heroes / salt

Clone
Source Code
GIT

Blame pillar/role/web_keyserver.sls

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_allow_jinja_in_secrets anikitin/web_mirrors__proxy_mirrorcache bootloader cboltz-borgbackup cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o gateway hellcp/matrix-synapse-workers-syntax hellcp/paste-sync ifconfig infra libvirt lrupp-production-patch-08358 lrupp/add_identification lrupp/remove_login_interface lrupp/retire lrupp/serve_www mailman micro monitoring-restart paste-socket postfix-aliases production repositories set-secret-detection-config-1 sysctl update-access-crtmgr
  1.   a5a8279aec04936db59799a0be21c808db99a17e
  2.   pillar
  3.   role
  4.   web_keyserver.sls
Blob History Raw
Theo Chatzimichos e61be4 
{% set host = salt['grains.get']('host') %}
Theo Chatzimichos 9a91c0 
{% set ip4_private = salt['grains.get']('ipv4_interfaces:private[0]') %}
Theo Chatzimichos 9a91c0
Theo Chatzimichos 9a91c0 
include:
Theo Chatzimichos 9a91c0 
  - role.common.nginx
Theo Chatzimichos 9a91c0
Theo Chatzimichos 9a91c0 
nginx:
Theo Chatzimichos 9a91c0 
  ng:
Theo Chatzimichos 9a91c0 
    server:
Theo Chatzimichos 9a91c0 
      config:
Theo Chatzimichos 9a91c0 
        http:
Theo Chatzimichos 9a91c0 
          client_max_body_size: 8m
Theo Chatzimichos 9a91c0 
          gzip_static: 'on'
Theo Chatzimichos 9a91c0 
          gzip_min_length: 1000
Theo Chatzimichos 9a91c0 
          gzip_proxied:
Theo Chatzimichos 9a91c0 
            - expired
Theo Chatzimichos 9a91c0 
            - no-cache
Theo Chatzimichos 9a91c0 
            - no-store
Theo Chatzimichos 9a91c0 
            - private
Theo Chatzimichos 9a91c0 
            - auth
Theo Chatzimichos 9a91c0 
          gzip_types:
Theo Chatzimichos 9a91c0 
            - text/plain
Theo Chatzimichos 9a91c0 
            - text/css
Theo Chatzimichos 9a91c0 
            - application/xml
Theo Chatzimichos 9a91c0 
            - application/x-javascript
Theo Chatzimichos 9a91c0 
        worker_processes: 4
Theo Chatzimichos 9a91c0 
    servers:
Theo Chatzimichos 9a91c0 
      managed:
Theo Chatzimichos 9a91c0 
        keyserver.opensuse.org.conf:
Theo Chatzimichos 9a91c0 
          config:
Theo Chatzimichos 9a91c0 
            - server:
Theo Chatzimichos 9a91c0 
                - listen:
Theo Chatzimichos 9a91c0 
                    - 80
Theo Chatzimichos 9a91c0 
                    - default_server
Theo Chatzimichos 9a91c0 
                - listen:
Theo Chatzimichos 9a91c0 
                    - {{ ip4_private }}:11371
Theo Chatzimichos 9a91c0 
                    - default_server
Theo Chatzimichos 9a91c0 
                - server_name: keyserver.opensuse.org
Theo Chatzimichos e61be4 
                - server_name: {{ host }}.opensuse.org
Theo Chatzimichos 9a91c0 
                - server_name: '*.sks-keyservers.net'
Theo Chatzimichos 9a91c0 
                - server_name: '*.pool.sks-keyservers.net'
Theo Chatzimichos 9a91c0 
                - server_name: pgp.mit.edu
Theo Chatzimichos 9a91c0 
                - server_name: keys.gnupg.net
Theo Chatzimichos 9a91c0 
                - root: /srv/www/htdocs
Theo Chatzimichos 9a91c0 
                - rewrite: ^/stats /pks/lookup?op=stats
Theo Chatzimichos 9a91c0 
                - rewrite: ^/s/(.*) /pks/lookup?search=$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/search/(.*) /pks/lookup?search=$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/g/(.*) /pks/lookup?op=get&search=$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/get/(.*) /pks/lookup?op=get&search=$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/hashquery /pks/hashquery
Theo Chatzimichos 9a91c0 
                - rewrite: ^/hashquery/(.*) /pks/hashquery/$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1
Theo Chatzimichos 9a91c0 
                - rewrite: ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1
Theo Chatzimichos 9a91c0 
                - expires: 1y
Theo Chatzimichos 9a91c0 
                - add_header: Pragma public
Theo Chatzimichos 9a91c0 
                - add_header: Cache-Control "public"
Theo Chatzimichos 9a91c0 
                - location /check.txt:
Theo Chatzimichos 9a91c0 
                    - root: /srv/www/htdocs
Theo Chatzimichos 9a91c0 
                    - access_log: 'off'
Theo Chatzimichos 9a91c0 
                - location /:
Theo Chatzimichos 9a91c0 
                    - root: /srv/www/htdocs
Theo Chatzimichos 9a91c0 
                    - index:
Theo Chatzimichos 9a91c0 
                        - index.html
Theo Chatzimichos 9a91c0 
                        - index.htm
Theo Chatzimichos 9a91c0 
                - location /pks:
Theo Chatzimichos 9a91c0 
                    - proxy_pass: http://127.0.0.1:11371
Theo Chatzimichos 9a91c0 
                    - proxy_pass_header: Server
Theo Chatzimichos e61be4 
                    - add_header: Via "1.1 {{ host }}.opensuse.org:11371"
Theo Chatzimichos 9a91c0 
                    - proxy_ignore_client_abort: 'on'
Theo Chatzimichos 9a91c0 
                    - client_max_body_size: 8m
Theo Chatzimichos 9a91c0 
                - error_page: 500 502 503 504 /50x.html
Theo Chatzimichos 9a91c0 
                - location = /50x.html:
Theo Chatzimichos 9a91c0 
                    - root: /srv/www/htdocs
Theo Chatzimichos 9a91c0 
          enabled: True
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.