init.sls 2.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. #
  2. # Nginx
  3. #
  4. {% set node_config = salt['pillar.get']('nodes:' ~ grains.id) %}
  5. {% set nginx_pkg = node_config.get('nginx:pkg', 'nginx') %}
  6. nginx:
  7. pkg.installed:
  8. - name: {{nginx_pkg}}
  9. {% if grains.oscodename in ['jessie'] %}
  10. - fromrepo: {{ grains.oscodename }}-backports
  11. {% endif %}
  12. service.running:
  13. - enable: TRUE
  14. - reload: TRUE
  15. - require:
  16. - pkg: nginx
  17. - watch:
  18. - cmd: nginx-configtest
  19. # generate custom DH parameters
  20. {% if grains['saltversion'] >= '2014.7.0' %}
  21. nginx-dhparam:
  22. cmd.run:
  23. - name: openssl dhparam -out /etc/ssl/dhparam.pem 4096
  24. - creates: /etc/ssl/dhparam.pem
  25. - require_in:
  26. - serivce: nginx
  27. {% endif %}
  28. # Add cache directory
  29. nginx-cache:
  30. file.directory:
  31. - name: /srv/cache
  32. - user: www-data
  33. - group: www-data
  34. - require:
  35. - pkg: nginx
  36. - require_in:
  37. - cmd: nginx-configtest
  38. # Install meaningful main configuration (SSL tweaks 'n stuff)
  39. /etc/nginx/nginx.conf:
  40. file.managed:
  41. - source: salt://nginx/nginx.conf
  42. - template: jinja
  43. - watch_in:
  44. - cmd: nginx-configtest
  45. # Disable default configuration
  46. /etc/nginx/sites-enabled/default:
  47. file.absent:
  48. - watch_in:
  49. - cmd: nginx-configtest
  50. # Install website configuration files configured for this node
  51. {% for website, website_config in node_config.get('nginx', {}).get('websites', {}).items() %}
  52. /etc/nginx/sites-enabled/{{website}}:
  53. file.managed:
  54. - source: salt://nginx/{{website}}
  55. - template: jinja
  56. config: {{ website_config }}
  57. - require:
  58. - pkg: nginx
  59. - watch_in:
  60. - cmd: nginx-configtest
  61. {% endfor %}
  62. {% if 'frontend' in node_config.get('roles', []) %}
  63. {% for domain, config in pillar.get('frontend', {}).items()|sort %}
  64. {% if 'file' in config %}
  65. /etc/nginx/sites-enabled/{{domain}}:
  66. file.managed:
  67. - source: salt://nginx/{{config.file}}
  68. - template: jinja
  69. - require:
  70. - pkg: nginx
  71. - watch_in:
  72. - cmd: nginx-configtest
  73. {% endif %}
  74. {% endfor %}
  75. /etc/nginx/sites-enabled/ff-frontend.conf:
  76. file.managed:
  77. - source: salt://nginx/ff-frontend.conf
  78. - template: jinja
  79. - require:
  80. - pkg: nginx
  81. - watch_in:
  82. - cmd: nginx-configtest
  83. {% endif %}
  84. # Test configuration before reload
  85. nginx-configtest:
  86. cmd.wait:
  87. - name: /usr/sbin/nginx -t