123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 |
- #
- # Nginx
- #
- {% set node_config = salt['pillar.get']('nodes:' ~ grains.id) %}
- {% set nginx_pkg = node_config.get('nginx:pkg', 'nginx') %}
- {% set acme_thumbprint = salt['pillar.get']('acme:thumbprint') %}
- nginx:
- pkg.installed:
- - name: {{nginx_pkg}}
- {% if grains.oscodename in ['jessie'] %}
- - fromrepo: {{ grains.oscodename }}-backports
- {% endif %}
- service.running:
- - enable: TRUE
- - reload: TRUE
- - require:
- - pkg: nginx
- - watch:
- - cmd: nginx-configtest
- # Add cache directory
- nginx-cache:
- file.directory:
- - name: /srv/cache
- - user: www-data
- - group: www-data
- - require:
- - pkg: nginx
- - require_in:
- - cmd: nginx-configtest
- # Install meaningful main configuration (SSL tweaks 'n stuff)
- /etc/nginx/nginx.conf:
- file.managed:
- - source: salt://nginx/nginx.conf
- - template: jinja
- - watch_in:
- - cmd: nginx-configtest
- /etc/nginx/ffho.d:
- file.recurse:
- - source: salt://nginx/ffho.d
- - file_mode: 755
- - dir_mode: 755
- - user: root
- - group: root
- - clean: True
- - watch_in:
- - cmd: nginx-configtest
- # Disable default configuration
- /etc/nginx/sites-enabled/default:
- file.absent:
- - watch_in:
- - cmd: nginx-configtest
- # Install website configuration files configured for this node
- {% for website, website_config in node_config.get('nginx', {}).get('websites', {}).items() %}
- /etc/nginx/sites-enabled/{{website}}:
- file.managed:
- - source: salt://nginx/{{website}}
- - template: jinja
- config: {{ website_config }}
- acme_thumbprint: {{ acme_thumbprint }}
- - require:
- - pkg: nginx
- - watch_in:
- - cmd: nginx-configtest
- {% endfor %}
- {% if 'frontend' in node_config.get('roles', []) %}
- {% for domain, config in pillar.get('frontend', {}).items()|sort %}
- {% if 'file' in config %}
- /etc/nginx/sites-enabled/{{domain}}:
- file.managed:
- - source: salt://nginx/{{config.file}}
- - template: jinja
- acme_thumbprint: {{ acme_thumbprint }}
- - require:
- - pkg: nginx
- - watch_in:
- - cmd: nginx-configtest
- {% endif %}
- {% endfor %}
- /etc/nginx/sites-enabled/ff-frontend.conf:
- file.managed:
- - source: salt://nginx/ff-frontend.conf
- - template: jinja
- - require:
- - pkg: nginx
- - watch_in:
- - cmd: nginx-configtest
- {% endif %}
- # Test configuration before reload
- nginx-configtest:
- cmd.wait:
- - name: /usr/sbin/nginx -t
|