Compare commits
28 commits
fix_secret
...
prod
| Author | SHA1 | Date | |
|---|---|---|---|
|
5db30c42fb | ||
|
|
0bbe0450aa | ||
|
|
1e9094e3cb | ||
| 887df39849 | |||
| 69ce732461 | |||
| 0d71dab542 | |||
|
|
dd60a1755c | ||
|
|
c1fe7075c0 | ||
|
|
0c74876b91 | ||
|
|
a8d74f2ea7 | ||
|
|
49f68f3dc5 | ||
|
|
08aac58570 | ||
| 1cdc458c59 | |||
|
|
65352d35d3 | ||
|
|
9a2a216032 | ||
|
|
fad940750e | ||
|
|
b9f116747b | ||
|
|
e58f10fa4a | ||
|
|
a7728079a4 | ||
|
|
d4c8bd956c | ||
|
|
0e50eeb40e | ||
|
|
6e0a2f0e98 | ||
|
|
c541738372 | ||
|
|
9f8e3eb0a8 | ||
|
|
0174b6effb | ||
|
|
6bf8b07aee | ||
|
|
0ca3588275 | ||
|
|
e83ba523a5 |
51 changed files with 456 additions and 24 deletions
9
pillars/envs.sls
Normal file
9
pillars/envs.sls
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
{%- set envs=salt.cmd.shell('ls /srv/salt/').split('\n') -%}
|
||||
envs:
|
||||
{%- if envs is not none -%}
|
||||
{%- for env in envs %}
|
||||
- {{env}}
|
||||
{%- endfor -%}
|
||||
{%- else -%}
|
||||
- prod
|
||||
{%- endif -%}
|
||||
3
pillars/roles/aurpkgs/bazarr.sls
Normal file
3
pillars/roles/aurpkgs/bazarr.sls
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
aur:
|
||||
pkgs:
|
||||
bazarr: []
|
||||
10
pillars/roles/mount/jellyfin.sls
Normal file
10
pillars/roles/mount/jellyfin.sls
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
mount:
|
||||
sshfs:
|
||||
/mnt/video:
|
||||
name: video
|
||||
host: host.actcur.com
|
||||
directory: /mnt/butter/video
|
||||
user: mount
|
||||
ext4:
|
||||
/mnt/jelly:
|
||||
device: UUID=adc4740a-d471-4be4-9995-65cb66794b51
|
||||
14
pillars/roles/nginx/bazarr.sls
Normal file
14
pillars/roles/nginx/bazarr.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
nginx:
|
||||
bazarr:
|
||||
auth: 2fa
|
||||
default: no
|
||||
https:
|
||||
port: 6767
|
||||
prot: http
|
||||
|
||||
portal:
|
||||
Media:
|
||||
bazarr:
|
||||
name: Subtitle Downloader
|
||||
summary: Bazarr Server
|
||||
public: false
|
||||
18
pillars/roles/nginx/jellyfin.sls
Normal file
18
pillars/roles/nginx/jellyfin.sls
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
nginx:
|
||||
jelly:
|
||||
auth: none
|
||||
https:
|
||||
port: 8096
|
||||
prot: http
|
||||
proxy_headers:
|
||||
X-Forwarded-Protocol: $scheme
|
||||
Upgrade: $http_upgrade
|
||||
Connection: upgrade
|
||||
|
||||
|
||||
portal:
|
||||
Media:
|
||||
jelly:
|
||||
name: Jelly
|
||||
summary: Jellyfin Media Server
|
||||
public: true
|
||||
20
pillars/roles/nginx/jellyseerr.sls
Normal file
20
pillars/roles/nginx/jellyseerr.sls
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
nginx:
|
||||
jellyseerr:
|
||||
auth: none
|
||||
default: no
|
||||
https:
|
||||
port: 5055
|
||||
prot: http
|
||||
request:
|
||||
auth: none
|
||||
default: no
|
||||
https:
|
||||
port: 5055
|
||||
prot: http
|
||||
|
||||
portal:
|
||||
Media:
|
||||
request:
|
||||
name: Mediar Request Server
|
||||
summary: Jellyseerr media request server
|
||||
public: false
|
||||
|
|
@ -1,10 +1,11 @@
|
|||
|
||||
nginx:
|
||||
cloud:
|
||||
auth: none
|
||||
https:
|
||||
port: 8080
|
||||
prot: http
|
||||
|
||||
nolocal: true
|
||||
portal:
|
||||
Misc:
|
||||
cloud:
|
||||
|
|
|
|||
14
pillars/roles/nginx/prowlarr.sls
Normal file
14
pillars/roles/nginx/prowlarr.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
nginx:
|
||||
prowlarr:
|
||||
auth: 2fa
|
||||
default: no
|
||||
https:
|
||||
port: 9696
|
||||
prot: http
|
||||
|
||||
portal:
|
||||
Media:
|
||||
prowlarr:
|
||||
name: Torrent Indexers
|
||||
summary: Prowlarr Server
|
||||
public: false
|
||||
14
pillars/roles/nginx/readarr.sls
Normal file
14
pillars/roles/nginx/readarr.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
nginx:
|
||||
readarr:
|
||||
auth: 2fa
|
||||
default: no
|
||||
https:
|
||||
port: 8787
|
||||
prot: http
|
||||
|
||||
portal:
|
||||
Media:
|
||||
readarr:
|
||||
name: Audiobook/ebook Downloader
|
||||
summary: Readarr Server
|
||||
public: false
|
||||
3
pillars/roles/services/bazarr.sls
Normal file
3
pillars/roles/services/bazarr.sls
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
services:
|
||||
bazarr:
|
||||
bazarr: []
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
include:
|
||||
- servers.roles
|
||||
- servers.passwords
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
{%- from "roles.jinja" import roles with context %}
|
||||
{%- set data=salt.cmd.shell('sudo bash ~/get_passwords.sh '+roles | join(' ')) -%}
|
||||
{{data | trim}}
|
||||
|
|
@ -6,7 +6,9 @@ roles:
|
|||
- arr
|
||||
- sonarr
|
||||
- radarr
|
||||
- readarr
|
||||
- lidarr
|
||||
- jackett
|
||||
- bazarr
|
||||
- prowlarr
|
||||
- ytdownloader
|
||||
- podfox
|
||||
|
|
|
|||
7
pillars/servers/roles/server/jelly.sls
Normal file
7
pillars/servers/roles/server/jelly.sls
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
roles:
|
||||
- server
|
||||
- ssh
|
||||
- nrpe
|
||||
- saltminion
|
||||
- nginx-proxy
|
||||
- jellyfin
|
||||
7
pillars/servers/roles/server/jellyseerr.sls
Normal file
7
pillars/servers/roles/server/jellyseerr.sls
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
roles:
|
||||
- server
|
||||
- ssh
|
||||
- nrpe
|
||||
- saltminion
|
||||
- nginx-proxy
|
||||
- jellyseerr
|
||||
|
|
@ -4,4 +4,5 @@
|
|||
'*':
|
||||
- roles
|
||||
- servers
|
||||
- envs
|
||||
{%- endfor %}
|
||||
|
|
|
|||
3
states/repos/arch/aur-local
Normal file
3
states/repos/arch/aur-local
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[aur-local]
|
||||
SigLevel = Never
|
||||
Server = http://pkg.actcur.com/archlinux/$repo/os/$arch
|
||||
11
states/repos/arch/init.sls
Normal file
11
states/repos/arch/init.sls
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
{%- if grains['os'] != "Arch ARM" -%}
|
||||
update_pacman.conf:
|
||||
file.managed:
|
||||
- name: /etc/pacman.conf
|
||||
- source: salt://repos/arch/pacman.conf
|
||||
|
||||
aur_local_repo:
|
||||
file.managed:
|
||||
- name: /etc/pacman.d/aur-local
|
||||
- source: salt://repos/arch/aur-local
|
||||
{%- endif -%}
|
||||
94
states/repos/arch/pacman.conf
Normal file
94
states/repos/arch/pacman.conf
Normal file
|
|
@ -0,0 +1,94 @@
|
|||
#
|
||||
# /etc/pacman.conf
|
||||
#
|
||||
# See the pacman.conf(5) manpage for option and repository directives
|
||||
|
||||
#
|
||||
# GENERAL OPTIONS
|
||||
#
|
||||
[options]
|
||||
# The following paths are commented out with their default values listed.
|
||||
# If you wish to use different paths, uncomment and update the paths.
|
||||
#RootDir = /
|
||||
#DBPath = /var/lib/pacman/
|
||||
#CacheDir = /var/cache/pacman/pkg/
|
||||
#LogFile = /var/log/pacman.log
|
||||
#GPGDir = /etc/pacman.d/gnupg/
|
||||
#HookDir = /etc/pacman.d/hooks/
|
||||
HoldPkg = pacman glibc
|
||||
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
|
||||
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
|
||||
#CleanMethod = KeepInstalled
|
||||
Architecture = auto
|
||||
|
||||
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
|
||||
#IgnorePkg =
|
||||
#IgnoreGroup =
|
||||
|
||||
#NoUpgrade =
|
||||
#NoExtract =
|
||||
|
||||
# Misc options
|
||||
#UseSyslog
|
||||
#Color
|
||||
#TotalDownload
|
||||
CheckSpace
|
||||
#VerbosePkgLists
|
||||
|
||||
# By default, pacman accepts packages signed by keys that its local keyring
|
||||
# trusts (see pacman-key and its man page), as well as unsigned packages.
|
||||
SigLevel = Required DatabaseOptional
|
||||
LocalFileSigLevel = Optional
|
||||
#RemoteFileSigLevel = Required
|
||||
|
||||
# NOTE: You must run `pacman-key --init` before first using pacman; the local
|
||||
# keyring can then be populated with the keys of all official Arch Linux
|
||||
# packagers with `pacman-key --populate archlinux`.
|
||||
|
||||
#
|
||||
# REPOSITORIES
|
||||
# - can be defined here or included from another file
|
||||
# - pacman will search repositories in the order defined here
|
||||
# - local/custom mirrors can be added here or in separate files
|
||||
# - repositories listed first will take precedence when packages
|
||||
# have identical names, regardless of version number
|
||||
# - URLs will have $repo replaced by the name of the current repo
|
||||
# - URLs will have $arch replaced by the name of the architecture
|
||||
#
|
||||
# Repository entries are of the format:
|
||||
# [repo-name]
|
||||
# Server = ServerName
|
||||
# Include = IncludePath
|
||||
#
|
||||
# The header [repo-name] is crucial - it must be present and
|
||||
# uncommented to enable the repo.
|
||||
#
|
||||
|
||||
# The testing repositories are disabled by default. To enable, uncomment the
|
||||
# repo name header and Include lines. You can add preferred servers immediately
|
||||
# after the header, and they will be used before the default mirrors.
|
||||
|
||||
#[testing]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
[core]
|
||||
Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
[extra]
|
||||
Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
# If you want to run 32 bit applications on your x86_64 system,
|
||||
# enable the multilib repositories as required here.
|
||||
|
||||
#[multilib-testing]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
#[multilib]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
# An example of a custom package repository. See the pacman manpage for
|
||||
# tips on creating your own repositories.
|
||||
#[custom]
|
||||
#SigLevel = Optional TrustAll
|
||||
#Server = file:///home/custompkgs
|
||||
Include = /etc/pacman.d/aur-local
|
||||
14
states/roles/maintain/bazarr/init.sls
Normal file
14
states/roles/maintain/bazarr/init.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
/var/lib/bazarr:
|
||||
file.symlink:
|
||||
- target: /mnt/data/bazarr
|
||||
- force: true
|
||||
- mkdirs: true
|
||||
|
||||
#package is in aur repo
|
||||
bazarr:
|
||||
pkg.installed
|
||||
|
||||
bazarr_service:
|
||||
service.running:
|
||||
- name: bazarr
|
||||
- enable: true
|
||||
|
|
@ -1,3 +1,6 @@
|
|||
echo "Running certbot renew" > /root/scripts/certbot.log
|
||||
/bin/certbot renew >> /root/scripts/certbot.log
|
||||
echo "Finished certbot renew" >> /root/scripts/certbot.log
|
||||
echo "Copying certs to /secure" >> /root/scripts/certbot.log
|
||||
cp -rL /etc/letsencrypt/live/* /secure/certs/
|
||||
echo "Done copying certs to /secure" >> /root/scripts/certbot.log
|
||||
|
|
|
|||
10
states/roles/maintain/host/balloon.service
Normal file
10
states/roles/maintain/host/balloon.service
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Automatically adjust balloon size to free up unused memory
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=no
|
||||
ExecStart=/bin/bash /root/scripts/balloon.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
21
states/roles/maintain/host/balloon.sh
Normal file
21
states/roles/maintain/host/balloon.sh
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
for domain in `virsh list --name`
|
||||
do
|
||||
virsh dommemstat --period 5 $domain
|
||||
max=`virsh dominfo $domain | grep Max | grep -Po "\d+"`
|
||||
current=`virsh dominfo $domain | grep Used | grep -Po "\d+"`
|
||||
unused=`virsh dommemstat $domain | grep unused | grep -Po "\d+"`
|
||||
used=$(($current - $unused))
|
||||
newfree=$((($max - $used) / 5))
|
||||
if test $newfree -gt 524288
|
||||
then
|
||||
target=$(($newfree + $used))
|
||||
else
|
||||
target=$((524288 + $used))
|
||||
fi
|
||||
if test $target -gt $max
|
||||
then
|
||||
target=$max
|
||||
fi
|
||||
echo "$domain: $target"
|
||||
virsh setmem $domain --size $target
|
||||
done
|
||||
9
states/roles/maintain/host/balloon.timer
Normal file
9
states/roles/maintain/host/balloon.timer
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Update balloon sizes every 10 minutes
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*:0/10
|
||||
Unit=balloon.service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -99,3 +99,35 @@ libvirtd:
|
|||
# - file: /etc/systemd/network/br1.netdev
|
||||
# - file: /etc/systemd/network/br1.network
|
||||
# - file: /etc/systemd/network/uplink.network
|
||||
|
||||
|
||||
/root/scripts/balloon.sh:
|
||||
file.managed:
|
||||
- source: salt://roles/maintain/host/balloon.sh
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
|
||||
/lib/systemd/system/balloon.service:
|
||||
file.managed:
|
||||
- source: salt://roles/maintain/host/balloon.service
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
|
||||
/lib/systemd/system/balloon.timer:
|
||||
file.managed:
|
||||
- source: salt://roles/maintain/host/balloon.timer
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
|
||||
balloon-reload:
|
||||
module.run:
|
||||
- name: service.systemctl_reload
|
||||
- onchanges:
|
||||
- file: /lib/systemd/system/*
|
||||
|
||||
balloon.timer:
|
||||
service.running:
|
||||
- enable: true
|
||||
|
|
|
|||
20
states/roles/maintain/jellyfin/init.sls
Normal file
20
states/roles/maintain/jellyfin/init.sls
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
{%- set os=grains['os'] -%}
|
||||
|
||||
jellyfin:
|
||||
pkg.installed:
|
||||
- name: jellyfin-bin
|
||||
service.running:
|
||||
- enable: true
|
||||
|
||||
/etc/conf.d/jellyfin:
|
||||
file.managed:
|
||||
- source: salt://roles/maintain/jellyfin/jellyfin
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
|
||||
mount:
|
||||
group.present:
|
||||
- gid: 503
|
||||
- addusers:
|
||||
- jellyfin
|
||||
6
states/roles/maintain/jellyfin/jellyfin
Normal file
6
states/roles/maintain/jellyfin/jellyfin
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
# Data directory
|
||||
JELLYFIN_DATA_DIRECTORY="/mnt/jelly/data"
|
||||
# Cache directory
|
||||
JELLYFIN_CACHE_DIRECTORY="/mnt/jelly/cache"
|
||||
# Additional options for the binary
|
||||
JELLYFIN_ADD_OPTS="--webdir=/usr/share/jellyfin/web"
|
||||
14
states/roles/maintain/jellyseerr/init.sls
Normal file
14
states/roles/maintain/jellyseerr/init.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{%- set os=grains['os'] -%}
|
||||
|
||||
jellyseerr:
|
||||
pkg.installed:
|
||||
- name: jellyseerr
|
||||
service.running:
|
||||
- enable: true
|
||||
|
||||
#/etc/conf.d/jellyfin:
|
||||
# file.managed:
|
||||
# - source: salt://roles/maintain/jellyfin/jellyfin
|
||||
# - user: root
|
||||
# - group: root
|
||||
# - mode: 644
|
||||
|
|
@ -66,6 +66,7 @@ nginx-service:
|
|||
- user: nextcloud
|
||||
- group: nextcloud
|
||||
- mode: 644
|
||||
- replace: false
|
||||
- template: jinja
|
||||
|
||||
/etc/pacman.d/hooks/nextcloud.hook:
|
||||
|
|
@ -6,6 +6,7 @@ $CONFIG = array (
|
|||
1 => 'cloud.actcur.com'
|
||||
),
|
||||
'overwrite.cli.url' => 'https://cloud.actcur.com/',
|
||||
'overwriteprotocol' => 'https',
|
||||
'htaccess.RewriteBase' => '/',
|
||||
'datadirectory' => '/mnt/nextcloud/data',
|
||||
'logfile' => '/var/log/nextcloud/nextcloud.log',
|
||||
|
|
@ -928,7 +928,7 @@ extension=intl
|
|||
;extension=odbc
|
||||
;zend_extension=opcache
|
||||
;extension=pdo_dblib
|
||||
;extension=pdo_mysql
|
||||
extension=pdo_mysql
|
||||
;extension=pdo_odbc
|
||||
;extension=pdo_pgsql
|
||||
;extension=pdo_sqlite
|
||||
0
states/roles/maintain/nginx-proxy/empty.conf
Normal file
0
states/roles/maintain/nginx-proxy/empty.conf
Normal file
|
|
@ -49,6 +49,8 @@ nginx:
|
|||
- makedirs: true
|
||||
{%- if portal is defined %}
|
||||
- source: salt://roles/maintain/nginx-proxy/remote.conf
|
||||
{%- elif pillar['nginx'][name]['nolocal'] is defined and pillar['nginx'][name]['nolocal'] == 'true' %}
|
||||
- source: salt://roles/maintain/nginx-proxy/empty.conf
|
||||
{%- else %}
|
||||
- source: salt://roles/maintain/nginx-proxy/local.conf
|
||||
{%- endif %}
|
||||
|
|
|
|||
|
|
@ -19,13 +19,12 @@
|
|||
{%- set prot = "https" -%}
|
||||
{%- endif -%}
|
||||
server {
|
||||
listen 443;
|
||||
listen 443 ssl;
|
||||
server_name {{server}}.actcur.com {{wildcard}};
|
||||
|
||||
# resolver {{ resolver }};
|
||||
set $backend "{{prot}}://127.0.0.1{%- if port is defined -%}:{{port}}{%- endif -%}";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
|
@ -39,6 +38,11 @@ server {
|
|||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
|
||||
{%- if pillar['nginx'][server]['proxy_headers'] is defined -%}
|
||||
{%- for header in pillar['nginx'][server]['proxy_headers'] %}
|
||||
proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}};
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
# re-write redirects to http as to https, example: /home
|
||||
proxy_redirect http:// https://;
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
server {
|
||||
|
||||
listen 443 default_server;
|
||||
listen 443 ssl default_server;
|
||||
server_name portal.actcur.com;
|
||||
|
||||
resolver {{resolver}};
|
||||
set $certbot "https://salt.actcur.com";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/certs/portal.actcur.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/certs/portal.actcur.com/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
|
|
|||
|
|
@ -12,14 +12,13 @@
|
|||
{%- endif -%}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen 443 ssl;
|
||||
server_name {{server}}.actcur.com {{wildcard}};
|
||||
|
||||
resolver {{resolver}};
|
||||
set $backend "https://{{server}}.actcur.com";
|
||||
set $certbot "https://salt.actcur.com";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
|
@ -38,8 +37,17 @@ server {
|
|||
{% set location="2" %}{% include 'roles/maintain/nginx-proxy/auth.conf' %}
|
||||
proxy_pass $backend;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
|
||||
{%- if pillar['nginx'][server]['proxy_headers'] is defined -%}
|
||||
{%- for header in pillar['nginx'][server]['proxy_headers'] %}
|
||||
proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}};
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
# re-write redirects to http as to https, example: /home
|
||||
proxy_redirect http:// https://;
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ server {
|
|||
listen 8000;
|
||||
server_name pkg.actcur.com;
|
||||
|
||||
resolver 8.8.8.8;
|
||||
|
||||
access_log /var/log/nginx/pkg-cache.access.log pkg-cache;
|
||||
error_log /var/log/nginx/pkg-cache.error.log;
|
||||
|
||||
|
|
@ -32,11 +34,11 @@ server {
|
|||
}
|
||||
|
||||
location ~ \.(db|sig) {
|
||||
proxy_pass https://mirrors.kernel.org$request_uri;
|
||||
proxy_pass https://mirrors.advancedhosters.com$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass https://mirrors.kernel.org;
|
||||
proxy_pass https://mirrors.advancedhosters.com;
|
||||
proxy_cache pkg-cache; # This directive should match the keys_zone option
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 0;
|
||||
|
|
|
|||
22
states/roles/maintain/prowlarr/init.sls
Normal file
22
states/roles/maintain/prowlarr/init.sls
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
/var/lib/prowlarr:
|
||||
file.symlink:
|
||||
- target: /mnt/data/prowlarr
|
||||
- force: true
|
||||
- mkdirs: true
|
||||
|
||||
#package is in aur repo
|
||||
prowlarr:
|
||||
pkg.installed
|
||||
|
||||
prowlarr_service:
|
||||
service.running:
|
||||
- name: prowlarr
|
||||
- enable: true
|
||||
|
||||
flaresolverr:
|
||||
pkg.installed
|
||||
|
||||
flaresolverr_service:
|
||||
service.running:
|
||||
- name: flaresolverr
|
||||
- enable: true
|
||||
14
states/roles/maintain/readarr/init.sls
Normal file
14
states/roles/maintain/readarr/init.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
/var/lib/readarr:
|
||||
file.symlink:
|
||||
- target: /mnt/data/readarr
|
||||
- force: true
|
||||
- mkdirs: true
|
||||
|
||||
#package is in aur repo
|
||||
readarr-develop:
|
||||
pkg.installed
|
||||
|
||||
readarr_service:
|
||||
service.running:
|
||||
- name: readarr
|
||||
- enable: true
|
||||
|
|
@ -2,11 +2,11 @@ transmission-pkg:
|
|||
pkg.installed:
|
||||
- name: transmission-cli
|
||||
|
||||
transmission-settings:
|
||||
file.symlink:
|
||||
- name: /var/lib/transmission/.config/transmission-daemon/settings.json
|
||||
- target: /mnt/video/transmission/settings.json
|
||||
- force: true
|
||||
#transmission-settings:
|
||||
# file.symlink:
|
||||
# - name: /var/lib/transmission/.config/transmission-daemon/settings.json
|
||||
# - target: /mnt/video/transmission/settings.json
|
||||
# - force: true
|
||||
|
||||
/opt/scripts/restart_transmission.sh:
|
||||
file.managed:
|
||||
|
|
|
|||
10
states/systems/core/time/chrony.conf
Normal file
10
states/systems/core/time/chrony.conf
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
server 0.us.pool.ntp.org iburst
|
||||
server 1.us.pool.ntp.org iburst
|
||||
server 2.us.pool.ntp.org iburst
|
||||
server 3.us.pool.ntp.org iburst
|
||||
driftfile /var/lib/chrony.drift
|
||||
leapsectz right/UTC
|
||||
makestep 1.0 3
|
||||
rtconutc
|
||||
rtcsync
|
||||
|
||||
14
states/systems/core/time/init.sls
Normal file
14
states/systems/core/time/init.sls
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
chrony_pkg:
|
||||
pkg.installed:
|
||||
- name: chrony
|
||||
|
||||
/etc/chrony.conf:
|
||||
file.managed:
|
||||
- source: salt://systems/core/time/chrony.conf
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
|
||||
chronyd:
|
||||
service.running:
|
||||
- enable: true
|
||||
|
|
@ -1,15 +1,13 @@
|
|||
|
||||
{%- set states = salt['cp.list_states'](saltenv) -%}
|
||||
{%- set envs=salt.cmd.shell('git ls-remote https://git.actcur.com/actcur/salt.git | grep -o -P "(?<=refs/heads/).*" | grep -Pv "(^temp$)|(^history$)"').split('\n') -%}
|
||||
{%- set envs=salt.cmd.shell('ls /srv/salt/').split('\n') -%}
|
||||
{% for env in envs %}
|
||||
{% for env in pillar['envs'] %}
|
||||
{{ env }}:
|
||||
'os_family:RedHat':
|
||||
- match: grain_pcre
|
||||
- repos.epel
|
||||
'os_family:Arch':
|
||||
- match: grain_pcre
|
||||
- repos.aur
|
||||
- repos.arch
|
||||
- systems.arch.mirrors
|
||||
- systems.core.freeipa
|
||||
'*':
|
||||
|
|
@ -29,6 +27,7 @@
|
|||
- systems.core.mount
|
||||
- systems.core.git
|
||||
- systems.core.backup
|
||||
- systems.core.time
|
||||
{%- if pillar['roles'] is defined -%}
|
||||
{%- if pillar['roles'] is not none -%}
|
||||
{%- for role in pillar['roles'] %}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue