actcur/salt
3
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity

Compare commits

base: actcur:0c0c32bb7e78c5a71db0886f5fc192d644b99194
Branches Tags
actcur:prod
actcur:dev
actcur:seer
actcur:nginx
actcur:bazarr
actcur:qual
actcur:matrix
actcur:fix_secrets
...
compare: actcur:e5e0a10012c73603895a73dc1de4ae3aac4ad700
Branches Tags
actcur:prod
actcur:dev
actcur:seer
actcur:nginx
actcur:bazarr
actcur:qual
actcur:matrix
actcur:fix_secrets

3 commits
0c0c32bb7e ... e5e0a10012

Author SHA1 Message Date
Actaeus Curabitur
e5e0a10012 moved servers to prod 2022-08-09 09:40:44 -05:00
Actaeus Curabitur
e637e370e0 updated freipa configuration 2022-08-09 09:05:01 -05:00
Actaeus Curabitur
d582195141 Added support for wildcards in nginx proxy and updated laradev to use subdomains for branches" 2022-08-03 06:50:00 -05:00
25 changed files with 2233 additions and 67 deletions
Show stats Expand all files Collapse all files

13
pillars/roles/nginx/atheos.sls Normal file
View file

@ -0,0 +1,13 @@
nginx:
ide:
auth: none
https:
port: 8080
prot: http
portal:
Dev:
ide:
name: Atheos IDE
summary: Atheos IDE server
public: false

2
pillars/roles/nginx/clark-family.sls
View file

@ -4,6 +4,7 @@ nginx:
https: https:
port: 8080 port: 8080
prot: http prot: http
wildcard: true
portal: portal:
Dev: Dev:
@ -11,3 +12,4 @@ portal:
name: Clark Family Genealogy name: Clark Family Genealogy
summary: Clark Family Genealogy Dev Site summary: Clark Family Genealogy Dev Site
public: false public: false
wildcard: true

1
pillars/servers/env/server/atheos.sls vendored Normal file
View file

@ -0,0 +1 @@
env: prod

2
pillars/servers/env/server/gitea.sls vendored
View file

@ -1 +1 @@
env: dev env: prod

8
pillars/servers/roles/server/atheos.sls Normal file
View file

@ -0,0 +1,8 @@
grains:
roles:
- server
- ssh
- nrpe
- saltminion
- atheos
- nginx-proxy

4
states/repos/epel.sls
View file

@ -1,2 +1,6 @@
epel-release: epel-release:
pkg.installed pkg.installed
powertools:
cmd.run:
- name: "dnf config-manager --set-enabled powertools"

8
states/roles/build/freeipa-server/init.sls
View file

@ -1,6 +1,6 @@
install_freeipa-server: install_freeipa-server:
pkg.installed: cmd.run:
- name: freeipa-server - name: "dnf module install -y idm:DL1/{server,client,dns}"
set_dm_password: set_dm_password:
environ.setenv: environ.setenv:
@ -27,3 +27,7 @@ unset_admin_password:
- name: ADMIN_PASSWORD - name: ADMIN_PASSWORD
- value: "False" - value: "False"
- false_unsets: true - false_unsets: true
update_firewall:
cmd.run:
- name: "firewall-cmd --permanent --add-service={http,https,ldap,ldaps,kerberos,dns,ntp}"

20
states/roles/maintain/atheos/init.sls Normal file
View file

@ -0,0 +1,20 @@
{%- set os=grains['os'] -%}
atheos-php:
pkg.installed:
- name: php
atheos-php-fpm:
pkg.installed:
- name: php-fpm
service.running:
- name: php-fpm
- enable: true
- watch:
- file: /etc/php/php.ini
/etc/php/php.ini:
file.managed:
- source: salt://roles/maintain/atheos/php.ini
- user: root
- group: root
- mode: 644

34
states/roles/maintain/atheos/nginx.conf Normal file
View file

@ -0,0 +1,34 @@
server {
listen 8080
server_name atheos.actcur.com;
root /sites/atheos;
index index.html index.htm index.php;
charset utf-8;
rewrite_log on;
location / {
try_files $uri $uri/ @laravel;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
error_log /var/log/nginx/ra_error.log notice;
access_log /var/log/nginx/ra_access.log;
}

1930
states/roles/maintain/atheos/php.ini Normal file
View file

File diff suppressed because it is too large Load diff

20
states/roles/maintain/freeipa-server/DSTRootCAX3.pem
View file

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

27
states/roles/maintain/freeipa-server/LetsEncryptAuthorityX3.pem
View file

@ -1,27 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

14
states/roles/maintain/freeipa-server/cacerts/isrg-root-x2.pem Normal file
View file

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
/q4AaOeMSQ+2b1tbFfLn
-----END CERTIFICATE-----

31
states/roles/maintain/freeipa-server/cacerts/isrgrootx1.pem Normal file
View file

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

17
states/roles/maintain/freeipa-server/cacerts/lets-encrypt-e1.pem Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL
MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo
IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN
MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j
cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c
S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj
+240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB
BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V
yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB
BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E
IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG
Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+
Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q
YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/
-----END CERTIFICATE-----

17
states/roles/maintain/freeipa-server/cacerts/lets-encrypt-e2.pem Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICxjCCAkygAwIBAgIQTtI99q9+x/mwxHJv+VEqdzAKBggqhkjOPQQDAzBPMQsw
CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw0y
NTA5MTUxNjAwMDBaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy
eXB0MQswCQYDVQQDEwJFMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABCOaLO3lixmN
YVWex+ZVYOiTLgi0SgNWtU4hufk50VU4Zp/LbBVDxCsnsI7vuf4xp4Cu+ETNggGE
yBqJ3j8iUwe5Yt/qfSrRf1/D5R58duaJ+IvLRXeASRqEL+VkDXrW3qOCAQgwggEE
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUbZkq9U0C6+MRwWC6km+NPS7x
6kQwHwYDVR0jBBgwFoAUfEKWrt5LSDv6kviejM9ti6lyN5UwMgYIKwYBBQUHAQEE
JjAkMCIGCCsGAQUFBzAChhZodHRwOi8veDIuaS5sZW5jci5vcmcvMCcGA1UdHwQg
MB4wHKAaoBiGFmh0dHA6Ly94Mi5jLmxlbmNyLm9yZy8wIgYDVR0gBBswGTAIBgZn
gQwBAgEwDQYLKwYBBAGC3xMBAQEwCgYIKoZIzj0EAwMDaAAwZQIxAPJCN9qpyDmZ
tX8K3m8UYQvK51BrXclM6WfrdeZlUBKyhTXUmFAtJw4X6A0x9mQFPAIwJa/No+KQ
UAM1u34E36neL/Zba7ombkIOchSgx1iVxzqtFWGddgoG+tppRPWhuhhn
-----END CERTIFICATE-----

30
states/roles/maintain/freeipa-server/cacerts/lets-encrypt-r3.pem Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

30
states/roles/maintain/freeipa-server/cacerts/lets-encrypt-r4.pem Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAIp5IlCr5SxSbO7Pf8lC3WIwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCzKNx3KdPnkb7ztwoAx/vyVQslImNTNq/pCCDfDa8oPs3Gq1e2naQlGaXS
Mm1Jpgi5xy+hm5PFIEBrhDEgoo4wYCVg79kaiT8faXGy2uo/c0HEkG9m/X2eWNh3
z81ZdUTJoQp7nz8bDjpmb7Z1z4vLr53AcMX/0oIKr13N4uichZSk5gA16H5OOYHH
IYlgd+odlvKLg3tHxG0ywFJ+Ix5FtXHuo+8XwgOpk4nd9Z/buvHa4H6Xh3GBHhqC
VuQ+fBiiCOUWX6j6qOBIUU0YFKAMo+W2yrO1VRJrcsdafzuM+efZ0Y4STTMzAyrx
E+FCPMIuWWAubeAHRzNl39Jnyk2FAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFDadPuCxQPYnLHy/jZ0xivZUpkYmMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCJbu5CalWO+H+Az0lmIG14DXmlYHQE
k26umjuCyioWs2icOlZznPTcZvbfq02YPHGTCu3ctggVDULJ+fwOxKekzIqeyLNk
p8dyFwSAr23DYBIVeXDpxHhShvv0MLJzqqDFBTHYe1X5X2Y7oogy+UDJxV2N24/g
Z8lxG4Vr2/VEfUOrw4Tosl5Z+1uzOdvTyBcxD/E5rGgTLczmulctHy3IMTmdTFr0
FnU0/HMQoquWQuODhFqzMqNcsdbjANUBwOEQrKI8Sy6+b84kHP7PtO+S4Ik8R2k7
ZeMlE1JmxBi/PZU860YlwT8/qOYToCHVyDjhv8qutbf2QnUl3SV86th2I1QQE14s
0y7CdAHcHkw3sAEeYGkwCA74MO+VFtnYbf9B2JBOhyyWb5087rGzitu5MTAW41X9
DwTeXEg+a24tAeht+Y1MionHUwa4j7FB/trN3Fnb/r90+4P66ZETVIEcjseUSMHO
w6yqv10/H/dw/8r2EDUincBBX3o9DL3SadqragkKy96HtMiLcqMMGAPm0gti1b6f
bnvOdr0mrIVIKX5nzOeGZORaYLoSD4C8qvFT7U+Um6DMo36cVDNsPmkF575/s3C2
CxGiCPQqVxPgfNSh+2CPd2Xv04lNeuw6gG89DlOhHuoFKRlmPnom+gwqhz3ZXMfz
TfmvjrBokzCICA==
-----END CERTIFICATE-----

23
states/roles/maintain/freeipa-server/init.sls
View file

@ -5,19 +5,19 @@
- group: root - group: root
- dir_mode: 500 - dir_mode: 500
/etc/httpd/certs/DSTRootCAX3.pem: /etc/httpd/certs/cacerts/:
file.managed: file.directory:
- source: salt://roles/maintain/freeipa-server/DSTRootCAX3.pem
- user: root - user: root
- group: root - group: root
- mode: 400 - dir_mode: 500
/etc/httpd/certs/LetsEncryptAuthorityX3.pem: /etc/httpd/certs/cacerts:
file.managed: file.recurse:
- source: salt://roles/maintain/freeipa-server/LetsEncryptAuthorityX3.pem - source: salt://roles/maintain/freeipa-server/cacerts
- clean: true
- user: root - user: root
- group: root - group: root
- mode: 400 - file_mode: 400
"/etc/httpd/certs/ipa.actcur.com/": "/etc/httpd/certs/ipa.actcur.com/":
file.recurse: file.recurse:
@ -30,10 +30,9 @@
install_cacerts: install_cacerts:
cmd.run: cmd.run:
- name: 'ipa-cacert-manage install "/etc/httpd/certs/DSTRootCAX3.pem" -n DSTRootCAX3 -t C,,;ipa-cacert-manage install "/etc/httpd/certs/LetsEncryptAuthorityX3.pem" -n letsencryptx3 -t C,,;ipa-certupdate -v' - name: 'cd /etc/httpd/certs/cacerts/;for cert in `ls ./`; do ipa-cacert-manage install $cert;done;ipa-certupdate -v'
- onchanges: - onchanges:
- file: /etc/httpd/certs/DSTRootCAX3.pem - file: /etc/httpd/certs/cacerts/*
- file: /etc/httpd/certs/LetsEncryptAuthorityX3.pem
set_dm_password: set_dm_password:
environ.setenv: environ.setenv:
@ -44,7 +43,7 @@ set_dm_password:
install_cert: install_cert:
cmd.run: cmd.run:
- name: 'ipa-server-certinstall -p $DM_PASSWORD --pin="" -w -d /etc/httpd/certs/ipa.actcur.com/privkey.pem /etc/httpd/certs/ipa.actcur.com/fullchain.pem' - name: 'ipa-server-certinstall -p $DM_PASSWORD --pin="" -w -d /etc/httpd/certs/ipa.actcur.com/privkey.pem /etc/httpd/certs/ipa.actcur.com/cert.pem'
- onchanges: - onchanges:
- file: /etc/httpd/certs/ipa.actcur.com/* - file: /etc/httpd/certs/ipa.actcur.com/*

37
states/roles/maintain/laradev/branch.conf Normal file
View file

@ -0,0 +1,37 @@
server {
listen 8080;
server_name -branch-.-server-.actcur.com;
root /sites/-server-/-branch-/public;
index index.html index.htm index.php;
charset utf-8;
rewrite_log on;
location @laravel {
rewrite ^(/[^/]+/[^/]+)/(.*)$ $1/index.php?$2 last;
}
location / {
try_files $uri $uri/ @laravel;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
error_log /var/log/nginx/ra_error.log notice;
access_log /var/log/nginx/ra_access.log;
}

3
states/roles/maintain/laradev/git_branches.sh
View file

@ -8,6 +8,8 @@ branches=`git ls-remote {{repo}} | grep -o -P "(?<=refs/heads/).*"`
echo "Branches:<br/>" > /sites/{{project}}/index.php echo "Branches:<br/>" > /sites/{{project}}/index.php
for branch in $branches; do for branch in $branches; do
echo " <a href='$branch/public/'>$branch<br/>" >> /sites/{{project}}/index.php echo " <a href='$branch/public/'>$branch<br/>" >> /sites/{{project}}/index.php
#create/update nginx conf file
sed -e "s/-branch-/$branch/" -e "s/-server-/{{project}}/" /root/scripts/laradev-branch-nginx.template > /etc/nginx/conf.d/laradev-{{project}}-$branch.conf
#clone new branch if necessary #clone new branch if necessary
if [ ! -d "$branch" ];then if [ ! -d "$branch" ];then
git clone -b $branch {{repo}} "$branch" git clone -b $branch {{repo}} "$branch"
@ -41,4 +43,5 @@ echo " <a href='$branch/public/'>$branch<br/>" >> /sites/{{project}}/index.php
done done
chown http:http "/sites/{{project}}" -R chown http:http "/sites/{{project}}" -R
{%- endfor -%} {%- endfor -%}
systemctl restart nginx
{% endif %} {% endif %}

7
states/roles/maintain/laradev/init.sls
View file

@ -101,6 +101,13 @@ laradev-nginx-conf:
- template: jinja - template: jinja
password: "{%- include 'secure/passwords/laradev_db_password.txt' -%}" password: "{%- include 'secure/passwords/laradev_db_password.txt' -%}"
/root/scripts/laradev-branch-nginx.template:
file.managed:
- source: salt://roles/maintain/laradev/branch.conf
- user: root
- group: root
- mode: 644
"/lib/systemd/system/git_branches.service": "/lib/systemd/system/git_branches.service":
file.managed: file.managed:
- source: salt://roles/maintain/laradev/git_branches.service - source: salt://roles/maintain/laradev/git_branches.service

4
states/roles/maintain/laradev/nginx.conf
View file

@ -1,7 +1,7 @@
server { server {
listen 8080; listen 8080;
server_name {{server}}; server_name {{server}}.actcur.com;
root /sites/{{server}}; root /sites/{{server}}/prod/public;
index index.html index.htm index.php; index index.html index.htm index.php;

10
states/roles/maintain/nginx-proxy/local.conf
View file

@ -3,6 +3,12 @@
{%- else -%} {%- else -%}
{%- set default = "yes" -%} {%- set default = "yes" -%}
{%- endif -%} {%- endif -%}
{%- set wildcard = "" -%}
{%- if pillar['nginx'][server]['wildcard'] is defined -%}
{%- if pillar['nginx'][server]['wildcard'] -%}
{%- set wildcard = "*." ~ server ~ ".actcur.com" -%}
{%- endif -%}
{%- endif -%}
{%- if pillar['nginx'][server]['https'] is defined -%} {%- if pillar['nginx'][server]['https'] is defined -%}
{%- if pillar['nginx'][server]['https']['port'] is defined-%} {%- if pillar['nginx'][server]['https']['port'] is defined-%}
{%- set port = pillar['nginx'][server]['https']['port'] -%} {%- set port = pillar['nginx'][server]['https']['port'] -%}
@ -14,10 +20,10 @@
{%- endif -%} {%- endif -%}
server { server {
listen 443; listen 443;
server_name {{server}}.actcur.com; server_name {{server}}.actcur.com {{wildcard}};
resolver {{ resolver }}; resolver {{ resolver }};
set $backend "{{prot}}://{{server}}.actcur.com{%- if port is defined -%}:{{port}}{%- endif -%}"; set $backend "{{prot}}://$server_name{%- if port is defined -%}:{{port}}{%- endif -%}";
ssl on; ssl on;
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem; ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;

8
states/roles/maintain/nginx-proxy/remote.conf
View file

@ -4,10 +4,16 @@
{%- set auth = pillar['nginx'][server]['auth'] -%} {%- set auth = pillar['nginx'][server]['auth'] -%}
{%- endif -%} {%- endif -%}
{%- endif -%} {%- endif -%}
{%- set wildcard = "" -%}
{%- if pillar['nginx'][server]['wildcard'] is defined -%}
{%- if pillar['nginx'][server]['wildcard'] -%}
{%- set wildcard = "*." ~ server ~ ".actcur.com" -%}
{%- endif -%}
{%- endif -%}
server { server {
listen 443; listen 443;
server_name {{server}}.actcur.com; server_name {{server}}.actcur.com {{wildcard}};
resolver {{resolver}}; resolver {{resolver}};
set $backend "https://{{server}}.actcur.com"; set $backend "https://{{server}}.actcur.com";