Initial commit

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>

5 files changed, 111 insertions, 0 deletions

diff --git a/theos/certs/git_kyriasis_com.sls b/theos/certs/git_kyriasis_com.sls
new file mode 100644
index 0000000..47f023b
--- /dev/null
+++ b/theos/certs/git_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+  - nginx.ng
+
+git.kyriasis.com:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/init.sls b/theos/certs/init.sls
new file mode 100644
index 0000000..e34d338
--- /dev/null
+++ b/theos/certs/init.sls
@@ -0,0 +1,7 @@
+include:
+  - .theos_kyriasis_com
+  - .xan_kyriasis_com
+  - .git_kyriasis_com
+  - .phabricator_kyriasis_com
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/phabricator_kyriasis_com.sls b/theos/certs/phabricator_kyriasis_com.sls
new file mode 100644
index 0000000..7f40132
--- /dev/null
+++ b/theos/certs/phabricator_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+  - nginx.ng
+
+phabricator.kyriasis.com:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/theos_kyriasis_com.sls b/theos/certs/theos_kyriasis_com.sls
new file mode 100644
index 0000000..88d0f22
--- /dev/null
+++ b/theos/certs/theos_kyriasis_com.sls
@@ -0,0 +1,56 @@
+include:
+  - nginx.ng
+
+theos.kyriasis.com:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+smtpd-access-theos:
+  acl.present:
+    - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+    - acl_type: user
+    - acl_name: smtpd
+    - perms: r
+    - recurse: True
+    - require_in:
+      - acme: theos.kyriasis.com
+
+ldap-access-theos:
+  acl.present:
+    - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+    - acl_type: user
+    - acl_name: ldap
+    - perms: r
+    - recurse: True
+    - require_in:
+      - acme: theos.kyriasis.com
+
+znc-access-theos:
+  acl.present:
+    - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+    - acl_type: user
+    - acl_name: snc
+    - perms: r
+    - recurse: True
+    - require_in:
+      - acme: theos.kyriasis.com
+
+kyrias-access-theos:
+  acl.present:
+    - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+    - acl_type: user
+    - acl_name: kyrias
+    - perms: r
+    - recurse: True
+    - require_in:
+      - acme: theos.kyriasis.com
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/xan_kyriasis_com.sls b/theos/certs/xan_kyriasis_com.sls
new file mode 100644
index 0000000..3a8fbe3
--- /dev/null
+++ b/theos/certs/xan_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+  - nginx.ng
+
+xan.kyriasis.com:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+
+# vim: set ft=yaml et: