Page MenuHomeDevCentral
Files F24894490

No OneTemporary
Actions

View Options

diff --git a/pillar/paas/alkane/web-001/main.sls b/pillar/paas/alkane/web-001/main.sls
index e572a12..564d822 100644
--- a/pillar/paas/alkane/web-001/main.sls
+++ b/pillar/paas/alkane/web-001/main.sls
@@ -1,183 +1,183 @@
# -------------------------------------------------------------
# Salt — PaaS Alkane :: PHP and static sites [production]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
web_aliases:
services:
- &db-B 172.27.27.9
# -------------------------------------------------------------
# Domains we deploy
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
#
# Directly managed by Nasqueron
#
nasqueron:
- nasqueron.org
- ook.space
#
# Nasqueron members
#
nasqueron_members:
- dereckson.be
#
# Projects ICT is managed by Nasqueron
#
espacewin:
- espace-win.org
wolfplex:
- wolfplex.org
# -------------------------------------------------------------
# Static sites
#
# Sites to deploy from the staging repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_static_sites:
dereckson.be:
- assets
nasqueron.org:
- www
- assets
- docker
- ftp
- launch
- trustspace
wolfplex.org:
- www
- assets
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
php_fpm_instances:
# PHP current version, generally installed as package/port
prod:
command: /usr/local/sbin/php-fpm
web_php_sites:
# Nasqueron members
www.dereckson.be:
domain: dereckson.be
subdomain: www
user: web-be-dereckson-www
source: wwwroot/dereckson.be/www
target: /var/wwwroot/dereckson.be/www
php-fpm: prod
capabilities:
- wordpress
# Directly managed by Nasqueron
api.nasqueron.org:
domain: nasqueron.org
subdomain: api
user: web-org-nasqueron-api-serverslog
php-fpm: prod
env:
SERVERS_LOG_FILE: /srv/api/data/servers-log-all.json
wikis.nasqueron.org:
domain: nasqueron.org
subdomain: wikis
user: mediawiki
php-fpm: prod
skipCreateUser: True
env:
MEDIAWIKI_ENTRY_POINT: /srv/mediawiki/index.php
DB_HOST: *db-B
DB_USER: saas-mediawiki
# Espace Win
www.espace-win.org:
domain: espace-win.org
subdomain: www
user: web-org-espacewin-www
source: wwwroot/espace-win.org/www
target: /var/wwwroot/espace-win.org/www
php-fpm: prod
# Wolfplex Hackerspace
www.wolfplex.org:
domain: wolfplex.org
subdomain: www
user: web-org-wolfplex-www
php-fpm: prod
env:
DATASTORE: /var/dataroot/wolfplex
CREDENTIAL_PATH_DATASOURCES_SECURITYDATA: /var/dataroot/wolfplex/secrets.json
# -------------------------------------------------------------
# nginx configuration
#
# Configuration files to provision to vhosts/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx_vhosts:
dereckson.be:
- assets
- hg
- www
espace-win.org:
- cosmo
- www
nasqueron.org:
- api
- assets
- autoconfig
- daeghrefn
- docker
- docs
- ftp
- infra
- join
- labs
- launch
- rain
- trustspace
- www
test.ook.space:
- migration.mediawiki
wolfplex.org:
- api
- assets
- www
# -------------------------------------------------------------
# Credentials
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
webserver_content_dotenv:
/var/wwwroot/dereckson.be/www/.env:
user: web-be-dereckson-www
- db:
- service: db-B
- credentials: dbserver/cluster-B/users/dereckson_www
+ databases:
+ - service: db-B
+ credentials: dbserver/cluster-B/users/dereckson_www
# -------------------------------------------------------------
# Alkane deployment recipes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
alkane_recipes:
www.nasqueron.org:
init: standard-init.sh
update: standard-update.sh
diff --git a/pillar/paas/alkane/web-001/zed.sls b/pillar/paas/alkane/web-001/zed.sls
index c0a9d4d..b38fa95 100644
--- a/pillar/paas/alkane/web-001/zed.sls
+++ b/pillar/paas/alkane/web-001/zed.sls
@@ -1,51 +1,51 @@
# -------------------------------------------------------------
# Salt — PaaS Alkane :: PHP and static sites [production]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# nginx, php-fpm
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
zed:
- hypership.space
nginx_vhosts:
hypership.space:
- www
web_php_sites:
hypership.space:
domain: hypership.space
subdomain: www
user: web-space-hypership-www
php-fpm: prod
env:
CACHE_DIR: /var/dataroot/zed/cache
CONTENT_DIR: /var/dataroot/zed/content
# -------------------------------------------------------------
# Credentials
#
# :: deployment
# :: .env
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wwwroot_identities:
deploy-key-github-hypership-content_users:
secret: nasqueron/deploy/deploy_keys/by_repo/github/hypership/content_users
path: /opt/salt/security/id_zed_github_hypership_content_users
webserver_content_dotenv:
/var/wwwroot/hypership.space/www/.env:
user: web-space-hypership-www
- db:
- service: db-B
- credentials: dbserver/cluster-B/users/zed
+ databases:
+ - service: db-B
+ credentials: dbserver/cluster-B/users/zed
extra_values:
DB_NAME: zed_prod
extra_credentials:
ZED_SECRET_KEY: zed/hypership/secret_key
diff --git a/pillar/paas/alkane/windriver/main.sls b/pillar/paas/alkane/windriver/main.sls
index c44f053..5bdd820 100644
--- a/pillar/paas/alkane/windriver/main.sls
+++ b/pillar/paas/alkane/windriver/main.sls
@@ -1,139 +1,139 @@
# -------------------------------------------------------------
# Salt — PaaS Alkane :: PHP and static sites [development]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
web_aliases:
services:
- &db-B 172.27.27.9
# -------------------------------------------------------------
# Domains we deploy
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_domains:
#
# Directly managed by Nasqueron
#
nasqueron:
- nasqueron.org
- ook.space
#
# Nasqueron members
#
nasqueron_members:
- dereckson.be
- hypership.space
#
# Projects ICT is managed by Nasqueron
#
espacewin:
- espace-win.org
wolfplex:
- wolfplex.org
# -------------------------------------------------------------
# Static sites
#
# Sites to deploy from the staging repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_static_sites:
nasqueron.org:
- docker51
- packages
- rain51
- www51
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
php_fpm_instances:
# PHP current version, generally installed as package/port
prod:
command: /usr/local/sbin/php-fpm
web_php_sites:
# Nasqueron
tools51.nasqueron.org:
domain: nasqueron.org
subdomain: tools51
user: web-org-nasqueron-tools51
php-fpm: prod
# Nasqueron members
mediawiki.dereckson.be:
domain: dereckson.be
subdomain: mediawiki
user: web-be-dereckson-mw
php-fpm: prod
www51.dereckson.be:
domain: dereckson.be
subdomain: www51
user: web-be-dereckson-www51
php-fpm: prod
# Zed
zed51.dereckson.be:
domain: dereckson.be
subdomain: zed51
user: web-be-dereckson-zed51
php-fpm: prod
env:
CACHE_DIR: /var/dataroot/zed/cache
CONTENT_DIR: /var/dataroot/zed/content
# Espace Win
www51.espace-win.org:
domain: espace-win.org
subdomain: www51
user: web-org-espacewin-www51
php-fpm: prod
# -------------------------------------------------------------
# nginx configuration
#
# Configuration files to provision to vhosts/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx_vhosts:
dereckson.be:
- mediawiki
- scherzo
- www51
- zed51
espace-win.org:
- grip
nasqueron.org:
- api51
- grafana
- packages
- tools51
- www51
# -------------------------------------------------------------
# Credentials
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
webserver_content_dotenv:
/var/51-wwwroot/dereckson-www/.env:
user: web-be-dereckson-www51
- db:
- service: db-B
- credentials: dbserver/cluster-B/users/dereckson_www51
+ databases:
+ - service: db-B
+ credentials: dbserver/cluster-B/users/dereckson_www51
diff --git a/pillar/paas/alkane/windriver/obsidian.sls b/pillar/paas/alkane/windriver/obsidian.sls
index ae4a316..aa27c48 100644
--- a/pillar/paas/alkane/windriver/obsidian.sls
+++ b/pillar/paas/alkane/windriver/obsidian.sls
@@ -1,41 +1,41 @@
# -------------------------------------------------------------
# Salt — PaaS Alkane :: PHP and static sites [development]
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Site: https://obsidian51.nasqueron.org
# -------------------------------------------------------------
# -------------------------------------------------------------
# PHP sites
#
# Username must be unique and use max 31 characters.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_php_sites:
obsidian51.nasqueron.org:
domain: nasqueron.org
subdomain: obsidian51
user: web-org-nasqueron-obsidian51
php-fpm: prod
# -------------------------------------------------------------
# Vhosts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx_vhosts:
nasqueron.org:
- obsidian51
# -------------------------------------------------------------
# .env configuration files
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
webserver_content_dotenv:
/var/51-wwwroot/obsidian/.env:
user: web-org-nasqueron-obsidian51
- db:
- service: db-B
- credentials: dbserver/cluster-B/users/obsidian51
+ databases:
+ - service: db-B
+ credentials: dbserver/cluster-B/users/obsidian51
extra_values:
DB_NAME: obsidian51
diff --git a/roles/webserver-content/_generic/init.sls b/roles/webserver-content/_generic/init.sls
index 5d19589..62ecadf 100644
--- a/roles/webserver-content/_generic/init.sls
+++ b/roles/webserver-content/_generic/init.sls
@@ -1,43 +1,42 @@
# -------------------------------------------------------------
# Salt — Webserver content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# .env
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for env_path, env_args in pillar.get("webserver_content_dotenv", {}).items() %}
-{% set db_credentials = env_args["db"]["credentials"] %}
-
{{ env_path }}:
file.managed:
- source: salt://roles/webserver-content/_generic/files/dot.env
- mode: 400
- user: {{ env_args["user"] }}
- show_changes: False
- template: jinja
- context:
environment:
- {% if "db" in env_args %}
- DB_HOST: {{ pillar["nasqueron_services"][env_args["db"]["service"]] }}
- DB_USER: {{ salt["credentials.get_username"](db_credentials) }}
- DB_PASSWORD: {{ salt["credentials.get_password"](db_credentials) }}
- {% endif %}
+ {% for db in env_args.get("databases", {}) %}
+ {% set prefix = db.get("prefix", "") %}
+ {{ prefix }}DB_HOST: {{ pillar["nasqueron_services"][db["service"]] }}
+ {{ prefix }}DB_USER: {{ salt["credentials.get_username"](db["credentials"]) }}
+ {{ prefix }}DB_PASSWORD: {{ salt["credentials.get_password"](db["credentials"]) }}
+ {% endfor %}
{% if "vault" in env_args %}
VAULT_ROLE_ID: {{ salt["credentials.get_username"](env_args["vault"]) }}
VAULT_SECRET_ID: {{ salt["credentials.get_password"](env_args["vault"]) }}
{% endif %}
{% for key, value in env_args.get("extra_values", {}).items() %}
{{ key }}: {{ value }}
{% endfor %}
{% for key, vault_path in env_args.get("extra_credentials", {}).items() %}
{{ key }}: {{ salt["credentials.get_password"](vault_path) }}
{% endfor %}
{% endfor %}

File Metadata

Mime Type
text/x-diff
Expires
Wed, Mar 18, 12:52 (1 d, 20 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3527968
Default Alt Text
(13 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator