Revert "updated opendkim state"

This reverts commit 8ca47b2f12.
This commit is contained in:
Paul 2023-01-04 21:45:25 +01:00
parent 8ca47b2f12
commit ebf74d4df6
13 changed files with 29 additions and 62 deletions

View File

@ -45,7 +45,7 @@ haproxy:
port: 7000
api:
enable: true
filesocket: /var/run/haproxy-admin.sock
filesocket: /var/run/haproxy.sock
tcpsocket: ipv4@127.0.0.1:9990
acme_dir: /etc/acme
acme_fullchains_dir: /etc/acme/fullchains

View File

@ -25,13 +25,6 @@ haproxy-config-script-dir:
- group: {{ haproxy.config.group }}
- mode: "0700"
haproxy-config-mods-dir:
file.directory:
- name: {{ haproxy.config.dir }}/mods
- user: {{ haproxy.config.user }}
- group: {{ haproxy.config.group }}
- mode: "0700"
{% for file in haproxy.scripts %}
haproxy-script-{{ file.name }}:
file.managed:

View File

@ -2,6 +2,6 @@
{%- from "haproxy/map.jinja" import haproxy with context %}
{%- for name, values in haproxy.config.vhosts.items() %}
{%- if values.redirect|default(false) %}
{{ name }} {{ values.redirect }}
{{ values.host }} {{ values.redirect }}
{%- endif %}
{%- endfor %}

View File

@ -2,6 +2,6 @@
{%- from "haproxy/map.jinja" import haproxy with context %}
{%- for name, values in haproxy.config.vhosts.items() %}
{%- if not values.redirect|default(false) %}
{{ name }} {{ name }}
{{ values.host }} {{ name }}
{%- endif %}
{%- endfor %}

View File

@ -1,14 +1,9 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "haproxy/map.jinja" import haproxy,certs with context %}
{%- set fqdn = salt["grains.get"]("fqdn") %}
{%- set default_backend = "test" %}
{% set ns = namespace(default_backend='notdefined') %}
{%- for name, values in haproxy.config.vhosts.items() %}{% if values.default_backend|default(false) %}{% set ns.default_backend = name %}{% endif %}{% endfor %}
{%- macro internal() -%}
acl internal src -f {{ haproxy.config.dir }}/maps/access
http-response return status 403 content-type text/html string "403 forbidden" if ! internal
http-response return status 403 default-errorfiles if ! internal
{%- endmacro -%}
{%- macro head() -%}
@ -16,7 +11,7 @@
{%- endmacro -%}
{%- macro statusresponses() -%}
http-response return status 404 content-type text/html string "404 not found" if { status 404 }
http-response return content-type text/html string "404 not found" if { status 404 }
{%- endmacro -%}
{%- macro httpcheckrules(layer="layer7",inter="2s",fall=5,rise=5) -%}check observe {{ layer }} inter {{ inter }} fall {{ fall }} rise {{ rise }}{%- endmacro -%}
@ -65,7 +60,6 @@ backend admin from {{ haproxy.config.namespace }}
# Global config
global
lua-prepend-path {{ haproxy.config.dir }}/mods/?.so cpath
lua-prepend-path {{ haproxy.config.dir }}/scripts/?.lua
{%- for file in haproxy.scripts %}
{%- if not file.lib %}
@ -103,21 +97,11 @@ backend per_ip_rates from {{ haproxy.config.namespace }}
frontend http from {{ haproxy.config.namespace }}
bind *:{{ haproxy.config.http_port }},:::{{ haproxy.config.http_port }} v4v6
mode http
## ACLs
acl http ssl_fc,not
acl self_host req.hdr(Host) {{ fqdn }}
acl path_root path -m dir /
acl path_host path -m dir /host
acl path_date path -m dir /date
acl path_srchash path -m dir /srchash
## Basic rules
http-request set-var(txn.srchash) src,crc32,mod(100)
http-request set-var(txn.httpdate) date,http_date()
http-request return status 200 content-type text/html lf-string "%H\n" if self_host path_host
http-request return status 200 content-type text/html lf-string "%[var(txn.httpdate)]\n" if self_host path_date
http-request return status 200 content-type text/html lf-string "%[var(txn.srchash)]\n" if self_host path_srchash
acl path_host path /host
acl path_date path /date
http-request return status 200 content-type text/html lf-string "%H\n" if path_host
http-request return status 200 content-type text/html lf-string "%T\n" if path_date
http-request redirect scheme https if http
# Default HTTPS frontend
@ -126,21 +110,12 @@ frontend https from {{ haproxy.config.namespace }}
#bind quic4@*:{{ haproxy.config.https_port }},quic6@:::{{ haproxy.config.https_port }} v4v6 ssl crt {{ haproxy.config.acme_fullchains_dir }}{% if haproxy.config.http2 %} alpn h2,http/1.1{% endif %}
mode http
option httplog
## ACLs
acl internal src -f {{ haproxy.config.dir }}/maps/access
acl domains req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/domains) -m found req.hdr(host) -m str %H
acl robots_txt path /robots.txt
acl self_host req.hdr(Host) {{ fqdn }}
acl path_root path /
acl path_host path /host
acl path_date path /date
acl path_srchash path /srchash
## Basic rules
http-request set-var(txn.random) rand,mul(5)
http-request set-var(txn.httpdate) date,http_date()
http-request set-var(txn.srchash) src,crc32,mod(100)
acl admin req.hdr(Host) {{ salt["grains.get"]("fqdn") }}
http-request set-var(req.src) src
http-request set-var(req.host) req.hdr(Host)
http-request set-var(req.accesshash) str(),concat(,req.src,),concat(-,req.host,)
@ -156,27 +131,26 @@ frontend https from {{ haproxy.config.namespace }}
## Returns
http-request return status 200 content-type text/plain string "User-agent: *\r\nDisallow: /" if robots_txt
http-request return status 200 content-type text/html lf-string "%H\n" if self_host path_host
http-request return status 200 content-type text/html lf-string "%[var(txn.httpdate)]\n" if self_host path_date
http-request return status 200 content-type text/html lf-string "%[var(txn.srchash)]\n" if self_host path_srchash
http-request return status 200 content-type text/html lf-string "%H\n" if path_host
http-request return status 200 content-type text/html lf-string "%T\n" if path_date
## Headers
http-request set-header X-Proxy-Id "%H"
http-request set-header X-Proto https if { ssl_fc }
http-response set-header Date "%[var(txn.httpdate)]"
http-response set-header Date "%[date,http_date()]"
http-response set-header Server "{{ haproxy.config.servername }}"
http-response set-header X-Random "%[var(txn.random)]"
http-response set-header X-Random "%[rand,mul(5)]"
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
http-request redirect location %[req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects)] code 301 if { req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/redirects) -m found }
http-request deny deny_status 404 unless domains
{%- if haproxy.config.admin.enable %}
use_backend admin if self_host internal path_root
use_backend admin if admin internal
{%- endif %}
use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts)]
use_backend %[req.hdr(Host),lower,map({{ haproxy.config.dir }}/maps/vhosts,nginx)]
monitor-uri /dead_or_alive
default_backend {{ ns.default_backend }}
default_backend nginx
# HTTP Backends
{%- for name, values in haproxy.config.vhosts.items() %}

View File

@ -6,4 +6,4 @@
{%- endfor %}
{%- for hostname in salt['pillar.get']('mail:hostnames') %}
{{ hostname }}
{%- endfor %}
{%- endfor %}

View File

@ -10,7 +10,7 @@ opendkim-config-dir:
opendkim-configuration-key:
file.managed:
- name: {{ opendkim.config.dir }}/{{ opendkim.config.key.name }}
- source: salt://opendkim/templates/key.j2
- source: salt://opendkim/key.j2
- user: {{ opendkim.config.user }}
- group: {{ opendkim.config.group }}
- mode: 600
@ -21,7 +21,7 @@ opendkim-configuration-key:
opendkim-trusted-hosts:
file.managed:
- name: {{ opendkim.config.dir }}/TrustedHosts
- source: salt://opendkim/templates/TrustedHosts.j2
- source: salt://opendkim/TrustedHosts.j2
- user: {{ opendkim.config.user }}
- group: {{ opendkim.config.group }}
- mode: 644
@ -32,7 +32,7 @@ opendkim-trusted-hosts:
opendkim-service-defaults:
file.managed:
- name: {{ opendkim.config.default_file }}
- source: salt://opendkim/templates/service_defaults.j2
- source: salt://opendkim/service_defaults.j2
- user: {{ opendkim.config.user }}
- group: {{ opendkim.config.group }}
- mode: 644
@ -43,7 +43,7 @@ opendkim-service-defaults:
opendkim-config-file:
file.managed:
- name: {{ opendkim.config.file }}
- source: salt://opendkim/templates/opendkim.conf.j2
- source: salt://opendkim/opendkim.conf.j2
- user: {{ opendkim.config.user }}
- group: {{ opendkim.config.group }}
- mode: 644

View File

@ -1,9 +1,6 @@
---
opendkim:
enabled: true
pkgs:
- opendkim
- opendkim-tools
config:
dir: '/etc/opendkim'
file: '/etc/opendkim.conf'

View File

@ -1,4 +1,5 @@
---
{%- from "opendkim/map.jinja" import opendkim with context %}
include:
- .install
- .config

View File

@ -2,4 +2,6 @@
{%- from "opendkim/map.jinja" import opendkim with context %}
opendkim-pkg:
pkg.installed:
- pkgs: {{ opendkim.pkgs }}
- pkgs:
- opendkim
- opendkim-tools

View File

@ -1,2 +1,2 @@
{%- from "opendkim/map.jinja" import opendkim with context -%}
{{ opendkim.config.key.content }}
{{ opendkim.config.key.content }}

View File

@ -20,4 +20,4 @@ PidFile {{ opendkim.config.pid_file }}
Socket inet:{{ opendkim.config.port }}@{{ opendkim.config.host }}
ReportAddress {{ opendkim.config.notify_addr }}
SendReports {{ opendkim.config.notify_report }}
SendReports {{ opendkim.config.notify_report }}

View File

@ -1,2 +1,2 @@
{%- from "opendkim/map.jinja" import opendkim with context %}
SOCKET="inet:{{ opendkim.config.port }}@{{ opendkim.config.host }}"
SOCKET="inet:{{ opendkim.config.port }}@{{ opendkim.config.host }}"