Page MenuHomeDevCentral
Files F12242302

No OneTemporary
Actions

View Options

diff --git a/roles/core/users/init.sls b/roles/core/users/init.sls
index fea72e7..189a412 100644
--- a/roles/core/users/init.sls
+++ b/roles/core/users/init.sls
@@ -1,135 +1,135 @@
# -------------------------------------------------------------
# Salt — Provision users accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-09
# Description: Adds and revokes user accounts, in the relevant
# groups and with their stable SSH keys.
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Table of contents
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
# :: Disabled accounts
# :: ZFS (before user account creation)
# :: Active accounts
# :: ZFS (after user account creation)
# :: Groups
# :: SSH keys
#
# -------------------------------------------------------------
{% from "map.jinja" import dirs, shells with context %}
{% set users = salt['forest.get_users']() %}
{% set zfs_tank = salt['node.get']("zfs:pool") %}
# -------------------------------------------------------------
# Disabled accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username in pillar.get('revokedusers') %}
{{ username }}:
user.absent
{% endfor %}
# -------------------------------------------------------------
# ZFS datasets
#
# Where ZFS is available, home directories are created as separate
# datasets. That has several benefits, like allowing users to create
# snapshots or manage backups.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if zfs_tank %}
zfs_home_permissions_sets:
cmd.run:
- name: |
zfs allow -s @local allow,clone,create,diff,hold,mount,promote,receive,release,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
zfs allow -s @descendent allow,clone,create,diff,destroy,hold,mount,promote,receive,release,rename,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
touch {{ dirs.home }}/.zfs-permissions-set
- creates: {{ dirs.home }}/.zfs-permissions-set
{% for username in users %}
{% set home_directory = zfs_tank + dirs['home'] + '/' + username %}
{{ home_directory }}:
zfs.filesystem_present
zfs_permissions_home_local_{{ username }}:
cmd.run:
- name: zfs allow -lu {{ username }} @local {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
zfs_permissions_home_descendant_{{ username }}:
cmd.run:
- name: zfs allow -du {{ username }} @descendent {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
/home/{{ username }}:
file.directory:
- user: {{ username }}
- group: {{ username }}
- dir_mode: 0700
- require:
- user: {{ username }}
{% endfor %}
{% endif %}
# -------------------------------------------------------------
# Active accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username, user in users.items() %}
{{ username }}:
user.present:
- fullname: {{ user['fullname'] }}
- shell: {{ shells[user['shell']|default('bash')] }}
- uid: {{ user['uid'] }}
- loginclass: {{ user['class']|default('english') }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for groupname, group in salt['forest.get_groups']().items() %}
group_{{ groupname }}:
group.present:
- name: {{ groupname }}
- gid: {{ group['gid'] }}
- members: {{ group['members'] }}
{% endfor %}
# -------------------------------------------------------------
# SSH keys
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username, user in users.items() %}
/home/{{ username }}/.ssh:
file.directory:
- user: {{ username }}
- group: {{ username }}
- dir_mode: 700
-/home/{{ username}}/.ssh/authorized_keys:
+/home/{{ username }}/.ssh/authorized_keys:
file.managed:
- source: salt://roles/core/users/files/authorized_keys
- user: {{ username }}
- group: {{ username }}
- mode: 600
- template: jinja
- context:
keys: {{ user['ssh_keys']|default([]) }}
{% endfor %}
diff --git a/roles/devserver/userland-home/homefiles.sls b/roles/devserver/userland-home/homefiles.sls
index 5501221..21b93ab 100644
--- a/roles/devserver/userland-home/homefiles.sls
+++ b/roles/devserver/userland-home/homefiles.sls
@@ -1,67 +1,67 @@
# -------------------------------------------------------------
# Salt — Provision dotfiles and other personal content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-08
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
{% set triplet = salt['rust.get_rustc_triplet']() %}
{% for username, user in salt['forest.get_users']().items() %}
{% set tasks = user.get('devserver_tasks', []) %}
{% if 'deploy_dotfiles' in tasks %}
-dotfiles_to_devserver_{{username}}:
+dotfiles_to_devserver_{{ username }}:
file.recurse:
- name: /home/{{ username }}
- source: salt://roles/devserver/userland-home/files/{{ username }}
- include_empty: True
- clean: False
- user: {{ username }}
- group: {{ username }}
{% endif %}
{% if 'deploy_nanotab' in tasks %}
/home/{{ username }}/bin/nanotab:
file.managed:
- source: salt://roles/devserver/userland-home/files/_tasks/nanotab.sh
- user: {{ username }}
- group: {{ username }}
- mode: 0755
/home/{{ username }}/.config/nano/nanorc-tab:
nano.config_autogenerated:
- nanorc_dir: {{ dirs.share }}/nano
- extra_settings:
- unset tabstospaces
{% endif %}
{% if 'install_rustup' in tasks %}
{% set rustup_path = '/home/' + username + '/.cargo/bin/rustup' %}
devserver_rustup_{{ username }}:
cmd.run:
- name: rustup-init -y
- runas: {{ username }}
- creates: {{ rustup_path }}
{% for toolchain in ['stable', 'nightly'] %}
-devserver_rustup_{{toolchain}}_{{username}}:
+devserver_rustup_{{ toolchain }}_{{ username }}:
cmd.run:
- name: {{ rustup_path }} install {{ toolchain }}
- runas: {{ username }}
- creates: /home/{{ username }}/.rustup/toolchains/{{ toolchain }}-{{ triplet }}
{% endfor %}
{% endif %}
{% if 'install_diesel' in tasks %}
-devserver_diesel_{{username}}:
+devserver_diesel_{{ username }}:
cmd.run:
- - name: /home/{{username}}/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres,sqlite
- - runas: {{username}}
- - creates: /home/{{username}}/.cargo/bin/diesel
+ - name: /home/{{ username }}/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres,sqlite
+ - runas: {{ username }}
+ - creates: /home/{{ username }}/.cargo/bin/diesel
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/bugzilla.sls b/roles/paas-docker/containers/bugzilla.sls
index 2459a96..b0e0ff2 100644
--- a/roles/paas-docker/containers/bugzilla.sls
+++ b/roles/paas-docker/containers/bugzilla.sls
@@ -1,35 +1,35 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-10-07
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['bugzilla'].items() %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/bugzilla
- networks:
- - {{ container['network']}}
+ - {{ container['network'] }}
- environment:
- DB_HOST: {{ container['mysql']['host']}}
- DB_DATABASE: {{ container['mysql']['db']}}
+ DB_HOST: {{ container['mysql']['host'] }}
+ DB_DATABASE: {{ container['mysql']['db'] }}
DB_USER: {{ salt['zr.get_username'](container['credential']) }}
DB_PASSWORD: {{ salt['zr.get_password'](container['credential']) }}
BUGZILLA_URL: https://{{ container['host'] }}/
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/webserver-legacy/php-sites/account.sls b/roles/webserver-legacy/php-sites/account.sls
index 67bc189..359fe05 100644
--- a/roles/webserver-legacy/php-sites/account.sls
+++ b/roles/webserver-legacy/php-sites/account.sls
@@ -1,24 +1,24 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Sites user accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for fqdn, site in pillar['web_php_sites'].items() %}
{% if 'skipCreateAccount' not in site or not site['skipCreateAccount'] %}
web_account_{{ site['user'] }}:
user.present:
- - name: {{ site['user' ]}}
+ - name: {{ site['user' ] }}
- fullname: {{ fqdn }}
- gid: web
- system: True
- home: /var/run/web/{{ fqdn }}
{% endif %}
{% endfor %}
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-legacy/php-sites/php-fpm.sls
index b2b283f..275c8b7 100644
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-legacy/php-sites/php-fpm.sls
@@ -1,94 +1,94 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for instance, config in pillar['php_fpm_instances'].items() %}
php-fpm_config_{{ instance }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ instance }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm.conf
- template: jinja
- context:
instance: {{ instance }}
{{ dirs.etc }}/php-fpm.d/{{ instance }}-pools:
file.directory
{% endfor %}
# -------------------------------------------------------------
# Configuration : pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for fqdn, site in pillar['web_php_sites'].items() %}
php-fpm_pool_{{ site['user'] }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ site['php-fpm'] }}-pools/{{ site['user'] }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
domain: {{ site['domain'] }}
subdomain: {{ site['subdomain'] }}
- user: {{ site['user' ]}}
+ user: {{ site['user' ] }}
display_errors: {{ site['display_errors']|default('off') }}
slow_delay: {{ site['slow_delay']|default('5s') }}
env : {{ site['env']|default({}) }}
capabilities: {{ site['capabilities']|default([]) }}
-/var/log/www/{{ site['domain' ]}}/{{ site['subdomain' ]}}-php.log:
+/var/log/www/{{ site['domain' ] }}/{{ site['subdomain' ] }}-php.log:
file.managed:
- replace: False
- user: {{ site['user'] }}
- group: web
- chmod: 600
{% endfor %}
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os'] == 'FreeBSD' %}
{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
# roles/webserver-legacy/php-sites/files/rc/php-fpm
/usr/local/etc/rc.d/php-fpm:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/php-fpm
- mode: 755
/etc/rc.conf.d/php_fpm:
file.directory
/etc/rc.conf.d/php_fpm/instances:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/instances
- template: jinja
- context:
instances: {{ instances }}
{% for instance, config in pillar['php_fpm_instances'].items() %}
/etc/rc.conf.d/php_fpm/{{ instance }}:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/per_instance
- template: jinja
- context:
instance: {{ instance }}
command: {{ config['command'] | default('') }}
{% endfor %}
{% endif %}
diff --git a/roles/webserver-legacy/php-sites/php.sls b/roles/webserver-legacy/php-sites/php.sls
index 26f1ae6..f16dd5e 100644
--- a/roles/webserver-legacy/php-sites/php.sls
+++ b/roles/webserver-legacy/php-sites/php.sls
@@ -1,43 +1,43 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# PHP global configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/php.ini:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
{% for build in pillar['php_custom_builds'] %}
/opt/php/{{ build }}/lib/php.ini:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
{% endfor %}
# -------------------------------------------------------------
# Sessions directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/tmp/php:
file.directory:
- mode: 1770
- group: web
/var/tmp/php/sessions:
file.directory:
- mode: 1770
- group: web
{% for fqdn, site in pillar['web_php_sites'].items() %}
/var/tmp/php/sessions/{{ fqdn }}:
file.directory:
- mode: 0700
- - user: {{ site['user']}}
+ - user: {{ site['user'] }}
{% endfor %}

File Metadata

Mime Type
text/x-diff
Expires
Sun, Oct 12, 08:17 (13 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3065528
Default Alt Text
(14 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator