diff options
author | Johannes Löthberg <johannes@kyriasis.com> | 2016-11-21 11:52:12 +0000 |
---|---|---|
committer | Johannes Löthberg <johannes@kyriasis.com> | 2016-11-21 11:52:12 +0000 |
commit | 9567684225ab2697bb6f9b2b6e63b724876c0256 (patch) | |
tree | 07dca4a01de1356516e708740cf2583661aa450c /theos | |
download | file-9567684225ab2697bb6f9b2b6e63b724876c0256.tar.xz |
Initial commit
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Diffstat (limited to 'theos')
-rw-r--r-- | theos/certs/git_kyriasis_com.sls | 16 | ||||
-rw-r--r-- | theos/certs/init.sls | 7 | ||||
-rw-r--r-- | theos/certs/phabricator_kyriasis_com.sls | 16 | ||||
-rw-r--r-- | theos/certs/theos_kyriasis_com.sls | 56 | ||||
-rw-r--r-- | theos/certs/xan_kyriasis_com.sls | 16 | ||||
-rw-r--r-- | theos/files/dhparam.pem | 8 | ||||
-rw-r--r-- | theos/init.sls | 3 | ||||
-rw-r--r-- | theos/nginx.sls | 13 |
8 files changed, 135 insertions, 0 deletions
diff --git a/theos/certs/git_kyriasis_com.sls b/theos/certs/git_kyriasis_com.sls new file mode 100644 index 0000000..47f023b --- /dev/null +++ b/theos/certs/git_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +git.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/certs/init.sls b/theos/certs/init.sls new file mode 100644 index 0000000..e34d338 --- /dev/null +++ b/theos/certs/init.sls @@ -0,0 +1,7 @@ +include: + - .theos_kyriasis_com + - .xan_kyriasis_com + - .git_kyriasis_com + - .phabricator_kyriasis_com + +# vim: set ft=yaml et: diff --git a/theos/certs/phabricator_kyriasis_com.sls b/theos/certs/phabricator_kyriasis_com.sls new file mode 100644 index 0000000..7f40132 --- /dev/null +++ b/theos/certs/phabricator_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +phabricator.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/certs/theos_kyriasis_com.sls b/theos/certs/theos_kyriasis_com.sls new file mode 100644 index 0000000..88d0f22 --- /dev/null +++ b/theos/certs/theos_kyriasis_com.sls @@ -0,0 +1,56 @@ +include: + - nginx.ng + +theos.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + +smtpd-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: smtpd + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +ldap-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: ldap + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +znc-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: snc + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +kyrias-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: kyrias + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + + +# vim: set ft=yaml et: diff --git a/theos/certs/xan_kyriasis_com.sls b/theos/certs/xan_kyriasis_com.sls new file mode 100644 index 0000000..3a8fbe3 --- /dev/null +++ b/theos/certs/xan_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +xan.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/files/dhparam.pem b/theos/files/dhparam.pem new file mode 100644 index 0000000..b164654 --- /dev/null +++ b/theos/files/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7tYfJeMSu8u6Z8jbO3eHVQI7MXnt7uegbo0mogT1w0wqvQI4Zie4 +GDbu2xY+yEdW7mb9/kiddcynl9BytXkVNfXqJ1F6h6VP1rKn0jpq3XsVZ9LqI48Z +7qHHx+uTw/reTYqwc/ZKBlj3XlMTVjXpkM3c58HyjFfpGJbFvnqa40hW/boyYOCM +67js4sRmOXm51TlVQw1SSX3K70+sHWJU2TIWirC1WegMQS1Gc9t1rHQMI7BYKGL1 +v3wRDkH5t+5UgxeRzINB5Tf/EZhNqkRo29DHqiCpzCo+vTc68uhOBJY9lI4JdUht +otUORzNf0HWWGJsTegnfDPw8YyZUZCCs+wIBAg== +-----END DH PARAMETERS----- diff --git a/theos/init.sls b/theos/init.sls new file mode 100644 index 0000000..da93cd1 --- /dev/null +++ b/theos/init.sls @@ -0,0 +1,3 @@ +include: + - theos.nginx + - theos.certs diff --git a/theos/nginx.sls b/theos/nginx.sls new file mode 100644 index 0000000..51bfae6 --- /dev/null +++ b/theos/nginx.sls @@ -0,0 +1,13 @@ +include: + - nginx.ng + +dhparam: + file.managed: + - name: /etc/nginx/dhparam.pem + - source: salt://theos/files/dhparam.pem + - require: + - pkg: nginx_install + - require_in: + - service: nginx_service + - watch_in: + - service: nginx_service |