summaryrefslogtreecommitdiffstats
path: root/theos
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2016-11-21 11:52:12 +0000
committerJohannes Löthberg <johannes@kyriasis.com>2016-11-21 11:52:12 +0000
commit9567684225ab2697bb6f9b2b6e63b724876c0256 (patch)
tree07dca4a01de1356516e708740cf2583661aa450c /theos
downloadfile-9567684225ab2697bb6f9b2b6e63b724876c0256.tar.xz
Initial commit
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Diffstat (limited to 'theos')
-rw-r--r--theos/certs/git_kyriasis_com.sls16
-rw-r--r--theos/certs/init.sls7
-rw-r--r--theos/certs/phabricator_kyriasis_com.sls16
-rw-r--r--theos/certs/theos_kyriasis_com.sls56
-rw-r--r--theos/certs/xan_kyriasis_com.sls16
-rw-r--r--theos/files/dhparam.pem8
-rw-r--r--theos/init.sls3
-rw-r--r--theos/nginx.sls13
8 files changed, 135 insertions, 0 deletions
diff --git a/theos/certs/git_kyriasis_com.sls b/theos/certs/git_kyriasis_com.sls
new file mode 100644
index 0000000..47f023b
--- /dev/null
+++ b/theos/certs/git_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+ - nginx.ng
+
+git.kyriasis.com:
+ acme.cert:
+ - email: johannes@kyriasis.com
+ - webroot: /srv/http/
+ - keysize: 4096
+
+ - watch_in:
+ - service: nginx_service
+ - require_in:
+ - service: nginx_service
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/init.sls b/theos/certs/init.sls
new file mode 100644
index 0000000..e34d338
--- /dev/null
+++ b/theos/certs/init.sls
@@ -0,0 +1,7 @@
+include:
+ - .theos_kyriasis_com
+ - .xan_kyriasis_com
+ - .git_kyriasis_com
+ - .phabricator_kyriasis_com
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/phabricator_kyriasis_com.sls b/theos/certs/phabricator_kyriasis_com.sls
new file mode 100644
index 0000000..7f40132
--- /dev/null
+++ b/theos/certs/phabricator_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+ - nginx.ng
+
+phabricator.kyriasis.com:
+ acme.cert:
+ - email: johannes@kyriasis.com
+ - webroot: /srv/http/
+ - keysize: 4096
+
+ - watch_in:
+ - service: nginx_service
+ - require_in:
+ - service: nginx_service
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/theos_kyriasis_com.sls b/theos/certs/theos_kyriasis_com.sls
new file mode 100644
index 0000000..88d0f22
--- /dev/null
+++ b/theos/certs/theos_kyriasis_com.sls
@@ -0,0 +1,56 @@
+include:
+ - nginx.ng
+
+theos.kyriasis.com:
+ acme.cert:
+ - email: johannes@kyriasis.com
+ - webroot: /srv/http/
+ - keysize: 4096
+
+ - watch_in:
+ - service: nginx_service
+ - require_in:
+ - service: nginx_service
+
+smtpd-access-theos:
+ acl.present:
+ - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+ - acl_type: user
+ - acl_name: smtpd
+ - perms: r
+ - recurse: True
+ - require_in:
+ - acme: theos.kyriasis.com
+
+ldap-access-theos:
+ acl.present:
+ - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+ - acl_type: user
+ - acl_name: ldap
+ - perms: r
+ - recurse: True
+ - require_in:
+ - acme: theos.kyriasis.com
+
+znc-access-theos:
+ acl.present:
+ - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+ - acl_type: user
+ - acl_name: snc
+ - perms: r
+ - recurse: True
+ - require_in:
+ - acme: theos.kyriasis.com
+
+kyrias-access-theos:
+ acl.present:
+ - name: /etc/letsencrypt/archive/theos.kyriasis.com/
+ - acl_type: user
+ - acl_name: kyrias
+ - perms: r
+ - recurse: True
+ - require_in:
+ - acme: theos.kyriasis.com
+
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/xan_kyriasis_com.sls b/theos/certs/xan_kyriasis_com.sls
new file mode 100644
index 0000000..3a8fbe3
--- /dev/null
+++ b/theos/certs/xan_kyriasis_com.sls
@@ -0,0 +1,16 @@
+include:
+ - nginx.ng
+
+xan.kyriasis.com:
+ acme.cert:
+ - email: johannes@kyriasis.com
+ - webroot: /srv/http/
+ - keysize: 4096
+
+ - watch_in:
+ - service: nginx_service
+ - require_in:
+ - service: nginx_service
+
+
+# vim: set ft=yaml et:
diff --git a/theos/files/dhparam.pem b/theos/files/dhparam.pem
new file mode 100644
index 0000000..b164654
--- /dev/null
+++ b/theos/files/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7tYfJeMSu8u6Z8jbO3eHVQI7MXnt7uegbo0mogT1w0wqvQI4Zie4
+GDbu2xY+yEdW7mb9/kiddcynl9BytXkVNfXqJ1F6h6VP1rKn0jpq3XsVZ9LqI48Z
+7qHHx+uTw/reTYqwc/ZKBlj3XlMTVjXpkM3c58HyjFfpGJbFvnqa40hW/boyYOCM
+67js4sRmOXm51TlVQw1SSX3K70+sHWJU2TIWirC1WegMQS1Gc9t1rHQMI7BYKGL1
+v3wRDkH5t+5UgxeRzINB5Tf/EZhNqkRo29DHqiCpzCo+vTc68uhOBJY9lI4JdUht
+otUORzNf0HWWGJsTegnfDPw8YyZUZCCs+wIBAg==
+-----END DH PARAMETERS-----
diff --git a/theos/init.sls b/theos/init.sls
new file mode 100644
index 0000000..da93cd1
--- /dev/null
+++ b/theos/init.sls
@@ -0,0 +1,3 @@
+include:
+ - theos.nginx
+ - theos.certs
diff --git a/theos/nginx.sls b/theos/nginx.sls
new file mode 100644
index 0000000..51bfae6
--- /dev/null
+++ b/theos/nginx.sls
@@ -0,0 +1,13 @@
+include:
+ - nginx.ng
+
+dhparam:
+ file.managed:
+ - name: /etc/nginx/dhparam.pem
+ - source: salt://theos/files/dhparam.pem
+ - require:
+ - pkg: nginx_install
+ - require_in:
+ - service: nginx_service
+ - watch_in:
+ - service: nginx_service