init.sls 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. #
  2. # Nginx
  3. #
  4. include:
  5. - systemd
  6. {% set node_config = salt['pillar.get']('node') %}
  7. {% set nginx_pkg = node_config.get('nginx:pkg', 'nginx') %}
  8. {% set acme_thumbprint = salt['pillar.get']('acme:thumbprint') %}
  9. nginx:
  10. pkg.installed:
  11. - name: {{nginx_pkg}}
  12. service.running:
  13. - enable: TRUE
  14. - reload: TRUE
  15. - require:
  16. - pkg: nginx
  17. - watch:
  18. - cmd: nginx-configtest
  19. # Add dependecy on network-online.target
  20. /etc/systemd/system/nginx.service.d/override.conf:
  21. file.managed:
  22. - makedirs: true
  23. - source: salt://nginx/service-override.conf
  24. - watch_in:
  25. - cmd: systemctl-daemon-reload
  26. # Add cache directory
  27. nginx-cache:
  28. file.directory:
  29. - name: /srv/cache
  30. - user: www-data
  31. - group: www-data
  32. - require:
  33. - pkg: nginx
  34. - require_in:
  35. - cmd: nginx-configtest
  36. # Install meaningful main configuration (SSL tweaks 'n stuff)
  37. /etc/nginx/nginx.conf:
  38. file.managed:
  39. - source: salt://nginx/nginx.conf
  40. - template: jinja
  41. - watch_in:
  42. - cmd: nginx-configtest
  43. /etc/nginx/ffho.d:
  44. file.recurse:
  45. - source: salt://nginx/ffho.d
  46. - file_mode: 755
  47. - dir_mode: 755
  48. - user: root
  49. - group: root
  50. - clean: True
  51. - watch_in:
  52. - cmd: nginx-configtest
  53. # Disable default configuration
  54. /etc/nginx/sites-enabled/default:
  55. file.absent:
  56. - watch_in:
  57. - cmd: nginx-configtest
  58. # Install website configuration files configured for this node
  59. {% for website, website_config in node_config.get('nginx', {}).get('websites', {}).items() %}
  60. /etc/nginx/sites-enabled/{{website}}:
  61. file.managed:
  62. - source: salt://nginx/{{website}}
  63. - template: jinja
  64. config: {{ website_config }}
  65. acme_thumbprint: {{ acme_thumbprint }}
  66. - require:
  67. - pkg: nginx
  68. - watch_in:
  69. - cmd: nginx-configtest
  70. {% endfor %}
  71. {% if 'frontend' in node_config.get('roles', []) %}
  72. {% for domain, config in pillar.get('frontend', {}).items()|sort %}
  73. {% if 'file' in config %}
  74. /etc/nginx/sites-enabled/{{domain}}:
  75. file.managed:
  76. - source: salt://nginx/{{config.file}}
  77. - template: jinja
  78. acme_thumbprint: {{ acme_thumbprint }}
  79. - require:
  80. - pkg: nginx
  81. - watch_in:
  82. - cmd: nginx-configtest
  83. {% endif %}
  84. {% endfor %}
  85. /etc/nginx/sites-enabled/ff-frontend.conf:
  86. file.managed:
  87. - source: salt://nginx/ff-frontend.conf
  88. - template: jinja
  89. - require:
  90. - pkg: nginx
  91. - watch_in:
  92. - cmd: nginx-configtest
  93. {% endif %}
  94. # Test configuration before reload
  95. nginx-configtest:
  96. cmd.wait:
  97. - name: /usr/sbin/nginx -t