{% set fqdn = grains['fqdn'] %}
+{% set domain = '.'.join(fqdn.split('.')[-2:]) %}
common:
fqdn: {{ fqdn }}
- domain: {{ fqdn.split('.', 1)[-1] }}
+ domain: {{ domain }}
sn1RH3ZsFJjJi28CZKMVqsznNEESbYYyjg==
=EIvh
-----END PGP MESSAGE-----
+
+ git:
+ repo: |
+ -----BEGIN PGP MESSAGE-----
+
+ hF4D+CZXdqKq9X4SAQdAwhm3eZ7UoJn57wk8tvrF9JoqNXLWrji9gRQZxURAbX8w
+ kKdsBhu6ITbYZsA7bMS/Vqo6vLe+uuTOMsG+Cxrrpdb2ET9zx+LF7j8Qogu03XLo
+ 0l8BDrTqdH/dksjRGYS7Y+AOnS0ISyXFJ8FAIXDa2+QmO/TDkY93srGZOsm11emD
+ m8AF7CKYxdoQoqn/z43/bhhWajo194mCUZnujmUdID8bNq2PkrcAP8N6jCK+DsSj
+ fQ==
+ =YMy2
+ -----END PGP MESSAGE-----
- require:
- pkg: ufw--install-packages
+
certbot--issue-certbot-certificate-apache:
cmd.run:
- - name: certbot --apache -d {{ pillar['common']['fqdn'] }} --non-interactive --agree-tos --email certbot@{{ pillar['common']['domain'] }}
+ - name: >
+ certbot --apache
+ {% if 'www' in pillar['common']['fqdn'] -%}
+ -d {{ pillar['common']['fqdn'] }} -d {{ pillar['common']['domain'] }}
+ {%- else -%}
+ -d {{ pillar['common']['fqdn'] }}
+ {%- endif %}
+ --non-interactive
+ --agree-tos
+ --email certbot@{{ pillar['common']['domain'] }}
- unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem
- require:
- cmd: certbot--ensure-ufw-open-port-80
- pkg: certbot--install-packages
- onlyif: test -f /usr/sbin/apache2
+certbot--issue-certbot-certificate-nginx:
+ cmd.run:
+ - name: >
+ certbot --nginx
+ {% if 'www' in pillar['common']['fqdn'] -%}
+ -d {{ pillar['common']['fqdn'] }} -d {{ pillar['common']['domain'] }}
+ {%- else -%}
+ -d {{ pillar['common']['fqdn'] }}
+ {%- endif %}
+ --non-interactive
+ --agree-tos
+ --email certbot@{{ pillar['common']['domain'] }}
+ - unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem
+ - require:
+ - cmd: certbot--ensure-ufw-open-port-80
+ - pkg: certbot--install-packages
+ - onlyif: test -f /usr/sbin/nginx
+
certbot--issue-certbot-certificate:
cmd.run:
- name: certbot certonly --standalone -d {{ pillar['common']['fqdn'] }} --non-interactive --agree-tos --email certbot@{{ pillar['common']['domain'] }}
- - unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem
+ - unless: |
+ test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem ||
+ test -f /usr/sbin/apache2 ||
+ test -f /usr/sbin/nginx
- require:
- cmd: certbot--ensure-ufw-open-port-80
- pkg: certbot--install-packages
- - unless: test -f /usr/sbin/apache2
--- /dev/null
+include:
+ - nginx.nginx--install-packages
+ - nginx.nginx--systemd-service
--- /dev/null
+include:
+ - common.ufw.ufw--install-packages
+
+nginx--install-packages:
+ pkg.installed:
+ - refresh: True
+ - pkgs:
+ - nginx
+ - python3-certbot-nginx
+
+nginx--ensure-ufw-open-port-80:
+ cmd.run:
+ - name: ufw allow 80/tcp
+ - require:
+ - pkg: ufw--install-packages
+
+nginx--ensure-ufw-open-port-443:
+ cmd.run:
+ - name: ufw allow 443/tcp
+ - require:
+ - pkg: ufw--install-packages
--- /dev/null
+nginx--systemd-service:
+ service.running:
+ - name: nginx
+ - enable: True
+ - reload: True
+ - require:
+ - pkg: nginx--install-packages
--- /dev/null
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name www.andreasglashauser.com;
+
+ return 301 $scheme://andreasglashauser.com$request_uri;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name andreasglashauser.com;
+
+ root /var/www/andreasglashauser.com;
+ index index.html;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
--- /dev/null
+include:
+ - personal-website.personal-website--install-packages
+ - personal-website.personal-website--setup
+ - personal-website.personal-website--configure-nginx
--- /dev/null
+include:
+ - nginx.nginx--systemd-service
+
+personal-website--configure-nginx-sites-available:
+ file.managed:
+ - name: /etc/nginx/sites-available/{{ pillar['common']['fqdn'] }}.conf
+ - source: salt://personal-website/files/{{ pillar['common']['fqdn'] }}.conf
+ - user: root
+ - group: root
+ - mode: 644
+ - require:
+ - nginx--systemd-service
+
+personal-website--configure-nginx-symlink:
+ file.symlink:
+ - name: /etc/nginx/sites-enabled/{{ pillar['common']['fqdn'] }}.conf
+ - target: /etc/nginx/sites-available/{{ pillar['common']['fqdn'] }}.conf
+ - force: True
+ - require:
+ - file: personal-website--configure-nginx-sites-available
+
+personal-website--configure-remove-default:
+ file.absent:
+ - name: /etc/nginx/sites-enabled/default
+ - require:
+ - file: personal-website--configure-nginx-symlink
+
+personal-website--reload-nginx:
+ service.running:
+ - name: nginx
+ - reload: True
+ - watch:
+ - file: personal-website--configure-nginx-sites-available
+ - require:
+ - file: personal-website--configure-nginx-symlink
--- /dev/null
+personal-website--install-packages:
+ pkg.installed:
+ - pkgs:
+ - git
--- /dev/null
+include:
+ - nginx.nginx--install-packages
+
+personal-website--setup:
+ git.latest:
+ - name: {{ pillar['services']['git']['repo'] }}/personal-website.git
+ - target: /var/www/andreasglashauser.com
+ - require:
+ - pkg: personal-website--install-packages
+ - pkg: nginx--install-packages
- certbot
- bind9
- reboot
+
+ 'www':
+ - postfix
+ - nginx
+ - personal-website
+ - certbot
+ - bind9
+ - reboot
projects / salt-infra.git / commitdiff