{%- set os=grains['os'] -%} {##check if server is portal##} {%- if 'portal' in pillar['grains']['roles'] -%} {%- set portal = "portal" -%} {%- endif -%} nginx: pkg.installed: [] service.running: - enable: true - watch: - file: /etc/nginx/conf.d/* - file: /etc/nginx/nginx.conf {%- if pillar['nginx'] is defined -%} {%- for name in pillar['nginx'] %} - file: /etc/nginx/certs/{{name}}.actcur.com/* {%- endfor %} {%- endif %} /etc/nginx/nginx.conf: file.managed: - source: salt://roles/maintain/nginx-proxy/nginx.conf - user: root - group: root - mode: 644 {##ensure that nginx pillar exists##} {%- if pillar['nginx'] is defined -%} {##set up conf files for this server##} {%- for name in pillar['nginx'] %} "/etc/nginx/certs/{{name}}.actcur.com/": file.recurse: - source: salt://secure/certs/{{name}}.actcur.com/ {%- if os=="CentOS" or os=="RedHat" %} - user: nginx - user: nginx {%- elif os=="Arch" or os=="Manjaro" %} - user: http - group: http {%- endif %} - dir_mode: 755 - file:mode: 400 - clean: true /etc/nginx/conf.d/{{ name }}.conf: file.managed: - makedirs: true {%- if portal is defined %} - source: salt://roles/maintain/nginx-proxy/remote.conf {%- else %} - source: salt://roles/maintain/nginx-proxy/local.conf {%- endif %} - user: root - group: root - mode: 644 - template: jinja - context: server: {{ name }} resolver: {{ salt['dnsutil.A']('r.actcur.com')[0] }} {%- endfor %} {%- endif %} {%- if portal is defined %} /etc/nginx/conf.d/portal.actcur.com.conf: file.managed: - makedirs: true - source: salt://roles/maintain/nginx-proxy/portal.conf - user: root - group: root - mode: 644 - template: jinja - context: resolver: {{ salt['dnsutil.A']('r.actcur.com')[0] }} "/etc/nginx/certs/portal.actcur.com/": file.recurse: - source: salt://secure/certs/portal.actcur.com/ - user: http - group: http - dir_mode: 755 - file:mode: 400 - clean: true {%- endif -%}