Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3766204
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
16 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/pillar/certificates/certificates.sls b/pillar/certificates/certificates.sls
index ced34bb..58b558e 100644
--- a/pillar/certificates/certificates.sls
+++ b/pillar/certificates/certificates.sls
@@ -1,16 +1,15 @@
# -------------------------------------------------------------
# Salt — Let's encrypt certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certificates_letsencrypt:
eglide:
- www.eglide.org
- - robot.paysannerebelle.com
diff --git a/pillar/webserver/sites.sls b/pillar/webserver/sites.sls
index 3a42f95..05b0d58 100644
--- a/pillar/webserver/sites.sls
+++ b/pillar/webserver/sites.sls
@@ -1,194 +1,191 @@
# -------------------------------------------------------------
# Salt — Sites to provision on the legacy web server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Domains we deploy
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
#
# Directly managed by Nasqueron
#
nasqueron:
- nasqueron.org
#
# Nasqueron members
#
nasqueron_members:
- dereckson.be
#
# Projects ICT is managed by Nasqueron
#
espacewin:
- espace-win.org
wolfplex:
- wolfplex.org
# -------------------------------------------------------------
# Static sites
#
# Sites to deploy from the staging repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_static_sites:
dereckson.be:
- assets
nasqueron.org:
- www
- assets
- docker
- ftp
- launch
- packages
- trustspace
wolfplex.org:
- www
- assets
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
php_custom_builds:
php56:
mode: release
version: 5.6.40
hash: ffd025d34623553ab2f7fd8fb21d0c9e6f9fa30dc565ca03a1d7b763023fba00
php_fpm_instances:
# PHP 7.2, generally installed as package/port
prod:
command: /usr/local/sbin/php-fpm
# PHP 5.6, installed through php-builder unit
legacy:
command: /opt/php/php56/sbin/php-fpm
web_php_sites:
# Nasqueron members
mediawiki.dereckson.be:
domain: dereckson.be
subdomain: mediawiki
user: web-be-dereckson-mw
php-fpm: prod
www.dereckson.be:
domain: dereckson.be
subdomain: www
user: web-be-dereckson-www
source: wwwroot/dereckson.be/www
target: /var/wwwroot/dereckson.be/www
php-fpm: prod
www51.dereckson.be:
domain: dereckson.be
subdomain: www51
user: web-be-dereckson-www51
php-fpm: prod
# Directly managed by Nasqueron
api.nasqueron.org:
domain: nasqueron.org
subdomain: api
user: web-org-nasqueron-api-serverslog
php-fpm: prod
env:
SERVERS_LOG_FILE: /srv/api/data/servers-log-all.json
wikis.nasqueron.org:
domain: nasqueron.org
subdomain: wikis
user: mediawiki
php-fpm: prod
skipCreateAccount: True
env:
MEDIAWIKI_ENTRY_POINT: /srv/mediawiki/index.php
DB_HOST: localhost
DB_USER: mediawiki-saas
# Espace Win
www.espace-win.org:
domain: espace-win.org
subdomain: www
user: web-org-espacewin-www
source: wwwroot/espace-win.org/www
target: /var/wwwroot/espace-win.org/www
php-fpm: legacy
www51.espace-win.org:
domain: espace-win.org
subdomain: www51
user: web-org-espacewin-www51
php-fpm: prod
# Wolfplex Hackerspace
www.wolfplex.org:
domain: wolfplex.org
subdomain: www
user: web-org-wolfplex-www
php-fpm: prod
env:
DATASTORE: /var/dataroot/wolfplex
CREDENTIAL_PATH_DATASOURCES_SECURITYDATA: /var/dataroot/wolfplex/secrets.json
# -------------------------------------------------------------
# States
#
# Sites with states documenting how to build them
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_content_sls:
#
# Eglide
#
shellserver:
- # Third party sites hosted to Eglide
- - .com/paysannerebelle
-
# Directly managed by Eglide project
- .org/eglide
#
# Nasqueron servers
#
mastodon:
- .org/nasqueron/social
webserver-legacy:
# Nasqueron members
- .be/dereckson
# Projects hosted
- .space/hypership
# Directly managed by Nasqueron
- .org/nasqueron/api
- .org/nasqueron/daeghrefn
- .org/nasqueron/docs
- .org/nasqueron/infra
- .org/nasqueron/labs
- .org/nasqueron/rain
# Wolfplex Hackerspace
- .org/wolfplex/api
- .org/wolfplex/www
# -------------------------------------------------------------
# Tweaks
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_autochmod:
- /var/wwwroot/dereckson.be/www
diff --git a/roles/shellserver/bonjour-chaton/account.sls b/roles/shellserver/bonjour-chaton/account.sls
deleted file mode 100644
index c8c36b4..0000000
--- a/roles/shellserver/bonjour-chaton/account.sls
+++ /dev/null
@@ -1,32 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Deploy Bonjour chaton
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Created: 2017-01-24
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% from "map.jinja" import dirs with context %}
-
-# -------------------------------------------------------------
-# Service account
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-bonjour_chaton_account:
- user.present:
- - name: chaton
- - fullname: Bonjour chaton bot
- - uid: 832
- - gid: 827
- - home: /opt/bonjour-chaton
-
-# -------------------------------------------------------------
-# Sudo capabilities
-#
-# Members of bonjour-chaton-dev should be able to sudo -u bonjour_chaton …
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-bonjour_chaton_sudo_capabilities_file:
- file.managed:
- - name: {{ dirs.etc }}/sudoers.d/bonjour_chaton
- - source: salt://roles/shellserver/bonjour-chaton/files/bonjour_chaton.sudoers
- - template: jinja
diff --git a/roles/shellserver/bonjour-chaton/certificates.sls b/roles/shellserver/bonjour-chaton/certificates.sls
deleted file mode 100644
index b4a7e4e..0000000
--- a/roles/shellserver/bonjour-chaton/certificates.sls
+++ /dev/null
@@ -1,35 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Deploy Bonjour chaton
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Created: 2017-04-27
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% from "map.jinja" import dirs with context %}
-
-/opt/bonjour-chaton/certs:
- file.directory:
- - user: chaton
- - group: chaton-dev
- - dir_mode: 750
-
-bonjour_chaton_certificates_private:
- cmd.run:
- - name: cp {{ dirs.etc }}/letsencrypt/live/robot.paysannerebelle.com/privkey.pem /opt/bonjour-chaton/certs/private.pem
- - creates: /opt/bonjour-chaton/certs/private.pem
- file.managed:
- - name: /opt/bonjour-chaton/certs/private.pem
- - user: chaton
- - group: chaton-dev
- - mode: 0600
- - replace: False
- - show_changes: False
-
-bonjour_chaton_certificates_public:
- cmd.run:
- - name: cp {{ dirs.etc }}/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem /opt/bonjour-chaton/certs/cert.pem
- file.managed:
- - name: /opt/bonjour-chaton/certs/cert.pem
- - user: chaton
- - group: chaton-dev
- - mode: 0644
diff --git a/roles/shellserver/bonjour-chaton/files/bonjour_chaton.sudoers b/roles/shellserver/bonjour-chaton/files/bonjour_chaton.sudoers
deleted file mode 100644
index c843af9..0000000
--- a/roles/shellserver/bonjour-chaton/files/bonjour_chaton.sudoers
+++ /dev/null
@@ -1,21 +0,0 @@
-# -------------------------------------------------------------
-# Bonjour chaton
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Created: 2017-01-24
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/bonjour_chaton/files/bonjour_chaton.sudoers
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-# </auto-generated>
-
-%chaton-dev ALL=(chaton) NOPASSWD: ALL
-
-# Service management
-{% for command in ["start", "stop", "restart", "reload"] %}
-%chaton-dev ALL= NOPASSWD: /bin/systemctl {{ command }} chaton
-{% endfor %}
diff --git a/roles/shellserver/bonjour-chaton/init.sls b/roles/shellserver/bonjour-chaton/init.sls
deleted file mode 100644
index 83e11eb..0000000
--- a/roles/shellserver/bonjour-chaton/init.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Deploy Bonjour chaton
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Created: 2017-04-27
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-include:
- - .account
- - .certificates
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
deleted file mode 100644
index 9dd25b9..0000000
--- a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-# -------------------------------------------------------------
-# Eglide — nginx configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Eglide
-# Created: 2016-07-26
-# License: Trivial work, not eligible to copyright
-# Source file: roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-# </auto-generated>
-
-# -------------------------------------------------------------
-# Main vhost receives special responsibilities like serving
-# user directories.
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
- server {
-
- listen 80;
- listen [::]:80;
- server_name robot.paysannerebelle.com;
- root /var/wwwroot/paysannerebelle.com/robot/;
-
- access_log /var/log/www/paysannerebelle.com/robot-access.log main;
- error_log /var/log/www/paysannerebelle.com/robot-error.log;
-
- ###
- ### SSL
- ###
-
- include includes/letsencrypt.conf;
-
- include ssl_params;
- ssl_certificate /etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/robot.paysannerebelle.com/privkey.pem;
- ssl_trusted_certificate /etc/letsencrypt/live/robot.paysannerebelle.com/chain.pem;
- }
diff --git a/roles/shellserver/web-hosting/init.sls b/roles/shellserver/web-hosting/init.sls
index 2a3bf81..2880b03 100644
--- a/roles/shellserver/web-hosting/init.sls
+++ b/roles/shellserver/web-hosting/init.sls
@@ -1,63 +1,57 @@
# -------------------------------------------------------------
# Salt — nginx configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Eglide
# Created: 2016-11-08
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
{% set wwwgroup = "www-data" %}
# -------------------------------------------------------------
# Nginx configuration files
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx_config_files:
file.recurse:
- name: {{ dirs.etc }}/nginx
- source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/nginx
- include_empty: True
- clean: False
- dir_mode: 755
- file_mode: 644
cmd.run:
- name: nginx -s reload
- onchanges:
- file: nginx_config_files
# -------------------------------------------------------------
# Nginx logs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/log/www:
file.directory:
- user: root
- group: {{ wwwgroup }}
- dir_mode: 750
/var/log/www/eglide.org:
file.directory:
- user: root
- group: {{ wwwgroup }}
- dir_mode: 750
-/var/log/www/paysannerebelle.com:
- file.directory:
- - user: hlp
- - group: {{ wwwgroup }}
- - dir_mode: 750
-
# -------------------------------------------------------------
# Site to serve when Host: header doesn't match a known vhost
#
# Typically, this occurs when a domain is configured in DNS,
# but not in nginx.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
unknown_domain_files:
file.recurse:
- name: /var/wwwroot/unknown_domains
- source: salt://roles/shellserver/web-hosting/files/{{ grains['id'] }}/wwwroot-unknown
- dir_mode: 755
- file_mode: 644
diff --git a/roles/webserver-content/com/paysannerebelle/init.sls b/roles/webserver-content/com/paysannerebelle/init.sls
deleted file mode 100644
index 1392b31..0000000
--- a/roles/webserver-content/com/paysannerebelle/init.sls
+++ /dev/null
@@ -1,9 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Provision *.paysannerebelle.com sites
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Collectif des paysannes et paysans rebelles
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-include:
- - .robot
diff --git a/roles/webserver-content/com/paysannerebelle/robot.sls b/roles/webserver-content/com/paysannerebelle/robot.sls
deleted file mode 100644
index 5566158..0000000
--- a/roles/webserver-content/com/paysannerebelle/robot.sls
+++ /dev/null
@@ -1,24 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Provision robot.paysannerebelle.com website
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Collectif des paysannes et paysans rebelles
-# Created: 2017-04-16
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% if salt['node.has_web_content'](".com/paysannerebelle") %}
-
-{% set wwwgroup = "www-data" %}
-
-# -------------------------------------------------------------
-# Site directory
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-/var/wwwroot/paysannerebelle.com/robot:
- file.directory:
- - user: hlp
- - group: {{ wwwgroup }}
- - dir_mode: 711
- - makedirs: True
-
-{% endif %}
diff --git a/roles/webserver-content/init.sls b/roles/webserver-content/init.sls
index 0f77247..7ff055e 100644
--- a/roles/webserver-content/init.sls
+++ b/roles/webserver-content/init.sls
@@ -1,19 +1,18 @@
# -------------------------------------------------------------
# Salt — Webserver content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Eglide
# Created: 2017-11-23
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .be/dereckson
- - .com/paysannerebelle
- .org/eglide
- .org/nasqueron/api
- .org/nasqueron/docs
- .org/nasqueron/labs
- .org/nasqueron/social
- .org/wolfplex/api
- .org/wolfplex/www
- .space/hypership
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Nov 24, 17:00 (30 m, 24 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258485
Default Alt Text
(16 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment