* Update salt states

- bl module updated
- borg state updated
- config state updated
- netbox state updated
- nginx state updated
- misc updates
This commit is contained in:
Paul 2022-02-21 13:52:46 +01:00
parent 8bc0454df0
commit 1b59cdacdd
33 changed files with 84 additions and 54 deletions

View File

@ -6,7 +6,7 @@ from urllib.request import urlopen, Request
def get_ips(url="https://ipbl.paulbsd.com"):
"""get_ips fetch ips blacklists from ipbl"""
fullurl = f"{url}/ips"
fullurl = f"{url}/ips/last"
req = Request(method="GET", url=fullurl)
res = urlopen(req)
results = json.loads(res.read())

View File

@ -13,6 +13,7 @@ borg-config-script-{{ key }}:
key: {{ key }}
job: {{ job }}
working_dir: {{ borg.working_dir }}
log_dir: {{ borg.log_dir }}
{% endfor %}
borg-config-sudo:

View File

@ -3,6 +3,7 @@ borg:
enabled: true
run_user: dkron
working_dir: /opt/borg
log_dir: /var/log/borg
default_dirs:
- logs
- scripts

View File

@ -11,3 +11,8 @@ borg-working-dir-{{ dir }}:
- name: {{ borg.working_dir }}/{{ dir }}
- mode: 0700
{% endfor %}
borg-log-dir:
file.directory:
- name: {{ borg.log_dir }}
- mode: 0700

View File

@ -50,7 +50,7 @@ borg create \
{%- for include in job.included_dirs %}
{{ include }} \
{%- endfor %}
2>> {{ working_dir }}/logs/${backup_name}-$(date +%Y-%m-%d).log
2>> {{ log_dir }}/${backup_name}-$(date +%Y-%m-%d).log
backup_exit=$?
@ -64,7 +64,7 @@ borg prune \
--keep-monthly {{ job.keep_monthly|default(6) }} \
info "Cleaning up logs"
find {{ working_dir }}/logs/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
find {{ log_dir }}/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
info "Starting after tasks"
{%- for task in job.after_tasks|default([]) %}

View File

@ -0,0 +1,2 @@
{%- from "config/map.jinja" import config with context -%}
{{ config.config|toml }}

View File

@ -0,0 +1,2 @@
{%- from "config/map.jinja" import config with context -%}
{{ config.config|yaml(False) }}

View File

@ -4,4 +4,5 @@ config:
install_dir: "/usr/local/apps/config"
ini_filename: "common.ini"
json_filename: "common.json"
yaml_filename: "common.yml"
config: {}

View File

@ -25,3 +25,11 @@ config-json-content:
- user: root
- mode: "0755"
- template: jinja
config-yaml-content:
file.managed:
- name: {{ config.install_dir }}/{{ config.yaml_filename }}
- source: salt://config/config.yml.j2
- user: root
- mode: "0755"
- template: jinja

View File

@ -1,5 +1,5 @@
{%- from "dip/map.jinja" import dip with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "dip/map.jinja" import dip with context %}
[Unit]
Description=DIP
After=network.target

View File

@ -1,5 +1,5 @@
{%- from "dkron/map.jinja" import dkron with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "dkron/map.jinja" import dkron with context %}
[Unit]
Description=dkron - Open Source task scheduler
Documentation=https://dkron.io/

View File

@ -14,3 +14,9 @@ g2g-binary-symlink:
- target: {{ g2g.release_dir }}/g2g-{{ g2g.version }}
- require:
- archive: g2g-archive-extract
g2g-cleanup:
software.cleanup:
- name: g2g
- path: {{ g2g.release_dir }}
- version: "{{ g2g.version }}"

View File

@ -77,6 +77,7 @@ gitea:
cookie_secure: "true"
cookie_name: i_like_gitea
log:
root_path: /var/log/gitea
mode: file
level: Info
security:

View File

@ -1,5 +1,5 @@
{%- from "go-aptproxy/map.jinja" import goaptproxy with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "go-aptproxy/map.jinja" import goaptproxy with context %}
[Unit]
Description=go-aptproxy
Documentation=https://git.paulbsd.com/paulbsd/go-aptproxy

View File

@ -1,4 +1,5 @@
{%- from "influxdb/map.jinja" import influxdb with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
[Unit]
Description=InfluxDB is an open-source, distributed, time series database
Documentation=https://docs.influxdata.com/influxdb/

View File

@ -1,5 +1,5 @@
{%- from "ipbl/map.jinja" import ipbl with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "ipbl/map.jinja" import ipbl with context %}
[Unit]
Description=ipbl
After=network.target postgresql.service

View File

@ -1,3 +1,4 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
[Unit]
Description=ipfs p2p daemon
After=network.target

View File

@ -16,10 +16,3 @@ misc-public-dir:
- group: root
- mode: 644
{%- endfor %}
misc-files-delete:
file.absent:
- names:
{%- for file in salt['pillar.get']('misc_files_delete') %}
- {{ file }}
{%- endfor %}

View File

@ -58,7 +58,6 @@ netbox:
banner_bottom: ""
banner_login: "NetBox"
base_path: ""
cache_timeout: 900
changelog_retention: 90
cors_origin_allow_all: false
cors_origin_whitelist: []

View File

@ -43,6 +43,8 @@ netbox-gunicorn-execfile:
- group: root
- mode: 0644
- template: jinja
- watch_in:
- service: netbox-service
netbox-config-file:
file.managed:
@ -52,6 +54,8 @@ netbox-config-file:
- group: root
- mode: 0644
- template: jinja
- watch_in:
- service: netbox-service
netbox-migration:
module.run:
@ -70,3 +74,9 @@ netbox-install-static-files:
- bin_env: {{ netbox.install_dir }}/netbox
- require:
- virtualenv: netbox-virtualenv
netbox-cleanup:
software.cleanup:
- name: netbox
- path: {{ netbox.release_dir }}
- version: "{{ netbox.version }}"

View File

@ -1,6 +1,6 @@
{%- from "netbox/map.jinja" import netbox with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "netbox/map.jinja" import netbox with context -%}
command = '{{ netbox.install_dir }}/netbox/bin/gunicorn'
pythonpath = '{{ netbox.install_dir }}/netbox/netbox'
bind = '{{ netbox.gunicorn.bind_addr }}:{{ netbox.gunicorn.bind_port }}'

View File

@ -1,6 +1,5 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "netbox/map.jinja" import netbox with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
[Unit]
Description=Netbox
After=network.target postgresql.service redis.service

View File

@ -1,23 +1,24 @@
---
{%- from "nginx/map.jinja" import nginx with context %}
{%- from "nginx/map.jinja" import users with context %}
{%- for user in salt['pillar.get']('htpasswds') %}
{%- if user.state == 'present' %}
{%- for key, value in users.items() %}
{%- if value.state == 'present' %}
nginx-auth-present-{{ user.name }}:
nginx-auth-present-{{ key }}:
webutil.user_exists:
- name: {{ user.name }}
{%- if user.password is defined %}
- password: {{ user.password }}
- name: {{ key }}
{%- if value.password is defined %}
- password: {{ value.password }}
{%- endif %}
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
- require:
- file: nginx-config-dir-auth
{%- else %}
nginx-auth-absent-{{ user.name }}:
nginx-auth-absent-{{ key }}:
webutil.user_absent:
- name: {{ user.name }}
- name: {{ key }}
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
- require:
- file: nginx-config-dir-auth

View File

@ -1,5 +1,6 @@
{%- import_yaml "nginx/defaults.yaml" as defaults %}
{%- import_yaml "nginx/defaults.yaml" as defaults -%}
{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) %}
{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) -%}
{%- set net = salt['pillar.get']('net') %}
{%- set users = salt['pillar.get']('htpasswds', merge=True) -%}
{%- set net = salt['pillar.get']('net') -%}

View File

@ -12,21 +12,25 @@ events {
}
http {
include fastcgi_params;
include proxy_params;
include mime.types;
include ssl_params;
charset utf-8;
include fastcgi_params;
include proxy_params;
include mime.types;
include ssl_params;
charset utf-8;
include sites-enabled/*;
include sites-enabled/*;
access_log /var/log/nginx/$host.access.log;
access_log syslog:server=localhost:514 combined;
log_format main '$remote_addr - $remote_user [$time_iso8601] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
default_type application/octet-stream;
sendfile on;
keepalive_timeout 60;
server_tokens off;
access_log /var/log/nginx/$host.access.log main;
access_log syslog:server=localhost:514 main;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 60;
server_tokens off;
proxy_intercept_errors on;
fastcgi_intercept_errors on;

View File

@ -1,5 +1,5 @@
{%- from "pki/map.jinja" import pki with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "pki/map.jinja" import pki with context %}
[Unit]
Description=PKI Let's encrypt database
After=network.target

View File

@ -4,5 +4,6 @@ postgresql-install:
- pkgs:
- postgresql
- postgresql-client
- postgresql-13-cron
- postgresql-13-repmgr
- repmgr

View File

@ -14,14 +14,6 @@ schedule_saltutil_clear_cache:
- days: 7
- run_on_start: false
schedule_pkg_refresh:
schedule.absent:
- name: schedule_pkg_refresh
schedule_pkg_upgrade:
schedule.absent:
- name: schedule_pkg_upgrade
{%- if specs.default.items()|length > 0 and salt['grains.get']('id') in specs.keys() %}
{%- for key, value in specs.default.items() %}
{{ key }}:

View File

@ -1,5 +1,5 @@
{%- from "qrz/map.jinja" import qrz with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "qrz/map.jinja" import qrz with context %}
[Unit]
Description=QRZ
After=network.target postgresql.service

View File

@ -1,4 +1,5 @@
{%- from "syncthing/map.jinja" import syncthing with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)

View File

@ -7,7 +7,7 @@
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_interval = "30s"
flush_jitter = "0s"
precision = ""
hostname = "{{ salt['grains.get']('fqdn') }}"

View File

@ -1,5 +1,5 @@
{%- from "telegraf/map.jinja" import telegraf with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "telegraf/map.jinja" import telegraf with context %}
[Unit]
Description=The plugin-driven server agent for reporting metrics into InfluxDB
Documentation=https://github.com/influxdata/telegraf

View File

@ -7,7 +7,7 @@ export JAVA_OPTS='-XX:+IgnoreUnrecognizedVMOptions --add-modules java.se.ee'
{% if zsh.config.golang -%}
# Golang settings
if [[ -d /usr/local/apps/go ]]
if [[ -d /usr/local/apps/golang ]]
then
export GOPATH=~/go
export GOROOT=/usr/local/apps/golang