Page MenuHomeDevCentral

D3212.id8226.diff
No OneTemporary

D3212.id8226.diff

diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -226,7 +226,7 @@
viperserv:
- ops/secrets/nasqueron.viperserv.vault
- webserver-alkane:
+ webserver-alkane-prod:
- ops/secrets/dbserver/cluster-B/users/dereckson_www
- ops/secrets/dbserver/cluster-B/users/zed
@@ -240,6 +240,9 @@
- ops/secrets/nasqueron.etherpad.api
+ webserver-alkane-dev:
+ - ops/secrets/dbserver/cluster-B/users/dereckson_www51
+
webserver-legacy:
#
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -159,6 +159,25 @@
netmask: *intranought_netmask
gateway: 172.27.27.1
+ hervil:
+ forest: nasqueron-infra
+ hostname: hervil.nasqueron.drake
+ network:
+ interfaces:
+ vmx0:
+ device: vmx0
+ ipv4:
+ address: 172.27.27.3
+ netmask: *intranought_netmask
+ gateway: 172.27.27.1
+ vmx1:
+ device: vmx1
+ ipv4:
+ address: 178.32.70.108
+ netmask: 255.255.255.255
+ roles:
+ - mailserver
+
router-001:
forest: nasqueron-infra
hostname: router-001.nasqueron.org
@@ -195,6 +214,7 @@
hostname: web-001.nasqueron.org
roles:
- webserver-alkane
+ - webserver-alkane-prod
- saas-mediawiki
- saas-wordpress
network:
@@ -257,6 +277,8 @@
roles:
- devserver
- dbserver-mysql
+ - webserver-alkane
+ - webserver-alkane-dev
- webserver-legacy
zfs:
pool: arcology
diff --git a/pillar/paas/alkane/web-001/main.sls b/pillar/paas/alkane/web-001/main.sls
--- a/pillar/paas/alkane/web-001/main.sls
+++ b/pillar/paas/alkane/web-001/main.sls
@@ -164,3 +164,14 @@
- api
- assets
- www
+
+# -------------------------------------------------------------
+# Credentials
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+webserver_content_dotenv:
+ /var/wwwroot/dereckson.be/www/.env:
+ user: web-be-dereckson-www
+ db:
+ service: db-B
+ credentials: dbserver/cluster-B/users/dereckson_www
diff --git a/pillar/paas/alkane/windriver/main.sls b/pillar/paas/alkane/windriver/main.sls
--- a/pillar/paas/alkane/windriver/main.sls
+++ b/pillar/paas/alkane/windriver/main.sls
@@ -119,3 +119,15 @@
- api51
- tools51
- www51
+
+
+# -------------------------------------------------------------
+# Credentials
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+webserver_content_dotenv:
+ /var/51-wwwroot/dereckson-www/.env:
+ user: web-be-dereckson-www51
+ db:
+ service: db-B
+ credentials: dbserver/cluster-B/users/dereckson_www51
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -61,12 +61,10 @@
web-001:
- saas.mediawiki
- saas.wordpress
- - webserver.credentials
windriver:
- devserver.datacubes
- devserver.ports
- devserver.repos
- webserver.labs
- - webserver.credentials
- webserver.wwwroot51
diff --git a/pillar/webserver/credentials.sls b/pillar/webserver/credentials.sls
deleted file mode 100644
--- a/pillar/webserver/credentials.sls
+++ /dev/null
@@ -1,54 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Sites to provision on the legacy web server
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-# -------------------------------------------------------------
-# Content of the .env files
-#
-# Those files allow site using DotEnv to read secrets.
-#
-# To ensure secrets can only be read by application user, use:
-#
-# ```
-# user: <php-fpm pool user>
-# ```
-# If your configuration can be read and stored in memory,
-# it's probably best to directly call Vault from the app
-# and only provision Vault AppRole credentials:
-#
-# ```
-# vault: <path to AppRole credential>
-# ```
-#
-# For PHP sites where the configuration file is read every
-# request, it's probably best to cache secrets in file
-# through this mechanism.
-#
-# If you need a database, you can use:
-#
-# ```
-# db:
-# service: entry in nasqueron_services table
-# credentials: path to Vault secret
-#
-# To provision a secret key or other credentials, use:
-#
-# extra_credentials:
-# key: path to vault secret
-#
-# If you need to pass extra plain values use:
-#
-# extra_values:
-# key: value
-# ```
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-webserver_content_dotenv:
- /var/wwwroot/dereckson.be/www/.env:
- user: web-be-dereckson-www
- db:
- service: db-B
- credentials: dbserver/cluster-B/users/dereckson_www
diff --git a/roles/core/motd/files/hervil b/roles/core/motd/files/hervil
new file mode 100644
--- /dev/null
+++ b/roles/core/motd/files/hervil
@@ -0,0 +1,14 @@
+
+ )__________ hervil.nasqueron.drake
+ .'. `. IP: {{ ipv4_address.ljust(16) }} OS: FreeBSD 13
+ | | Hervil | GW: {{ ipv4_gateway.ljust(16) }}
+ |_|__________|
+ | | __..-- This server hosts Mail for Nasqueron projects.
+ __| |--""
+ __..---""" | |
+ |\ | | www
+ | \ | |. )_(
+ \ \ \|/ | |. \|/
+ \ \ |__\|/. \\|
+ \ \ jro+jgs _\V/_
+
diff --git a/roles/mailserver/init.sls b/roles/mailserver/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/init.sls
@@ -0,0 +1,8 @@
+# -------------------------------------------------------------
+# Salt — Mail
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# This state is left intentionally blank.
diff --git a/top.sls b/top.sls
--- a/top.sls
+++ b/top.sls
@@ -42,6 +42,8 @@
'eglide':
- roles/webserver-core
- roles/shellserver
+ 'hervil':
+ - roles/mailserver
'web-001':
- roles/webserver-core
- roles/webserver-alkane

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 18:33 (18 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258668
Default Alt Text
D3212.id8226.diff (6 KB)

Event Timeline