init.sls 1.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
  1. #
  2. # Nginx
  3. #
  4. {% set nginx_pkg = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':nginx:pkg', 'nginx') %}
  5. nginx:
  6. pkg.installed:
  7. - name: {{nginx_pkg}}
  8. {% if grains['oscodename'] == 'jessie' %}
  9. - fromrepo: jessie-backports
  10. {% endif %}
  11. service.running:
  12. - enable: TRUE
  13. - reload: TRUE
  14. - require:
  15. - pkg: nginx
  16. - file: nginx-cache
  17. - watch:
  18. - cmd: nginx-configtest
  19. # generate custom DH parameters
  20. {% if grains['saltversion'] >= '2014.7.0' %}
  21. nginx-dhparam:
  22. cmd.run:
  23. - name: openssl dhparam -out /etc/ssl/dhparam.pem 4096
  24. - creates: /etc/ssl/dhparam.pem
  25. - require_in:
  26. - serivce: nginx
  27. {% endif %}
  28. # Add cache directory
  29. nginx-cache:
  30. file.directory:
  31. - name: /srv/cache
  32. - user: www-data
  33. - group: www-data
  34. # Install meaningful main configuration (SSL tweaks 'n stuff)
  35. /etc/nginx/nginx.conf:
  36. file.managed:
  37. - source: salt://nginx/nginx.conf
  38. - watch_in:
  39. - cmd: nginx-configtest
  40. # Disable default configuration
  41. /etc/nginx/sites-enabled/default:
  42. file.absent:
  43. - watch_in:
  44. - cmd: nginx-configtest
  45. # Install website configuration files configured for this node
  46. {% for website in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':nginx:websites', []) %}
  47. /etc/nginx/sites-enabled/{{website}}:
  48. file.managed:
  49. - source: salt://nginx/{{website}}
  50. - template: jinja
  51. - require:
  52. - pkg: nginx
  53. - watch_in:
  54. - cmd: nginx-configtest
  55. {% endfor %}
  56. # Test configuration before reload
  57. nginx-configtest:
  58. cmd.wait:
  59. - name: /usr/sbin/nginx -t