Added portal website and moved from ombi to ombi-beta

2017-10-31 22:38:32 -05:00 · 2017-10-31 22:38:32 -05:00 · ae09064214
commit ae09064214
parent 28ca0e76a6
23 changed files with 2120 additions and 14 deletions
--- a/pillars/roles/aurpkgs/ombi.sls
+++ b/pillars/roles/aurpkgs/ombi.sls
@ -1,3 +1,3 @@
 aur:
  pkgs:
-    ombi: []
+    ombi-beta: []
--- a/pillars/roles/aurpkgs/portal.sls
+++ b/pillars/roles/aurpkgs/portal.sls
@ -0,0 +1,3 @@
 aur:
  pkgs:
    php-yaml: []
--- a/pillars/roles/git/portal.sls
+++ b/pillars/roles/git/portal.sls
@ -7,3 +7,11 @@ git:
    force: true
    email: "actcur@actcur.com"
    name: "Actaeus Curabitur"
  web:
    repo: "ssh://gogs@git.actcur.com:5022/actcur/portal.git"
    path: "/srv/http/portal"
    branch: "master"
    key: "git_actcur"
    force: true
    email: "actcur@actcur.com"
    name: "Actaeus Curabitur"
--- a/pillars/roles/nginx/authelia.sls
+++ b/pillars/roles/nginx/authelia.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Identity:
    authelia:
      name: Authentication
      summary: Authelia Authentication Server
      public: true
--- a/pillars/roles/nginx/baikal.sls
+++ b/pillars/roles/nginx/baikal.sls
@ -10,3 +10,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Identity:
    cal:
      name: Calender
      summary: Baikal Calender Server
      public: true
--- a/pillars/roles/nginx/deluge.sls
+++ b/pillars/roles/nginx/deluge.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8112
      prot: http
 portal:
  Video:
    deluge:
      name: Torrents
      summary: Deluge Torrent Server
      public: false
--- a/pillars/roles/nginx/freeipa_server.sls
+++ b/pillars/roles/nginx/freeipa_server.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8443
      prot: https
 portal:
  Identity:
    ipa:
      name: Identity, Policy and Audit
      summary: FreeIPA Domain Server
      public: false
--- a/pillars/roles/nginx/git.sls
+++ b/pillars/roles/nginx/git.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 3000
      prot: http
 portal:
  Misc:
    git:
      name: Git
      summary: GOGS Git Server
      public: true
--- a/pillars/roles/nginx/gitlab.sls
+++ b/pillars/roles/nginx/gitlab.sls
@ -1,6 +0,0 @@
 nginx:
  git2:
    auth: none
    https:
      port: 8000
      prot: http
--- a/pillars/roles/nginx/icinga.sls
+++ b/pillars/roles/nginx/icinga.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Misc:
    icinga:
      name: Host Monitoring
      summary: Icinga Monitoring Server
      public: false
--- a/pillars/roles/nginx/jackett.sls
+++ b/pillars/roles/nginx/jackett.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 9117
      prot: http
 portal:
  Video:
    jackett:
      name: Torrent Indexers
      summary: Jackett Server
      public: false
--- a/pillars/roles/nginx/ombi.sls
+++ b/pillars/roles/nginx/ombi.sls
@ -2,5 +2,12 @@ nginx:
  ombi:
    auth: none
    https:
-      port: 3579
+      port: 5000
      prot: http
 portal:
  Video:
    ombi:
      name: TV/Movie Requests
      summary: OMBI Plex Requests Server
      public: true
--- a/pillars/roles/nginx/pass.sls
+++ b/pillars/roles/nginx/pass.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Identity:
    pass:
      name: Password Manager
      summary: Teampass Server
      public: false
--- a/pillars/roles/nginx/plexmediaserver.sls
+++ b/pillars/roles/nginx/plexmediaserver.sls
@ -1,6 +1,13 @@
 nginx:
  plex:
-    auth: 2fa
+    auth: none
    https:
      port: 32400
      prot: http
 portal:
  Video:
    plex:
      name: Plex
      summary: Plex Media Server
      public: true
--- a/pillars/roles/nginx/radarr.sls
+++ b/pillars/roles/nginx/radarr.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 7878
      prot: http
 portal:
  Video:
    radarr:
      name: Movie Downloader
      summary: Radarr Server
      public: false
--- a/pillars/roles/nginx/sonarr.sls
+++ b/pillars/roles/nginx/sonarr.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8989
      prot: http
 portal:
  Video:
    sonarr:
      name: TV Show Downloader
      summary: Sonarr Server
      public: false
--- a/pillars/roles/nginx/sync.sls
+++ b/pillars/roles/nginx/sync.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Misc:
    sync:
      name: File Sync
      summary: Syncthing Server
      public: false
--- a/pillars/roles/nginx/ttrss.sls
+++ b/pillars/roles/nginx/ttrss.sls
@ -4,3 +4,10 @@ nginx:
    https:
      port: 8080
      prot: http
 portal:
  Misc:
    tt:
      name: RSS Reader
      summary: TTRSS Server
      public: true
--- a/states/roles/maintain/authelia/config.yml
+++ b/states/roles/maintain/authelia/config.yml
@ -88,8 +88,8 @@ access_control:
  # The rules that apply to anyone.
  # The value is a list of rules.
  any:
-    - domain: '*'
+    - domain: 'x'
-      policy: allow
+      policy: deny
  # Group-based rules. The key is a group name and the value
  # is a list of rules.
@ -98,7 +98,14 @@ access_control:
      # All resources in all domains
      - domain: '*.actcur.com'
        policy: allow
-
+    video_admins:
      # All resources in all domains
      - domain: 'sonarr.actcur.com'
        policy: allow
      - domain: 'radarr.actcur.com'
        policy: allow
      - domain: 'deluge.actcur.com'
        policy: allow
 # Configuration of session cookies
 #
--- a/states/roles/maintain/nginx-proxy/portal.conf
+++ b/states/roles/maintain/nginx-proxy/portal.conf
@ -16,8 +16,46 @@ server {
    proxy_set_header Host $host;
  }
  location /auth_verify {
    internal;
    proxy_pass_request_body off;
    proxy_set_header  X-Original-URI $request_uri;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  Host $http_host;
    proxy_set_header  Content-Length "";
    proxy_pass        https://authelia.actcur.com/verify;
  }
  location /unauthenticated.php {
    try_files $uri $document_root$fastcgi_script_name =404;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi.conf;
    index index.php;
    root /srv/http/portal/public;
  }
  location /authenticated.php {
    auth_request /auth_verify;
    error_page 401 =302 https://portal.actcur.com/unauthenticated.php;
    try_files $uri $document_root$fastcgi_script_name =404;
    fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi.conf;
    index index.php;
    root /srv/http/portal/public;
  }
  location / {
-      root /srv/http;
+    return 301 https://portal.actcur.com/authenticated.php;
  }
  error_log /var/log/nginx/portal_error.log;
@ -39,7 +77,7 @@ server {
  location / {
    rewrite ^ https://$host$request_uri? permanent;
  }
-  
+
  error_log /var/log/nginx/portal_error.log;
  access_log /var/log/nginx/portal_access.log;
 }
--- a/states/roles/maintain/portal/init.sls
+++ b/states/roles/maintain/portal/init.sls
@ -0,0 +1,26 @@
 portal_php-fpm:
  pkg.installed:
    - name: php-fpm
  service.running:
    - name: php-fpm
    - enable: true
    - watch:
      - file: /etc/php/php.ini
 portal_php-yaml:
  pkg.installed:
    - name: php-yaml
 /etc/php/php.ini:
  file.managed:
    - source: salt://roles/maintain/portal/php.ini
 /srv/http/sitedata.yml:
  file.managed:
    - source: salt://roles/maintain/portal/sitedata.yml
    - user: root
    - group: root
    - mode: 444
    - template: jinja
    - context:
      data: {{ pillar['portal'] }}
--- a/states/roles/maintain/portal/php.ini
+++ b/states/roles/maintain/portal/php.ini
--- a/states/roles/maintain/portal/sitedata.yml
+++ b/states/roles/maintain/portal/sitedata.yml
@ -0,0 +1 @@
 {{data}}