* Update salt states

- bl module updated
- borg state updated
- config state updated
- netbox state updated
- nginx state updated
- misc updates

states/_modules/bl.py

@@ -6,7 +6,7 @@ from urllib.request import urlopen, Request
 
 def get_ips(url="https://ipbl.paulbsd.com"):
     """get_ips fetch ips blacklists from ipbl"""
-    fullurl = f"{url}/ips"
+    fullurl = f"{url}/ips/last"
     req = Request(method="GET", url=fullurl)
     res = urlopen(req)
     results = json.loads(res.read())

states/borg/config.sls

@@ -13,6 +13,7 @@ borg-config-script-{{ key }}:
       key: {{ key }}
       job: {{ job }}
       working_dir: {{ borg.working_dir }}
+      log_dir: {{ borg.log_dir }}
 {% endfor %}
 
 borg-config-sudo:

states/borg/defaults.yaml

@@ -3,6 +3,7 @@ borg:
   enabled: true
   run_user: dkron
   working_dir: /opt/borg
+  log_dir: /var/log/borg
   default_dirs:
     - logs
     - scripts

states/borg/install.sls

@@ -11,3 +11,8 @@ borg-working-dir-{{ dir }}:
     - name: {{ borg.working_dir }}/{{ dir }}
     - mode: 0700
 {% endfor %}
+
+borg-log-dir:
+  file.directory:
+    - name: {{ borg.log_dir }}
+    - mode: 0700

states/borg/templates/borg_job.sh.j2

@@ -50,7 +50,7 @@ borg create  \
 {%- for include in job.included_dirs %}
     {{ include }} \
 {%- endfor %}
-    2>> {{ working_dir }}/logs/${backup_name}-$(date +%Y-%m-%d).log
+    2>> {{ log_dir }}/${backup_name}-$(date +%Y-%m-%d).log
 
 backup_exit=$?
 
@@ -64,7 +64,7 @@ borg prune                          \
     --keep-monthly  {{ job.keep_monthly|default(6) }}               \
 
 info "Cleaning up logs"
-find {{ working_dir }}/logs/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
+find {{ log_dir }}/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
 
 info "Starting after tasks"
 {%- for task in job.after_tasks|default([]) %}

states/config/config.toml.j2

@@ -0,0 +1,2 @@
+{%- from "config/map.jinja" import config with context -%}
+{{ config.config|toml }}

states/config/config.yml.j2

@@ -0,0 +1,2 @@
+{%- from "config/map.jinja" import config with context -%}
+{{ config.config|yaml(False) }}

states/config/defaults.yaml

@@ -4,4 +4,5 @@ config:
   install_dir: "/usr/local/apps/config"
   ini_filename: "common.ini"
   json_filename: "common.json"
+  yaml_filename: "common.yml"
   config: {}

states/config/init.sls

@@ -25,3 +25,11 @@ config-json-content:
     - user: root
     - mode: "0755"
     - template: jinja
+
+config-yaml-content:
+  file.managed:
+    - name: {{ config.install_dir }}/{{ config.yaml_filename }}
+    - source: salt://config/config.yml.j2
+    - user: root
+    - mode: "0755"
+    - template: jinja

states/dip/dip.service.j2

@@ -1,5 +1,5 @@
+{%- from "dip/map.jinja" import dip with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "dip/map.jinja" import dip with context %}
 [Unit]
 Description=DIP
 After=network.target

states/dkron/dkron.service.j2

@@ -1,5 +1,5 @@
+{%- from "dkron/map.jinja" import dkron with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "dkron/map.jinja" import dkron with context %}
 [Unit]
 Description=dkron - Open Source task scheduler
 Documentation=https://dkron.io/

states/g2g/install.sls

@@ -14,3 +14,9 @@ g2g-binary-symlink:
     - target: {{ g2g.release_dir }}/g2g-{{ g2g.version }}
     - require:
       - archive: g2g-archive-extract
+
+g2g-cleanup:
+  software.cleanup:
+    - name: g2g
+    - path: {{ g2g.release_dir }}
+    - version: "{{ g2g.version }}"

states/gitea/defaults.yaml

@@ -77,6 +77,7 @@ gitea:
       cookie_secure: "true"
       cookie_name: i_like_gitea
     log:
+      root_path: /var/log/gitea
       mode: file
       level: Info
     security:

states/go-aptproxy/go-aptproxy.service.j2

@@ -1,5 +1,5 @@
+{%- from "go-aptproxy/map.jinja" import goaptproxy with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "go-aptproxy/map.jinja" import goaptproxy with context %}
 [Unit]
 Description=go-aptproxy
 Documentation=https://git.paulbsd.com/paulbsd/go-aptproxy

states/influxdb/influxdb.service.j2

@@ -1,4 +1,5 @@
 {%- from "influxdb/map.jinja" import influxdb with context -%}
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 [Unit]
 Description=InfluxDB is an open-source, distributed, time series database
 Documentation=https://docs.influxdata.com/influxdb/

states/ipbl/ipbl.service.j2

@@ -1,5 +1,5 @@
+{%- from "ipbl/map.jinja" import ipbl with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "ipbl/map.jinja" import ipbl with context %}
 [Unit]
 Description=ipbl
 After=network.target postgresql.service

states/ipfs/ipfs.service.j2

@@ -1,3 +1,4 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 [Unit]
 Description=ipfs p2p daemon
 After=network.target

states/misc/init.sls

@@ -16,10 +16,3 @@ misc-public-dir:
     - group: root
     - mode: 644
 {%- endfor %}
-
-misc-files-delete:
-  file.absent:
-    - names:
-{%- for file in salt['pillar.get']('misc_files_delete') %}
-      - {{ file }}
-{%- endfor %}

states/netbox/defaults.yaml

@@ -58,7 +58,6 @@ netbox:
     banner_bottom: ""
     banner_login: "NetBox"
     base_path: ""
-    cache_timeout: 900
     changelog_retention: 90
     cors_origin_allow_all: false
     cors_origin_whitelist: []

states/netbox/install.sls

@@ -43,6 +43,8 @@ netbox-gunicorn-execfile:
     - group: root
     - mode: 0644
     - template: jinja
+    - watch_in:
+      - service: netbox-service
 
 netbox-config-file:
   file.managed:
@@ -52,6 +54,8 @@ netbox-config-file:
     - group: root
     - mode: 0644
     - template: jinja
+    - watch_in:
+      - service: netbox-service
 
 netbox-migration:
   module.run:
@@ -70,3 +74,9 @@ netbox-install-static-files:
     - bin_env: {{ netbox.install_dir }}/netbox
     - require:
       - virtualenv: netbox-virtualenv
+
+netbox-cleanup:
+  software.cleanup:
+    - name: netbox
+    - path: {{ netbox.release_dir }}
+    - version: "{{ netbox.version }}"

states/netbox/templates/gunicorn.py.j2

@@ -1,6 +1,6 @@
+{%- from "netbox/map.jinja" import netbox with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 
-{%- from "netbox/map.jinja" import netbox with context -%}
 command = '{{ netbox.install_dir }}/netbox/bin/gunicorn'
 pythonpath = '{{ netbox.install_dir }}/netbox/netbox'
 bind = '{{ netbox.gunicorn.bind_addr }}:{{ netbox.gunicorn.bind_port }}'

states/netbox/templates/netbox.service.j2

@@ -1,6 +1,5 @@
-## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-
 {%- from "netbox/map.jinja" import netbox with context -%}
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 [Unit]
 Description=Netbox
 After=network.target postgresql.service redis.service

states/nginx/auth.sls

@@ -1,23 +1,24 @@
 ---
 {%- from "nginx/map.jinja" import nginx with context %}
+{%- from "nginx/map.jinja" import users with context %}
 
-{%- for user in salt['pillar.get']('htpasswds') %}
+{%- for key, value in users.items() %}
-{%- if user.state == 'present' %}
+{%- if value.state == 'present' %}
 
-nginx-auth-present-{{ user.name }}:
+nginx-auth-present-{{ key }}:
   webutil.user_exists:
-    - name: {{ user.name }}
+    - name: {{ key }}
-{%- if user.password is defined %}
+{%- if value.password is defined %}
-    - password: {{ user.password }}
+    - password: {{ value.password }}
 {%- endif %}
     - htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
     - require:
       - file: nginx-config-dir-auth
 
 {%- else %}
-nginx-auth-absent-{{ user.name }}:
+nginx-auth-absent-{{ key }}:
   webutil.user_absent:
-    - name: {{ user.name }}
+    - name: {{ key }}
     - htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
     - require:
       - file: nginx-config-dir-auth

states/nginx/map.jinja

@@ -1,5 +1,6 @@
-{%- import_yaml "nginx/defaults.yaml" as defaults %}
+{%- import_yaml "nginx/defaults.yaml" as defaults -%}
 
-{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) %}
+{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) -%}
 
-{%- set net = salt['pillar.get']('net') %}
+{%- set users = salt['pillar.get']('htpasswds', merge=True) -%}
+{%- set net = salt['pillar.get']('net') -%}

states/nginx/templates/nginx.conf.j2

@@ -20,8 +20,12 @@ http {
 
   include                   sites-enabled/*;
 
-  access_log        /var/log/nginx/$host.access.log;
+  log_format main           '$remote_addr - $remote_user [$time_iso8601] '
-  access_log        syslog:server=localhost:514   combined;
+                            '"$request" $status $body_bytes_sent '
+                            '"$http_referer" "$http_user_agent"';
+
+  access_log                /var/log/nginx/$host.access.log main;
+  access_log                syslog:server=localhost:514 main;
 
   default_type              application/octet-stream;
   sendfile                  on;

states/pki/pki.service.j2

@@ -1,5 +1,5 @@
+{%- from "pki/map.jinja" import pki with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "pki/map.jinja" import pki with context %}
 [Unit]
 Description=PKI Let's encrypt database
 After=network.target

states/postgresql/install.sls

@@ -4,5 +4,6 @@ postgresql-install:
     - pkgs:
       - postgresql
       - postgresql-client
+      - postgresql-13-cron
       - postgresql-13-repmgr
       - repmgr

states/provision/init.sls

@@ -14,14 +14,6 @@ schedule_saltutil_clear_cache:
     - days: 7
     - run_on_start: false
 
-schedule_pkg_refresh:
-  schedule.absent:
-    - name: schedule_pkg_refresh
-
-schedule_pkg_upgrade:
-  schedule.absent:
-    - name: schedule_pkg_upgrade
-
 {%- if specs.default.items()|length > 0 and salt['grains.get']('id') in specs.keys() %}
 {%- for key, value in specs.default.items() %}
 {{ key }}:

states/qrz/qrz.service.j2

@@ -1,5 +1,5 @@
+{%- from "qrz/map.jinja" import qrz with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "qrz/map.jinja" import qrz with context %}
 [Unit]
 Description=QRZ
 After=network.target postgresql.service

states/syncthing/syncthing.service.j2

@@ -1,4 +1,5 @@
 {%- from "syncthing/map.jinja" import syncthing with context -%}
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
 [Unit]
 Description=Syncthing - Open Source Continuous File Synchronization for %I
 Documentation=man:syncthing(1)

states/telegraf/telegraf.conf.j2

@@ -7,7 +7,7 @@
   metric_batch_size = 1000
   metric_buffer_limit = 10000
   collection_jitter = "0s"
-  flush_interval = "10s"
+  flush_interval = "30s"
   flush_jitter = "0s"
   precision = ""
   hostname = "{{ salt['grains.get']('fqdn') }}"

states/telegraf/telegraf.service.j2

@@ -1,5 +1,5 @@
+{%- from "telegraf/map.jinja" import telegraf with context -%}
 ## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-{%- from "telegraf/map.jinja" import telegraf with context %}
 [Unit]
 Description=The plugin-driven server agent for reporting metrics into InfluxDB
 Documentation=https://github.com/influxdata/telegraf

states/zsh/zprofile.j2

@@ -7,7 +7,7 @@ export JAVA_OPTS='-XX:+IgnoreUnrecognizedVMOptions --add-modules java.se.ee'
 
 {% if zsh.config.golang -%}
 # Golang settings
-if [[ -d /usr/local/apps/go ]]
+if [[ -d /usr/local/apps/golang ]]
 then
   export GOPATH=~/go
   export GOROOT=/usr/local/apps/golang