Page MenuHomeDevCentral
Files F3717288

D1065.id2726.diff
No OneTemporary
Actions

D1065.id2726.diff
View Options

diff --git a/hotfixes/T1261-srv-data.sls b/hotfixes/T1261-srv-data.sls
new file mode 100644
--- /dev/null
+++ b/hotfixes/T1261-srv-data.sls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Salt — Hotfixes to mitigate bugs and security issues
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-17
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# T1261
+# We now provision /srv/data instead of /data for Docker
+# containers data. As such, we ensure a symlink exists
+# on servers still using /data.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if not salt['file.directory_exists']('/srv/data') and salt['file.directory_exists']('/data') %}
+srv_data_symlink:
+ file.symlink:
+ - name: /srv/data
+ - target: /data
+{% endif %}
diff --git a/hotfixes/init.sls b/hotfixes/init.sls
--- a/hotfixes/init.sls
+++ b/hotfixes/init.sls
@@ -8,3 +8,4 @@
include:
- .CVE-2017-6074
+ - .T1261-srv-data
diff --git a/roles/mailserver/certificates/files/update-smtp-certificates.sh b/roles/mailserver/certificates/files/update-smtp-certificates.sh
--- a/roles/mailserver/certificates/files/update-smtp-certificates.sh
+++ b/roles/mailserver/certificates/files/update-smtp-certificates.sh
@@ -17,7 +17,7 @@
# </auto-generated>
: ${CONTAINER_NAME='mailserver'}
-: ${CERT_DIR='/data/letsencrypt/etc/live/mail.nasqueron.org-0001'}
+: ${CERT_DIR='/srv/data/letsencrypt/etc/live/mail.nasqueron.org-0001'}
: ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"}
cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt
diff --git a/roles/mastodon/public/init.sls b/roles/mastodon/public/init.sls
--- a/roles/mastodon/public/init.sls
+++ b/roles/mastodon/public/init.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-/data/mastodon/public/support:
+/srv/data/mastodon/public/support:
file.recurse:
- source: salt://wwwroot/nasqueron.org/mastodon/support
- exclude_pat: E@.git
diff --git a/roles/phabricator/containers/files/run-devcentral.sh b/roles/phabricator/containers/files/run-devcentral.sh
--- a/roles/phabricator/containers/files/run-devcentral.sh
+++ b/roles/phabricator/containers/files/run-devcentral.sh
@@ -26,7 +26,7 @@
INSTANCE_NAME=devcentral
PORT=31080
DOMAIN=$INSTANCE_NAME.nasqueron.org
-DATA_DIRECTORY=/data/$INSTANCE_NAME
+DATA_DIRECTORY=/srv/data/$INSTANCE_NAME
MYSQL_INSTANCE=acquisitariat
# -------------------------------------------------------------
diff --git a/roles/phabricator/containers/files/run-wolfphab.sh b/roles/phabricator/containers/files/run-wolfphab.sh
--- a/roles/phabricator/containers/files/run-wolfphab.sh
+++ b/roles/phabricator/containers/files/run-wolfphab.sh
@@ -26,7 +26,7 @@
INSTANCE_NAME=wolfphab
PORT=35080
DOMAIN=phabricator.wolfplex.be
-DATA_DIRECTORY=/data/$INSTANCE_NAME
+DATA_DIRECTORY=/srv/data/$INSTANCE_NAME
MYSQL_INSTANCE=acquisitariat
MYSQL_NAMESPACE=wolfphab
diff --git a/scripts/byTasks/HTTP/check-letsencrypt-certificates b/scripts/byTasks/HTTP/check-letsencrypt-certificates
--- a/scripts/byTasks/HTTP/check-letsencrypt-certificates
+++ b/scripts/byTasks/HTTP/check-letsencrypt-certificates
@@ -36,7 +36,7 @@
dirs = {
"/usr/local/etc/letsencrypt/renewal",
- "/data/letsencrypt/etc/renewal"
+ "/srv/data/letsencrypt/etc/renewal"
}

File Metadata

Mime Type
text/plain
Expires
Thu, Nov 7, 03:06 (21 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2232565
Default Alt Text
D1065.id2726.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator