From 9567684225ab2697bb6f9b2b6e63b724876c0256 Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Mon, 21 Nov 2016 11:52:12 +0000 Subject: Initial commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Johannes Löthberg --- theos/certs/git_kyriasis_com.sls | 16 +++++++++ theos/certs/init.sls | 7 ++++ theos/certs/phabricator_kyriasis_com.sls | 16 +++++++++ theos/certs/theos_kyriasis_com.sls | 56 ++++++++++++++++++++++++++++++++ theos/certs/xan_kyriasis_com.sls | 16 +++++++++ theos/files/dhparam.pem | 8 +++++ theos/init.sls | 3 ++ theos/nginx.sls | 13 ++++++++ 8 files changed, 135 insertions(+) create mode 100644 theos/certs/git_kyriasis_com.sls create mode 100644 theos/certs/init.sls create mode 100644 theos/certs/phabricator_kyriasis_com.sls create mode 100644 theos/certs/theos_kyriasis_com.sls create mode 100644 theos/certs/xan_kyriasis_com.sls create mode 100644 theos/files/dhparam.pem create mode 100644 theos/init.sls create mode 100644 theos/nginx.sls (limited to 'theos') diff --git a/theos/certs/git_kyriasis_com.sls b/theos/certs/git_kyriasis_com.sls new file mode 100644 index 0000000..47f023b --- /dev/null +++ b/theos/certs/git_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +git.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/certs/init.sls b/theos/certs/init.sls new file mode 100644 index 0000000..e34d338 --- /dev/null +++ b/theos/certs/init.sls @@ -0,0 +1,7 @@ +include: + - .theos_kyriasis_com + - .xan_kyriasis_com + - .git_kyriasis_com + - .phabricator_kyriasis_com + +# vim: set ft=yaml et: diff --git a/theos/certs/phabricator_kyriasis_com.sls b/theos/certs/phabricator_kyriasis_com.sls new file mode 100644 index 0000000..7f40132 --- /dev/null +++ b/theos/certs/phabricator_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +phabricator.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/certs/theos_kyriasis_com.sls b/theos/certs/theos_kyriasis_com.sls new file mode 100644 index 0000000..88d0f22 --- /dev/null +++ b/theos/certs/theos_kyriasis_com.sls @@ -0,0 +1,56 @@ +include: + - nginx.ng + +theos.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + +smtpd-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: smtpd + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +ldap-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: ldap + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +znc-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: snc + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + +kyrias-access-theos: + acl.present: + - name: /etc/letsencrypt/archive/theos.kyriasis.com/ + - acl_type: user + - acl_name: kyrias + - perms: r + - recurse: True + - require_in: + - acme: theos.kyriasis.com + + +# vim: set ft=yaml et: diff --git a/theos/certs/xan_kyriasis_com.sls b/theos/certs/xan_kyriasis_com.sls new file mode 100644 index 0000000..3a8fbe3 --- /dev/null +++ b/theos/certs/xan_kyriasis_com.sls @@ -0,0 +1,16 @@ +include: + - nginx.ng + +xan.kyriasis.com: + acme.cert: + - email: johannes@kyriasis.com + - webroot: /srv/http/ + - keysize: 4096 + + - watch_in: + - service: nginx_service + - require_in: + - service: nginx_service + + +# vim: set ft=yaml et: diff --git a/theos/files/dhparam.pem b/theos/files/dhparam.pem new file mode 100644 index 0000000..b164654 --- /dev/null +++ b/theos/files/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7tYfJeMSu8u6Z8jbO3eHVQI7MXnt7uegbo0mogT1w0wqvQI4Zie4 +GDbu2xY+yEdW7mb9/kiddcynl9BytXkVNfXqJ1F6h6VP1rKn0jpq3XsVZ9LqI48Z +7qHHx+uTw/reTYqwc/ZKBlj3XlMTVjXpkM3c58HyjFfpGJbFvnqa40hW/boyYOCM +67js4sRmOXm51TlVQw1SSX3K70+sHWJU2TIWirC1WegMQS1Gc9t1rHQMI7BYKGL1 +v3wRDkH5t+5UgxeRzINB5Tf/EZhNqkRo29DHqiCpzCo+vTc68uhOBJY9lI4JdUht +otUORzNf0HWWGJsTegnfDPw8YyZUZCCs+wIBAg== +-----END DH PARAMETERS----- diff --git a/theos/init.sls b/theos/init.sls new file mode 100644 index 0000000..da93cd1 --- /dev/null +++ b/theos/init.sls @@ -0,0 +1,3 @@ +include: + - theos.nginx + - theos.certs diff --git a/theos/nginx.sls b/theos/nginx.sls new file mode 100644 index 0000000..51bfae6 --- /dev/null +++ b/theos/nginx.sls @@ -0,0 +1,13 @@ +include: + - nginx.ng + +dhparam: + file.managed: + - name: /etc/nginx/dhparam.pem + - source: salt://theos/files/dhparam.pem + - require: + - pkg: nginx_install + - require_in: + - service: nginx_service + - watch_in: + - service: nginx_service -- cgit v1.2.3-70-g09d2