* Update salt states
- bl module updated - borg state updated - config state updated - netbox state updated - nginx state updated - misc updates
This commit is contained in:
parent
8bc0454df0
commit
1b59cdacdd
@ -6,7 +6,7 @@ from urllib.request import urlopen, Request
|
|||||||
|
|
||||||
def get_ips(url="https://ipbl.paulbsd.com"):
|
def get_ips(url="https://ipbl.paulbsd.com"):
|
||||||
"""get_ips fetch ips blacklists from ipbl"""
|
"""get_ips fetch ips blacklists from ipbl"""
|
||||||
fullurl = f"{url}/ips"
|
fullurl = f"{url}/ips/last"
|
||||||
req = Request(method="GET", url=fullurl)
|
req = Request(method="GET", url=fullurl)
|
||||||
res = urlopen(req)
|
res = urlopen(req)
|
||||||
results = json.loads(res.read())
|
results = json.loads(res.read())
|
||||||
|
@ -13,6 +13,7 @@ borg-config-script-{{ key }}:
|
|||||||
key: {{ key }}
|
key: {{ key }}
|
||||||
job: {{ job }}
|
job: {{ job }}
|
||||||
working_dir: {{ borg.working_dir }}
|
working_dir: {{ borg.working_dir }}
|
||||||
|
log_dir: {{ borg.log_dir }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
borg-config-sudo:
|
borg-config-sudo:
|
||||||
|
@ -3,6 +3,7 @@ borg:
|
|||||||
enabled: true
|
enabled: true
|
||||||
run_user: dkron
|
run_user: dkron
|
||||||
working_dir: /opt/borg
|
working_dir: /opt/borg
|
||||||
|
log_dir: /var/log/borg
|
||||||
default_dirs:
|
default_dirs:
|
||||||
- logs
|
- logs
|
||||||
- scripts
|
- scripts
|
||||||
|
@ -11,3 +11,8 @@ borg-working-dir-{{ dir }}:
|
|||||||
- name: {{ borg.working_dir }}/{{ dir }}
|
- name: {{ borg.working_dir }}/{{ dir }}
|
||||||
- mode: 0700
|
- mode: 0700
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
borg-log-dir:
|
||||||
|
file.directory:
|
||||||
|
- name: {{ borg.log_dir }}
|
||||||
|
- mode: 0700
|
||||||
|
@ -50,7 +50,7 @@ borg create \
|
|||||||
{%- for include in job.included_dirs %}
|
{%- for include in job.included_dirs %}
|
||||||
{{ include }} \
|
{{ include }} \
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
2>> {{ working_dir }}/logs/${backup_name}-$(date +%Y-%m-%d).log
|
2>> {{ log_dir }}/${backup_name}-$(date +%Y-%m-%d).log
|
||||||
|
|
||||||
backup_exit=$?
|
backup_exit=$?
|
||||||
|
|
||||||
@ -64,7 +64,7 @@ borg prune \
|
|||||||
--keep-monthly {{ job.keep_monthly|default(6) }} \
|
--keep-monthly {{ job.keep_monthly|default(6) }} \
|
||||||
|
|
||||||
info "Cleaning up logs"
|
info "Cleaning up logs"
|
||||||
find {{ working_dir }}/logs/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
|
find {{ log_dir }}/${backup_name}-*.log -mtime +{{ job.keep_logs_days|default(7) }} -delete
|
||||||
|
|
||||||
info "Starting after tasks"
|
info "Starting after tasks"
|
||||||
{%- for task in job.after_tasks|default([]) %}
|
{%- for task in job.after_tasks|default([]) %}
|
||||||
|
2
states/config/config.toml.j2
Normal file
2
states/config/config.toml.j2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
{%- from "config/map.jinja" import config with context -%}
|
||||||
|
{{ config.config|toml }}
|
2
states/config/config.yml.j2
Normal file
2
states/config/config.yml.j2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
{%- from "config/map.jinja" import config with context -%}
|
||||||
|
{{ config.config|yaml(False) }}
|
@ -4,4 +4,5 @@ config:
|
|||||||
install_dir: "/usr/local/apps/config"
|
install_dir: "/usr/local/apps/config"
|
||||||
ini_filename: "common.ini"
|
ini_filename: "common.ini"
|
||||||
json_filename: "common.json"
|
json_filename: "common.json"
|
||||||
|
yaml_filename: "common.yml"
|
||||||
config: {}
|
config: {}
|
||||||
|
@ -25,3 +25,11 @@ config-json-content:
|
|||||||
- user: root
|
- user: root
|
||||||
- mode: "0755"
|
- mode: "0755"
|
||||||
- template: jinja
|
- template: jinja
|
||||||
|
|
||||||
|
config-yaml-content:
|
||||||
|
file.managed:
|
||||||
|
- name: {{ config.install_dir }}/{{ config.yaml_filename }}
|
||||||
|
- source: salt://config/config.yml.j2
|
||||||
|
- user: root
|
||||||
|
- mode: "0755"
|
||||||
|
- template: jinja
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "dip/map.jinja" import dip with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "dip/map.jinja" import dip with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=DIP
|
Description=DIP
|
||||||
After=network.target
|
After=network.target
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "dkron/map.jinja" import dkron with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "dkron/map.jinja" import dkron with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=dkron - Open Source task scheduler
|
Description=dkron - Open Source task scheduler
|
||||||
Documentation=https://dkron.io/
|
Documentation=https://dkron.io/
|
||||||
|
@ -14,3 +14,9 @@ g2g-binary-symlink:
|
|||||||
- target: {{ g2g.release_dir }}/g2g-{{ g2g.version }}
|
- target: {{ g2g.release_dir }}/g2g-{{ g2g.version }}
|
||||||
- require:
|
- require:
|
||||||
- archive: g2g-archive-extract
|
- archive: g2g-archive-extract
|
||||||
|
|
||||||
|
g2g-cleanup:
|
||||||
|
software.cleanup:
|
||||||
|
- name: g2g
|
||||||
|
- path: {{ g2g.release_dir }}
|
||||||
|
- version: "{{ g2g.version }}"
|
||||||
|
@ -77,6 +77,7 @@ gitea:
|
|||||||
cookie_secure: "true"
|
cookie_secure: "true"
|
||||||
cookie_name: i_like_gitea
|
cookie_name: i_like_gitea
|
||||||
log:
|
log:
|
||||||
|
root_path: /var/log/gitea
|
||||||
mode: file
|
mode: file
|
||||||
level: Info
|
level: Info
|
||||||
security:
|
security:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "go-aptproxy/map.jinja" import goaptproxy with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "go-aptproxy/map.jinja" import goaptproxy with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=go-aptproxy
|
Description=go-aptproxy
|
||||||
Documentation=https://git.paulbsd.com/paulbsd/go-aptproxy
|
Documentation=https://git.paulbsd.com/paulbsd/go-aptproxy
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{%- from "influxdb/map.jinja" import influxdb with context -%}
|
{%- from "influxdb/map.jinja" import influxdb with context -%}
|
||||||
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=InfluxDB is an open-source, distributed, time series database
|
Description=InfluxDB is an open-source, distributed, time series database
|
||||||
Documentation=https://docs.influxdata.com/influxdb/
|
Documentation=https://docs.influxdata.com/influxdb/
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "ipbl/map.jinja" import ipbl with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "ipbl/map.jinja" import ipbl with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=ipbl
|
Description=ipbl
|
||||||
After=network.target postgresql.service
|
After=network.target postgresql.service
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=ipfs p2p daemon
|
Description=ipfs p2p daemon
|
||||||
After=network.target
|
After=network.target
|
||||||
|
@ -16,10 +16,3 @@ misc-public-dir:
|
|||||||
- group: root
|
- group: root
|
||||||
- mode: 644
|
- mode: 644
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
misc-files-delete:
|
|
||||||
file.absent:
|
|
||||||
- names:
|
|
||||||
{%- for file in salt['pillar.get']('misc_files_delete') %}
|
|
||||||
- {{ file }}
|
|
||||||
{%- endfor %}
|
|
||||||
|
@ -58,7 +58,6 @@ netbox:
|
|||||||
banner_bottom: ""
|
banner_bottom: ""
|
||||||
banner_login: "NetBox"
|
banner_login: "NetBox"
|
||||||
base_path: ""
|
base_path: ""
|
||||||
cache_timeout: 900
|
|
||||||
changelog_retention: 90
|
changelog_retention: 90
|
||||||
cors_origin_allow_all: false
|
cors_origin_allow_all: false
|
||||||
cors_origin_whitelist: []
|
cors_origin_whitelist: []
|
||||||
|
@ -43,6 +43,8 @@ netbox-gunicorn-execfile:
|
|||||||
- group: root
|
- group: root
|
||||||
- mode: 0644
|
- mode: 0644
|
||||||
- template: jinja
|
- template: jinja
|
||||||
|
- watch_in:
|
||||||
|
- service: netbox-service
|
||||||
|
|
||||||
netbox-config-file:
|
netbox-config-file:
|
||||||
file.managed:
|
file.managed:
|
||||||
@ -52,6 +54,8 @@ netbox-config-file:
|
|||||||
- group: root
|
- group: root
|
||||||
- mode: 0644
|
- mode: 0644
|
||||||
- template: jinja
|
- template: jinja
|
||||||
|
- watch_in:
|
||||||
|
- service: netbox-service
|
||||||
|
|
||||||
netbox-migration:
|
netbox-migration:
|
||||||
module.run:
|
module.run:
|
||||||
@ -70,3 +74,9 @@ netbox-install-static-files:
|
|||||||
- bin_env: {{ netbox.install_dir }}/netbox
|
- bin_env: {{ netbox.install_dir }}/netbox
|
||||||
- require:
|
- require:
|
||||||
- virtualenv: netbox-virtualenv
|
- virtualenv: netbox-virtualenv
|
||||||
|
|
||||||
|
netbox-cleanup:
|
||||||
|
software.cleanup:
|
||||||
|
- name: netbox
|
||||||
|
- path: {{ netbox.release_dir }}
|
||||||
|
- version: "{{ netbox.version }}"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
|
{%- from "netbox/map.jinja" import netbox with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
|
|
||||||
{%- from "netbox/map.jinja" import netbox with context -%}
|
|
||||||
command = '{{ netbox.install_dir }}/netbox/bin/gunicorn'
|
command = '{{ netbox.install_dir }}/netbox/bin/gunicorn'
|
||||||
pythonpath = '{{ netbox.install_dir }}/netbox/netbox'
|
pythonpath = '{{ netbox.install_dir }}/netbox/netbox'
|
||||||
bind = '{{ netbox.gunicorn.bind_addr }}:{{ netbox.gunicorn.bind_port }}'
|
bind = '{{ netbox.gunicorn.bind_addr }}:{{ netbox.gunicorn.bind_port }}'
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
|
||||||
|
|
||||||
{%- from "netbox/map.jinja" import netbox with context -%}
|
{%- from "netbox/map.jinja" import netbox with context -%}
|
||||||
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Netbox
|
Description=Netbox
|
||||||
After=network.target postgresql.service redis.service
|
After=network.target postgresql.service redis.service
|
||||||
|
@ -1,23 +1,24 @@
|
|||||||
---
|
---
|
||||||
{%- from "nginx/map.jinja" import nginx with context %}
|
{%- from "nginx/map.jinja" import nginx with context %}
|
||||||
|
{%- from "nginx/map.jinja" import users with context %}
|
||||||
|
|
||||||
{%- for user in salt['pillar.get']('htpasswds') %}
|
{%- for key, value in users.items() %}
|
||||||
{%- if user.state == 'present' %}
|
{%- if value.state == 'present' %}
|
||||||
|
|
||||||
nginx-auth-present-{{ user.name }}:
|
nginx-auth-present-{{ key }}:
|
||||||
webutil.user_exists:
|
webutil.user_exists:
|
||||||
- name: {{ user.name }}
|
- name: {{ key }}
|
||||||
{%- if user.password is defined %}
|
{%- if value.password is defined %}
|
||||||
- password: {{ user.password }}
|
- password: {{ value.password }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
|
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
|
||||||
- require:
|
- require:
|
||||||
- file: nginx-config-dir-auth
|
- file: nginx-config-dir-auth
|
||||||
|
|
||||||
{%- else %}
|
{%- else %}
|
||||||
nginx-auth-absent-{{ user.name }}:
|
nginx-auth-absent-{{ key }}:
|
||||||
webutil.user_absent:
|
webutil.user_absent:
|
||||||
- name: {{ user.name }}
|
- name: {{ key }}
|
||||||
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
|
- htpasswd_file: {{ nginx.config.dir }}/auth/htpasswd
|
||||||
- require:
|
- require:
|
||||||
- file: nginx-config-dir-auth
|
- file: nginx-config-dir-auth
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
{%- import_yaml "nginx/defaults.yaml" as defaults %}
|
{%- import_yaml "nginx/defaults.yaml" as defaults -%}
|
||||||
|
|
||||||
{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) %}
|
{%- set nginx = salt['pillar.get']('nginx', default=defaults.nginx, merge=True) -%}
|
||||||
|
|
||||||
{%- set net = salt['pillar.get']('net') %}
|
{%- set users = salt['pillar.get']('htpasswds', merge=True) -%}
|
||||||
|
{%- set net = salt['pillar.get']('net') -%}
|
@ -12,21 +12,25 @@ events {
|
|||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
include proxy_params;
|
include proxy_params;
|
||||||
include mime.types;
|
include mime.types;
|
||||||
include ssl_params;
|
include ssl_params;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
include sites-enabled/*;
|
include sites-enabled/*;
|
||||||
|
|
||||||
access_log /var/log/nginx/$host.access.log;
|
log_format main '$remote_addr - $remote_user [$time_iso8601] '
|
||||||
access_log syslog:server=localhost:514 combined;
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
||||||
|
|
||||||
default_type application/octet-stream;
|
access_log /var/log/nginx/$host.access.log main;
|
||||||
sendfile on;
|
access_log syslog:server=localhost:514 main;
|
||||||
keepalive_timeout 60;
|
|
||||||
server_tokens off;
|
default_type application/octet-stream;
|
||||||
|
sendfile on;
|
||||||
|
keepalive_timeout 60;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
proxy_intercept_errors on;
|
proxy_intercept_errors on;
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "pki/map.jinja" import pki with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "pki/map.jinja" import pki with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=PKI Let's encrypt database
|
Description=PKI Let's encrypt database
|
||||||
After=network.target
|
After=network.target
|
||||||
|
@ -4,5 +4,6 @@ postgresql-install:
|
|||||||
- pkgs:
|
- pkgs:
|
||||||
- postgresql
|
- postgresql
|
||||||
- postgresql-client
|
- postgresql-client
|
||||||
|
- postgresql-13-cron
|
||||||
- postgresql-13-repmgr
|
- postgresql-13-repmgr
|
||||||
- repmgr
|
- repmgr
|
||||||
|
@ -14,14 +14,6 @@ schedule_saltutil_clear_cache:
|
|||||||
- days: 7
|
- days: 7
|
||||||
- run_on_start: false
|
- run_on_start: false
|
||||||
|
|
||||||
schedule_pkg_refresh:
|
|
||||||
schedule.absent:
|
|
||||||
- name: schedule_pkg_refresh
|
|
||||||
|
|
||||||
schedule_pkg_upgrade:
|
|
||||||
schedule.absent:
|
|
||||||
- name: schedule_pkg_upgrade
|
|
||||||
|
|
||||||
{%- if specs.default.items()|length > 0 and salt['grains.get']('id') in specs.keys() %}
|
{%- if specs.default.items()|length > 0 and salt['grains.get']('id') in specs.keys() %}
|
||||||
{%- for key, value in specs.default.items() %}
|
{%- for key, value in specs.default.items() %}
|
||||||
{{ key }}:
|
{{ key }}:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "qrz/map.jinja" import qrz with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "qrz/map.jinja" import qrz with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=QRZ
|
Description=QRZ
|
||||||
After=network.target postgresql.service
|
After=network.target postgresql.service
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{%- from "syncthing/map.jinja" import syncthing with context -%}
|
{%- from "syncthing/map.jinja" import syncthing with context -%}
|
||||||
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Syncthing - Open Source Continuous File Synchronization for %I
|
Description=Syncthing - Open Source Continuous File Synchronization for %I
|
||||||
Documentation=man:syncthing(1)
|
Documentation=man:syncthing(1)
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
metric_batch_size = 1000
|
metric_batch_size = 1000
|
||||||
metric_buffer_limit = 10000
|
metric_buffer_limit = 10000
|
||||||
collection_jitter = "0s"
|
collection_jitter = "0s"
|
||||||
flush_interval = "10s"
|
flush_interval = "30s"
|
||||||
flush_jitter = "0s"
|
flush_jitter = "0s"
|
||||||
precision = ""
|
precision = ""
|
||||||
hostname = "{{ salt['grains.get']('fqdn') }}"
|
hostname = "{{ salt['grains.get']('fqdn') }}"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
{%- from "telegraf/map.jinja" import telegraf with context -%}
|
||||||
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
||||||
{%- from "telegraf/map.jinja" import telegraf with context %}
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=The plugin-driven server agent for reporting metrics into InfluxDB
|
Description=The plugin-driven server agent for reporting metrics into InfluxDB
|
||||||
Documentation=https://github.com/influxdata/telegraf
|
Documentation=https://github.com/influxdata/telegraf
|
||||||
|
@ -7,7 +7,7 @@ export JAVA_OPTS='-XX:+IgnoreUnrecognizedVMOptions --add-modules java.se.ee'
|
|||||||
|
|
||||||
{% if zsh.config.golang -%}
|
{% if zsh.config.golang -%}
|
||||||
# Golang settings
|
# Golang settings
|
||||||
if [[ -d /usr/local/apps/go ]]
|
if [[ -d /usr/local/apps/golang ]]
|
||||||
then
|
then
|
||||||
export GOPATH=~/go
|
export GOPATH=~/go
|
||||||
export GOROOT=/usr/local/apps/golang
|
export GOROOT=/usr/local/apps/golang
|
||||||
|
Loading…
Reference in New Issue
Block a user