From 51a7806ef3b99232e4310bab8889c2235a330f4b Mon Sep 17 00:00:00 2001 From: Beth Parker Date: Mon, 21 Aug 2017 20:30:08 +0000 Subject: [PATCH] Added gitlab state, fixed sshfs and created symlink to secure --- merge.sh | 7 +- pillars/roles/aurpkgs/calendar.sls | 0 pillars/roles/aurpkgs/git.sls | 0 pillars/roles/aurpkgs/headphones.sls | 0 pillars/roles/aurpkgs/init.sls | 0 pillars/roles/aurpkgs/jackett.sls | 0 pillars/roles/aurpkgs/lam.sls | 0 pillars/roles/aurpkgs/none.sls | 0 pillars/roles/aurpkgs/ombi.sls | 0 pillars/roles/aurpkgs/plexmediaserver.sls | 0 pillars/roles/aurpkgs/portal.sls | 0 pillars/roles/aurpkgs/radarr.sls | 0 pillars/roles/aurpkgs/sonarr.sls | 0 pillars/roles/firewalld/certbot.sls | 0 pillars/roles/firewalld/core.sls | 0 pillars/roles/firewalld/deluge.sls | 0 pillars/roles/firewalld/git.sls | 0 pillars/roles/firewalld/gitlab.sls | 2 +- pillars/roles/firewalld/init.sls | 0 pillars/roles/firewalld/nginx-proxy.sls | 0 pillars/roles/firewalld/pepper.sls | 0 pillars/roles/firewalld/plexmediaserver.sls | 0 pillars/roles/firewalld/portal.sls | 0 pillars/roles/firewalld/saltmaster.sls | 0 pillars/roles/firewalld/saltminion.sls | 0 pillars/roles/firewalld/server.sls | 0 pillars/roles/firewalld/ssh.sls | 0 pillars/roles/git/init.sls | 0 pillars/roles/git/none.sls | 0 pillars/roles/git/saltmaster.sls | 0 pillars/roles/init.sls | 0 pillars/roles/maintainer/deluge.sls | 0 pillars/roles/maintainer/init.sls | 0 pillars/roles/maintainer/pepper.sls | 0 pillars/roles/maintainer/saltmaster.sls | 0 pillars/roles/maintainer/saltminion.sls | 0 pillars/roles/maintainer/server.sls | 0 pillars/roles/maintainer/ssh.sls | 0 pillars/roles/mount/gitlab.sls | 6 +- pillars/roles/mount/init.sls | 0 pillars/roles/mount/none.sls | 0 pillars/roles/mount/pkg-cache.sls | 0 pillars/roles/mount/plexmediaserver.sls | 0 pillars/roles/mount/saltmaster.sls | 0 pillars/roles/nginx/authtypes.txt | 0 pillars/roles/nginx/baikal.sls | 0 pillars/roles/nginx/calandar.sls | 0 pillars/roles/nginx/git.sls | 0 pillars/roles/nginx/gitlab.sls | 4 +- pillars/roles/nginx/headphones.sls | 0 pillars/roles/nginx/init.sls | 0 pillars/roles/nginx/jackett.sls | 0 pillars/roles/nginx/lam.sls | 0 pillars/roles/nginx/lamp.sls | 0 pillars/roles/nginx/ldapui.sls | 0 pillars/roles/nginx/none.sls | 0 pillars/roles/nginx/ombi.sls | 0 pillars/roles/nginx/pkg-cache.sls | 0 pillars/roles/nginx/plexmediaserver.sls | 0 pillars/roles/nginx/radarr.sls | 0 pillars/roles/nginx/sonarr.sls | 0 pillars/roles/nginx/sync.sls | 0 pillars/roles/nginx/ttrss.sls | 0 pillars/servers/env/init.sls | 0 pillars/servers/env/server/.sls | 0 pillars/servers/env/server/archbaikal.sls | 0 pillars/servers/env/server/archcal.sls | 0 pillars/servers/env/server/archcouch.sls | 0 pillars/servers/env/server/archdeluge.sls | 0 pillars/servers/env/server/archgit.sls | 0 pillars/servers/env/server/archgitlab.sls | 1 + pillars/servers/env/server/archheadphones.sls | 0 pillars/servers/env/server/archjackett.sls | 0 pillars/servers/env/server/archlam.sls | 0 pillars/servers/env/server/archldap.sls | 0 pillars/servers/env/server/archldaptest.sls | 0 pillars/servers/env/server/archldapui.sls | 0 pillars/servers/env/server/archmail.sls | 0 pillars/servers/env/server/archombi.sls | 0 pillars/servers/env/server/archpkg.sls | 0 pillars/servers/env/server/archplex.sls | 0 pillars/servers/env/server/archportal.sls | 0 pillars/servers/env/server/archradarr.sls | 0 pillars/servers/env/server/archrequest.sls | 0 pillars/servers/env/server/archsalt.sls | 0 pillars/servers/env/server/archsonarr.sls | 0 pillars/servers/env/server/archssh.sls | 0 pillars/servers/env/server/archsync.sls | 0 pillars/servers/env/server/archtt.sls | 0 pillars/servers/env/server/base | 0 pillars/servers/env/server/centlamp.sls | 0 pillars/servers/env/server/pisalt.sls | 0 pillars/servers/init.sls | 0 pillars/servers/maintainer/init.sls | 0 pillars/servers/maintainer/server/.sls | 0 .../servers/maintainer/server/archbaikal.sls | 0 pillars/servers/maintainer/server/archcal.sls | 0 .../servers/maintainer/server/archcouch.sls | 0 .../servers/maintainer/server/archdeluge.sls | 0 pillars/servers/maintainer/server/archgit.sls | 0 .../servers/maintainer/server/archgitlab.sls | 3 + .../maintainer/server/archheadphones.sls | 0 .../servers/maintainer/server/archjackett.sls | 0 pillars/servers/maintainer/server/archlam.sls | 0 .../servers/maintainer/server/archldap.sls | 0 .../maintainer/server/archldaptest.sls | 0 .../servers/maintainer/server/archldapui.sls | 0 .../servers/maintainer/server/archmail.sls | 0 .../servers/maintainer/server/archombi.sls | 0 pillars/servers/maintainer/server/archpkg.sls | 0 .../servers/maintainer/server/archplex.sls | 0 .../servers/maintainer/server/archportal.sls | 0 .../servers/maintainer/server/archradarr.sls | 0 .../servers/maintainer/server/archrequest.sls | 0 .../servers/maintainer/server/archsalt.sls | 0 .../servers/maintainer/server/archsonarr.sls | 0 pillars/servers/maintainer/server/archssh.sls | 0 .../servers/maintainer/server/archsync.sls | 0 pillars/servers/maintainer/server/archtt.sls | 0 pillars/servers/maintainer/server/base | 0 .../servers/maintainer/server/centlamp.sls | 0 pillars/servers/maintainer/server/pisalt.sls | 0 pillars/servers/mkserver.sh | 0 pillars/servers/roles/init.sls | 0 pillars/servers/roles/server/.sls | 0 pillars/servers/roles/server/archbaikal.sls | 0 pillars/servers/roles/server/archcal.sls | 0 pillars/servers/roles/server/archcouch.sls | 0 pillars/servers/roles/server/archdeluge.sls | 0 pillars/servers/roles/server/archgit.sls | 0 pillars/servers/roles/server/archgitlab.sls | 7 + .../servers/roles/server/archheadphones.sls | 0 pillars/servers/roles/server/archjackett.sls | 0 pillars/servers/roles/server/archlam.sls | 0 pillars/servers/roles/server/archldap.sls | 0 pillars/servers/roles/server/archldaptest.sls | 0 pillars/servers/roles/server/archldapui.sls | 0 pillars/servers/roles/server/archmail.sls | 0 pillars/servers/roles/server/archombi.sls | 0 pillars/servers/roles/server/archpkg.sls | 0 pillars/servers/roles/server/archplex.sls | 0 pillars/servers/roles/server/archportal.sls | 0 pillars/servers/roles/server/archradarr.sls | 0 pillars/servers/roles/server/archrequest.sls | 0 pillars/servers/roles/server/archsalt.sls | 0 pillars/servers/roles/server/archsonarr.sls | 0 pillars/servers/roles/server/archssh.sls | 0 pillars/servers/roles/server/archsync.sls | 0 pillars/servers/roles/server/archtt.sls | 0 pillars/servers/roles/server/base | 0 pillars/servers/roles/server/centlamp.sls | 0 pillars/servers/roles/server/pisalt.sls | 0 pillars/top.sls | 0 states/basepkgs/init.sls | 0 states/pillars | 0 states/repos/aur/aur.conf | 0 states/repos/aur/init.sls | 0 states/repos/epel.sls | 0 states/repos/nginx/init.sls | 0 states/repos/nginx/nginx.repo | 0 states/repos/temp/init.sls | 0 states/repos/temp/pacman.conf | 0 states/repos/webtatic/init.sls | 0 states/repos/yaourt/init.sls | 0 states/repos/yaourt/yaourt.conf | 0 states/roles/build/gitlab/init.sls | 32 + states/roles/build/pepper/build_pepper.sh | 0 states/roles/build/pepper/init.sls | 0 states/roles/build/saltpad/build_saltpad.sh | 0 states/roles/build/saltpad/init.sls | 0 states/roles/build/saltpad/saltpad.service | 0 states/roles/build/saltpad/start_saltpad.sh | 0 states/roles/grains | 0 states/roles/init.sls | 0 states/roles/maintain/aurrepo/init.sls | 0 states/roles/maintain/aurrepo/pkglist | 0 .../roles/maintain/aurrepo/updateaur.service | 0 states/roles/maintain/aurrepo/updateaur.timer | 0 states/roles/maintain/certbot/certbot.service | 0 states/roles/maintain/certbot/certbot.sh | 0 states/roles/maintain/certbot/certbot.timer | 0 states/roles/maintain/certbot/init.sls | 0 states/roles/maintain/deluge/cert.pem | 0 .../maintain/deluge/conf.d/deluge-web.conf | 0 states/roles/maintain/deluge/init.sls | 0 states/roles/maintain/deluge/nginx.conf | 0 .../maintain/gitlab/conf_files/config.yml | 73 + .../maintain/gitlab/conf_files/database.yml | 44 + .../maintain/gitlab/conf_files/gitlab.conf | 69 + .../maintain/gitlab/conf_files/gitlab.yml | 627 ++++++++ .../maintain/gitlab/conf_files/production.rb | 83 ++ .../maintain/gitlab/conf_files/redis.conf | 1293 +++++++++++++++++ .../maintain/gitlab/conf_files/resque.yml | 34 + .../gitlab/conf_files/smtp_settings.rb | 24 + .../maintain/gitlab/conf_files/tmp_redis.conf | 1 + states/roles/maintain/gitlab/init.sls | 188 ++- states/roles/maintain/glances/auth.conf | 0 states/roles/maintain/glances/certs | 0 states/roles/maintain/glances/glances.conf | 0 states/roles/maintain/glances/glances.html | 0 states/roles/maintain/glances/init.sls | 0 states/roles/maintain/glances/local.conf | 0 states/roles/maintain/glances/nginx.conf | 0 states/roles/maintain/glances/portal.conf | 0 states/roles/maintain/glances/remote.conf | 0 states/roles/maintain/lam/config.cfg | 0 states/roles/maintain/lam/init.sls | 0 states/roles/maintain/lam/lam-server.conf | 0 states/roles/maintain/lam/php.ini | 0 states/roles/maintain/lamp/httpd.conf | 0 states/roles/maintain/lamp/init.sls | 0 states/roles/maintain/ldap/DB_CONFIG | 0 states/roles/maintain/ldap/certs | 0 states/roles/maintain/ldap/init.sls | 0 states/roles/maintain/ldap/rdn.ldiff | 0 states/roles/maintain/ldap/slapd.conf | 0 states/roles/maintain/ldap/slapd.service | 0 states/roles/maintain/ldap/update_slapd.sh | 0 .../maintain/mirrorlist/getmirrors.service | 0 .../roles/maintain/mirrorlist/getmirrors.sh | 0 .../maintain/mirrorlist/getmirrors.timer | 0 states/roles/maintain/mirrorlist/init.sls | 0 states/roles/maintain/nfs/init.sls | 0 states/roles/maintain/nginx-proxy/auth.conf | 0 states/roles/maintain/nginx-proxy/certs | 0 states/roles/maintain/nginx-proxy/init.sls | 0 states/roles/maintain/nginx-proxy/local.conf | 0 states/roles/maintain/nginx-proxy/nginx.conf | 0 states/roles/maintain/nginx-proxy/portal.conf | 0 states/roles/maintain/nginx-proxy/remote.conf | 0 .../roles/maintain/pepper/conf.d/pepper.conf | 0 states/roles/maintain/pepper/init.sls | 0 states/roles/maintain/pepper/www.conf | 0 states/roles/maintain/pkg-cache/init.sls | 0 states/roles/maintain/pkg-cache/nginx.conf | 0 .../roles/maintain/pkg-cache/pkg-cache.conf | 0 .../roles/maintain/plexmediaserver/init.sls | 0 .../maintain/plexmediaserver/plexmediaserver | 0 states/roles/maintain/plexrequests/init.sls | 0 .../plexrequests/plexrequests.service | 0 .../maintain/plexrequests/plexrequests.sh | 0 states/roles/maintain/saltmaster/init.sls | 0 states/roles/maintain/saltmaster/master | 0 .../maintain/saltminion/highstate.service | 0 states/roles/maintain/saltminion/highstate.sh | 0 .../roles/maintain/saltminion/highstate.timer | 0 states/roles/maintain/saltminion/init.sls | 0 states/roles/maintain/saltminion/minion | 0 .../maintain/saltpad/conf.d/saltpad.conf | 0 states/roles/maintain/saltpad/init.sls | 0 states/roles/maintain/saltpad/merge.sh | 0 .../maintain/saltpad/modules/firewalld.py | 0 .../roles/maintain/saltpad/modules/roles.py | 0 .../roles/maintain/saltpad/modules/servers.py | 0 .../maintain/saltpad/templates/base.html | 0 .../saltpad/templates/base_logged.html | 0 .../saltpad/templates/firewalld_edit.html | 0 .../maintain/saltpad/templates/mods.html | 0 .../saltpad/templates/role_display.html | 0 .../maintain/saltpad/templates/roles.html | 0 .../saltpad/templates/server_display.html | 0 .../maintain/saltpad/templates/servers.html | 0 .../roles/maintain/saltpad/templates/yaml.js | 0 .../roles/maintain/sendmail/highstate.service | 0 states/roles/maintain/sendmail/highstate.sh | 0 .../roles/maintain/sendmail/highstate.timer | 0 states/roles/maintain/sendmail/init.sls | 0 states/roles/maintain/sendmail/minion | 0 .../roles/maintain/ytdownloader/feedsbase.csv | 0 states/roles/maintain/ytdownloader/init.sls | 0 .../maintain/ytdownloader/ytdownloader.py | 0 .../ytdownloader/ytdownloader.service | 0 .../maintain/ytdownloader/ytdownloader.timer | 0 states/secure | 1 + states/systems/arch/mirrors/init.sls | 0 states/systems/arch/mirrors/mirrorlist | 0 states/systems/core/firewalld/init.sls | 0 states/systems/core/firewalld/zone.xml | 0 states/systems/core/firewalld/zone.xml.old | 0 states/systems/core/git/init.sls | 19 +- states/systems/core/git/keys | 0 states/systems/core/ldap.sss/init.sls | 0 states/systems/core/ldap.sss/ldap.conf | 0 states/systems/core/ldap.sss/nscd.conf | 0 states/systems/core/ldap.sss/nsswitch.conf | 0 states/systems/core/ldap.sss/old/nscd.conf | 0 .../core/ldap.sss/old/pam.d/not_needed/su | 0 .../core/ldap.sss/old/pam.d/not_needed/su-l | 0 .../old/pam.d/not_needed/system-login | 0 states/systems/core/ldap.sss/old/pam.d/passwd | 0 states/systems/core/ldap.sss/old/pam.d/sudo | 0 .../core/ldap.sss/old/pam.d/system-auth | 0 states/systems/core/ldap.sss/pam.d/passwd | 0 states/systems/core/ldap.sss/pam.d/sudo | 0 .../systems/core/ldap.sss/pam.d/system-auth | 0 states/systems/core/ldap.sss/sssd.conf | 0 states/systems/core/ldap/init.sls | 0 states/systems/core/ldap/ldap.conf | 0 states/systems/core/ldap/nslcd.conf | 0 states/systems/core/ldap/nsswitch.conf | 0 states/systems/core/ldap/pam.d/passwd | 0 states/systems/core/ldap/pam.d/su | 0 states/systems/core/ldap/pam.d/su-l | 0 states/systems/core/ldap/pam.d/sudo | 0 states/systems/core/ldap/pam.d/system-auth | 0 states/systems/core/ldap/pam.d/system-login | 0 states/systems/core/mount/genrsa | 0 states/systems/core/mount/init.sls | 14 +- states/systems/core/mount/keys | 0 states/systems/extra/nfs_client/init.sls | 0 states/top.sls | 0 states/update/init.sls | 0 312 files changed, 2494 insertions(+), 38 deletions(-) mode change 100644 => 100755 merge.sh mode change 100755 => 100644 pillars/roles/aurpkgs/calendar.sls mode change 100755 => 100644 pillars/roles/aurpkgs/git.sls mode change 100755 => 100644 pillars/roles/aurpkgs/headphones.sls mode change 100755 => 100644 pillars/roles/aurpkgs/init.sls mode change 100755 => 100644 pillars/roles/aurpkgs/jackett.sls mode change 100755 => 100644 pillars/roles/aurpkgs/lam.sls mode change 100755 => 100644 pillars/roles/aurpkgs/none.sls mode change 100755 => 100644 pillars/roles/aurpkgs/ombi.sls mode change 100755 => 100644 pillars/roles/aurpkgs/plexmediaserver.sls mode change 100755 => 100644 pillars/roles/aurpkgs/portal.sls mode change 100755 => 100644 pillars/roles/aurpkgs/radarr.sls mode change 100755 => 100644 pillars/roles/aurpkgs/sonarr.sls mode change 100755 => 100644 pillars/roles/firewalld/certbot.sls mode change 100755 => 100644 pillars/roles/firewalld/core.sls mode change 100755 => 100644 pillars/roles/firewalld/deluge.sls mode change 100755 => 100644 pillars/roles/firewalld/git.sls mode change 100755 => 100644 pillars/roles/firewalld/init.sls mode change 100755 => 100644 pillars/roles/firewalld/nginx-proxy.sls mode change 100755 => 100644 pillars/roles/firewalld/pepper.sls mode change 100755 => 100644 pillars/roles/firewalld/plexmediaserver.sls mode change 100755 => 100644 pillars/roles/firewalld/portal.sls mode change 100755 => 100644 pillars/roles/firewalld/saltmaster.sls mode change 100755 => 100644 pillars/roles/firewalld/saltminion.sls mode change 100755 => 100644 pillars/roles/firewalld/server.sls mode change 100755 => 100644 pillars/roles/firewalld/ssh.sls mode change 100755 => 100644 pillars/roles/git/init.sls mode change 100755 => 100644 pillars/roles/git/none.sls mode change 100755 => 100644 pillars/roles/git/saltmaster.sls mode change 100755 => 100644 pillars/roles/init.sls mode change 100755 => 100644 pillars/roles/maintainer/deluge.sls mode change 100755 => 100644 pillars/roles/maintainer/init.sls mode change 100755 => 100644 pillars/roles/maintainer/pepper.sls mode change 100755 => 100644 pillars/roles/maintainer/saltmaster.sls mode change 100755 => 100644 pillars/roles/maintainer/saltminion.sls mode change 100755 => 100644 pillars/roles/maintainer/server.sls mode change 100755 => 100644 pillars/roles/maintainer/ssh.sls mode change 100755 => 100644 pillars/roles/mount/init.sls mode change 100755 => 100644 pillars/roles/mount/none.sls mode change 100755 => 100644 pillars/roles/mount/pkg-cache.sls mode change 100755 => 100644 pillars/roles/mount/plexmediaserver.sls mode change 100755 => 100644 pillars/roles/mount/saltmaster.sls mode change 100755 => 100644 pillars/roles/nginx/authtypes.txt mode change 100755 => 100644 pillars/roles/nginx/baikal.sls mode change 100755 => 100644 pillars/roles/nginx/calandar.sls mode change 100755 => 100644 pillars/roles/nginx/git.sls mode change 100755 => 100644 pillars/roles/nginx/headphones.sls mode change 100755 => 100644 pillars/roles/nginx/init.sls mode change 100755 => 100644 pillars/roles/nginx/jackett.sls mode change 100755 => 100644 pillars/roles/nginx/lam.sls mode change 100755 => 100644 pillars/roles/nginx/lamp.sls mode change 100755 => 100644 pillars/roles/nginx/ldapui.sls mode change 100755 => 100644 pillars/roles/nginx/none.sls mode change 100755 => 100644 pillars/roles/nginx/ombi.sls mode change 100755 => 100644 pillars/roles/nginx/pkg-cache.sls mode change 100755 => 100644 pillars/roles/nginx/plexmediaserver.sls mode change 100755 => 100644 pillars/roles/nginx/radarr.sls mode change 100755 => 100644 pillars/roles/nginx/sonarr.sls mode change 100755 => 100644 pillars/roles/nginx/sync.sls mode change 100755 => 100644 pillars/roles/nginx/ttrss.sls mode change 100755 => 100644 pillars/servers/env/init.sls mode change 100755 => 100644 pillars/servers/env/server/.sls mode change 100755 => 100644 pillars/servers/env/server/archbaikal.sls mode change 100755 => 100644 pillars/servers/env/server/archcal.sls mode change 100755 => 100644 pillars/servers/env/server/archcouch.sls mode change 100755 => 100644 pillars/servers/env/server/archdeluge.sls mode change 100755 => 100644 pillars/servers/env/server/archgit.sls create mode 100644 pillars/servers/env/server/archgitlab.sls mode change 100755 => 100644 pillars/servers/env/server/archheadphones.sls mode change 100755 => 100644 pillars/servers/env/server/archjackett.sls mode change 100755 => 100644 pillars/servers/env/server/archlam.sls mode change 100755 => 100644 pillars/servers/env/server/archldap.sls mode change 100755 => 100644 pillars/servers/env/server/archldaptest.sls mode change 100755 => 100644 pillars/servers/env/server/archldapui.sls mode change 100755 => 100644 pillars/servers/env/server/archmail.sls mode change 100755 => 100644 pillars/servers/env/server/archombi.sls mode change 100755 => 100644 pillars/servers/env/server/archpkg.sls mode change 100755 => 100644 pillars/servers/env/server/archplex.sls mode change 100755 => 100644 pillars/servers/env/server/archportal.sls mode change 100755 => 100644 pillars/servers/env/server/archradarr.sls mode change 100755 => 100644 pillars/servers/env/server/archrequest.sls mode change 100755 => 100644 pillars/servers/env/server/archsalt.sls mode change 100755 => 100644 pillars/servers/env/server/archsonarr.sls mode change 100755 => 100644 pillars/servers/env/server/archssh.sls mode change 100755 => 100644 pillars/servers/env/server/archsync.sls mode change 100755 => 100644 pillars/servers/env/server/archtt.sls mode change 100755 => 100644 pillars/servers/env/server/base mode change 100755 => 100644 pillars/servers/env/server/centlamp.sls mode change 100755 => 100644 pillars/servers/env/server/pisalt.sls mode change 100755 => 100644 pillars/servers/init.sls mode change 100755 => 100644 pillars/servers/maintainer/init.sls mode change 100755 => 100644 pillars/servers/maintainer/server/.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archbaikal.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archcal.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archcouch.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archdeluge.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archgit.sls create mode 100644 pillars/servers/maintainer/server/archgitlab.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archheadphones.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archjackett.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archlam.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archldap.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archldaptest.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archldapui.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archmail.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archombi.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archpkg.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archplex.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archportal.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archradarr.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archrequest.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archsalt.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archsonarr.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archssh.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archsync.sls mode change 100755 => 100644 pillars/servers/maintainer/server/archtt.sls mode change 100755 => 100644 pillars/servers/maintainer/server/base mode change 100755 => 100644 pillars/servers/maintainer/server/centlamp.sls mode change 100755 => 100644 pillars/servers/maintainer/server/pisalt.sls mode change 100755 => 100644 pillars/servers/mkserver.sh mode change 100755 => 100644 pillars/servers/roles/init.sls mode change 100755 => 100644 pillars/servers/roles/server/.sls mode change 100755 => 100644 pillars/servers/roles/server/archbaikal.sls mode change 100755 => 100644 pillars/servers/roles/server/archcal.sls mode change 100755 => 100644 pillars/servers/roles/server/archcouch.sls mode change 100755 => 100644 pillars/servers/roles/server/archdeluge.sls mode change 100755 => 100644 pillars/servers/roles/server/archgit.sls create mode 100644 pillars/servers/roles/server/archgitlab.sls mode change 100755 => 100644 pillars/servers/roles/server/archheadphones.sls mode change 100755 => 100644 pillars/servers/roles/server/archjackett.sls mode change 100755 => 100644 pillars/servers/roles/server/archlam.sls mode change 100755 => 100644 pillars/servers/roles/server/archldap.sls mode change 100755 => 100644 pillars/servers/roles/server/archldaptest.sls mode change 100755 => 100644 pillars/servers/roles/server/archldapui.sls mode change 100755 => 100644 pillars/servers/roles/server/archmail.sls mode change 100755 => 100644 pillars/servers/roles/server/archombi.sls mode change 100755 => 100644 pillars/servers/roles/server/archpkg.sls mode change 100755 => 100644 pillars/servers/roles/server/archplex.sls mode change 100755 => 100644 pillars/servers/roles/server/archportal.sls mode change 100755 => 100644 pillars/servers/roles/server/archradarr.sls mode change 100755 => 100644 pillars/servers/roles/server/archrequest.sls mode change 100755 => 100644 pillars/servers/roles/server/archsalt.sls mode change 100755 => 100644 pillars/servers/roles/server/archsonarr.sls mode change 100755 => 100644 pillars/servers/roles/server/archssh.sls mode change 100755 => 100644 pillars/servers/roles/server/archsync.sls mode change 100755 => 100644 pillars/servers/roles/server/archtt.sls mode change 100755 => 100644 pillars/servers/roles/server/base mode change 100755 => 100644 pillars/servers/roles/server/centlamp.sls mode change 100755 => 100644 pillars/servers/roles/server/pisalt.sls mode change 100755 => 100644 pillars/top.sls mode change 100755 => 100644 states/basepkgs/init.sls mode change 120000 => 100644 states/pillars mode change 100755 => 100644 states/repos/aur/aur.conf mode change 100755 => 100644 states/repos/aur/init.sls mode change 100755 => 100644 states/repos/epel.sls mode change 100755 => 100644 states/repos/nginx/init.sls mode change 100755 => 100644 states/repos/nginx/nginx.repo mode change 100755 => 100644 states/repos/temp/init.sls mode change 100755 => 100644 states/repos/temp/pacman.conf mode change 100755 => 100644 states/repos/webtatic/init.sls mode change 100755 => 100644 states/repos/yaourt/init.sls mode change 100755 => 100644 states/repos/yaourt/yaourt.conf create mode 100644 states/roles/build/gitlab/init.sls mode change 100755 => 100644 states/roles/build/pepper/build_pepper.sh mode change 100755 => 100644 states/roles/build/pepper/init.sls mode change 100755 => 100644 states/roles/build/saltpad/build_saltpad.sh mode change 100755 => 100644 states/roles/build/saltpad/init.sls mode change 100755 => 100644 states/roles/build/saltpad/saltpad.service mode change 100755 => 100644 states/roles/build/saltpad/start_saltpad.sh mode change 100755 => 100644 states/roles/grains mode change 100755 => 100644 states/roles/init.sls mode change 100755 => 100644 states/roles/maintain/aurrepo/init.sls mode change 100755 => 100644 states/roles/maintain/aurrepo/pkglist mode change 100755 => 100644 states/roles/maintain/aurrepo/updateaur.service mode change 100755 => 100644 states/roles/maintain/aurrepo/updateaur.timer mode change 100755 => 100644 states/roles/maintain/certbot/certbot.service mode change 100755 => 100644 states/roles/maintain/certbot/certbot.sh mode change 100755 => 100644 states/roles/maintain/certbot/certbot.timer mode change 100755 => 100644 states/roles/maintain/certbot/init.sls mode change 100755 => 100644 states/roles/maintain/deluge/cert.pem mode change 100755 => 100644 states/roles/maintain/deluge/conf.d/deluge-web.conf mode change 100755 => 100644 states/roles/maintain/deluge/init.sls mode change 100755 => 100644 states/roles/maintain/deluge/nginx.conf create mode 100644 states/roles/maintain/gitlab/conf_files/config.yml create mode 100644 states/roles/maintain/gitlab/conf_files/database.yml create mode 100644 states/roles/maintain/gitlab/conf_files/gitlab.conf create mode 100644 states/roles/maintain/gitlab/conf_files/gitlab.yml create mode 100755 states/roles/maintain/gitlab/conf_files/production.rb create mode 100644 states/roles/maintain/gitlab/conf_files/redis.conf create mode 100644 states/roles/maintain/gitlab/conf_files/resque.yml create mode 100644 states/roles/maintain/gitlab/conf_files/smtp_settings.rb create mode 100644 states/roles/maintain/gitlab/conf_files/tmp_redis.conf mode change 100755 => 100644 states/roles/maintain/glances/auth.conf mode change 120000 => 100644 states/roles/maintain/glances/certs mode change 100755 => 100644 states/roles/maintain/glances/glances.conf mode change 100755 => 100644 states/roles/maintain/glances/glances.html mode change 100755 => 100644 states/roles/maintain/glances/init.sls mode change 100755 => 100644 states/roles/maintain/glances/local.conf mode change 100755 => 100644 states/roles/maintain/glances/nginx.conf mode change 100755 => 100644 states/roles/maintain/glances/portal.conf mode change 100755 => 100644 states/roles/maintain/glances/remote.conf mode change 100755 => 100644 states/roles/maintain/lam/config.cfg mode change 100755 => 100644 states/roles/maintain/lam/init.sls mode change 100755 => 100644 states/roles/maintain/lam/lam-server.conf mode change 100755 => 100644 states/roles/maintain/lam/php.ini mode change 100755 => 100644 states/roles/maintain/lamp/httpd.conf mode change 100755 => 100644 states/roles/maintain/lamp/init.sls mode change 100755 => 100644 states/roles/maintain/ldap/DB_CONFIG mode change 120000 => 100644 states/roles/maintain/ldap/certs mode change 100755 => 100644 states/roles/maintain/ldap/init.sls mode change 100755 => 100644 states/roles/maintain/ldap/rdn.ldiff mode change 100755 => 100644 states/roles/maintain/ldap/slapd.conf mode change 100755 => 100644 states/roles/maintain/ldap/slapd.service mode change 100755 => 100644 states/roles/maintain/ldap/update_slapd.sh mode change 100755 => 100644 states/roles/maintain/mirrorlist/getmirrors.service mode change 100755 => 100644 states/roles/maintain/mirrorlist/getmirrors.sh mode change 100755 => 100644 states/roles/maintain/mirrorlist/getmirrors.timer mode change 100755 => 100644 states/roles/maintain/mirrorlist/init.sls mode change 100755 => 100644 states/roles/maintain/nfs/init.sls mode change 100755 => 100644 states/roles/maintain/nginx-proxy/auth.conf mode change 120000 => 100644 states/roles/maintain/nginx-proxy/certs mode change 100755 => 100644 states/roles/maintain/nginx-proxy/init.sls mode change 100755 => 100644 states/roles/maintain/nginx-proxy/local.conf mode change 100755 => 100644 states/roles/maintain/nginx-proxy/nginx.conf mode change 100755 => 100644 states/roles/maintain/nginx-proxy/portal.conf mode change 100755 => 100644 states/roles/maintain/nginx-proxy/remote.conf mode change 100755 => 100644 states/roles/maintain/pepper/conf.d/pepper.conf mode change 100755 => 100644 states/roles/maintain/pepper/init.sls mode change 100755 => 100644 states/roles/maintain/pepper/www.conf mode change 100755 => 100644 states/roles/maintain/pkg-cache/init.sls mode change 100755 => 100644 states/roles/maintain/pkg-cache/nginx.conf mode change 100755 => 100644 states/roles/maintain/pkg-cache/pkg-cache.conf mode change 100755 => 100644 states/roles/maintain/plexmediaserver/init.sls mode change 100755 => 100644 states/roles/maintain/plexmediaserver/plexmediaserver mode change 100755 => 100644 states/roles/maintain/plexrequests/init.sls mode change 100755 => 100644 states/roles/maintain/plexrequests/plexrequests.service mode change 100755 => 100644 states/roles/maintain/plexrequests/plexrequests.sh mode change 100755 => 100644 states/roles/maintain/saltmaster/init.sls mode change 100755 => 100644 states/roles/maintain/saltmaster/master mode change 100755 => 100644 states/roles/maintain/saltminion/highstate.service mode change 100755 => 100644 states/roles/maintain/saltminion/highstate.sh mode change 100755 => 100644 states/roles/maintain/saltminion/highstate.timer mode change 100755 => 100644 states/roles/maintain/saltminion/init.sls mode change 100755 => 100644 states/roles/maintain/saltminion/minion mode change 100755 => 100644 states/roles/maintain/saltpad/conf.d/saltpad.conf mode change 100755 => 100644 states/roles/maintain/saltpad/init.sls mode change 100755 => 100644 states/roles/maintain/saltpad/merge.sh mode change 100755 => 100644 states/roles/maintain/saltpad/modules/firewalld.py mode change 100755 => 100644 states/roles/maintain/saltpad/modules/roles.py mode change 100755 => 100644 states/roles/maintain/saltpad/modules/servers.py mode change 100755 => 100644 states/roles/maintain/saltpad/templates/base.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/base_logged.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/firewalld_edit.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/mods.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/role_display.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/roles.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/server_display.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/servers.html mode change 100755 => 100644 states/roles/maintain/saltpad/templates/yaml.js mode change 100755 => 100644 states/roles/maintain/sendmail/highstate.service mode change 100755 => 100644 states/roles/maintain/sendmail/highstate.sh mode change 100755 => 100644 states/roles/maintain/sendmail/highstate.timer mode change 100755 => 100644 states/roles/maintain/sendmail/init.sls mode change 100755 => 100644 states/roles/maintain/sendmail/minion mode change 100755 => 100644 states/roles/maintain/ytdownloader/feedsbase.csv mode change 100755 => 100644 states/roles/maintain/ytdownloader/init.sls mode change 100755 => 100644 states/roles/maintain/ytdownloader/ytdownloader.py mode change 100755 => 100644 states/roles/maintain/ytdownloader/ytdownloader.service mode change 100755 => 100644 states/roles/maintain/ytdownloader/ytdownloader.timer create mode 100644 states/secure mode change 100755 => 100644 states/systems/arch/mirrors/init.sls mode change 100755 => 100644 states/systems/arch/mirrors/mirrorlist mode change 100755 => 100644 states/systems/core/firewalld/init.sls mode change 100755 => 100644 states/systems/core/firewalld/zone.xml mode change 100755 => 100644 states/systems/core/firewalld/zone.xml.old mode change 120000 => 100644 states/systems/core/git/keys mode change 100755 => 100644 states/systems/core/ldap.sss/init.sls mode change 100755 => 100644 states/systems/core/ldap.sss/ldap.conf mode change 100755 => 100644 states/systems/core/ldap.sss/nscd.conf mode change 100755 => 100644 states/systems/core/ldap.sss/nsswitch.conf mode change 100755 => 100644 states/systems/core/ldap.sss/old/nscd.conf mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/not_needed/su mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/not_needed/su-l mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/not_needed/system-login mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/passwd mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/sudo mode change 100755 => 100644 states/systems/core/ldap.sss/old/pam.d/system-auth mode change 100755 => 100644 states/systems/core/ldap.sss/pam.d/passwd mode change 100755 => 100644 states/systems/core/ldap.sss/pam.d/sudo mode change 100755 => 100644 states/systems/core/ldap.sss/pam.d/system-auth mode change 100755 => 100644 states/systems/core/ldap.sss/sssd.conf mode change 100755 => 100644 states/systems/core/ldap/init.sls mode change 100755 => 100644 states/systems/core/ldap/ldap.conf mode change 100755 => 100644 states/systems/core/ldap/nslcd.conf mode change 100755 => 100644 states/systems/core/ldap/nsswitch.conf mode change 100755 => 100644 states/systems/core/ldap/pam.d/passwd mode change 100755 => 100644 states/systems/core/ldap/pam.d/su mode change 100755 => 100644 states/systems/core/ldap/pam.d/su-l mode change 100755 => 100644 states/systems/core/ldap/pam.d/sudo mode change 100755 => 100644 states/systems/core/ldap/pam.d/system-auth mode change 100755 => 100644 states/systems/core/ldap/pam.d/system-login mode change 100755 => 100644 states/systems/core/mount/genrsa mode change 100755 => 100644 states/systems/core/mount/init.sls mode change 120000 => 100644 states/systems/core/mount/keys mode change 100755 => 100644 states/systems/extra/nfs_client/init.sls mode change 100755 => 100644 states/top.sls mode change 100755 => 100644 states/update/init.sls diff --git a/merge.sh b/merge.sh old mode 100644 new mode 100755 index f7bba37..dcd158b --- a/merge.sh +++ b/merge.sh @@ -1,4 +1,9 @@ +git checkout dev +git merge master +git push + git checkout master -git merge dev +git merge --squash dev +git commit git push git checkout dev diff --git a/pillars/roles/aurpkgs/calendar.sls b/pillars/roles/aurpkgs/calendar.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/git.sls b/pillars/roles/aurpkgs/git.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/headphones.sls b/pillars/roles/aurpkgs/headphones.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/init.sls b/pillars/roles/aurpkgs/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/jackett.sls b/pillars/roles/aurpkgs/jackett.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/lam.sls b/pillars/roles/aurpkgs/lam.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/none.sls b/pillars/roles/aurpkgs/none.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/ombi.sls b/pillars/roles/aurpkgs/ombi.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/plexmediaserver.sls b/pillars/roles/aurpkgs/plexmediaserver.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/portal.sls b/pillars/roles/aurpkgs/portal.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/radarr.sls b/pillars/roles/aurpkgs/radarr.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/aurpkgs/sonarr.sls b/pillars/roles/aurpkgs/sonarr.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/certbot.sls b/pillars/roles/firewalld/certbot.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/core.sls b/pillars/roles/firewalld/core.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/deluge.sls b/pillars/roles/firewalld/deluge.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/git.sls b/pillars/roles/firewalld/git.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/gitlab.sls b/pillars/roles/firewalld/gitlab.sls index ec1e02f..ba7e47f 100644 --- a/pillars/roles/firewalld/gitlab.sls +++ b/pillars/roles/firewalld/gitlab.sls @@ -1,7 +1,7 @@ firewalld: 70_internal: port: - - 3000/tcp + - 8000/tcp 99_public: port: - 5022/tcp diff --git a/pillars/roles/firewalld/init.sls b/pillars/roles/firewalld/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/nginx-proxy.sls b/pillars/roles/firewalld/nginx-proxy.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/pepper.sls b/pillars/roles/firewalld/pepper.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/plexmediaserver.sls b/pillars/roles/firewalld/plexmediaserver.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/portal.sls b/pillars/roles/firewalld/portal.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/saltmaster.sls b/pillars/roles/firewalld/saltmaster.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/saltminion.sls b/pillars/roles/firewalld/saltminion.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/server.sls b/pillars/roles/firewalld/server.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/firewalld/ssh.sls b/pillars/roles/firewalld/ssh.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/git/init.sls b/pillars/roles/git/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/git/none.sls b/pillars/roles/git/none.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/git/saltmaster.sls b/pillars/roles/git/saltmaster.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/init.sls b/pillars/roles/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/deluge.sls b/pillars/roles/maintainer/deluge.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/init.sls b/pillars/roles/maintainer/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/pepper.sls b/pillars/roles/maintainer/pepper.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/saltmaster.sls b/pillars/roles/maintainer/saltmaster.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/saltminion.sls b/pillars/roles/maintainer/saltminion.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/server.sls b/pillars/roles/maintainer/server.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/maintainer/ssh.sls b/pillars/roles/maintainer/ssh.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/mount/gitlab.sls b/pillars/roles/mount/gitlab.sls index 613147e..bd3f92b 100644 --- a/pillars/roles/mount/gitlab.sls +++ b/pillars/roles/mount/gitlab.sls @@ -1,6 +1,6 @@ mount: sshfs: - /var/lib/gitlab: + /mnt/repos: host: host.actcur.com - directory: /mnt/butter/git - user: git + directory: /mnt/butter/repos + user: gitlab diff --git a/pillars/roles/mount/init.sls b/pillars/roles/mount/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/mount/none.sls b/pillars/roles/mount/none.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/mount/pkg-cache.sls b/pillars/roles/mount/pkg-cache.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/mount/plexmediaserver.sls b/pillars/roles/mount/plexmediaserver.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/mount/saltmaster.sls b/pillars/roles/mount/saltmaster.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/authtypes.txt b/pillars/roles/nginx/authtypes.txt old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/baikal.sls b/pillars/roles/nginx/baikal.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/calandar.sls b/pillars/roles/nginx/calandar.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/git.sls b/pillars/roles/nginx/git.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/gitlab.sls b/pillars/roles/nginx/gitlab.sls index 4029e0f..0811470 100644 --- a/pillars/roles/nginx/gitlab.sls +++ b/pillars/roles/nginx/gitlab.sls @@ -1,6 +1,6 @@ nginx: - git: + git2: auth: none https: - port: 3000 + port: 8000 prot: http diff --git a/pillars/roles/nginx/headphones.sls b/pillars/roles/nginx/headphones.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/init.sls b/pillars/roles/nginx/init.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/jackett.sls b/pillars/roles/nginx/jackett.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/lam.sls b/pillars/roles/nginx/lam.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/lamp.sls b/pillars/roles/nginx/lamp.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/ldapui.sls b/pillars/roles/nginx/ldapui.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/none.sls b/pillars/roles/nginx/none.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/ombi.sls b/pillars/roles/nginx/ombi.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/pkg-cache.sls b/pillars/roles/nginx/pkg-cache.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/plexmediaserver.sls b/pillars/roles/nginx/plexmediaserver.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/radarr.sls b/pillars/roles/nginx/radarr.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/sonarr.sls b/pillars/roles/nginx/sonarr.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/sync.sls b/pillars/roles/nginx/sync.sls old mode 100755 new mode 100644 diff --git a/pillars/roles/nginx/ttrss.sls b/pillars/roles/nginx/ttrss.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/init.sls b/pillars/servers/env/init.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/.sls b/pillars/servers/env/server/.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archbaikal.sls b/pillars/servers/env/server/archbaikal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archcal.sls b/pillars/servers/env/server/archcal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archcouch.sls b/pillars/servers/env/server/archcouch.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archdeluge.sls b/pillars/servers/env/server/archdeluge.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archgit.sls b/pillars/servers/env/server/archgit.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archgitlab.sls b/pillars/servers/env/server/archgitlab.sls new file mode 100644 index 0000000..2fdef9a --- /dev/null +++ b/pillars/servers/env/server/archgitlab.sls @@ -0,0 +1 @@ +env: prod diff --git a/pillars/servers/env/server/archheadphones.sls b/pillars/servers/env/server/archheadphones.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archjackett.sls b/pillars/servers/env/server/archjackett.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archlam.sls b/pillars/servers/env/server/archlam.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archldap.sls b/pillars/servers/env/server/archldap.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archldaptest.sls b/pillars/servers/env/server/archldaptest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archldapui.sls b/pillars/servers/env/server/archldapui.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archmail.sls b/pillars/servers/env/server/archmail.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archombi.sls b/pillars/servers/env/server/archombi.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archpkg.sls b/pillars/servers/env/server/archpkg.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archplex.sls b/pillars/servers/env/server/archplex.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archportal.sls b/pillars/servers/env/server/archportal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archradarr.sls b/pillars/servers/env/server/archradarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archrequest.sls b/pillars/servers/env/server/archrequest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archsalt.sls b/pillars/servers/env/server/archsalt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archsonarr.sls b/pillars/servers/env/server/archsonarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archssh.sls b/pillars/servers/env/server/archssh.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archsync.sls b/pillars/servers/env/server/archsync.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/archtt.sls b/pillars/servers/env/server/archtt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/base b/pillars/servers/env/server/base old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/centlamp.sls b/pillars/servers/env/server/centlamp.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/env/server/pisalt.sls b/pillars/servers/env/server/pisalt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/init.sls b/pillars/servers/init.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/init.sls b/pillars/servers/maintainer/init.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/.sls b/pillars/servers/maintainer/server/.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archbaikal.sls b/pillars/servers/maintainer/server/archbaikal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archcal.sls b/pillars/servers/maintainer/server/archcal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archcouch.sls b/pillars/servers/maintainer/server/archcouch.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archdeluge.sls b/pillars/servers/maintainer/server/archdeluge.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archgit.sls b/pillars/servers/maintainer/server/archgit.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archgitlab.sls b/pillars/servers/maintainer/server/archgitlab.sls new file mode 100644 index 0000000..c0b416d --- /dev/null +++ b/pillars/servers/maintainer/server/archgitlab.sls @@ -0,0 +1,3 @@ +maintainer: + - masaufuku + diff --git a/pillars/servers/maintainer/server/archheadphones.sls b/pillars/servers/maintainer/server/archheadphones.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archjackett.sls b/pillars/servers/maintainer/server/archjackett.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archlam.sls b/pillars/servers/maintainer/server/archlam.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archldap.sls b/pillars/servers/maintainer/server/archldap.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archldaptest.sls b/pillars/servers/maintainer/server/archldaptest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archldapui.sls b/pillars/servers/maintainer/server/archldapui.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archmail.sls b/pillars/servers/maintainer/server/archmail.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archombi.sls b/pillars/servers/maintainer/server/archombi.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archpkg.sls b/pillars/servers/maintainer/server/archpkg.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archplex.sls b/pillars/servers/maintainer/server/archplex.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archportal.sls b/pillars/servers/maintainer/server/archportal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archradarr.sls b/pillars/servers/maintainer/server/archradarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archrequest.sls b/pillars/servers/maintainer/server/archrequest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archsalt.sls b/pillars/servers/maintainer/server/archsalt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archsonarr.sls b/pillars/servers/maintainer/server/archsonarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archssh.sls b/pillars/servers/maintainer/server/archssh.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archsync.sls b/pillars/servers/maintainer/server/archsync.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/archtt.sls b/pillars/servers/maintainer/server/archtt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/base b/pillars/servers/maintainer/server/base old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/centlamp.sls b/pillars/servers/maintainer/server/centlamp.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/maintainer/server/pisalt.sls b/pillars/servers/maintainer/server/pisalt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/mkserver.sh b/pillars/servers/mkserver.sh old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/init.sls b/pillars/servers/roles/init.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/.sls b/pillars/servers/roles/server/.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archbaikal.sls b/pillars/servers/roles/server/archbaikal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archcal.sls b/pillars/servers/roles/server/archcal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archcouch.sls b/pillars/servers/roles/server/archcouch.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archdeluge.sls b/pillars/servers/roles/server/archdeluge.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archgit.sls b/pillars/servers/roles/server/archgit.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archgitlab.sls b/pillars/servers/roles/server/archgitlab.sls new file mode 100644 index 0000000..8839bc7 --- /dev/null +++ b/pillars/servers/roles/server/archgitlab.sls @@ -0,0 +1,7 @@ +grains: + roles: + - server + - ssh + - saltminion + - gitlab + - nginx-proxy diff --git a/pillars/servers/roles/server/archheadphones.sls b/pillars/servers/roles/server/archheadphones.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archjackett.sls b/pillars/servers/roles/server/archjackett.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archlam.sls b/pillars/servers/roles/server/archlam.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archldap.sls b/pillars/servers/roles/server/archldap.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archldaptest.sls b/pillars/servers/roles/server/archldaptest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archldapui.sls b/pillars/servers/roles/server/archldapui.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archmail.sls b/pillars/servers/roles/server/archmail.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archombi.sls b/pillars/servers/roles/server/archombi.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archpkg.sls b/pillars/servers/roles/server/archpkg.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archplex.sls b/pillars/servers/roles/server/archplex.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archportal.sls b/pillars/servers/roles/server/archportal.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archradarr.sls b/pillars/servers/roles/server/archradarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archrequest.sls b/pillars/servers/roles/server/archrequest.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archsalt.sls b/pillars/servers/roles/server/archsalt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archsonarr.sls b/pillars/servers/roles/server/archsonarr.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archssh.sls b/pillars/servers/roles/server/archssh.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archsync.sls b/pillars/servers/roles/server/archsync.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/archtt.sls b/pillars/servers/roles/server/archtt.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/base b/pillars/servers/roles/server/base old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/centlamp.sls b/pillars/servers/roles/server/centlamp.sls old mode 100755 new mode 100644 diff --git a/pillars/servers/roles/server/pisalt.sls b/pillars/servers/roles/server/pisalt.sls old mode 100755 new mode 100644 diff --git a/pillars/top.sls b/pillars/top.sls old mode 100755 new mode 100644 diff --git a/states/basepkgs/init.sls b/states/basepkgs/init.sls old mode 100755 new mode 100644 diff --git a/states/pillars b/states/pillars deleted file mode 120000 index 27c0754..0000000 --- a/states/pillars +++ /dev/null @@ -1 +0,0 @@ -../pillars/ \ No newline at end of file diff --git a/states/pillars b/states/pillars new file mode 100644 index 0000000..27c0754 --- /dev/null +++ b/states/pillars @@ -0,0 +1 @@ +../pillars/ \ No newline at end of file diff --git a/states/repos/aur/aur.conf b/states/repos/aur/aur.conf old mode 100755 new mode 100644 diff --git a/states/repos/aur/init.sls b/states/repos/aur/init.sls old mode 100755 new mode 100644 diff --git a/states/repos/epel.sls b/states/repos/epel.sls old mode 100755 new mode 100644 diff --git a/states/repos/nginx/init.sls b/states/repos/nginx/init.sls old mode 100755 new mode 100644 diff --git a/states/repos/nginx/nginx.repo b/states/repos/nginx/nginx.repo old mode 100755 new mode 100644 diff --git a/states/repos/temp/init.sls b/states/repos/temp/init.sls old mode 100755 new mode 100644 diff --git a/states/repos/temp/pacman.conf b/states/repos/temp/pacman.conf old mode 100755 new mode 100644 diff --git a/states/repos/webtatic/init.sls b/states/repos/webtatic/init.sls old mode 100755 new mode 100644 diff --git a/states/repos/yaourt/init.sls b/states/repos/yaourt/init.sls old mode 100755 new mode 100644 diff --git a/states/repos/yaourt/yaourt.conf b/states/repos/yaourt/yaourt.conf old mode 100755 new mode 100644 diff --git a/states/roles/build/gitlab/init.sls b/states/roles/build/gitlab/init.sls new file mode 100644 index 0000000..f6e832e --- /dev/null +++ b/states/roles/build/gitlab/init.sls @@ -0,0 +1,32 @@ +#Note: This *only* initializes the database - only use build script in a fresh environment, it'll nuke existing mysql database +#initialize redis database as gitlab user +redis-running: + service.running: + - name: redis + - enable: true + - watch: + - file: /etc/redis.conf + - file: /etc/tempfiles.d/redis.conf +gitlab_init_db: + cmd.run: + - name: "bundle-2.3 exec rake gitlab:setup RAILS_ENV=production force=yes" + - cwd: "/usr/share/webapps/gitlab" + - runas: gitlab + +#start services +gitlab.target: + service.running: + - enable: true + - reload: true +gitlab-workhorse: + service.running: + - enable: true + - reload: true +gitlab-unicorn: + service.running: + - enable: true + - reload: true +gitlab-sidekiq: + service.running: + - enable: true + - reload: true diff --git a/states/roles/build/pepper/build_pepper.sh b/states/roles/build/pepper/build_pepper.sh old mode 100755 new mode 100644 diff --git a/states/roles/build/pepper/init.sls b/states/roles/build/pepper/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/build/saltpad/build_saltpad.sh b/states/roles/build/saltpad/build_saltpad.sh old mode 100755 new mode 100644 diff --git a/states/roles/build/saltpad/init.sls b/states/roles/build/saltpad/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/build/saltpad/saltpad.service b/states/roles/build/saltpad/saltpad.service old mode 100755 new mode 100644 diff --git a/states/roles/build/saltpad/start_saltpad.sh b/states/roles/build/saltpad/start_saltpad.sh old mode 100755 new mode 100644 diff --git a/states/roles/grains b/states/roles/grains old mode 100755 new mode 100644 diff --git a/states/roles/init.sls b/states/roles/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/aurrepo/init.sls b/states/roles/maintain/aurrepo/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/aurrepo/pkglist b/states/roles/maintain/aurrepo/pkglist old mode 100755 new mode 100644 diff --git a/states/roles/maintain/aurrepo/updateaur.service b/states/roles/maintain/aurrepo/updateaur.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/aurrepo/updateaur.timer b/states/roles/maintain/aurrepo/updateaur.timer old mode 100755 new mode 100644 diff --git a/states/roles/maintain/certbot/certbot.service b/states/roles/maintain/certbot/certbot.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/certbot/certbot.sh b/states/roles/maintain/certbot/certbot.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/certbot/certbot.timer b/states/roles/maintain/certbot/certbot.timer old mode 100755 new mode 100644 diff --git a/states/roles/maintain/certbot/init.sls b/states/roles/maintain/certbot/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/deluge/cert.pem b/states/roles/maintain/deluge/cert.pem old mode 100755 new mode 100644 diff --git a/states/roles/maintain/deluge/conf.d/deluge-web.conf b/states/roles/maintain/deluge/conf.d/deluge-web.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/deluge/init.sls b/states/roles/maintain/deluge/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/deluge/nginx.conf b/states/roles/maintain/deluge/nginx.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/gitlab/conf_files/config.yml b/states/roles/maintain/gitlab/conf_files/config.yml new file mode 100644 index 0000000..0c802a8 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/config.yml @@ -0,0 +1,73 @@ +# +# If you change this file in a Merge Request, please also create +# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +# + +# GitLab user. git by default +user: gitlab + +# URL to GitLab instance, used for API calls. Default: http://localhost:8080. +# For relative URL support read http://doc.gitlab.com/ce/install/relative_url.html +# You only have to change the default if you have configured Unicorn +# to listen on a custom port, or if you have configured Unicorn to +# only listen on a Unix domain socket. For Unix domain sockets use +# "http+unix://", e.g. +# "http+unix://%2Fpath%2Fto%2Fsocket" +gitlab_url: "http://localhost:8080" + +# See installation.md#using-https for additional HTTPS configuration details. +http_settings: +# read_timeout: 300 +# user: someone +# password: somepass +# ca_file: /etc/ssl/cert.pem +# ca_path: /etc/pki/tls/certs + self_signed_cert: false + +# File used as authorized_keys for gitlab user +auth_file: "/var/lib/gitlab/.ssh/authorized_keys" + +# File that contains the secret key for verifying access to GitLab. +# Default is .gitlab_shell_secret in the gitlab-shell directory. +# secret_file: "/var/lib/gitlab/gitlab-shell/.gitlab_shell_secret" + +# Parent directory for global custom hook directories (pre-receive.d, update.d, post-receive.d) +# Default is hooks in the gitlab-shell directory. +# custom_hooks_dir: "/var/lib/gitlab/gitlab-shell/hooks" + +# Redis settings used for pushing commit notices to gitlab +redis: + bin: /usr/bin/redis-cli + host: 127.0.0.1 + port: 6379 + # pass: redispass # Allows you to specify the password for Redis + database: 5 + socket: /run/redis/redis.sock # Comment out this line if you want to use TCP or Sentinel + namespace: resque:gitlab + # sentinels: + # - + # host: 127.0.0.1 + # port: 26380 + # - + # host: 127.0.0.1 + # port: 26381 + + +# Log file. +# Default is gitlab-shell.log in the root directory. +log_file: "/var/log/gitlab/gitlab-shell.log" + +# Log level. INFO by default +log_level: INFO + +# Audit usernames. +# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but +# incurs an extra API call on every gitlab-shell command. +audit_usernames: false + +# Git trace log file. +# If set, git commands receive GIT_TRACE* environment variables +# See https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging for documentation +# An absolute path starting with / – the trace output will be appended to that file. +# It needs to exist so we can check permissions and avoid to throwing warnings to the users. +git_trace_log_file: diff --git a/states/roles/maintain/gitlab/conf_files/database.yml b/states/roles/maintain/gitlab/conf_files/database.yml new file mode 100644 index 0000000..b117008 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/database.yml @@ -0,0 +1,44 @@ +# +# PRODUCTION +# +production: + adapter: mysql2 + encoding: utf8 + collation: utf8_general_ci + reconnect: false + database: gitlab + pool: 10 + username: gitlab + password: "jMDuAGPf2nfKAyXrOKSM" + host: sql.actcur.com + # socket: /tmp/mysql.sock + +# +# Development specific +# +development: + adapter: mysql2 + encoding: utf8 + collation: utf8_general_ci + reconnect: false + database: gitlabhq_development + pool: 5 + username: root + password: "secure password" + # host: localhost + # socket: /tmp/mysql.sock + +# Warning: The database defined as "test" will be erased and +# re-generated from your development database when you run "rake". +# Do not set this db to the same as development or production. +test: &test + adapter: mysql2 + encoding: utf8mb4 + collation: utf8mb4_general_ci + reconnect: false + database: gitlabhq_test + pool: 5 + username: root + password: + # host: localhost + # socket: /tmp/mysql.sock diff --git a/states/roles/maintain/gitlab/conf_files/gitlab.conf b/states/roles/maintain/gitlab/conf_files/gitlab.conf new file mode 100644 index 0000000..8562780 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/gitlab.conf @@ -0,0 +1,69 @@ +## GitLab +## +## Lines starting with two hashes (##) are comments with information. +## Lines starting with one hash (#) are configuration parameters that can be uncommented. +## +################################## +## CONTRIBUTING ## +################################## +## +## If you change this file in a Merge Request, please also create +## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +## +################################### +## configuration ## +################################### +## +## See installation.md#using-https for additional HTTPS configuration details. + +upstream gitlab-workhorse { + server unix:/run/gitlab/gitlab-workhorse.socket fail_timeout=0; +} + +## Normal HTTP host +server { + ## Either remove "default_server" from the listen line below, + ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab + ## to be served if you visit any address that your server responds to, eg. + ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server; + listen 0.0.0.0:8000; + listen [::]:8000; + server_name git2.actcuricom; ## Replace this with something like gitlab.example.com + server_tokens off; ## Don't show the nginx version number, a security best practice + + ## See app/controllers/application_controller.rb for headers set + + ## Individual nginx logs for this GitLab vhost + access_log /var/log/nginx/gitlab_access.log; + error_log /var/log/nginx/gitlab_error.log; + + location / { + client_max_body_size 0; + gzip off; + + ## https://github.com/gitlabhq/gitlabhq/issues/694 + ## Some requests take more than 30 seconds. + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_redirect off; + + proxy_http_version 1.1; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://gitlab-workhorse; + } + + error_page 404 /404.html; + error_page 422 /422.html; + error_page 500 /500.html; + error_page 502 /502.html; + location ~ ^/(404|422|500|502)\.html$ { + root /usr/share/webapps/gitlab/public; + internal; + } + +} diff --git a/states/roles/maintain/gitlab/conf_files/gitlab.yml b/states/roles/maintain/gitlab/conf_files/gitlab.yml new file mode 100644 index 0000000..25423ad --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/gitlab.yml @@ -0,0 +1,627 @@ +# # # # # # # # # # # # # # # # # # +# GitLab application config file # +# # # # # # # # # # # # # # # # # # +# +########################### NOTE ##################################### +# This file should not receive new settings. All configuration options # +# * are being moved to ApplicationSetting model! # +# If a setting requires an application restart say so in that screen. # +# If you change this file in a Merge Request, please also create # +# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests # +######################################################################## +# +# +# How to use: +# 1. Copy file as gitlab.yml +# 2. Update gitlab -> host with your fully qualified domain name +# 3. Update gitlab -> email_from +# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git +# IMPORTANT: If Git was installed in a different location use that instead. +# You can check with `which git`. If a wrong path of Git is specified, it will +# result in various issues such as failures of GitLab CI builds. +# 5. Review this configuration file for other settings you may want to adjust + +production: &base + # + # 1. GitLab app settings + # ========================== + + ## GitLab settings + gitlab: + ## Web server settings (note: host is the FQDN, do not include http://) + host: git.actcur.com + port: 8000 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details + https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details + + # Uncommment this line below if your ssh host is different from HTTP/HTTPS one + # (you'd obviously need to replace ssh.host_example.com with your own host). + # Otherwise, ssh host will be set to the `host:` value above + # ssh_host: ssh.host_example.com + + # Relative URL support + # WARNING: We recommend using an FQDN to host GitLab in a root path instead + # of using a relative URL. + # Documentation: http://doc.gitlab.com/ce/install/relative_url.html + # Uncomment and customize the following line to run in a non-root path + # + # relative_url_root: /gitlab + + # Trusted Proxies + # Customize if you have GitLab behind a reverse proxy which is running on a different machine. + # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address. + trusted_proxies: + # Examples: + #- 192.168.1.0/24 + #- 192.168.2.1 + #- 2001:0db8::/32 + + # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') + user: gitlab + + ## Date & Time settings + # Uncomment and customize if you want to change the default time zone of GitLab application. + # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` + # time_zone: 'UTC' + + ## Email settings + # Uncomment and set to false if you need to disable email sending from GitLab (default: true) + # email_enabled: true + # Email address used in the "From" field in mails sent by GitLab + email_from: git@actcur.com + email_display_name: GitLab + email_reply_to: noreply@actcur.com + email_subject_suffix: '' + + # Email server smtp settings are in config/initializers/smtp_settings.rb.sample + + # default_can_create_group: false # default: true + # username_changing_enabled: false # default: true - User can change her username/namespace + + ## Automatic issue closing + # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. + # This happens when the commit is pushed or merged into the default branch of a project. + # When not specified the default issue_closing_pattern as specified below will be used. + # Tip: you can test your closing pattern at http://rubular.com. + # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' + + ## Default project features settings + default_projects_features: + issues: true + merge_requests: true + wiki: true + snippets: true + builds: true + container_registry: true + + ## Webhook settings + # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) + # webhook_timeout: 10 + + ## Repository downloads directory + # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. + # The default is 'shared/cache/archive/' relative to the root of the Rails app. + # repository_downloads_path: shared/cache/archive/ + + ## Reply by email + # Allow users to comment on issues and merge requests by replying to notification emails. + # For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html + incoming_email: + enabled: false + + # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to. + # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`). + address: "gitlab-incoming+%{key}@gmail.com" + + # Email account username + # With third party providers, this is usually the full email address. + # With self-hosted email servers, this is usually the user part of the email address. + user: "gitlab-incoming@gmail.com" + # Email account password + password: "[REDACTED]" + + # IMAP server host + host: "imap.gmail.com" + # IMAP server port + port: 993 + # Whether the IMAP server uses SSL + ssl: true + # Whether the IMAP server uses StartTLS + start_tls: false + + # The mailbox where incoming mail will end up. Usually "inbox". + mailbox: "inbox" + # The IDLE command timeout. + idle_timeout: 60 + + ## Build Artifacts + artifacts: + enabled: true + # The location where build artifacts are stored (default: shared/artifacts). + # path: shared/artifacts + + ## Git LFS + lfs: + enabled: true + # The location where LFS objects are stored (default: shared/lfs-objects). + # storage_path: shared/lfs-objects + + ## GitLab Pages + pages: + enabled: false + # The location where pages are stored (default: shared/pages). + # path: shared/pages + + # The domain under which the pages are served: + # http://group.example.com/project + # or project path can be a group page: group.example.com + host: example.com + port: 80 # Set to 443 if you serve the pages with HTTPS + https: false # Set to true if you serve the pages with HTTPS + # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages + # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages + + ## Mattermost + ## For enabling Add to Mattermost button + mattermost: + enabled: false + host: 'https://mattermost.example.com' + + ## Gravatar + ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html + gravatar: + # gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username} + # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon + # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon + + ## Auxiliary jobs + # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc. + # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job + cron_jobs: + # Flag stuck CI jobs as failed + stuck_ci_jobs_worker: + cron: "0 * * * *" + # Execute scheduled triggers + pipeline_schedule_worker: + cron: "19 * * * *" + # Remove expired build artifacts + expire_build_artifacts_worker: + cron: "50 * * * *" + # Periodically run 'git fsck' on all repositories. If started more than + # once per hour you will have concurrent 'git fsck' jobs. + repository_check_worker: + cron: "20 * * * *" + # Send admin emails once a week + admin_email_worker: + cron: "0 0 * * 0" + + # Remove outdated repository archives + repository_archive_cache_worker: + cron: "0 * * * *" + + registry: + # enabled: true + # host: registry.example.com + # port: 5005 + # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API + # key: config/registry.key + # path: shared/registry + # issuer: gitlab-issuer + + # + # 2. GitLab CI settings + # ========================== + + gitlab_ci: + # Default project notifications settings: + # + # Send emails only on broken builds (default: true) + # all_broken_builds: true + # + # Add pusher to recipients list (default: false) + # add_pusher: true + + # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root + # builds_path: builds/ + + # + # 3. Auth settings + # ========================== + + ## LDAP settings + # You can inspect a sample of the LDAP users with login access by running: + # bundle exec rake gitlab:ldap:check RAILS_ENV=production + ldap: + enabled: false + servers: + ########################################################################## + # + # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab + # Enterprise Edition now supports connecting to multiple LDAP servers. + # + # If you are updating from the old (pre-7.4) syntax, you MUST give your + # old server the ID 'main'. + # + ########################################################################## + main: # 'main' is the GitLab 'provider ID' of this LDAP server + ## label + # + # A human-friendly name for your LDAP server. It is OK to change the label later, + # for instance if you find out it is too large to fit on the web page. + # + # Example: 'Paris' or 'Acme, Ltd.' + label: 'LDAP' + + host: '_your_ldap_server' + port: 389 + uid: 'sAMAccountName' + method: 'plain' # "tls" or "ssl" or "plain" + bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' + password: '_the_password_of_the_bind_user' + + # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking + # a request if the LDAP server becomes unresponsive. + # A value of 0 means there is no timeout. + timeout: 10 + + # This setting specifies if LDAP server is Active Directory LDAP server. + # For non AD servers it skips the AD specific queries. + # If your LDAP server is not AD, set this to false. + active_directory: true + + # If allow_username_or_email_login is enabled, GitLab will ignore everything + # after the first '@' in the LDAP username submitted by the user on login. + # + # Example: + # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; + # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. + # + # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to + # disable this setting, because the userPrincipalName contains an '@'. + allow_username_or_email_login: false + + # To maintain tight control over the number of active users on your GitLab installation, + # enable this setting to keep new users blocked until they have been cleared by the admin + # (default: false). + block_auto_created_users: false + + # Base where we can search for users + # + # Ex. ou=People,dc=gitlab,dc=example + # + base: '' + + # Filter LDAP users + # + # Format: RFC 4515 http://tools.ietf.org/search/rfc4515 + # Ex. (employeeType=developer) + # + # Note: GitLab does not support omniauth-ldap's custom filter syntax. + # + user_filter: '' + + # LDAP attributes that GitLab will use to create an account for the LDAP user. + # The specified attribute can either be the attribute name as a string (e.g. 'mail'), + # or an array of attribute names to try in order (e.g. ['mail', 'email']). + # Note that the user's LDAP login will always be the attribute specified as `uid` above. + attributes: + # The username will be used in paths for the user's own projects + # (like `gitlab.example.com/username/project`) and when mentioning + # them in issues, merge request and comments (like `@username`). + # If the attribute specified for `username` contains an email address, + # the GitLab username will be the part of the email address before the '@'. + username: ['uid', 'userid', 'sAMAccountName'] + email: ['mail', 'email', 'userPrincipalName'] + + # If no full name could be found at the attribute specified for `name`, + # the full name is determined using the attributes specified for + # `first_name` and `last_name`. + name: 'cn' + first_name: 'givenName' + last_name: 'sn' + + # GitLab EE only: add more LDAP servers + # Choose an ID made of a-z and 0-9 . This ID will be stored in the database + # so that GitLab can remember which LDAP server a user belongs to. + # uswest2: + # label: + # host: + # .... + + + ## OmniAuth settings + omniauth: + # Allow login via Twitter, Google, etc. using OmniAuth providers + enabled: false + + # Uncomment this to automatically sign in with a specific omniauth provider's without + # showing GitLab's sign-in page (default: show the GitLab sign-in page) + # auto_sign_in_with_provider: saml + + # Sync user's email address from the specified Omniauth provider every time the user logs + # in (default: nil). And consequently make this field read-only. + # sync_email_from_provider: cas3 + + # CAUTION! + # This allows users to login without having a user account first. Define the allowed providers + # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none. + # User accounts will be created automatically when authentication was successful. + allow_single_sign_on: ["saml"] + + # Locks down those users until they have been cleared by the admin (default: true). + block_auto_created_users: true + # Look up new users in LDAP servers. If a match is found (same uid), automatically + # link the omniauth identity with the LDAP account. (default: false) + auto_link_ldap_user: false + + # Allow users with existing accounts to login and auto link their account via SAML + # login, without having to do a manual login first and manually add SAML + # (default: false) + auto_link_saml_user: false + + # Set different Omniauth providers as external so that all users creating accounts + # via these providers will not be able to have access to internal projects. You + # will need to use the full name of the provider, like `google_oauth2` for Google. + # Refer to the examples below for the full names of the supported providers. + # (default: []) + external_providers: [] + + ## Auth providers + # Uncomment the following lines and fill in the data of the auth provider you want to use + # If your favorite auth provider is not listed you can use others: + # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations + # The 'app_id' and 'app_secret' parameters are always passed as the first two + # arguments, followed by optional 'args' which can be either a hash or an array. + # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html + providers: + # See omniauth-cas3 for more configuration details + # - { name: 'cas3', + # label: 'cas3', + # args: { + # url: 'https://sso.example.com', + # disable_ssl_verification: false, + # login_url: '/cas/login', + # service_validate_url: '/cas/p3/serviceValidate', + # logout_url: '/cas/logout'} } + # - { name: 'authentiq', + # # for client credentials (client ID and secret), go to https://www.authentiq.com/ + # app_id: 'YOUR_CLIENT_ID', + # app_secret: 'YOUR_CLIENT_SECRET', + # args: { + # scope: 'aq:name email~rs address aq:push' + # # redirect_uri parameter is optional except when 'gitlab.host' in this file is set to 'localhost' + # # redirect_uri: 'YOUR_REDIRECT_URI' + # } + # } + # - { name: 'github', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET', + # url: "https://github.com/", + # verify_ssl: true, + # args: { scope: 'user:email' } } + # - { name: 'bitbucket', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET' } + # - { name: 'gitlab', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET', + # args: { scope: 'api' } } + # - { name: 'google_oauth2', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET', + # args: { access_type: 'offline', approval_prompt: '' } } + # - { name: 'facebook', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET' } + # - { name: 'twitter', + # app_id: 'YOUR_APP_ID', + # app_secret: 'YOUR_APP_SECRET' } + # + # - { name: 'saml', + # label: 'Our SAML Provider', + # groups_attribute: 'Groups', + # external_groups: ['Contractors', 'Freelancers'], + # args: { + # assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', + # idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', + # idp_sso_target_url: 'https://login.example.com/idp', + # issuer: 'https://gitlab.example.com', + # name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' + # } } + # + # - { name: 'crowd', + # args: { + # crowd_server_url: 'CROWD SERVER URL', + # application_name: 'YOUR_APP_NAME', + # application_password: 'YOUR_APP_PASSWORD' } } + # + # - { name: 'auth0', + # args: { + # client_id: 'YOUR_AUTH0_CLIENT_ID', + # client_secret: 'YOUR_AUTH0_CLIENT_SECRET', + # namespace: 'YOUR_AUTH0_DOMAIN' } } + + # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours. + # cas3: + # session_duration: 28800 + + # Shared file storage settings + shared: + path: /var/lib/gitlab/shared # Default: shared + + # Gitaly settings + gitaly: + # This setting controls whether GitLab uses Gitaly (new component + # introduced in 9.0). Eventually Gitaly use will become mandatory and + # this option will disappear. + enabled: true + + # + # 4. Advanced settings + # ========================== + + ## Repositories settings + repositories: + # Paths where repositories can be stored. Give the canonicalized absolute pathname. + # IMPORTANT: None of the path components may be symlink, because + # gitlab-shell invokes Dir.pwd inside the repository path and that results + # real path not the symlink. + storages: # You must have at least a `default` storage path. + default: + path: /var/lib/gitlab/repositories/ + gitaly_address: unix:/var/lib/gitlab/sockets/gitlab-gitaly.socket # TCP connections are supported too (e.g. tcp://host:port) + + ## Backup settings + backup: + path: "/var/lib/gitlab/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) + # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) + # keep_time: 604800 # default: 0 (forever) (in seconds) + # pg_schema: public # default: nil, it means that all schemas will be backed up + # upload: + # # Fog storage connection settings, see http://fog.io/storage/ . + # connection: + # provider: AWS + # region: eu-west-1 + # aws_access_key_id: AKIAKIAKI + # aws_secret_access_key: 'secret123' + # # The remote 'directory' to store your backups. For S3, this would be the bucket name. + # remote_directory: 'my.s3.bucket' + # # Use multipart uploads when file size reaches 100MB, see + # # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html + # multipart_chunk_size: 104857600 + # # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional + # # encryption: 'AES256' + # # Specifies Amazon S3 storage class to use for backups, this is optional + # # storage_class: 'STANDARD' + + ## GitLab Shell settings + gitlab_shell: + path: /usr/share/webapps/gitlab-shell/ + hooks_path: /usr/share/webapps/gitlab-shell/hooks/ + + # File that contains the secret key for verifying access for gitlab-shell. + # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). + # secret_file: /home/git/gitlab/.gitlab_shell_secret + + # Git over HTTP + upload_pack: true + receive_pack: true + + # Git import/fetch timeout + # git_timeout: 800 + + # If you use non-standard ssh port you need to specify it + # ssh_port: 22 + + workhorse: + # File that contains the secret key for verifying access for gitlab-workhorse. + # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app). + # secret_file: /home/git/gitlab/.gitlab_workhorse_secret + + ## Git settings + # CAUTION! + # Use the default values unless you really know what you are doing + git: + bin_path: /usr/bin/git + # The next value is the maximum memory size grit can use + # Given in number of bytes per git object (e.g. a commit) + # This value can be increased if you have very large commits + max_size: 20971520 # 20.megabytes + # Git timeout to read a commit, in seconds + timeout: 10 + + ## Webpack settings + # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running + # on a given port instead of serving directly from /assets/webpack. This is only indended for use + # in development. + webpack: + # dev_server: + # enabled: true + # host: localhost + # port: 3808 + + # + # 5. Extra customization + # ========================== + + extra: + ## Google analytics. Uncomment if you want it + # google_analytics_id: '_your_tracking_id' + + ## Piwik analytics. + # piwik_url: '_your_piwik_url' + # piwik_site_id: '_your_piwik_site_id' + + rack_attack: + git_basic_auth: + # Rack Attack IP banning enabled + # enabled: true + # + # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers + # ip_whitelist: ["127.0.0.1"] + # + # Limit the number of Git HTTP authentication attempts per IP + # maxretry: 10 + # + # Reset the auth attempt counter per IP after 60 seconds + # findtime: 60 + # + # Ban an IP for one hour (3600s) after too many auth attempts + # bantime: 3600 + +development: + <<: *base + +test: + <<: *base + gravatar: + enabled: true + lfs: + enabled: false + gitlab: + host: localhost + port: 80 + + # When you run tests we clone and setup gitlab-shell + # In order to setup it correctly you need to specify + # your system username you use to run GitLab + # user: YOUR_USERNAME + pages: + path: tmp/tests/pages + repositories: + storages: + default: + path: tmp/tests/repositories/ + gitaly_address: unix:tmp/tests/gitaly/gitaly.socket + gitaly: + enabled: true + backup: + path: tmp/tests/backups + gitlab_shell: + path: tmp/tests/gitlab-shell/ + hooks_path: tmp/tests/gitlab-shell/hooks/ + issues_tracker: + redmine: + title: "Redmine" + project_url: "http://redmine/projects/:issues_tracker_id" + issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" + new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" + jira: + title: "JIRA" + url: https://sample_company.atlassian.net + project_key: PROJECT + ldap: + enabled: false + servers: + main: + label: ldap + host: 127.0.0.1 + port: 3890 + uid: 'uid' + method: 'plain' # "tls" or "ssl" or "plain" + base: 'dc=example,dc=com' + user_filter: '' + group_base: 'ou=groups,dc=example,dc=com' + admin_group: '' + +staging: + <<: *base diff --git a/states/roles/maintain/gitlab/conf_files/production.rb b/states/roles/maintain/gitlab/conf_files/production.rb new file mode 100755 index 0000000..0b88842 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/production.rb @@ -0,0 +1,83 @@ +Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb + + # Code is not reloaded between requests + config.cache_classes = true + + # Full error reports are disabled and caching is turned on + config.consider_all_requests_local = false + config.action_controller.perform_caching = true + + # Disable Rails's static asset server (Apache or nginx will already do this) + config.serve_static_files = false + + # Compress JavaScripts and CSS. + config.assets.js_compressor = :uglifier + # config.assets.css_compressor = :sass + + # Don't fallback to assets pipeline if a precompiled asset is missed + config.assets.compile = false + + # Generate digests for assets URLs + config.assets.digest = true + + # Enable compression of compiled assets using gzip. + config.assets.compress = true + + # Defaults to nil and saved in location specified by config.assets.prefix + # config.assets.manifest = YOUR_PATH + + # Specifies the header that your server uses for sending files + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + # config.force_ssl = true + + # See everything in the log (default is :info) + config.log_level = :info + + # Suppress 'Rendered template ...' messages in the log + # source: http://stackoverflow.com/a/16369363 + %w{render_template render_partial render_collection}.each do |event| + ActiveSupport::Notifications.unsubscribe "#{event}.action_view" + end + + # Prepend all log lines with the following tags + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Enable serving of images, stylesheets, and JavaScripts from an asset server + config.action_controller.asset_host = ENV['GITLAB_CDN_HOST'] if ENV['GITLAB_CDN_HOST'].present? + + # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) + # config.assets.precompile += %w( search.js ) + + # Disable delivery errors, bad email addresses will be ignored + # config.action_mailer.raise_delivery_errors = false + + # Enable threaded mode + # config.threadsafe! unless $rails_rake_task + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation can not be found) + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners + config.active_support.deprecation = :notify + + config.action_mailer.delivery_method = :smtp + # Defaults to: + # # config.action_mailer.sendmail_settings = { + # # location: '/usr/sbin/sendmail', + # # arguments: '-i -t' + # # } + config.action_mailer.perform_deliveries = true + config.action_mailer.raise_delivery_errors = true + + config.eager_load = true + + config.allow_concurrency = false +end diff --git a/states/roles/maintain/gitlab/conf_files/redis.conf b/states/roles/maintain/gitlab/conf_files/redis.conf new file mode 100644 index 0000000..e79c9b5 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/redis.conf @@ -0,0 +1,1293 @@ +# Redis configuration file example. +# +# Note that in order to read the configuration file, Redis must be +# started with the file path as first argument: +# +# ./redis-server /path/to/redis.conf + +# Note on units: when memory size is needed, it is possible to specify +# it in the usual form of 1k 5GB 4M and so forth: +# +# 1k => 1000 bytes +# 1kb => 1024 bytes +# 1m => 1000000 bytes +# 1mb => 1024*1024 bytes +# 1g => 1000000000 bytes +# 1gb => 1024*1024*1024 bytes +# +# units are case insensitive so 1GB 1Gb 1gB are all the same. + +################################## INCLUDES ################################### + +# Include one or more other config files here. This is useful if you +# have a standard template that goes to all Redis servers but also need +# to customize a few per-server settings. Include files can include +# other files, so use this wisely. +# +# Notice option "include" won't be rewritten by command "CONFIG REWRITE" +# from admin or Redis Sentinel. Since Redis always uses the last processed +# line as value of a configuration directive, you'd better put includes +# at the beginning of this file to avoid overwriting config change at runtime. +# +# If instead you are interested in using includes to override configuration +# options, it is better to use include as the last line. +# +# include /path/to/local.conf +# include /path/to/other.conf + +################################## MODULES ##################################### + +# Load modules at startup. If the server is not able to load modules +# it will abort. It is possible to use multiple loadmodule directives. +# +# loadmodule /path/to/my_module.so +# loadmodule /path/to/other_module.so + +################################## NETWORK ##################################### + +# By default, if no "bind" configuration directive is specified, Redis listens +# for connections from all the network interfaces available on the server. +# It is possible to listen to just one or multiple selected interfaces using +# the "bind" configuration directive, followed by one or more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +# bind 127.0.0.1 ::1 +# +# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the +# internet, binding to all the interfaces is dangerous and will expose the +# instance to everybody on the internet. So by default we uncomment the +# following bind directive, that will force Redis to listen only into +# the IPv4 lookback interface address (this means Redis will be able to +# accept connections only from clients running into the same computer it +# is running). +# +# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES +# JUST COMMENT THE FOLLOWING LINE. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +bind 127.0.0.1 + +# Protected mode is a layer of security protection, in order to avoid that +# Redis instances left open on the internet are accessed and exploited. +# +# When protected mode is on and if: +# +# 1) The server is not binding explicitly to a set of addresses using the +# "bind" directive. +# 2) No password is configured. +# +# The server only accepts connections from clients connecting from the +# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain +# sockets. +# +# By default protected mode is enabled. You should disable it only if +# you are sure you want clients from other hosts to connect to Redis +# even if no authentication is configured, nor a specific set of interfaces +# are explicitly listed using the "bind" directive. +protected-mode yes + +# Accept connections on the specified port, default is 6379 (IANA #815344). +# If port 0 is specified Redis will not listen on a TCP socket. +port 6379 + +# TCP listen() backlog. +# +# In high requests-per-second environments you need an high backlog in order +# to avoid slow clients connections issues. Note that the Linux kernel +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog +# in order to get the desired effect. +tcp-backlog 511 + +# Unix socket. +# +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# +unixsocket /run/redis/redis.sock +unixsocketperm 770 + +# Close the connection after a client is idle for N seconds (0 to disable) +timeout 0 + +# TCP keepalive. +# +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence +# of communication. This is useful for two reasons: +# +# 1) Detect dead peers. +# 2) Take the connection alive from the point of view of network +# equipment in the middle. +# +# On Linux, the specified value (in seconds) is the period used to send ACKs. +# Note that to close the connection the double of the time is needed. +# On other kernels the period depends on the kernel configuration. +# +# A reasonable value for this option is 300 seconds, which is the new +# Redis default starting with Redis 3.2.1. +tcp-keepalive 300 + +################################# GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize no + +# If you run Redis from upstart or systemd, Redis can interact with your +# supervision tree. Options: +# supervised no - no supervision interaction +# supervised upstart - signal upstart by putting Redis into SIGSTOP mode +# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET +# supervised auto - detect upstart or systemd method based on +# UPSTART_JOB or NOTIFY_SOCKET environment variables +# Note: these supervision methods only signal "process is ready." +# They do not enable continuous liveness pings back to your supervisor. +supervised no + +# If a pid file is specified, Redis writes it where specified at startup +# and removes it at exit. +# +# When the server runs non daemonized, no pid file is created if none is +# specified in the configuration. When the server is daemonized, the pid file +# is used even if not specified, defaulting to "/var/run/redis.pid". +# +# Creating a pid file is best effort: if Redis is not able to create it +# nothing bad happens, the server will start and run normally. +pidfile /var/run/redis_6379.pid + +# Specify the server verbosity level. +# This can be one of: +# debug (a lot of information, useful for development/testing) +# verbose (many rarely useful info, but not a mess like the debug level) +# notice (moderately verbose, what you want in production probably) +# warning (only very important / critical messages are logged) +loglevel notice + +# Specify the log file name. Also the empty string can be used to force +# Redis to log on the standard output. Note that if you use standard +# output for logging but daemonize, logs will be sent to /dev/null +logfile "" + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no + +# Specify the syslog identity. +# syslog-ident redis + +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. +# syslog-facility local0 + +# Set the number of databases. The default database is DB 0, you can select +# a different one on a per-connection basis using SELECT where +# dbid is a number between 0 and 'databases'-1 +databases 16 + +# By default Redis shows an ASCII art logo only when started to log to the +# standard output and if the standard output is a TTY. Basically this means +# that normally a logo is displayed only in interactive sessions. +# +# However it is possible to force the pre-4.0 behavior and always show a +# ASCII art logo in startup logs by setting the following option to yes. +always-show-logo yes + +################################ SNAPSHOTTING ################################ +# +# Save the DB on disk: +# +# save +# +# Will save the DB if both the given number of seconds and the given +# number of write operations against the DB occurred. +# +# In the example below the behaviour will be to save: +# after 900 sec (15 min) if at least 1 key changed +# after 300 sec (5 min) if at least 10 keys changed +# after 60 sec if at least 10000 keys changed +# +# Note: you can disable saving completely by commenting out all "save" lines. +# +# It is also possible to remove all the previously configured save +# points by adding a save directive with a single empty string argument +# like in the following example: +# +# save "" + +save 900 1 +save 300 10 +save 60 10000 + +# By default Redis will stop accepting writes if RDB snapshots are enabled +# (at least one save point) and the latest background save failed. +# This will make the user aware (in a hard way) that data is not persisting +# on disk properly, otherwise chances are that no one will notice and some +# disaster will happen. +# +# If the background saving process will start working again Redis will +# automatically allow writes again. +# +# However if you have setup your proper monitoring of the Redis server +# and persistence, you may want to disable this feature so that Redis will +# continue to work as usual even if there are problems with disk, +# permissions, and so forth. +stop-writes-on-bgsave-error yes + +# Compress string objects using LZF when dump .rdb databases? +# For default that's set to 'yes' as it's almost always a win. +# If you want to save some CPU in the saving child set it to 'no' but +# the dataset will likely be bigger if you have compressible values or keys. +rdbcompression yes + +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. +# This makes the format more resistant to corruption but there is a performance +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it +# for maximum performances. +# +# RDB files created with checksum disabled have a checksum of zero that will +# tell the loading code to skip the check. +rdbchecksum yes + +# The filename where to dump the DB +dbfilename dump.rdb + +# The working directory. +# +# The DB will be written inside this directory, with the filename specified +# above using the 'dbfilename' configuration directive. +# +# The Append Only File will also be created inside this directory. +# +# Note that you must specify a directory here, not a file name. +dir /var/lib/redis/ + +################################# REPLICATION ################################# + +# Master-Slave replication. Use slaveof to make a Redis instance a copy of +# another Redis server. A few things to understand ASAP about Redis replication. +# +# 1) Redis replication is asynchronous, but you can configure a master to +# stop accepting writes if it appears to be not connected with at least +# a given number of slaves. +# 2) Redis slaves are able to perform a partial resynchronization with the +# master if the replication link is lost for a relatively small amount of +# time. You may want to configure the replication backlog size (see the next +# sections of this file) with a sensible value depending on your needs. +# 3) Replication is automatic and does not need user intervention. After a +# network partition slaves automatically try to reconnect to masters +# and resynchronize with them. +# +# slaveof + +# If the master is password protected (using the "requirepass" configuration +# directive below) it is possible to tell the slave to authenticate before +# starting the replication synchronization process, otherwise the master will +# refuse the slave request. +# +# masterauth + +# When a slave loses its connection with the master, or when the replication +# is still in progress, the slave can act in two different ways: +# +# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will +# still reply to client requests, possibly with out of date data, or the +# data set may just be empty if this is the first synchronization. +# +# 2) if slave-serve-stale-data is set to 'no' the slave will reply with +# an error "SYNC with master in progress" to all the kind of commands +# but to INFO and SLAVEOF. +# +slave-serve-stale-data yes + +# You can configure a slave instance to accept writes or not. Writing against +# a slave instance may be useful to store some ephemeral data (because data +# written on a slave will be easily deleted after resync with the master) but +# may also cause problems if clients are writing to it because of a +# misconfiguration. +# +# Since Redis 2.6 by default slaves are read-only. +# +# Note: read only slaves are not designed to be exposed to untrusted clients +# on the internet. It's just a protection layer against misuse of the instance. +# Still a read only slave exports by default all the administrative commands +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve +# security of read only slaves using 'rename-command' to shadow all the +# administrative / dangerous commands. +slave-read-only yes + +# Replication SYNC strategy: disk or socket. +# +# ------------------------------------------------------- +# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY +# ------------------------------------------------------- +# +# New slaves and reconnecting slaves that are not able to continue the replication +# process just receiving differences, need to do what is called a "full +# synchronization". An RDB file is transmitted from the master to the slaves. +# The transmission can happen in two different ways: +# +# 1) Disk-backed: The Redis master creates a new process that writes the RDB +# file on disk. Later the file is transferred by the parent +# process to the slaves incrementally. +# 2) Diskless: The Redis master creates a new process that directly writes the +# RDB file to slave sockets, without touching the disk at all. +# +# With disk-backed replication, while the RDB file is generated, more slaves +# can be queued and served with the RDB file as soon as the current child producing +# the RDB file finishes its work. With diskless replication instead once +# the transfer starts, new slaves arriving will be queued and a new transfer +# will start when the current one terminates. +# +# When diskless replication is used, the master waits a configurable amount of +# time (in seconds) before starting the transfer in the hope that multiple slaves +# will arrive and the transfer can be parallelized. +# +# With slow disks and fast (large bandwidth) networks, diskless replication +# works better. +repl-diskless-sync no + +# When diskless replication is enabled, it is possible to configure the delay +# the server waits in order to spawn the child that transfers the RDB via socket +# to the slaves. +# +# This is important since once the transfer starts, it is not possible to serve +# new slaves arriving, that will be queued for the next RDB transfer, so the server +# waits a delay in order to let more slaves arrive. +# +# The delay is specified in seconds, and by default is 5 seconds. To disable +# it entirely just set it to 0 seconds and the transfer will start ASAP. +repl-diskless-sync-delay 5 + +# Slaves send PINGs to server in a predefined interval. It's possible to change +# this interval with the repl_ping_slave_period option. The default value is 10 +# seconds. +# +# repl-ping-slave-period 10 + +# The following option sets the replication timeout for: +# +# 1) Bulk transfer I/O during SYNC, from the point of view of slave. +# 2) Master timeout from the point of view of slaves (data, pings). +# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). +# +# It is important to make sure that this value is greater than the value +# specified for repl-ping-slave-period otherwise a timeout will be detected +# every time there is low traffic between the master and the slave. +# +# repl-timeout 60 + +# Disable TCP_NODELAY on the slave socket after SYNC? +# +# If you select "yes" Redis will use a smaller number of TCP packets and +# less bandwidth to send data to slaves. But this can add a delay for +# the data to appear on the slave side, up to 40 milliseconds with +# Linux kernels using a default configuration. +# +# If you select "no" the delay for data to appear on the slave side will +# be reduced but more bandwidth will be used for replication. +# +# By default we optimize for low latency, but in very high traffic conditions +# or when the master and slaves are many hops away, turning this to "yes" may +# be a good idea. +repl-disable-tcp-nodelay no + +# Set the replication backlog size. The backlog is a buffer that accumulates +# slave data when slaves are disconnected for some time, so that when a slave +# wants to reconnect again, often a full resync is not needed, but a partial +# resync is enough, just passing the portion of data the slave missed while +# disconnected. +# +# The bigger the replication backlog, the longer the time the slave can be +# disconnected and later be able to perform a partial resynchronization. +# +# The backlog is only allocated once there is at least a slave connected. +# +# repl-backlog-size 1mb + +# After a master has no longer connected slaves for some time, the backlog +# will be freed. The following option configures the amount of seconds that +# need to elapse, starting from the time the last slave disconnected, for +# the backlog buffer to be freed. +# +# Note that slaves never free the backlog for timeout, since they may be +# promoted to masters later, and should be able to correctly "partially +# resynchronize" with the slaves: hence they should always accumulate backlog. +# +# A value of 0 means to never release the backlog. +# +# repl-backlog-ttl 3600 + +# The slave priority is an integer number published by Redis in the INFO output. +# It is used by Redis Sentinel in order to select a slave to promote into a +# master if the master is no longer working correctly. +# +# A slave with a low priority number is considered better for promotion, so +# for instance if there are three slaves with priority 10, 100, 25 Sentinel will +# pick the one with priority 10, that is the lowest. +# +# However a special priority of 0 marks the slave as not able to perform the +# role of master, so a slave with priority of 0 will never be selected by +# Redis Sentinel for promotion. +# +# By default the priority is 100. +slave-priority 100 + +# It is possible for a master to stop accepting writes if there are less than +# N slaves connected, having a lag less or equal than M seconds. +# +# The N slaves need to be in "online" state. +# +# The lag in seconds, that must be <= the specified value, is calculated from +# the last ping received from the slave, that is usually sent every second. +# +# This option does not GUARANTEE that N replicas will accept the write, but +# will limit the window of exposure for lost writes in case not enough slaves +# are available, to the specified number of seconds. +# +# For example to require at least 3 slaves with a lag <= 10 seconds use: +# +# min-slaves-to-write 3 +# min-slaves-max-lag 10 +# +# Setting one or the other to 0 disables the feature. +# +# By default min-slaves-to-write is set to 0 (feature disabled) and +# min-slaves-max-lag is set to 10. + +# A Redis master is able to list the address and port of the attached +# slaves in different ways. For example the "INFO replication" section +# offers this information, which is used, among other tools, by +# Redis Sentinel in order to discover slave instances. +# Another place where this info is available is in the output of the +# "ROLE" command of a master. +# +# The listed IP and address normally reported by a slave is obtained +# in the following way: +# +# IP: The address is auto detected by checking the peer address +# of the socket used by the slave to connect with the master. +# +# Port: The port is communicated by the slave during the replication +# handshake, and is normally the port that the slave is using to +# list for connections. +# +# However when port forwarding or Network Address Translation (NAT) is +# used, the slave may be actually reachable via different IP and port +# pairs. The following two options can be used by a slave in order to +# report to its master a specific set of IP and port, so that both INFO +# and ROLE will report those values. +# +# There is no need to use both the options if you need to override just +# the port or the IP address. +# +# slave-announce-ip 5.5.5.5 +# slave-announce-port 1234 + +################################## SECURITY ################################### + +# Require clients to issue AUTH before processing any other +# commands. This might be useful in environments in which you do not trust +# others with access to the host running redis-server. +# +# This should stay commented out for backward compatibility and because most +# people do not need auth (e.g. they run their own servers). +# +# Warning: since Redis is pretty fast an outside user can try up to +# 150k passwords per second against a good box. This means that you should +# use a very strong password otherwise it will be very easy to break. +# +# requirepass foobared + +# Command renaming. +# +# It is possible to change the name of dangerous commands in a shared +# environment. For instance the CONFIG command may be renamed into something +# hard to guess so that it will still be available for internal-use tools +# but not available for general clients. +# +# Example: +# +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 +# +# It is also possible to completely kill a command by renaming it into +# an empty string: +# +# rename-command CONFIG "" +# +# Please note that changing the name of commands that are logged into the +# AOF file or transmitted to slaves may cause problems. + +################################### CLIENTS #################################### + +# Set the max number of connected clients at the same time. By default +# this limit is set to 10000 clients, however if the Redis server is not +# able to configure the process file limit to allow for the specified limit +# the max number of allowed clients is set to the current file limit +# minus 32 (as Redis reserves a few file descriptors for internal uses). +# +# Once the limit is reached Redis will close all the new connections sending +# an error 'max number of clients reached'. +# +# maxclients 10000 + +############################## MEMORY MANAGEMENT ################################ + +# Set a memory usage limit to the specified amount of bytes. +# When the memory limit is reached Redis will try to remove keys +# according to the eviction policy selected (see maxmemory-policy). +# +# If Redis can't remove keys according to the policy, or if the policy is +# set to 'noeviction', Redis will start to reply with errors to commands +# that would use more memory, like SET, LPUSH, and so on, and will continue +# to reply to read-only commands like GET. +# +# This option is usually useful when using Redis as an LRU or LFU cache, or to +# set a hard memory limit for an instance (using the 'noeviction' policy). +# +# WARNING: If you have slaves attached to an instance with maxmemory on, +# the size of the output buffers needed to feed the slaves are subtracted +# from the used memory count, so that network problems / resyncs will +# not trigger a loop where keys are evicted, and in turn the output +# buffer of slaves is full with DELs of keys evicted triggering the deletion +# of more keys, and so forth until the database is completely emptied. +# +# In short... if you have slaves attached it is suggested that you set a lower +# limit for maxmemory so that there is some free RAM on the system for slave +# output buffers (but this is not needed if the policy is 'noeviction'). +# +# maxmemory + +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory +# is reached. You can select among five behaviors: +# +# volatile-lru -> Evict using approximated LRU among the keys with an expire set. +# allkeys-lru -> Evict any key using approximated LRU. +# volatile-lfu -> Evict using approximated LFU among the keys with an expire set. +# allkeys-lfu -> Evict any key using approximated LFU. +# volatile-random -> Remove a random key among the ones with an expire set. +# allkeys-random -> Remove a random key, any key. +# volatile-ttl -> Remove the key with the nearest expire time (minor TTL) +# noeviction -> Don't evict anything, just return an error on write operations. +# +# LRU means Least Recently Used +# LFU means Least Frequently Used +# +# Both LRU, LFU and volatile-ttl are implemented using approximated +# randomized algorithms. +# +# Note: with any of the above policies, Redis will return an error on write +# operations, when there are no suitable keys for eviction. +# +# At the date of writing these commands are: set setnx setex append +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby +# getset mset msetnx exec sort +# +# The default is: +# +# maxmemory-policy noeviction + +# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated +# algorithms (in order to save memory), so you can tune it for speed or +# accuracy. For default Redis will check five keys and pick the one that was +# used less recently, you can change the sample size using the following +# configuration directive. +# +# The default of 5 produces good enough results. 10 Approximates very closely +# true LRU but costs more CPU. 3 is faster but not very accurate. +# +# maxmemory-samples 5 + +############################# LAZY FREEING #################################### + +# Redis has two primitives to delete keys. One is called DEL and is a blocking +# deletion of the object. It means that the server stops processing new commands +# in order to reclaim all the memory associated with an object in a synchronous +# way. If the key deleted is associated with a small object, the time needed +# in order to execute th DEL command is very small and comparable to most other +# O(1) or O(log_N) commands in Redis. However if the key is associated with an +# aggregated value containing millions of elements, the server can block for +# a long time (even seconds) in order to complete the operation. +# +# For the above reasons Redis also offers non blocking deletion primitives +# such as UNLINK (non blocking DEL) and the ASYNC option of FLUSHALL and +# FLUSHDB commands, in order to reclaim memory in background. Those commands +# are executed in constant time. Another thread will incrementally free the +# object in the background as fast as possible. +# +# DEL, UNLINK and ASYNC option of FLUSHALL and FLUSHDB are user-controlled. +# It's up to the design of the application to understand when it is a good +# idea to use one or the other. However the Redis server sometimes has to +# delete keys or flush the whole database as a side effect of other operations. +# Specifically Redis deletes objects independently of an user call in the +# following scenarios: +# +# 1) On eviction, because of the maxmemory and maxmemory policy configurations, +# in order to make room for new data, without going over the specified +# memory limit. +# 2) Because of expire: when a key with an associated time to live (see the +# EXPIRE command) must be deleted from memory. +# 3) Because of a side effect of a command that stores data on a key that may +# already exist. For example the RENAME command may delete the old key +# content when it is replaced with another one. Similarly SUNIONSTORE +# or SORT with STORE option may delete existing keys. The SET command +# itself removes any old content of the specified key in order to replace +# it with the specified string. +# 4) During replication, when a slave performs a full resynchronization with +# its master, the content of the whole database is removed in order to +# load the RDB file just transfered. +# +# In all the above cases the default is to delete objects in a blocking way, +# like if DEL was called. However you can configure each case specifically +# in order to instead release memory in a non-blocking way like if UNLINK +# was called, using the following configuration directives: + +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +slave-lazy-flush no + +############################## APPEND ONLY MODE ############################### + +# By default Redis asynchronously dumps the dataset on disk. This mode is +# good enough in many applications, but an issue with the Redis process or +# a power outage may result into a few minutes of writes lost (depending on +# the configured save points). +# +# The Append Only File is an alternative persistence mode that provides +# much better durability. For instance using the default data fsync policy +# (see later in the config file) Redis can lose just one second of writes in a +# dramatic event like a server power outage, or a single write if something +# wrong with the Redis process itself happens, but the operating system is +# still running correctly. +# +# AOF and RDB persistence can be enabled at the same time without problems. +# If the AOF is enabled on startup Redis will load the AOF, that is the file +# with the better durability guarantees. +# +# Please check http://redis.io/topics/persistence for more information. + +appendonly no + +# The name of the append only file (default: "appendonly.aof") + +appendfilename "appendonly.aof" + +# The fsync() call tells the Operating System to actually write data on disk +# instead of waiting for more data in the output buffer. Some OS will really flush +# data on disk, some other OS will just try to do it ASAP. +# +# Redis supports three different modes: +# +# no: don't fsync, just let the OS flush the data when it wants. Faster. +# always: fsync after every write to the append only log. Slow, Safest. +# everysec: fsync only one time every second. Compromise. +# +# The default is "everysec", as that's usually the right compromise between +# speed and data safety. It's up to you to understand if you can relax this to +# "no" that will let the operating system flush the output buffer when +# it wants, for better performances (but if you can live with the idea of +# some data loss consider the default persistence mode that's snapshotting), +# or on the contrary, use "always" that's very slow but a bit safer than +# everysec. +# +# More details please check the following article: +# http://antirez.com/post/redis-persistence-demystified.html +# +# If unsure, use "everysec". + +# appendfsync always +appendfsync everysec +# appendfsync no + +# When the AOF fsync policy is set to always or everysec, and a background +# saving process (a background save or AOF log background rewriting) is +# performing a lot of I/O against the disk, in some Linux configurations +# Redis may block too long on the fsync() call. Note that there is no fix for +# this currently, as even performing fsync in a different thread will block +# our synchronous write(2) call. +# +# In order to mitigate this problem it's possible to use the following option +# that will prevent fsync() from being called in the main process while a +# BGSAVE or BGREWRITEAOF is in progress. +# +# This means that while another child is saving, the durability of Redis is +# the same as "appendfsync none". In practical terms, this means that it is +# possible to lose up to 30 seconds of log in the worst scenario (with the +# default Linux settings). +# +# If you have latency problems turn this to "yes". Otherwise leave it as +# "no" that is the safest pick from the point of view of durability. + +no-appendfsync-on-rewrite no + +# Automatic rewrite of the append only file. +# Redis is able to automatically rewrite the log file implicitly calling +# BGREWRITEAOF when the AOF log size grows by the specified percentage. +# +# This is how it works: Redis remembers the size of the AOF file after the +# latest rewrite (if no rewrite has happened since the restart, the size of +# the AOF at startup is used). +# +# This base size is compared to the current size. If the current size is +# bigger than the specified percentage, the rewrite is triggered. Also +# you need to specify a minimal size for the AOF file to be rewritten, this +# is useful to avoid rewriting the AOF file even if the percentage increase +# is reached but it is still pretty small. +# +# Specify a percentage of zero in order to disable the automatic AOF +# rewrite feature. + +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +# An AOF file may be found to be truncated at the end during the Redis +# startup process, when the AOF data gets loaded back into memory. +# This may happen when the system where Redis is running +# crashes, especially when an ext4 filesystem is mounted without the +# data=ordered option (however this can't happen when Redis itself +# crashes or aborts but the operating system still works correctly). +# +# Redis can either exit with an error when this happens, or load as much +# data as possible (the default now) and start if the AOF file is found +# to be truncated at the end. The following option controls this behavior. +# +# If aof-load-truncated is set to yes, a truncated AOF file is loaded and +# the Redis server starts emitting a log to inform the user of the event. +# Otherwise if the option is set to no, the server aborts with an error +# and refuses to start. When the option is set to no, the user requires +# to fix the AOF file using the "redis-check-aof" utility before to restart +# the server. +# +# Note that if the AOF file will be found to be corrupted in the middle +# the server will still exit with an error. This option only applies when +# Redis will try to read more data from the AOF file but not enough bytes +# will be found. +aof-load-truncated yes + +# When rewriting the AOF file, Redis is able to use an RDB preamble in the +# AOF file for faster rewrites and recoveries. When this option is turned +# on the rewritten AOF file is composed of two different stanzas: +# +# [RDB file][AOF tail] +# +# When loading Redis recognizes that the AOF file starts with the "REDIS" +# string and loads the prefixed RDB file, and continues loading the AOF +# tail. +# +# This is currently turned off by default in order to avoid the surprise +# of a format change, but will at some point be used as the default. +aof-use-rdb-preamble no + +################################ LUA SCRIPTING ############################### + +# Max execution time of a Lua script in milliseconds. +# +# If the maximum execution time is reached Redis will log that a script is +# still in execution after the maximum allowed time and will start to +# reply to queries with an error. +# +# When a long running script exceeds the maximum execution time only the +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be +# used to stop a script that did not yet called write commands. The second +# is the only way to shut down the server in the case a write command was +# already issued by the script but the user doesn't want to wait for the natural +# termination of the script. +# +# Set it to 0 or a negative value for unlimited execution without warnings. +lua-time-limit 5000 + +################################ REDIS CLUSTER ############################### +# +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however +# in order to mark it as "mature" we need to wait for a non trivial percentage +# of users to deploy it in production. +# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +# +# Normal Redis instances can't be part of a Redis Cluster; only nodes that are +# started as cluster nodes can. In order to start a Redis instance as a +# cluster node enable the cluster support uncommenting the following: +# +# cluster-enabled yes + +# Every cluster node has a cluster configuration file. This file is not +# intended to be edited by hand. It is created and updated by Redis nodes. +# Every Redis Cluster node requires a different cluster configuration file. +# Make sure that instances running in the same system do not have +# overlapping cluster configuration file names. +# +# cluster-config-file nodes-6379.conf + +# Cluster node timeout is the amount of milliseconds a node must be unreachable +# for it to be considered in failure state. +# Most other internal time limits are multiple of the node timeout. +# +# cluster-node-timeout 15000 + +# A slave of a failing master will avoid to start a failover if its data +# looks too old. +# +# There is no simple way for a slave to actually have an exact measure of +# its "data age", so the following two checks are performed: +# +# 1) If there are multiple slaves able to failover, they exchange messages +# in order to try to give an advantage to the slave with the best +# replication offset (more data from the master processed). +# Slaves will try to get their rank by offset, and apply to the start +# of the failover a delay proportional to their rank. +# +# 2) Every single slave computes the time of the last interaction with +# its master. This can be the last ping or command received (if the master +# is still in the "connected" state), or the time that elapsed since the +# disconnection with the master (if the replication link is currently down). +# If the last interaction is too old, the slave will not try to failover +# at all. +# +# The point "2" can be tuned by user. Specifically a slave will not perform +# the failover if, since the last interaction with the master, the time +# elapsed is greater than: +# +# (node-timeout * slave-validity-factor) + repl-ping-slave-period +# +# So for example if node-timeout is 30 seconds, and the slave-validity-factor +# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the +# slave will not try to failover if it was not able to talk with the master +# for longer than 310 seconds. +# +# A large slave-validity-factor may allow slaves with too old data to failover +# a master, while a too small value may prevent the cluster from being able to +# elect a slave at all. +# +# For maximum availability, it is possible to set the slave-validity-factor +# to a value of 0, which means, that slaves will always try to failover the +# master regardless of the last time they interacted with the master. +# (However they'll always try to apply a delay proportional to their +# offset rank). +# +# Zero is the only value able to guarantee that when all the partitions heal +# the cluster will always be able to continue. +# +# cluster-slave-validity-factor 10 + +# Cluster slaves are able to migrate to orphaned masters, that are masters +# that are left without working slaves. This improves the cluster ability +# to resist to failures as otherwise an orphaned master can't be failed over +# in case of failure if it has no working slaves. +# +# Slaves migrate to orphaned masters only if there are still at least a +# given number of other working slaves for their old master. This number +# is the "migration barrier". A migration barrier of 1 means that a slave +# will migrate only if there is at least 1 other working slave for its master +# and so forth. It usually reflects the number of slaves you want for every +# master in your cluster. +# +# Default is 1 (slaves migrate only if their masters remain with at least +# one slave). To disable migration just set it to a very large value. +# A value of 0 can be set but is useful only for debugging and dangerous +# in production. +# +# cluster-migration-barrier 1 + +# By default Redis Cluster nodes stop accepting queries if they detect there +# is at least an hash slot uncovered (no available node is serving it). +# This way if the cluster is partially down (for example a range of hash slots +# are no longer covered) all the cluster becomes, eventually, unavailable. +# It automatically returns available as soon as all the slots are covered again. +# +# However sometimes you want the subset of the cluster which is working, +# to continue to accept queries for the part of the key space that is still +# covered. In order to do so, just set the cluster-require-full-coverage +# option to no. +# +# cluster-require-full-coverage yes + +# In order to setup your cluster make sure to read the documentation +# available at http://redis.io web site. + +########################## CLUSTER DOCKER/NAT support ######################## + +# In certain deployments, Redis Cluster nodes address discovery fails, because +# addresses are NAT-ted or because ports are forwarded (the typical case is +# Docker and other containers). +# +# In order to make Redis Cluster working in such environments, a static +# configuration where each node known its public address is needed. The +# following two options are used for this scope, and are: +# +# * cluster-announce-ip +# * cluster-announce-port +# * cluster-announce-bus-port +# +# Each instruct the node about its address, client port, and cluster message +# bus port. The information is then published in the header of the bus packets +# so that other nodes will be able to correctly map the address of the node +# publishing the information. +# +# If the above options are not used, the normal Redis Cluster auto-detection +# will be used instead. +# +# Note that when remapped, the bus port may not be at the fixed offset of +# clients port + 10000, so you can specify any port and bus-port depending +# on how they get remapped. If the bus-port is not set, a fixed offset of +# 10000 will be used as usually. +# +# Example: +# +# cluster-announce-ip 10.1.1.5 +# cluster-announce-port 6379 +# cluster-announce-bus-port 6380 + +################################## SLOW LOG ################################### + +# The Redis Slow Log is a system to log queries that exceeded a specified +# execution time. The execution time does not include the I/O operations +# like talking with the client, sending the reply and so forth, +# but just the time needed to actually execute the command (this is the only +# stage of command execution where the thread is blocked and can not serve +# other requests in the meantime). +# +# You can configure the slow log with two parameters: one tells Redis +# what is the execution time, in microseconds, to exceed in order for the +# command to get logged, and the other parameter is the length of the +# slow log. When a new command is logged the oldest one is removed from the +# queue of logged commands. + +# The following time is expressed in microseconds, so 1000000 is equivalent +# to one second. Note that a negative number disables the slow log, while +# a value of zero forces the logging of every command. +slowlog-log-slower-than 10000 + +# There is no limit to this length. Just be aware that it will consume memory. +# You can reclaim memory used by the slow log with SLOWLOG RESET. +slowlog-max-len 128 + +################################ LATENCY MONITOR ############################## + +# The Redis latency monitoring subsystem samples different operations +# at runtime in order to collect data related to possible sources of +# latency of a Redis instance. +# +# Via the LATENCY command this information is available to the user that can +# print graphs and obtain reports. +# +# The system only logs operations that were performed in a time equal or +# greater than the amount of milliseconds specified via the +# latency-monitor-threshold configuration directive. When its value is set +# to zero, the latency monitor is turned off. +# +# By default latency monitoring is disabled since it is mostly not needed +# if you don't have latency issues, and collecting data has a performance +# impact, that while very small, can be measured under big load. Latency +# monitoring can easily be enabled at runtime using the command +# "CONFIG SET latency-monitor-threshold " if needed. +latency-monitor-threshold 0 + +############################# EVENT NOTIFICATION ############################## + +# Redis can notify Pub/Sub clients about events happening in the key space. +# This feature is documented at http://redis.io/topics/notifications +# +# For instance if keyspace events notification is enabled, and a client +# performs a DEL operation on key "foo" stored in the Database 0, two +# messages will be published via Pub/Sub: +# +# PUBLISH __keyspace@0__:foo del +# PUBLISH __keyevent@0__:del foo +# +# It is possible to select the events that Redis will notify among a set +# of classes. Every class is identified by a single character: +# +# K Keyspace events, published with __keyspace@__ prefix. +# E Keyevent events, published with __keyevent@__ prefix. +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... +# $ String commands +# l List commands +# s Set commands +# h Hash commands +# z Sorted set commands +# x Expired events (events generated every time a key expires) +# e Evicted events (events generated when a key is evicted for maxmemory) +# A Alias for g$lshzxe, so that the "AKE" string means all the events. +# +# The "notify-keyspace-events" takes as argument a string that is composed +# of zero or multiple characters. The empty string means that notifications +# are disabled. +# +# Example: to enable list and generic events, from the point of view of the +# event name, use: +# +# notify-keyspace-events Elg +# +# Example 2: to get the stream of the expired keys subscribing to channel +# name __keyevent@0__:expired use: +# +# notify-keyspace-events Ex +# +# By default all notifications are disabled because most users don't need +# this feature and the feature has some overhead. Note that if you don't +# specify at least one of K or E, no events will be delivered. +notify-keyspace-events "" + +############################### ADVANCED CONFIG ############################### + +# Hashes are encoded using a memory efficient data structure when they have a +# small number of entries, and the biggest entry does not exceed a given +# threshold. These thresholds can be configured using the following directives. +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 + +# Lists are also encoded in a special way to save a lot of space. +# The number of entries allowed per internal list node can be specified +# as a fixed maximum size or a maximum number of elements. +# For a fixed maximum size, use -5 through -1, meaning: +# -5: max size: 64 Kb <-- not recommended for normal workloads +# -4: max size: 32 Kb <-- not recommended +# -3: max size: 16 Kb <-- probably not recommended +# -2: max size: 8 Kb <-- good +# -1: max size: 4 Kb <-- good +# Positive numbers mean store up to _exactly_ that number of elements +# per list node. +# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size), +# but if your use case is unique, adjust the settings as necessary. +list-max-ziplist-size -2 + +# Lists may also be compressed. +# Compress depth is the number of quicklist ziplist nodes from *each* side of +# the list to *exclude* from compression. The head and tail of the list +# are always uncompressed for fast push/pop operations. Settings are: +# 0: disable all list compression +# 1: depth 1 means "don't start compressing until after 1 node into the list, +# going from either the head or tail" +# So: [head]->node->node->...->node->[tail] +# [head], [tail] will always be uncompressed; inner nodes will compress. +# 2: [head]->[next]->node->node->...->node->[prev]->[tail] +# 2 here means: don't compress head or head->next or tail->prev or tail, +# but compress all nodes between them. +# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail] +# etc. +list-compress-depth 0 + +# Sets have a special encoding in just one case: when a set is composed +# of just strings that happen to be integers in radix 10 in the range +# of 64 bit signed integers. +# The following configuration setting sets the limit in the size of the +# set in order to use this special memory saving encoding. +set-max-intset-entries 512 + +# Similarly to hashes and lists, sorted sets are also specially encoded in +# order to save a lot of space. This encoding is only used when the length and +# elements of a sorted set are below the following limits: +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 + +# HyperLogLog sparse representation bytes limit. The limit includes the +# 16 bytes header. When an HyperLogLog using the sparse representation crosses +# this limit, it is converted into the dense representation. +# +# A value greater than 16000 is totally useless, since at that point the +# dense representation is more memory efficient. +# +# The suggested value is ~ 3000 in order to have the benefits of +# the space efficient encoding without slowing down too much PFADD, +# which is O(N) with the sparse encoding. The value can be raised to +# ~ 10000 when CPU is not a concern, but space is, and the data set is +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. +hll-sparse-max-bytes 3000 + +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in +# order to help rehashing the main Redis hash table (the one mapping top-level +# keys to values). The hash table implementation Redis uses (see dict.c) +# performs a lazy rehashing: the more operation you run into a hash table +# that is rehashing, the more rehashing "steps" are performed, so if the +# server is idle the rehashing is never complete and some more memory is used +# by the hash table. +# +# The default is to use this millisecond 10 times every second in order to +# actively rehash the main dictionaries, freeing memory when possible. +# +# If unsure: +# use "activerehashing no" if you have hard latency requirements and it is +# not a good thing in your environment that Redis can reply from time to time +# to queries with 2 milliseconds delay. +# +# use "activerehashing yes" if you don't have such hard requirements but +# want to free memory asap when possible. +activerehashing yes + +# The client output buffer limits can be used to force disconnection of clients +# that are not reading data from the server fast enough for some reason (a +# common reason is that a Pub/Sub client can't consume messages as fast as the +# publisher can produce them). +# +# The limit can be set differently for the three different classes of clients: +# +# normal -> normal clients including MONITOR clients +# slave -> slave clients +# pubsub -> clients subscribed to at least one pubsub channel or pattern +# +# The syntax of every client-output-buffer-limit directive is the following: +# +# client-output-buffer-limit +# +# A client is immediately disconnected once the hard limit is reached, or if +# the soft limit is reached and remains reached for the specified number of +# seconds (continuously). +# So for instance if the hard limit is 32 megabytes and the soft limit is +# 16 megabytes / 10 seconds, the client will get disconnected immediately +# if the size of the output buffers reach 32 megabytes, but will also get +# disconnected if the client reaches 16 megabytes and continuously overcomes +# the limit for 10 seconds. +# +# By default normal clients are not limited because they don't receive data +# without asking (in a push way), but just after a request, so only +# asynchronous clients may create a scenario where data is requested faster +# than it can read. +# +# Instead there is a default limit for pubsub and slave clients, since +# subscribers and slaves receive data in a push fashion. +# +# Both the hard or the soft limit can be disabled by setting them to zero. +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 + +# Redis calls an internal function to perform many background tasks, like +# closing connections of clients in timeout, purging expired keys that are +# never requested, and so forth. +# +# Not all tasks are performed with the same frequency, but Redis checks for +# tasks to perform according to the specified "hz" value. +# +# By default "hz" is set to 10. Raising the value will use more CPU when +# Redis is idle, but at the same time will make Redis more responsive when +# there are many keys expiring at the same time, and timeouts may be +# handled with more precision. +# +# The range is between 1 and 500, however a value over 100 is usually not +# a good idea. Most users should use the default of 10 and raise this up to +# 100 only in environments where very low latency is required. +hz 10 + +# When a child rewrites the AOF file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +aof-rewrite-incremental-fsync yes + +# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good +# idea to start with the default settings and only change them after investigating +# how to improve the performances and how the keys LFU change over time, which +# is possible to inspect via the OBJECT FREQ command. +# +# There are two tunable parameters in the Redis LFU implementation: the +# counter logarithm factor and the counter decay time. It is important to +# understand what the two parameters mean before changing them. +# +# The LFU counter is just 8 bits per key, it's maximum value is 255, so Redis +# uses a probabilistic increment with logarithmic behavior. Given the value +# of the old counter, when a key is accessed, the counter is incremented in +# this way: +# +# 1. A random number R between 0 and 1 is extracted. +# 2. A probability P is calculated as 1/(old_value*lfu_log_factor+1). +# 3. The counter is incremented only if R < P. +# +# The default lfu-log-factor is 10. This is a table of how the frequency +# counter changes with a different number of accesses with different +# logarithmic factors: +# +# +--------+------------+------------+------------+------------+------------+ +# | factor | 100 hits | 1000 hits | 100K hits | 1M hits | 10M hits | +# +--------+------------+------------+------------+------------+------------+ +# | 0 | 104 | 255 | 255 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 1 | 18 | 49 | 255 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 10 | 10 | 18 | 142 | 255 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# | 100 | 8 | 11 | 49 | 143 | 255 | +# +--------+------------+------------+------------+------------+------------+ +# +# NOTE: The above table was obtained by running the following commands: +# +# redis-benchmark -n 1000000 incr foo +# redis-cli object freq foo +# +# NOTE 2: The counter initial value is 5 in order to give new objects a chance +# to accumulate hits. +# +# The counter decay time is the time, in minutes, that must elapse in order +# for the key counter to be divided by two (or decremented if it has a value +# less <= 10). +# +# The default value for the lfu-decay-time is 1. A Special value of 0 means to +# decay the counter every time it happens to be scanned. +# +# lfu-log-factor 10 +# lfu-decay-time 1 + +########################### ACTIVE DEFRAGMENTATION ####################### +# +# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested +# even in production and manually tested by multiple engineers for some +# time. +# +# What is active defragmentation? +# ------------------------------- +# +# Active (online) defragmentation allows a Redis server to compact the +# spaces left between small allocations and deallocations of data in memory, +# thus allowing to reclaim back memory. +# +# Fragmentation is a natural process that happens with every allocator (but +# less so with Jemalloc, fortunately) and certain workloads. Normally a server +# restart is needed in order to lower the fragmentation, or at least to flush +# away all the data and create it again. However thanks to this feature +# implemented by Oran Agra for Redis 4.0 this process can happen at runtime +# in an "hot" way, while the server is running. +# +# Basically when the fragmentation is over a certain level (see the +# configuration options below) Redis will start to create new copies of the +# values in contiguous memory regions by exploiting certain specific Jemalloc +# features (in order to understand if an allocation is causing fragmentation +# and to allocate it in a better place), and at the same time, will release the +# old copies of the data. This process, repeated incrementally for all the keys +# will cause the fragmentation to drop back to normal values. +# +# Important things to understand: +# +# 1. This feature is disabled by default, and only works if you compiled Redis +# to use the copy of Jemalloc we ship with the source code of Redis. +# This is the default with Linux builds. +# +# 2. You never need to enable this feature if you don't have fragmentation +# issues. +# +# 3. Once you experience fragmentation, you can enable this feature when +# needed with the command "CONFIG SET activedefrag yes". +# +# The configuration parameters are able to fine tune the behavior of the +# defragmentation process. If you are not sure about what they mean it is +# a good idea to leave the defaults untouched. + +# Enabled active defragmentation +# activedefrag yes + +# Minimum amount of fragmentation waste to start active defrag +# active-defrag-ignore-bytes 100mb + +# Minimum percentage of fragmentation to start active defrag +# active-defrag-threshold-lower 10 + +# Maximum percentage of fragmentation at which we use maximum effort +# active-defrag-threshold-upper 100 + +# Minimal effort for defrag in CPU percentage +# active-defrag-cycle-min 25 + +# Maximal effort for defrag in CPU percentage +# active-defrag-cycle-max 75 + diff --git a/states/roles/maintain/gitlab/conf_files/resque.yml b/states/roles/maintain/gitlab/conf_files/resque.yml new file mode 100644 index 0000000..6c7944f --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/resque.yml @@ -0,0 +1,34 @@ +# If you change this file in a Merge Request, please also create +# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests +# +development: + url: unix:/run/redis/redis.sock + # sentinels: + # - + # host: localhost + # port: 26380 # point to sentinel, not to redis port + # - + # host: slave2 + # port: 26381 # point to sentinel, not to redis port +test: + url: unix:/run/redis/redis.sock +production: + # Redis (single instance) + url: unix:/run/redis/redis.sock + ## + # Redis + Sentinel (for HA) + # + # Please read instructions carefully before using it as you may lose data: + # http://redis.io/topics/sentinel + # + # You must specify a list of a few sentinels that will handle client connection + # please read here for more information: https://docs.gitlab.com/ce/administration/high_availability/redis.html + ## + # url: redis://master:6379 + # sentinels: + # - + # host: slave1 + # port: 26379 # point to sentinel, not to redis port + # - + # host: slave2 + # port: 26379 # point to sentinel, not to redis port diff --git a/states/roles/maintain/gitlab/conf_files/smtp_settings.rb b/states/roles/maintain/gitlab/conf_files/smtp_settings.rb new file mode 100644 index 0000000..687a110 --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/smtp_settings.rb @@ -0,0 +1,24 @@ +# To enable smtp email delivery for your GitLab instance do the following: +# 1. Rename this file to smtp_settings.rb +# 2. Edit settings inside this file +# 3. Restart GitLab instance +# +# For full list of options and their values see http://api.rubyonrails.org/classes/ActionMailer/Base.html +# +# If you change this file in a Merge Request, please also create a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests + +if Rails.env.production? + Rails.application.config.action_mailer.delivery_method = :smtp + + ActionMailer::Base.delivery_method = :smtp + ActionMailer::Base.smtp_settings = { + address: "smtp.zoho.com", + port: 587, + user_name: "gitlab@actcur.com", + password: "{%- include 'secure/gitlab_smtp_password.txt' -%}", + domain: "zoho.com", + authentication: :plain, + enable_starttls_auto: true, + openssl_verify_mode: 'peer' # See ActionMailer documentation for other possible options + } +end diff --git a/states/roles/maintain/gitlab/conf_files/tmp_redis.conf b/states/roles/maintain/gitlab/conf_files/tmp_redis.conf new file mode 100644 index 0000000..773b8ea --- /dev/null +++ b/states/roles/maintain/gitlab/conf_files/tmp_redis.conf @@ -0,0 +1 @@ +d /run/redis 0755 redis redis - diff --git a/states/roles/maintain/gitlab/init.sls b/states/roles/maintain/gitlab/init.sls index 9cf9483..0b45dd3 100644 --- a/states/roles/maintain/gitlab/init.sls +++ b/states/roles/maintain/gitlab/init.sls @@ -1,30 +1,174 @@ gitlab: - - pkg: installed -mysql: - - pkg: installed + pkg.installed +mariadb: + pkg.installed gitlab_nginx: - - pkg: installed -#manage /etc/webapps/gitlab/gitlab.yml -#manage /etc/webapps/gitlab-shell/config.yml -#manage /etc/webapps/gitlab/resque.yml -#manage /etc/redis.conf -#manage /etc/tempfiles.d/redis.conf -#manage /etc/webapps/gitlab/database.yml -#manage /etc/nginx/conf.d/gitlab.conf + pkg.installed: + - name: nginx + +#managed files +/etc/webapps/gitlab/gitlab.yml: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/gitlab.yml + - user: root + - group: root + - mode: 644 +/etc/webapps/gitlab/database.yml: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/database.yml + - user: root + - group: root + - mode: 644 +/etc/webapps/gitlab/resque.yml: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/resque.yml + - user: root + - group: root + - mode: 644 +/etc/webapps/gitlab-shell/config.yml: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/config.yml + - user: root + - group: root + - mode: 644 +/usr/share/webapps/gitlab/config/initializers/smtp_settings.rb: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/smtp_settings.rb + - user: root + - group: root + - template: jinja + - mode: 644 +/usr/share/webapps/gitlab/config/environments/production.rb: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/production.rb + - user: root + - group: root + - mode: 644 +/etc/redis.conf: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/redis.conf + - user: root + - group: root + - mode: 644 +/etc/tempfiles.d/redis.conf: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/tmp_redis.conf + - user: root + - group: root + - mode: 644 + - makedirs: true +/etc/nginx/conf.d/gitlab.conf: + file.managed: + - source: salt://roles/maintain/gitlab/conf_files/gitlab.conf + - user: root + - group: root + - makedirs: true + - dir_mode: 755 + - mode: 644 + #add users git and gitlab to redis group +git_user: + user.present: + - name: git + - groups: + - redis +gitlab_user: + user.present: + - name: gitlab + - groups: + - redis -#initialize redis database w/: -#su - gitlab -s /bin/sh -c "cd '/usr/share/webapps/gitlab'; bundle-2.3 exec rake gitlab:setup RAILS_ENV=production" +#migrate redis database as gitlab user if necessary +redis-running: + service.running: + - name: redis + - enable: true + - watch: + - file: /etc/redis.conf + - file: /etc/tempfiles.d/redis.conf +gitlab_rake_db: + cmd.run: + - name: "bundle-2.3 exec rake db:migrate RAILS_ENV=production" + - cwd: "/usr/share/webapps/gitlab" + - runas: gitlab + - watch: + - pkg: gitlab -#configure gitlab user for git -#git config --global user.name "Actaeus Curabitur" -#git config --global user.email "actcur@actcur.com" -#git config --global core.autocrlf "input" +#global git configuration +gitlab_git_name: + git.config_set: + - name: user.name + - value: "Actaeus Curabitur" + - user: gitlab + - global: true +gitlab_git_email: + git.config_set: + - name: user.email + - value: "actcur@actcur.com" + - user: gitlab + - global: true +gitlab_git_crlf: + git.config_set: + - name: core.autocrlf + - value: "input" + - user: gitlab + - global: true +#create symlink +symlink_repos: + file.symlink: + - name: /var/lib/gitlab/repositories + - target: /mnt/repos + - force: true #verify perms for repos are right -#chmod -R ug+rwX,o-rwx /var/lib/gitlab/repositories/ -#chmod -R ug-s /var/lib/gitlab/repositories -#find /var/lib/gitlab/repositories/ -type d -print0 | xargs -0 chmod g+s +/var/lib/gitlab/repositories/: + file.directory: + - user: gitlab + - group: gitlab + - dir_mode: 4770 -#start and enable redis -#start and enable gitlab.target, gitlab-sidekiq, gitlab-unicorn, and gitlab-workhorse +#start services +gitlab.target: + service.running: + - enable: true + - watch: + - file: /etc/webapps/gitlab/gitlab.yml + - file: /etc/webapps/gitlab/database.yml + - file: /etc/webapps/gitlab/resque.yml + - file: /etc/webapps/gitlab-shell/config.yml + - file: /etc/nginx/conf.d/gitlab.conf + - file: /usr/share/webapps/gitlab/config/initializers/smtp_settings.rb + - file: /usr/share/webapps/gitlab/config/environments/production.rb +gitlab-workhorse: + service.running: + - enable: true + - watch: + - file: /etc/webapps/gitlab/gitlab.yml + - file: /etc/webapps/gitlab/database.yml + - file: /etc/webapps/gitlab/resque.yml + - file: /etc/webapps/gitlab-shell/config.yml + - file: /etc/nginx/conf.d/gitlab.conf + - file: /usr/share/webapps/gitlab/config/initializers/smtp_settings.rb + - file: /usr/share/webapps/gitlab/config/environments/production.rb +gitlab-unicorn: + service.running: + - enable: true + - watch: + - file: /etc/webapps/gitlab/gitlab.yml + - file: /etc/webapps/gitlab/database.yml + - file: /etc/webapps/gitlab/resque.yml + - file: /etc/webapps/gitlab-shell/config.yml + - file: /etc/nginx/conf.d/gitlab.conf + - file: /usr/share/webapps/gitlab/config/initializers/smtp_settings.rb + - file: /usr/share/webapps/gitlab/config/environments/production.rb +gitlab-sidekiq: + service.running: + - enable: true + - watch: + - file: /etc/webapps/gitlab/gitlab.yml + - file: /etc/webapps/gitlab/database.yml + - file: /etc/webapps/gitlab/resque.yml + - file: /etc/webapps/gitlab-shell/config.yml + - file: /etc/nginx/conf.d/gitlab.conf + - file: /usr/share/webapps/gitlab/config/initializers/smtp_settings.rb + - file: /usr/share/webapps/gitlab/config/environments/production.rb diff --git a/states/roles/maintain/glances/auth.conf b/states/roles/maintain/glances/auth.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/certs b/states/roles/maintain/glances/certs deleted file mode 120000 index 1f4d9d6..0000000 --- a/states/roles/maintain/glances/certs +++ /dev/null @@ -1 +0,0 @@ -/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/glances/certs b/states/roles/maintain/glances/certs new file mode 100644 index 0000000..1f4d9d6 --- /dev/null +++ b/states/roles/maintain/glances/certs @@ -0,0 +1 @@ +/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/glances/glances.conf b/states/roles/maintain/glances/glances.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/glances.html b/states/roles/maintain/glances/glances.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/init.sls b/states/roles/maintain/glances/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/local.conf b/states/roles/maintain/glances/local.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/nginx.conf b/states/roles/maintain/glances/nginx.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/portal.conf b/states/roles/maintain/glances/portal.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/glances/remote.conf b/states/roles/maintain/glances/remote.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lam/config.cfg b/states/roles/maintain/lam/config.cfg old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lam/init.sls b/states/roles/maintain/lam/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lam/lam-server.conf b/states/roles/maintain/lam/lam-server.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lam/php.ini b/states/roles/maintain/lam/php.ini old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lamp/httpd.conf b/states/roles/maintain/lamp/httpd.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/lamp/init.sls b/states/roles/maintain/lamp/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/DB_CONFIG b/states/roles/maintain/ldap/DB_CONFIG old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/certs b/states/roles/maintain/ldap/certs deleted file mode 120000 index 1f4d9d6..0000000 --- a/states/roles/maintain/ldap/certs +++ /dev/null @@ -1 +0,0 @@ -/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/ldap/certs b/states/roles/maintain/ldap/certs new file mode 100644 index 0000000..1f4d9d6 --- /dev/null +++ b/states/roles/maintain/ldap/certs @@ -0,0 +1 @@ +/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/ldap/init.sls b/states/roles/maintain/ldap/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/rdn.ldiff b/states/roles/maintain/ldap/rdn.ldiff old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/slapd.conf b/states/roles/maintain/ldap/slapd.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/slapd.service b/states/roles/maintain/ldap/slapd.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ldap/update_slapd.sh b/states/roles/maintain/ldap/update_slapd.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/mirrorlist/getmirrors.service b/states/roles/maintain/mirrorlist/getmirrors.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/mirrorlist/getmirrors.sh b/states/roles/maintain/mirrorlist/getmirrors.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/mirrorlist/getmirrors.timer b/states/roles/maintain/mirrorlist/getmirrors.timer old mode 100755 new mode 100644 diff --git a/states/roles/maintain/mirrorlist/init.sls b/states/roles/maintain/mirrorlist/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nfs/init.sls b/states/roles/maintain/nfs/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/auth.conf b/states/roles/maintain/nginx-proxy/auth.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/certs b/states/roles/maintain/nginx-proxy/certs deleted file mode 120000 index 1f4d9d6..0000000 --- a/states/roles/maintain/nginx-proxy/certs +++ /dev/null @@ -1 +0,0 @@ -/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/nginx-proxy/certs b/states/roles/maintain/nginx-proxy/certs new file mode 100644 index 0000000..1f4d9d6 --- /dev/null +++ b/states/roles/maintain/nginx-proxy/certs @@ -0,0 +1 @@ +/etc/letsencrypt/live/ \ No newline at end of file diff --git a/states/roles/maintain/nginx-proxy/init.sls b/states/roles/maintain/nginx-proxy/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/local.conf b/states/roles/maintain/nginx-proxy/local.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/nginx.conf b/states/roles/maintain/nginx-proxy/nginx.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/portal.conf b/states/roles/maintain/nginx-proxy/portal.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/nginx-proxy/remote.conf b/states/roles/maintain/nginx-proxy/remote.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pepper/conf.d/pepper.conf b/states/roles/maintain/pepper/conf.d/pepper.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pepper/init.sls b/states/roles/maintain/pepper/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pepper/www.conf b/states/roles/maintain/pepper/www.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pkg-cache/init.sls b/states/roles/maintain/pkg-cache/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pkg-cache/nginx.conf b/states/roles/maintain/pkg-cache/nginx.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/pkg-cache/pkg-cache.conf b/states/roles/maintain/pkg-cache/pkg-cache.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/plexmediaserver/init.sls b/states/roles/maintain/plexmediaserver/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/plexmediaserver/plexmediaserver b/states/roles/maintain/plexmediaserver/plexmediaserver old mode 100755 new mode 100644 diff --git a/states/roles/maintain/plexrequests/init.sls b/states/roles/maintain/plexrequests/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/plexrequests/plexrequests.service b/states/roles/maintain/plexrequests/plexrequests.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/plexrequests/plexrequests.sh b/states/roles/maintain/plexrequests/plexrequests.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltmaster/init.sls b/states/roles/maintain/saltmaster/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltmaster/master b/states/roles/maintain/saltmaster/master old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltminion/highstate.service b/states/roles/maintain/saltminion/highstate.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltminion/highstate.sh b/states/roles/maintain/saltminion/highstate.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltminion/highstate.timer b/states/roles/maintain/saltminion/highstate.timer old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltminion/init.sls b/states/roles/maintain/saltminion/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltminion/minion b/states/roles/maintain/saltminion/minion old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/conf.d/saltpad.conf b/states/roles/maintain/saltpad/conf.d/saltpad.conf old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/init.sls b/states/roles/maintain/saltpad/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/merge.sh b/states/roles/maintain/saltpad/merge.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/modules/firewalld.py b/states/roles/maintain/saltpad/modules/firewalld.py old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/modules/roles.py b/states/roles/maintain/saltpad/modules/roles.py old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/modules/servers.py b/states/roles/maintain/saltpad/modules/servers.py old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/base.html b/states/roles/maintain/saltpad/templates/base.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/base_logged.html b/states/roles/maintain/saltpad/templates/base_logged.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/firewalld_edit.html b/states/roles/maintain/saltpad/templates/firewalld_edit.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/mods.html b/states/roles/maintain/saltpad/templates/mods.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/role_display.html b/states/roles/maintain/saltpad/templates/role_display.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/roles.html b/states/roles/maintain/saltpad/templates/roles.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/server_display.html b/states/roles/maintain/saltpad/templates/server_display.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/servers.html b/states/roles/maintain/saltpad/templates/servers.html old mode 100755 new mode 100644 diff --git a/states/roles/maintain/saltpad/templates/yaml.js b/states/roles/maintain/saltpad/templates/yaml.js old mode 100755 new mode 100644 diff --git a/states/roles/maintain/sendmail/highstate.service b/states/roles/maintain/sendmail/highstate.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/sendmail/highstate.sh b/states/roles/maintain/sendmail/highstate.sh old mode 100755 new mode 100644 diff --git a/states/roles/maintain/sendmail/highstate.timer b/states/roles/maintain/sendmail/highstate.timer old mode 100755 new mode 100644 diff --git a/states/roles/maintain/sendmail/init.sls b/states/roles/maintain/sendmail/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/sendmail/minion b/states/roles/maintain/sendmail/minion old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ytdownloader/feedsbase.csv b/states/roles/maintain/ytdownloader/feedsbase.csv old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ytdownloader/init.sls b/states/roles/maintain/ytdownloader/init.sls old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ytdownloader/ytdownloader.py b/states/roles/maintain/ytdownloader/ytdownloader.py old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ytdownloader/ytdownloader.service b/states/roles/maintain/ytdownloader/ytdownloader.service old mode 100755 new mode 100644 diff --git a/states/roles/maintain/ytdownloader/ytdownloader.timer b/states/roles/maintain/ytdownloader/ytdownloader.timer old mode 100755 new mode 100644 diff --git a/states/secure b/states/secure new file mode 100644 index 0000000..fdd2f90 --- /dev/null +++ b/states/secure @@ -0,0 +1 @@ +/secure \ No newline at end of file diff --git a/states/systems/arch/mirrors/init.sls b/states/systems/arch/mirrors/init.sls old mode 100755 new mode 100644 diff --git a/states/systems/arch/mirrors/mirrorlist b/states/systems/arch/mirrors/mirrorlist old mode 100755 new mode 100644 diff --git a/states/systems/core/firewalld/init.sls b/states/systems/core/firewalld/init.sls old mode 100755 new mode 100644 diff --git a/states/systems/core/firewalld/zone.xml b/states/systems/core/firewalld/zone.xml old mode 100755 new mode 100644 diff --git a/states/systems/core/firewalld/zone.xml.old b/states/systems/core/firewalld/zone.xml.old old mode 100755 new mode 100644 diff --git a/states/systems/core/git/init.sls b/states/systems/core/git/init.sls index 0c16539..932d1ae 100644 --- a/states/systems/core/git/init.sls +++ b/states/systems/core/git/init.sls @@ -10,27 +10,30 @@ git_pkg: {%- if pillar['git'][repo]['key'] is defined %} {{ repo }}_key: -file.managed: - - name: /root/.ssh/{{ pillar['git'][repo]['key'] }} - - source: salt://systems/core/git/keys/{{ pillar['git'][repo]['key'] }} - - user: root - - group: root - - mode: 600 - - makedirs: true - {%- endif -%} + file.managed: + - name: /root/.ssh/{{ pillar['git'][repo]['key'] }} + - source: salt://systems/core/git/keys/{{ pillar['git'][repo]['key'] }} + - user: root + - group: root + - mode: 600 + - makedirs: true + {% endif %} {{ repo }}: git.latest: - name: {{ pillar['git'][repo]['repo'] }} - target: {{ pillar['git'][repo]['path'] }} {%- if pillar['git'][repo]['branch'] is defined %} - branch: {{ pillar['git'][repo]['branch'] }} + - rev: {{ pillar['git'][repo]['branch'] }} {%- endif -%} {%- if pillar['git'][repo]['key'] is defined %} - identity: /root/.ssh/{{ pillar['git'][repo]['key'] }} {%- endif -%} {%- if pillar['git'][repo]['force'] is defined %} + - force_fetch: {{ pillar['git'][repo]['force'] }} - force_checkout: {{ pillar['git'][repo]['force'] }} - force_reset: {{ pillar['git'][repo]['force'] }} + - force_clone: {{ pillar['git'][repo]['force'] }} {%- endif -%} {##ensure that name is defined pillar exists##} diff --git a/states/systems/core/git/keys b/states/systems/core/git/keys deleted file mode 120000 index 2feebc4..0000000 --- a/states/systems/core/git/keys +++ /dev/null @@ -1 +0,0 @@ -/keys/git/ \ No newline at end of file diff --git a/states/systems/core/git/keys b/states/systems/core/git/keys new file mode 100644 index 0000000..2feebc4 --- /dev/null +++ b/states/systems/core/git/keys @@ -0,0 +1 @@ +/keys/git/ \ No newline at end of file diff --git a/states/systems/core/ldap.sss/init.sls b/states/systems/core/ldap.sss/init.sls old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/ldap.conf b/states/systems/core/ldap.sss/ldap.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/nscd.conf b/states/systems/core/ldap.sss/nscd.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/nsswitch.conf b/states/systems/core/ldap.sss/nsswitch.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/nscd.conf b/states/systems/core/ldap.sss/old/nscd.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/not_needed/su b/states/systems/core/ldap.sss/old/pam.d/not_needed/su old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/not_needed/su-l b/states/systems/core/ldap.sss/old/pam.d/not_needed/su-l old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/not_needed/system-login b/states/systems/core/ldap.sss/old/pam.d/not_needed/system-login old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/passwd b/states/systems/core/ldap.sss/old/pam.d/passwd old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/sudo b/states/systems/core/ldap.sss/old/pam.d/sudo old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/old/pam.d/system-auth b/states/systems/core/ldap.sss/old/pam.d/system-auth old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/pam.d/passwd b/states/systems/core/ldap.sss/pam.d/passwd old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/pam.d/sudo b/states/systems/core/ldap.sss/pam.d/sudo old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/pam.d/system-auth b/states/systems/core/ldap.sss/pam.d/system-auth old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap.sss/sssd.conf b/states/systems/core/ldap.sss/sssd.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/init.sls b/states/systems/core/ldap/init.sls old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/ldap.conf b/states/systems/core/ldap/ldap.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/nslcd.conf b/states/systems/core/ldap/nslcd.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/nsswitch.conf b/states/systems/core/ldap/nsswitch.conf old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/passwd b/states/systems/core/ldap/pam.d/passwd old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/su b/states/systems/core/ldap/pam.d/su old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/su-l b/states/systems/core/ldap/pam.d/su-l old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/sudo b/states/systems/core/ldap/pam.d/sudo old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/system-auth b/states/systems/core/ldap/pam.d/system-auth old mode 100755 new mode 100644 diff --git a/states/systems/core/ldap/pam.d/system-login b/states/systems/core/ldap/pam.d/system-login old mode 100755 new mode 100644 diff --git a/states/systems/core/mount/genrsa b/states/systems/core/mount/genrsa old mode 100755 new mode 100644 diff --git a/states/systems/core/mount/init.sls b/states/systems/core/mount/init.sls old mode 100755 new mode 100644 index d3f2320..97f0883 --- a/states/systems/core/mount/init.sls +++ b/states/systems/core/mount/init.sls @@ -18,8 +18,20 @@ {%- if pillar['mount']['sshfs'] is defined %} +fuse2: + pkg.installed sshfs: pkg.installed +fuse-module: + kmod.present: + - name: fuse + - persist: true +host.actcur.com: + ssh_known_hosts: + - present + - user: root + - enc: ecdsa-sha2-nistp256 + - key: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCnvAIi9HiYDsQCHPWPQrgdLTANveZ3K9v1+0iJDA2yEo67EfkFl7O9Go/pVkOoSjV+eWKQ9A7Az7aMY1tc9ur0=" {% for mount in pillar['mount']['sshfs'] %} {%- if pillar['mount']['sshfs'][mount]['user'] is defined -%} @@ -45,7 +57,7 @@ sshfs: - fstype: fuse.sshfs - mkmnt: True - opts: allow_other,user,IdentityFile=/root/.ssh/{{user}}_key,delay_connect,x-systemd.automount,_netdev,idmap=user,reconnect - - hidden_opts: allow_other,user,IdentityFile=/root/.ssh/{{user}}_key,delay_connect,x-systemd.automount,_netdev,idmap=user,reconnect + - hidden_opts: allow_other,user,IdentityFile=/root/.ssh/{{user}}_key,delay_connect,x-systemd.automount,_netdev,idmap=user,reconnect - dump: 0 - pass_num: 2 - persist: True diff --git a/states/systems/core/mount/keys b/states/systems/core/mount/keys deleted file mode 120000 index e0ecba1..0000000 --- a/states/systems/core/mount/keys +++ /dev/null @@ -1 +0,0 @@ -/keys/mount/ \ No newline at end of file diff --git a/states/systems/core/mount/keys b/states/systems/core/mount/keys new file mode 100644 index 0000000..e0ecba1 --- /dev/null +++ b/states/systems/core/mount/keys @@ -0,0 +1 @@ +/keys/mount/ \ No newline at end of file diff --git a/states/systems/extra/nfs_client/init.sls b/states/systems/extra/nfs_client/init.sls old mode 100755 new mode 100644 diff --git a/states/top.sls b/states/top.sls old mode 100755 new mode 100644 diff --git a/states/update/init.sls b/states/update/init.sls old mode 100755 new mode 100644