heroes / salt

Clone
Source Code
GIT

Blame pillar/role/pagure.sls

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_allow_jinja_in_secrets anikitin/web_mirrors__proxy_mirrorcache bootloader cboltz-borgbackup cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o gateway hellcp/matrix-synapse-workers-syntax hellcp/paste-sync ifconfig infra libvirt lrupp-production-patch-08358 lrupp/add_identification lrupp/remove_login_interface lrupp/retire lrupp/serve_www mailman micro monitoring-restart paste-socket postfix-aliases production repositories set-secret-detection-config-1 sysctl update-access-crtmgr
  1.   production
  2.   pillar
  3.   role
  4.   pagure.sls
Blob History Raw
e0c77c 
{%- from 'macros.jinja' import redis %}
e0c77c
Stasiek Michalski 81413a 
include:
e0c77c 
{%- if salt['grains.get']('include_secrets', True) %}
Stasiek Michalski 81413a 
  - secrets.role.pagure
e0c77c 
{%- endif %}
Stasiek Michalski 81413a 
  - role.common.nginx
Stasiek Michalski 81413a
0e5290 
firewalld:
0e5290 
  enabled: true
0e5290 
  zones:
0e5290 
    internal:
0e5290 
      interfaces:
0e5290 
        - os-code
0e5290 
      services:
0e5290 
        - http
0e5290 
        - https
0e5290
Stasiek Michalski 016c05 
sshd_config:
Stasiek Michalski 016c05 
  matches:
Stasiek Michalski 016c05 
    git_user:
Stasiek Michalski 016c05 
      type:
Stasiek Michalski 016c05 
        User: git
Stasiek Michalski 016c05 
      options:
Stasiek Michalski e158f1 
        AuthorizedKeysCommand: /usr/lib/pagure/keyhelper.py "%u" "%h" "%t" "%f"
Stasiek Michalski e158f1 
        AuthorizedKeysCommandUser: git
Stasiek Michalski f65a64 
    proxy:
Stasiek Michalski f65a64 
      type:
Stasiek Michalski a1f762 
        Address:
e3e60d 
          - 2a07:de40:b27e:1204::11  # atlas1
e3e60d 
          - 2a07:de40:b27e:1204::12  # atlas2
Bernhard M. Wiedemann 5805ec 
      options:
Bernhard M. Wiedemann 5805ec 
        AllowUsers:
Bernhard M. Wiedemann 5805ec 
          - git
Stasiek Michalski 016c05
Stasiek Michalski 81413a 
profile:
Stasiek Michalski 81413a 
  pagure:
Stasiek Michalski 81413a 
    database_user: pagure
3e391e 
    database_host: postgresql.infra.opensuse.org
Stasiek Michalski 81413a
e0c77c 
{%- set listenhttps6='[::]:80' %}
Bernhard M. Wiedemann 5edd97
Stasiek Michalski 81413a 
nginx:
a20cbc 
  servers:
a20cbc 
    managed:
a20cbc 
      code.opensuse.org.conf:
a20cbc 
        config:
a20cbc 
          - server:
a20cbc 
              - server_name: code.opensuse.org
1738ef 
              - listen: '{{ listenhttps6 }}'
a20cbc 
              - location @pagure:
a20cbc 
                  - client_max_body_size: 0
a20cbc 
                  - proxy_set_header: Host $http_host
a20cbc 
                  - proxy_set_header: X-Real-IP $remote_addr
a20cbc 
                  - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
a20cbc 
                  - proxy_set_header: X-Forwarded-Proto $scheme
a20cbc 
                  - proxy_pass: http://unix:/srv/gitolite/.pagure_web.sock
a20cbc 
              - location /:
a20cbc 
                  - try_files: $uri @pagure
a20cbc 
              - location /releases:
a20cbc 
                  - alias: /srv/www/pagure-releases/
a20cbc 
                  - autoindex: 'on'
a20cbc 
        enabled: True
a20cbc 
      releases.opensuse.org.conf:
a20cbc 
        config:
a20cbc 
          - server:
a20cbc 
              - server_name: releases.opensuse.org
1738ef 
              - listen: '{{ listenhttps6 }}'
a20cbc 
              - location /:
a20cbc 
                  - alias: /srv/www/pagure-releases/
a20cbc 
                  - autoindex: 'on'
a20cbc 
        enabled: True
a20cbc 
      ev.opensuse.org.conf:
a20cbc 
        config:
a20cbc 
          - server:
a20cbc 
              - server_name: ev.opensuse.org
1738ef 
              - listen: '{{ listenhttps6 }}'
a20cbc 
              - location @pagure_ev:
a20cbc 
                  - proxy_set_header: Host $http_host
a20cbc 
                  - proxy_set_header: X-Real-IP $remote_addr
a20cbc 
                  - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
a20cbc 
                  - proxy_set_header: X-Forwarded-Proto $scheme
a20cbc 
                  - proxy_pass: http://localhost:8080
a20cbc 
              - location /:
a20cbc 
                  - try_files: $uri @pagure_ev
a20cbc 
        enabled: True
a20cbc 
      pages.opensuse.org.conf:
a20cbc 
        config:
a20cbc 
          - server:
a20cbc 
              - server_name: pages.opensuse.org
1738ef 
              - listen: '{{ listenhttps6 }}'
a20cbc 
              - location @pagure_docs:
a20cbc 
                  - proxy_set_header: Host $http_host
a20cbc 
                  - proxy_set_header: X-Real-IP $remote_addr
a20cbc 
                  - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
a20cbc 
                  - proxy_set_header: X-Forwarded-Proto $scheme
a20cbc 
                  - proxy_pass: http://unix:/srv/gitolite/.pagure_docs_web.sock
a20cbc 
              - location /:
a20cbc 
                  - try_files: $uri @pagure_docs
a20cbc 
        enabled: True
Stasiek Michalski 47242c
e0c77c 
{{ redis('pagure') }}
e0c77c
e0c77c 
groups:
e0c77c 
  redis:
e0c77c 
    members:
e0c77c 
      - git
e0c77c
Stasiek Michalski 47242c 
zypper:
Stasiek Michalski 47242c 
  repositories:
Stasiek Michalski 47242c 
    openSUSE:infrastructure:pagure:
382928 
      baseurl: http://download-prg.infra.opensuse.org/repositories/openSUSE:/infrastructure:/pagure/$releasever/
Stasiek Michalski 47242c 
      priority: 100
Stasiek Michalski 47242c 
      refresh: True
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.