2 years ago · ed8a2df112
--- a/Documentation/example-pillar/burp.sls
+++ b/Documentation/example-pillar/burp.sls
@@ -0,0 +1,9 @@
 
				+#
			
 
				+# Burp backup related configuration
			
 
				+#
			
 
				+
			
 
				+burp:
			
 
				+
			
 
				+  # Server settings
			
 
				+  server:
			
 
				+    fqdn: <FQDN>
			
--- a/Documentation/example-pillar/dns-server.sls
+++ b/Documentation/example-pillar/dns-server.sls
@@ -0,0 +1,53 @@
 
				+#
			
 
				+# DNS related settings
			
 
				+#
			
 
				+
			
 
				+dns-server:
			
 
				+
			
 
				+  # Reference NS for sync checks
			
 
				+  reference_ns: <IP of primary auth NS>
			
 
				+
			
 
				+
			
 
				+# These settings are only relevant for boxes running DNS and monitoring
			
 
				+{% if grains['id'].startswith ('dns') or grains['id'].startswith ('infra-') or grains['id'].startswith ('icinga2') %}
			
 
				+
			
 
				+  acls:
			
 
				+    ffho-ops:
			
 
				+      entries:
			
 
				+        - <OPS prefixes>
			
 
				+
			
 
				+    slaves:
			
 
				+      entries:
			
 
				+        - <IPv4 / IPv6 IPs of DNS slaves>
			
 
				+
			
 
				+  # Defaults if not specified below
			
 
				+  zone_defaults:
			
 
				+    type: master
			
 
				+    # ACLs defined above
			
 
				+    allow-transfer: "slaves; localhost; ffho-ops;"
			
 
				+
			
 
				+  zones:
			
 
				+    # public zones
			
 
				+    paderborn.freifunk.net:
			
 
				+      file: /etc/bind/zones/static/paderborn.freifunk.net.zone
			
 
				+
			
 
				+    hochstift.freifunk.net:
			
 
				+      file: /etc/bind/zones/static/hochstift.freifunk.net.zone
			
 
				+
			
 
				+    ffho.net:
			
 
				+      file: /etc/bind/zones/generated/ffho.net.zone
			
 
				+
			
 
				+    # reverse zones etc.
			
 
				+    # ...
			
 
				+
			
 
				+
			
 
				+  # Configuration for authoritive name server
			
 
				+  auth:
			
 
				+
			
 
				+    ips:
			
 
				+      - <IPv4 / IPv6 IP of priamry auth NS>
			
 
				+
			
 
				+    allow-recursion:
			
 
				+      - <Networks to allow recursive queries from>
			
 
				+
			
 
				+{% endif %}
			
--- a/Documentation/example-pillar/globals.sls
+++ b/Documentation/example-pillar/globals.sls
@@ -0,0 +1,30 @@
 
				+# Global configuration items
			
 
				+
			
 
				+globals:
			
 
				+
			
 
				+  # Mail address of the operators of this fine backbone?
			
 
				+  ops_mail: "<ops mail address>"
			
 
				+
			
 
				+  # SNMP setting
			
 
				+  snmp:
			
 
				+    # read-only community string for snmpd
			
 
				+    ro_community: "<community string>"
			
 
				+
			
 
				+    # List of IPs allowed to query snmpd
			
 
				+    nms_list:
			
 
				+      - "<IPv4 / IPv6 address(es)>"
			
 
				+
			
 
				+  # DNS settings
			
 
				+  dns:
			
 
				+    # IP address of DNS resolver for nodes (should be anycasted)
			
 
				+    resolver_v4: "<IPv4 address>"
			
 
				+    resolver_v6: "<IPv6 address>"
			
 
				+
			
 
				+    # Search domain
			
 
				+    search: "<search domain>"
			
 
				+
			
 
				+  # Salt (minion) configuration
			
 
				+  salt:
			
 
				+    master: "<salt master FQDN>"
			
 
				+    master_port: 4506
			
 
				+    ipv6: "<True / False>"
			
--- a/Documentation/example-pillar/ldap.sls
+++ b/Documentation/example-pillar/ldap.sls
@@ -0,0 +1,6 @@
 
				+ldap:
			
 
				+  global:
			
 
				+    server_uri: "ldaps://<FQDN>"
			
 
				+    base_dn: "<BASE DN>"
			
 
				+
			
 
				+# Special DNs used for mgmt VPN etc.
			
--- a/Documentation/example-pillar/logging.sls
+++ b/Documentation/example-pillar/logging.sls
@@ -0,0 +1,24 @@
 
				+#
			
 
				+# Logging related config
			
 
				+#
			
 
				+
			
 
				+logging:
			
 
				+
			
 
				+  # Config for (r)syslog
			
 
				+  syslog:
			
 
				+
			
 
				+    # Central logserver every node should send logs to
			
 
				+    logserver:  "<IP or FQDN>"
			
 
				+
			
 
				+  # Config for Graylog
			
 
				+  graylog:
			
 
				+
			
 
				+    # IP of the graylog entry point
			
 
				+    syslog_uri: "<URI>"
			
 
				+
			
 
				+    # password secret
			
 
				+    password_secret: "<secret>"
			
 
				+
			
 
				+    root_password_sha2: "<hash>"
			
 
				+
			
 
				+    root_username: "<username>"
			
--- a/Documentation/example-pillar/monitoring.sls
+++ b/Documentation/example-pillar/monitoring.sls
@@ -0,0 +1,12 @@
 
				+monitoring:
			
 
				+{% if grains['id'] in ["<id>"] %}
			
 
				+  users:
			
 
				+    ffho-ops:
			
 
				+      display_name: "<name>"
			
 
				+      telegram_chat_id: "-<group id>"
			
 
				+
			
 
				+    # ...
			
 
				+
			
 
				+  private:
			
 
				+    telegram_bot_token: "<token>"
			
 
				+{% endif %}
			
--- a/Documentation/example-pillar/network.sls
+++ b/Documentation/example-pillar/network.sls
@@ -0,0 +1,7 @@
 
				+#
			
 
				+# Global network settings
			
 
				+#
			
 
				+
			
 
				+network:
			
 
				+  # The default suite to configure network interfaces with
			
 
				+  suite: ifupdown-ng
			
--- a/Documentation/example-pillar/nodes/ALL.sls
+++ b/Documentation/example-pillar/nodes/ALL.sls
--- a/Documentation/example-pillar/nodes/bbr-kt.sls
+++ b/Documentation/example-pillar/nodes/bbr-kt.sls
--- a/Documentation/example-pillar/nodes/cr03.sls
+++ b/Documentation/example-pillar/nodes/cr03.sls
--- a/Documentation/example-pillar/nodes/fe01.sls
+++ b/Documentation/example-pillar/nodes/fe01.sls
--- a/Documentation/example-pillar/nodes/gw03.sls
+++ b/Documentation/example-pillar/nodes/gw03.sls
--- a/Documentation/example-pillar/nodes/init.sls
+++ b/Documentation/example-pillar/nodes/init.sls
--- a/Documentation/example-pillar/nodes/lnx02-pad.sls
+++ b/Documentation/example-pillar/nodes/lnx02-pad.sls
--- a/Documentation/example-pillar/nodes/mail.sls
+++ b/Documentation/example-pillar/nodes/mail.sls
--- a/Documentation/example-pillar/regions.sls
+++ b/Documentation/example-pillar/regions.sls
--- a/Documentation/example-pillar/sites.sls
+++ b/Documentation/example-pillar/sites.sls
--- a/Documentation/example-pillar/ssh.sls
+++ b/Documentation/example-pillar/ssh.sls
--- a/Documentation/example-pillar/te.sls
+++ b/Documentation/example-pillar/te.sls
--- a/Documentation/example-pillar/top.sls
+++ b/Documentation/example-pillar/top.sls
@@ -2,14 +2,13 @@ base:
 
				   '*':
			
 
				     # Site wide options
			
 
				     - globals
			
 
				+    - network
			
 
				 
			
 
				     - net
			
 
				     - nodes
			
 
				     - sites
			
 
				     - regions
			
 
				     - cert
			
 
				-
			
 
				-    # SSH authorized_keys configuration
			
 
				     - ssh
			
 
				 
			
 
				     #
			
@@ -18,6 +17,9 @@ base:
 
				     # Automatic Certificate Management
			
 
				     - acme
			
 
				 
			
 
				+    # Burp backup
			
 
				+    - burp
			
 
				+
			
 
				     # Traffic engineering
			
 
				     - te
			
 
				 
			
@@ -32,3 +34,12 @@ base:
 
				 
			
 
				     # Frontend Config
			
 
				     - frontend
			
 
				+
			
 
				+    # Logging
			
 
				+    - logging
			
 
				+
			
 
				+    # LDAP
			
 
				+    - ldap
			
 
				+
			
 
				+    # Icinga2
			
 
				+    - monitoring
			
--- a/zz_EXAMPLE_PILLAR/globals.sls
+++ b/zz_EXAMPLE_PILLAR/globals.sls
@@ -1,20 +0,0 @@
 
				-# Global configuration items
			
 
				-
			
 
				-globals:
			
 
				-
			
 
				-  # Mail address of the operators of this fine backbone?
			
 
				-  ops_mail: "rootmail@ffho.net"
			
 
				-
			
 
				-  # SNMP setting
			
 
				-  snmp:
			
 
				-    # read-only community string for snmpd
			
 
				-    ro_community: "not_public"
			
 
				-
			
 
				-  # DNS settings
			
 
				-  dns:
			
 
				-    # IP address of DNS resolver for nodes (should be anycasted)
			
 
				-    resolver_v4: 10.132.251.53
			
 
				-    resolver_v6: 2a03:2260:2342:f251::53
			
 
				-
			
 
				-    # Search domain
			
 
				-    search: in.ffho.net