar["php_fpm_instances"].items() %}
php-fpm_config_{{ instance }}:
file.managed:
@@ -37,27 +37,27 @@
- group: web
- dir_mode: 711
-{% for fqdn, site in pillar['web_php_sites'].items() %}
+{% for fqdn, site in pillar["web_php_sites"].items() %}
-php-fpm_pool_{{ site['user'] }}:
+php-fpm_pool_{{ site["user"] }}:
file.managed:
- - name: {{ dirs.etc }}/php-fpm.d/{{ site['php-fpm'] }}-pools/{{ site['user'] }}.conf
+ - name: {{ dirs.etc }}/php-fpm.d/{{ site["php-fpm"] }}-pools/{{ site["user"] }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
- domain: {{ site['domain'] }}
- subdomain: {{ site['subdomain'] }}
- user: {{ site['user' ] }}
- display_errors: {{ site['display_errors']|default('off') }}
- slow_delay: {{ site['slow_delay']|default('5s') }}
- env : {{ site['env']|default({}) }}
- capabilities: {{ site['capabilities']|default([]) }}
+ domain: {{ site["domain"] }}
+ subdomain: {{ site["subdomain"] }}
+ user: {{ site["user" ] }}
+ display_errors: {{ site["display_errors"]|default("off") }}
+ slow_delay: {{ site["slow_delay"]|default("5s") }}
+ env : {{ site["env"]|default({}) }}
+ capabilities: {{ site["capabilities"]|default([]) }}
-/var/log/www/{{ site['domain' ] }}/{{ site['subdomain' ] }}-php.log:
+/var/log/www/{{ site["domain" ] }}/{{ site["subdomain" ] }}-php.log:
file.managed:
- replace: False
- - user: {{ site['user'] }}
+ - user: {{ site["user"] }}
- group: web
- chmod: 600
diff --git a/roles/webserver-legacy/php-sites/php.sls b/roles/webserver-legacy/php-sites/php.sls
--- a/roles/webserver-legacy/php-sites/php.sls
+++ b/roles/webserver-legacy/php-sites/php.sls
@@ -15,7 +15,7 @@
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
-{% for build in pillar['php_custom_builds'] %}
+{% for build in pillar["php_custom_builds"] %}
/opt/php/{{ build }}/lib/php.ini:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
@@ -35,9 +35,9 @@
- mode: 1770
- group: web
-{% for fqdn, site in pillar['web_php_sites'].items() %}
+{% for fqdn, site in pillar["web_php_sites"].items() %}
/var/tmp/php/sessions/{{ fqdn }}:
file.directory:
- mode: 700
- - user: {{ site['user'] }}
+ - user: {{ site["user"] }}
{% endfor %}
diff --git a/roles/webserver-legacy/static-sites/init.sls b/roles/webserver-legacy/static-sites/init.sls
--- a/roles/webserver-legacy/static-sites/init.sls
+++ b/roles/webserver-legacy/static-sites/init.sls
@@ -5,8 +5,8 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for domain in pillar['web_static_sites'] %}
-{% for subdomain in pillar['web_static_sites'][domain] %}
+{% for domain in pillar["web_static_sites"] %}
+{% for subdomain in pillar["web_static_sites"][domain] %}
/var/wwwroot/{{ domain }}/{{ subdomain }}:
file.recurse:
- source: salt://wwwroot/{{ domain }}/{{ subdomain }}
diff --git a/roles/webserver-legacy/tweaks/autochmod.sls b/roles/webserver-legacy/tweaks/autochmod.sls
--- a/roles/webserver-legacy/tweaks/autochmod.sls
+++ b/roles/webserver-legacy/tweaks/autochmod.sls
@@ -5,7 +5,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for dir in salt['pillar.get']('web_autochmod', []) %}
+{% for dir in salt["pillar.get"]("web_autochmod", []) %}
autochmod_{{ dir }}:
cmd.run:
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Apr 5, 09:28 (16 h, 58 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3595891
Default Alt Text
D4046.diff (192 KB)
Attached To
Mode
D4046: Normalize quotes
Attached
Detach File
Event Timeline
Log In to Comment