From: Andreas Glashauser Date: Mon, 24 Mar 2025 07:54:32 +0000 (+0100) Subject: ADDED: nginx states and states for personal website X-Git-Url: https://git.andreasglashauser.com/?a=commitdiff_plain;h=9752e7b3e103ab8e601a28d4caae19bfe3b5906c;p=salt-infra.git ADDED: nginx states and states for personal website --- diff --git a/salt/pillar/common.sls b/salt/pillar/common.sls index 9d938f7..e5f1719 100644 --- a/salt/pillar/common.sls +++ b/salt/pillar/common.sls @@ -1,4 +1,5 @@ {% set fqdn = grains['fqdn'] %} +{% set domain = '.'.join(fqdn.split('.')[-2:]) %} common: fqdn: {{ fqdn }} - domain: {{ fqdn.split('.', 1)[-1] }} + domain: {{ domain }} diff --git a/salt/pillar/services.sls b/salt/pillar/services.sls index e6f5f56..c4c51c9 100644 --- a/salt/pillar/services.sls +++ b/salt/pillar/services.sls @@ -29,3 +29,15 @@ services: sn1RH3ZsFJjJi28CZKMVqsznNEESbYYyjg== =EIvh -----END PGP MESSAGE----- + + git: + repo: | + -----BEGIN PGP MESSAGE----- + + hF4D+CZXdqKq9X4SAQdAwhm3eZ7UoJn57wk8tvrF9JoqNXLWrji9gRQZxURAbX8w + kKdsBhu6ITbYZsA7bMS/Vqo6vLe+uuTOMsG+Cxrrpdb2ET9zx+LF7j8Qogu03XLo + 0l8BDrTqdH/dksjRGYS7Y+AOnS0ISyXFJ8FAIXDa2+QmO/TDkY93srGZOsm11emD + m8AF7CKYxdoQoqn/z43/bhhWajo194mCUZnujmUdID8bNq2PkrcAP8N6jCK+DsSj + fQ== + =YMy2 + -----END PGP MESSAGE----- diff --git a/salt/states/certbot/certbot--issue-certificate.sls b/salt/states/certbot/certbot--issue-certificate.sls index f1d8e04..878c366 100644 --- a/salt/states/certbot/certbot--issue-certificate.sls +++ b/salt/states/certbot/certbot--issue-certificate.sls @@ -7,20 +7,50 @@ certbot--ensure-ufw-open-port-80: - require: - pkg: ufw--install-packages + certbot--issue-certbot-certificate-apache: cmd.run: - - name: certbot --apache -d {{ pillar['common']['fqdn'] }} --non-interactive --agree-tos --email certbot@{{ pillar['common']['domain'] }} + - name: > + certbot --apache + {% if 'www' in pillar['common']['fqdn'] -%} + -d {{ pillar['common']['fqdn'] }} -d {{ pillar['common']['domain'] }} + {%- else -%} + -d {{ pillar['common']['fqdn'] }} + {%- endif %} + --non-interactive + --agree-tos + --email certbot@{{ pillar['common']['domain'] }} - unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem - require: - cmd: certbot--ensure-ufw-open-port-80 - pkg: certbot--install-packages - onlyif: test -f /usr/sbin/apache2 +certbot--issue-certbot-certificate-nginx: + cmd.run: + - name: > + certbot --nginx + {% if 'www' in pillar['common']['fqdn'] -%} + -d {{ pillar['common']['fqdn'] }} -d {{ pillar['common']['domain'] }} + {%- else -%} + -d {{ pillar['common']['fqdn'] }} + {%- endif %} + --non-interactive + --agree-tos + --email certbot@{{ pillar['common']['domain'] }} + - unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem + - require: + - cmd: certbot--ensure-ufw-open-port-80 + - pkg: certbot--install-packages + - onlyif: test -f /usr/sbin/nginx + certbot--issue-certbot-certificate: cmd.run: - name: certbot certonly --standalone -d {{ pillar['common']['fqdn'] }} --non-interactive --agree-tos --email certbot@{{ pillar['common']['domain'] }} - - unless: test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem + - unless: | + test -f /etc/letsencrypt/live/{{ pillar['common']['domain'] }}/fullchain.pem || + test -f /usr/sbin/apache2 || + test -f /usr/sbin/nginx - require: - cmd: certbot--ensure-ufw-open-port-80 - pkg: certbot--install-packages - - unless: test -f /usr/sbin/apache2 diff --git a/salt/states/nginx/init.sls b/salt/states/nginx/init.sls new file mode 100644 index 0000000..d23882e --- /dev/null +++ b/salt/states/nginx/init.sls @@ -0,0 +1,3 @@ +include: + - nginx.nginx--install-packages + - nginx.nginx--systemd-service diff --git a/salt/states/nginx/nginx--install-packages.sls b/salt/states/nginx/nginx--install-packages.sls new file mode 100644 index 0000000..e52ee3f --- /dev/null +++ b/salt/states/nginx/nginx--install-packages.sls @@ -0,0 +1,21 @@ +include: + - common.ufw.ufw--install-packages + +nginx--install-packages: + pkg.installed: + - refresh: True + - pkgs: + - nginx + - python3-certbot-nginx + +nginx--ensure-ufw-open-port-80: + cmd.run: + - name: ufw allow 80/tcp + - require: + - pkg: ufw--install-packages + +nginx--ensure-ufw-open-port-443: + cmd.run: + - name: ufw allow 443/tcp + - require: + - pkg: ufw--install-packages diff --git a/salt/states/nginx/nginx--systemd-service.sls b/salt/states/nginx/nginx--systemd-service.sls new file mode 100644 index 0000000..d5b0cd3 --- /dev/null +++ b/salt/states/nginx/nginx--systemd-service.sls @@ -0,0 +1,7 @@ +nginx--systemd-service: + service.running: + - name: nginx + - enable: True + - reload: True + - require: + - pkg: nginx--install-packages diff --git a/salt/states/personal-website/files/www.andreasglashauser.com.conf b/salt/states/personal-website/files/www.andreasglashauser.com.conf new file mode 100644 index 0000000..d2a1199 --- /dev/null +++ b/salt/states/personal-website/files/www.andreasglashauser.com.conf @@ -0,0 +1,22 @@ +server { + listen 80; + listen [::]:80; + + server_name www.andreasglashauser.com; + + return 301 $scheme://andreasglashauser.com$request_uri; +} + +server { + listen 80; + listen [::]:80; + + server_name andreasglashauser.com; + + root /var/www/andreasglashauser.com; + index index.html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/salt/states/personal-website/init.sls b/salt/states/personal-website/init.sls new file mode 100644 index 0000000..61a72dc --- /dev/null +++ b/salt/states/personal-website/init.sls @@ -0,0 +1,4 @@ +include: + - personal-website.personal-website--install-packages + - personal-website.personal-website--setup + - personal-website.personal-website--configure-nginx diff --git a/salt/states/personal-website/personal-website--configure-nginx.sls b/salt/states/personal-website/personal-website--configure-nginx.sls new file mode 100644 index 0000000..2e95789 --- /dev/null +++ b/salt/states/personal-website/personal-website--configure-nginx.sls @@ -0,0 +1,35 @@ +include: + - nginx.nginx--systemd-service + +personal-website--configure-nginx-sites-available: + file.managed: + - name: /etc/nginx/sites-available/{{ pillar['common']['fqdn'] }}.conf + - source: salt://personal-website/files/{{ pillar['common']['fqdn'] }}.conf + - user: root + - group: root + - mode: 644 + - require: + - nginx--systemd-service + +personal-website--configure-nginx-symlink: + file.symlink: + - name: /etc/nginx/sites-enabled/{{ pillar['common']['fqdn'] }}.conf + - target: /etc/nginx/sites-available/{{ pillar['common']['fqdn'] }}.conf + - force: True + - require: + - file: personal-website--configure-nginx-sites-available + +personal-website--configure-remove-default: + file.absent: + - name: /etc/nginx/sites-enabled/default + - require: + - file: personal-website--configure-nginx-symlink + +personal-website--reload-nginx: + service.running: + - name: nginx + - reload: True + - watch: + - file: personal-website--configure-nginx-sites-available + - require: + - file: personal-website--configure-nginx-symlink diff --git a/salt/states/personal-website/personal-website--install-packages.sls b/salt/states/personal-website/personal-website--install-packages.sls new file mode 100644 index 0000000..5e81fce --- /dev/null +++ b/salt/states/personal-website/personal-website--install-packages.sls @@ -0,0 +1,4 @@ +personal-website--install-packages: + pkg.installed: + - pkgs: + - git diff --git a/salt/states/personal-website/personal-website--setup.sls b/salt/states/personal-website/personal-website--setup.sls new file mode 100644 index 0000000..f1da04c --- /dev/null +++ b/salt/states/personal-website/personal-website--setup.sls @@ -0,0 +1,10 @@ +include: + - nginx.nginx--install-packages + +personal-website--setup: + git.latest: + - name: {{ pillar['services']['git']['repo'] }}/personal-website.git + - target: /var/www/andreasglashauser.com + - require: + - pkg: personal-website--install-packages + - pkg: nginx--install-packages diff --git a/salt/states/top.sls b/salt/states/top.sls index 0a69887..830392c 100644 --- a/salt/states/top.sls +++ b/salt/states/top.sls @@ -35,3 +35,11 @@ base: - certbot - bind9 - reboot + + 'www': + - postfix + - nginx + - personal-website + - certbot + - bind9 + - reboot