Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3990401
D2354.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
8 KB
Referenced Files
None
Subscribers
None
D2354.id.diff
View Options
diff --git a/_modules/notifications.py b/_modules/notifications.py
new file mode 100644
--- /dev/null
+++ b/_modules/notifications.py
@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# Salt — Node execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Description: Build Notifications center configuration
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import copy
+
+
+def get_credentials():
+ try:
+ services = __pillar__["notifications_credentials"]["services"]
+ except KeyError:
+ services = []
+
+ return {"services": [_build_service_config(service) for service in services]}
+
+
+def _build_service_config(service):
+ built_service = copy.deepcopy(service)
+
+ if "secret" in service:
+ built_service["secret"] = __salt__["credentials.get_token"](service["secret"])
+
+ return built_service
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -110,6 +110,13 @@
- ops/secrets/nasqueron.notifications.mailgun
- ops/secrets/nasqueron.notifications.sentry
+ - ops/secrets/nasqueron.notifications.credentials_github_nasqueron
+ - ops/secrets/nasqueron.notifications.credentials_github_wolfplex
+ - ops/secrets/nasqueron.notifications.credentials_github_keruald
+ - ops/secrets/nasqueron.notifications.credentials_github_trustspace
+ - ops/secrets/nasqueron.notifications.credentials_github_eglide
+ - ops/secrets/nasqueron.notifications.credentials_phabricator_nasqueron
+
- ops/secrets/nasqueron.pixelfed.app_key
- ops/secrets/nasqueron.pixelfed.mailgun
- ops/secrets/nasqueron.pixelfed.mysql
diff --git a/pillar/notifications/config.sls b/pillar/notifications/config.sls
new file mode 100644
--- /dev/null
+++ b/pillar/notifications/config.sls
@@ -0,0 +1,153 @@
+# -------------------------------------------------------------
+# Notifications center
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Credentials
+#
+# The secret key value is the Vault key path for this secret,
+# it will be passed to the credentials.get_token method.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_credentials:
+ services:
+
+ # Nasqueron
+
+ - gate: GitHub
+ door: Nasqueron
+ secret: nasqueron.notifications.credentials_github_nasqueron
+
+ - gate: GitHub
+ door: Wolfplex
+ secret: nasqueron.notifications.credentials_github_wolfplex
+
+ - gate: GitHub
+ door: Keruald
+ secret: nasqueron.notifications.credentials_github_keruald
+
+ - gate: GitHub
+ door: TrustSpace
+ secret: nasqueron.notifications.credentials_github_trustspace
+
+ - gate: GitHub
+ door: Eglide
+ secret: nasqueron.notifications.credentials_github_eglide
+
+ - gate: Phabricator
+ door: Nasqueron
+ instance: https://devcentral.nasqueron.org
+ secret: nasqueron.notifications.credentials_phabricator_nasqueron
+
+# Docker Hub build triggers URL can't currently been automated easily.
+
+# -------------------------------------------------------------
+# Payload analyzer configuration
+#
+# The content of notifications_configuration will be split
+# into folders and JSON files, converted from YAML objects.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_configuration:
+ GitHubPayloadAnalyzer:
+ default: &default
+ administrativeGroup: orgz
+ defaultGroup: ''
+ map: []
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - docker-*
+
+ - group: tasacora
+ items:
+ - tasacora-*
+
+ - group: devtools
+ items:
+ - notifications
+ - notifications-cli-client
+
+ - group: ops
+ items:
+ - decommission
+ - discourse-config
+ - ftp
+ - operations
+ - servers-*
+ - zemke-rhyne
+
+ JenkinsPayloadAnalyzer:
+ default:
+ defaultGroup: ci
+ map: []
+ notifyOnlyOnFailure: []
+
+ Nasqueron:
+ defaultGroup: ci
+ map:
+ - group: wikidata
+ items:
+ - deploy-irc-daeghrefn-wikidata
+
+ - group: ops
+ items:
+ - deploy-website-*
+ - test-prod-env
+
+ - group: devtools
+ items:
+ - test-notifications-*
+
+ notifyOnlyOnFailure:
+ - test-prod-env
+
+ PhabricatorPayloadAnalyzer:
+ default: *default
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - Docker images
+ - Nasqueron Docker deployment squad
+ words:
+ - Docker
+
+ - group: tasacora
+ items:
+ - Tasacora
+ words:
+ - Tasacora
+ - cartography
+
+ - group: trustspace
+ items:
+ - TrustSpace
+
+ - group: ops
+ items:
+ - Continous integration and delivery
+ - IPv6
+ - Mail
+ - Message queues
+ - Murasil
+ - Nasqueron security operations squad
+ - Servers
+ - Ops-sprint-*
+ - Salt
+ words:
+ - Ysul
+ - Dwellers
+ - Eglide
+ - pkg audit
+ wordsAreStrong: true
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -27,6 +27,7 @@
docker-001:
- credentials.zr
+ - notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -6,10 +6,52 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['notifications'].items() %}
+ # -------------------------------------------------------------
+ # Storage directory
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}/storage:
+ file.directory:
+ - user: 431
+ - group: 433
+ - makedirs: True
+
+/srv/{{ instance }}/storage/app/credentials.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ salt['notifications.get_credentials']() | json }}
+
+{% for folder, configs in salt['pillar.get']("notifications_configuration", {}).items() %}
+{% for config_file, config in configs.items() %}
+/srv/{{ instance }}/storage/app/{{ folder }}/{{ config_file }}.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ config | json }}
+{% endfor %}
+{% endfor %}
+
+{% if has_selinux %}
+selinux_context_notifications_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ instance }}/storage
+ - sel_type: container_file_t
+
+selinux_context_notifications_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ instance }}/storage
+{% endif %}
+
# -------------------------------------------------------------
# Container
#
@@ -17,7 +59,7 @@
# Description: Listen to webhooks, fire notifications to
# the broker. Used for CI / IRC notifications.
# Services used: RabbitMQ broker (white-rabbit)
-# Docker volume (/data/notifications/storage)
+# Docker volume (/srv/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
@@ -25,7 +67,7 @@
- detach: True
- interactive: True
- image: nasqueron/notifications
- - binds: /srv/notifications/storage:/var/wwwroot/default/storage
+ - binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- links:
- {{ container['broker_link'] }}:mq
- environment:
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Jan 10, 07:29 (8 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2343290
Default Alt Text
D2354.id.diff (8 KB)
Attached To
Mode
D2354: Configure Notifications center
Attached
Detach File
Event Timeline
Log In to Comment