From 7851d1b84e5e67d9be130cb80bc515fe192ae725 Mon Sep 17 00:00:00 2001 From: Jacob Michalskie Date: Dec 19 2022 20:51:27 +0000 Subject: Initial paste profile --- diff --git a/pillar/id/paste_infra_opensuse_org.sls b/pillar/id/paste_infra_opensuse_org.sls index a42dbfd..729e282 100644 --- a/pillar/id/paste_infra_opensuse_org.sls +++ b/pillar/id/paste_infra_opensuse_org.sls @@ -2,7 +2,8 @@ grains: city: nuremberg country: de hostusage: [] - roles: [] + roles: + - paste reboot_safe: yes salt_cluster: opensuse virt_cluster: atreju diff --git a/pillar/role/paste.sls b/pillar/role/paste.sls new file mode 100644 index 0000000..ffcd8e0 --- /dev/null +++ b/pillar/role/paste.sls @@ -0,0 +1,38 @@ +include: +{% if salt['grains.get']('include_secrets', True) %} + - secrets.role.paste +{% endif %} + - role.common.nginx + +profile: + paste: + database_name: paste + database_user: paste + database_host: 192.168.47.4 + openidc: + client_id: paste.opensuse.org + +nginx: + ng: + servers: + managed: + paste.opensuse.org.conf: + config: + - server: + - listen: + - 80 + - default_server + - server_name: paste-test.opensuse.org + - root: /srv/www/paste-o-o/public + - keepalive_timeout: 5 + - try_files $uri/index.html $uri @paste + - location @paste: + - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for + - proxy_set_header: Host $http_host + - proxy_pass http://localhost:3000 + - error_page: 500 502 503 504 /50x.html + - location = /50x.html: + - root: /srv/www/htdocs + - access_log: /var/log/nginx/paste.access.log combined + - error_log: /var/log/nginx/paste.error.log + enabled: True diff --git a/pillar/secrets/role/paste.sls b/pillar/secrets/role/paste.sls new file mode 100644 index 0000000..70f4eee --- /dev/null +++ b/pillar/secrets/role/paste.sls @@ -0,0 +1,280 @@ +#!yaml|gpg + +profile: + paste: + openidc: + secret: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/9HzO/hpGlyxwV8xJhCmWlWl5OytYNaUwf6wsGog++tFYY + dXnUjPcvvn4mYU+Xv1yolChC5YHP4IBzNeCRfTNaWolGJo3TTB5jmPCFUcKPyrZO + PZeGohIbG3eOqtjrsKvwlReHWlQ4TxqXEdQZLr1Y+k0R7kNeSi5nVqwAtMNnAktx + kjxB0X/oPiKqjAzejQNuL5AFpmcGwCSqRh22j68J6y2YALt2yeA25Y8xsleE2XfD + aGG0RPw3dDjhcdKIhwhnjAz70Mjiy260sEWTFR+RRjEV1k85ycuNSrURn24zo/hC + cb1Qy6iVZ3Sj7Dje/bFthFaVyMNjTKAo0jaislkQpDx0lDW8cPqd/DUlSFnoTFlt + riHsnA9ybwbNGnNBVFUwTNLGCzPllrMopEG/fmtYBt5QGNIMQjevrPKAhkKbRQqv + Q2xvh/kStvgjDOsXXnwY6xS0GtpBWtV8EOE+aXLYg1A0hUkyJ4UaEYz5OSNkSPiP + 3G+/mrkyZ+AuNyxEPDbQ7OuLuF+iloiA2LMXZFmpr4LIB04p3HEZTBXjAPSbinKL + JEySsEtMTjLUlJMUe9VMnB8l8+xE9dhT8Nfc24Ms9m0oMb/PHFkynnlVQ9I+K/Zy + wNjlmHg2JPnmRxMRxHCb26Wr4tpV6jQ5+nxzG+SlnZ9ACR4kdFVJIqGL3ojXp8oP + /ipdJxsE28LjxIFCrsT/nGW7mQ5PBrRt3rpEw6r/RJvLsWQZ3whFj61DYi0Gnm1M + +P/Tb/CV9+nA3NoyEhhzhYMQYdRwIuSSTCx0BhDAXrdjnJ+hvLH+X7iM/JTko0FG + nyhtEoUFG2Z3KNYwHM10rtkuO5eiYZRK9Gqq7+/HLRMyYxu3FIlhJXTZRiRl0FZ9 + NvI1g17RmKdtlVqh4BC4JuW4WGPmyb320z5Qt9QdHJKasRU4LiMf8eIQu3TMo3Uh + l15HV84shm9HZoshh4FZPPiiOSe9UGdh13hB4UlZugN1XRMLmMJy8tcftp1iw6LF + QqzAErJFEc7Py7yqLZ36EsBQYUo8aZTdsFRNTthNGTVOt1jVsw+wCydjeNrT/FJV + 0I7CnW6lnuuikxRL8Ll44gIDyU5jtXtwlvhbTISKwSEDGRH3AvOY5NXPlHiGNqu9 + qcszHqaLJoNZhFpyo+CYd4cwQju2yfayqTP2sFMSo3vH8OPdhsGF0hE+KO4rrEM/ + jLVTl38lBSEwM0t2BE5nWoLV8O3KjDJNrJ4bQ7B4wKStHXoMLeqRAEGjVfeHEkGP + xmY5psYNCl01R0ikFdw1z5I77CEnaoNlXyaFGAk08tyd09j8u1WTJ7I2sgl43hjT + r9XTKTO66fsaoF2mZaluY6dMR0h8Ut0I/ts1DO3fIU3IhQIMA8amgupjyC8cARAA + uxTh89M4UanO8+8pqivPOrhM6ZSZfGlqp6iGgM+MxBfWrIcseFW3zAoiplCLGAfR + gmc5xUYq5Ee5XLQ5HpyuG42t1sS3j1mlcI2aRoHxZ3dd1lkBdSvpAa8JYnSQ1Oxs + Qu/yRA4VWZUCoEmSEkUnFRK3IWvbixu/10zq13trEbJXbs2FhgrIDAT1RbGfG9vd + 5t8SGK6CS3mFESrtUGt3jyi1t4PIEQ8zMJ5RnihhqTWbh9eBLkWwe3n498OstT20 + 397vNTRoNL4eHes6b8x6SUIYhmo1BoMDwmfMldpgh6uxdkT8vU4m/1scaOKMxNGA + 3hCNoyohsZsgaz++bnkSej7PqETbalvDNQE5AkLi1XV9he0IAxc/2aEKGZf2wDJE + 0GmIl0eSdOTTtUiF2GaP4TtseEX9Owa8HANEpxvBTKltL1H5RV1bHyV97WtGeq0Q + AljIZSDoiChvI9PB6FU2AoBV7k1WyrsLjm+AGUIrxRcAo7k8ebLrL9ku4QxW77C0 + GqZ1giFKdXqAKkorDZWzxU71c37xeHP6LECHOJeofDGp3lyJmMJfaaMOCQx+d96h + PekfAVQOnoae0Xj1y6z6vO3ZYcuFevN09A6qUHuA6atYeN8FXx5CuGK9VPuTm/3l + wNf+E4SWfO1JUxAqf+kAmqv99meVCBu+GjA1U6MD2huFAQ4DslgfDDfB4G8QA/9j + pq5+1ZHYdhb/fwnCeNfeLEsuqxZYXNjgEudXmtpo1NHt/TZkz2OeaRUuB/y4ngsf + eUb6f8FXllu60bYd7Qv2lHkPdNpnxoX2/COMPRP1uo5BPrmWLKVglgWwYFDiDtA0 + iS+FzaJHHuD/fERG3a+NRAxPNdQnSw3He2GKC7KXWAQAmTsxLRwBnHaW0F5cbG7i + a3aahFBUUyCZb5k0JX5i23ULzyIAiwEdwCoXV36m1Y+VpyJ2sVBl8/2uWIqlU9uT + cVaxuLicEDDNeMV/kxOd7YQJJI1FqCfkoHMTltdyQnXQ08fXf5OTr2OjXlwOQ0er + MZM6duiak1tLhEaTdji4A5CFAg4DiLcKbyvsTOYQB/9Gt3k/yVhwHwdXg9qptfFe + idCdYgya0OopQp5Ml/D09C7VFbcqO0Cz/EqZ6PiUTjLGQ55jLInA7DXYQNafThF1 + sbPkqSatRTSDIvKuLHqcj1MQf87ZDL47y/Kl0oL3XugdZOTbqvcziY7ydNhXKYjm + XOPwFHEDoQAc4dmwAkx6Mz9kzoEQOXa7gTA6OlFlCvk1O9/pbIR405VEfoz7y/jf + njrkexayQOA1qMH+18Bw4teg8XQ92lbX4XgafVgTZ3nUocyupaE3danVZ0UKmQUP + ON6021SY/gGcrtyc7e8WTWPaETyIAxmnazywmRoEgx06HFH2skaBgW0X8NP0bY+t + B/wPe40MP+mP9SwU3B5ZXcYebuXVbr7IKj77JHQowPk3kqI/+9Pda/fGNhdTLVRI + p2tY7fBBjoQjrm3R5tQfcJBqYP58QSYopyx45UYI00flZiIZg7T6RFJ/WkH88TOE + UajWF8C9Pwli7ey+CBBJvLcPewaH6Z237AhlsbqGA8cpDJkLzoH9P94rIzj+i2M1 + wEQoU+34FbUI6LuYwZ02tMP8sGjVcGdQDrPg7hWzMkWvUCIRD655/fg73CH6BYmO + MrOPGpmtvJHoZ3/Iu2smAK/K6aKaJERn/2SG2ThWsRPgQzBUQqzmWbWylOVdGIP2 + LZExXQGiBkD50LU+3fgDViODhQIMA6zwzgobrGmRAQ//S9hE/kWi7Chk3WbqAt8r + D/5Q1RGkOewGueHcptuSRzDqF6eFuEooLFXjfw7Ccl/2RBPLG/AYJFw72vsuvyFv + nAgIZPAx1yXwOksppbYZL3UMp1AOr+GS5a1hcmmdgeZF7tVyKgGPoa8TOnfBRR4D + f7NBZGe3jwtDWWEjMLTzcvxU4Ne7Lj0QRxXLkYrHiNAQB9jx4jO1jhqMERQYSil1 + bf+SNFVgE+uJLy/iPatUCA/hCGJBR0t6ELdDP5DwGdq0UWHMjrquJviYFgZzfe4M + XkwLfD3nwP9FJXSm4iODL34Ip4X2fNDbsfm20Rh4fJcVs0eaKqxelw35IppdJ8kV + Z7IMJBV/c30i8+8IGFZEcky5TPns4Foqo9aMu5Qp5DhyCyNXXq/rmupfSDIcvkcH + 3mS6HS23P7EL9JPuAQE0pSolYFTTQcfXXFx/2x/eI4y/bB56viwmMFUWG3nRq1EP + 32yc8AtGrZVfdEiVio3AHzmQVh6CDrVoaZnKv2Q6968g+koOnhztpE4NYbbkXpZV + Yo2kdPjtmbu1ADMnUB6jDFRCcYHcCVDcLWuwcpo0UVa0AN+B/q6wWgdCSeI3KRIV + +3RdUl40x2efjo96MynLhOMDbha3nPKrcZzwNtVQ2EExXMWG6VRUvQT9AXpQaiJ1 + s6G0TuSLEFXratsTAp6l0O/SWwHaS7oqSqvcl43r0AH0DZVWONToVi9vndhRL9/P + KI5bJYOtQdi4sq5Iav/WP6/IVtGdFlU0qceGhxzyIqc1muZPHvtUEgjBWoNT3AOf + WnoDdQj/AJ4Knf4n8UA= + =nUCu + -----END PGP MESSAGE----- + s3: + access_key_id: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/8DzaTgZUlIekC3+K84DF4GWMsfDUlb87ja/6t16O48pe4 + 0aXWc8wBmgEtAWicM/Ugt/TSAQp8dnVQiesflRjcyqcnOrTHmQIp91WeesO3vcXi + ggCZgQ7cAlcd2m3wIS83WpiEKq0CNb+3sAVYDb71IwupDhS81n98gIJChgHfN8+g + 9sfbETWzwJh7bJeXieCP61h9JDBNHTX3V1SLl1nS8MmKZ/YoQwJNfePEj7rwr1IP + 1SdbXp5Om/8zL/nrS3S1y9j2V7mUO9q4J3YY3hSsURVby3i0b5njynB187AwqXSC + vPvuyatt5S50PkuLvRbQZPhpvNRYF8UVkfySF2/pKs29+xe3B8EgNmUT3HP2kfjX + bbnMOJC8rZwJHbo/N3yi+Hl2UqWWh2HkpvnBZ67l6bj+3gJ7ZUf8hiZQVamjnjJ3 + 7jZJkZyaxBv2LDXnBai60W4ZpYijJ2aRAJ7XiwIfrYo2RHWKHcst4GuKMBDnOjlT + RcUB6Db4dxvhZjWLbhvm0ZL6aL35ZvfPJUH7M+C+/7SM9/ymrL6JH7FN6imSC8QT + B1ixcwlajSPstfuWi7BKc8t8Q8mea+5EEGBZyzT+GRgdR4ZwtFdznxMQQLmRXauI + iGLuTjEa5zWRvjmUa9gruPsJmHbnWVUXpkqT+CLGQK5ATqvuXGkP/c7Rj8r4jCIP + /jAZ3PYczxazG7RWalbWqtRbGemXWbrCl1jlId043d9dTL8jwAJjb4Hh3uR/qn/r + 5PR7NBWcbSqO9DZ7aWSG52DnNGTvQuhmcSFFZvNxeeGKGJi9WvcrQVubZ8kbYJhs + R5dU/JO2CrQLRMQpK7/0VB4/ofb//Ha9q7uHCSy/hIhJwC7QUIg+mqLLMwFZuTnK + cJqaTxDf+JxtTb68UHMvqK1O//1535oRs17uyPnXIvyEQu/H/DbYxfyKYRe9sgCH + ZIobde634fvfWV0N3+UMr1+sKJMIlXWj6whhv01CoWtyTeZvmVzPvRQLTsZ8Mg1H + vyurAIRbV8QCtS3o/+k4dpXJYQrdQwkr8Qmq5MsCXVDIULslhDIUr+Diu6/0JwZZ + d7NapmgOlXZky6Fei50ilpSUIAYL62I7jHhsd+OI4ktv6621lYmkXfhK5TtQZR/3 + aJFWX2PAU6AkQ8i0sdDG8w5DKdugE1R1NB4OQmyC5fUnqFfTAjwCOmQ1+ZtDV2Ry + ND82AurSv01G6mWPxhE7dlbF+B+JsOc8dm0jr7fl3o/K1RY5rz2cCZzq4B5n17nK + S/YbsRxaegx2gnQ1sssbn35e1IRNHtfS8r/RZiUFnX3qK7IxJuZAlkA9uEXP0nCp + aJufnpHH/7Q/DTM7k7UThu44t6kiEaMLpUakMj/hXv73hQIMA8amgupjyC8cAQ// + bwGUT2Sgyt60btAuFfLEIpNQA8EX/eTVTEhpm0UZ1jAip6oDnAWkmRBYnJ5GPtAA + 3xMoWAQiz1zg5FhxTMMePnF2LRR8ByklnsyoMT0byc7R1MRh5NtNaukTTsBufHeg + XMNpCY9pkCxxGuI/xUQu5E845ftn1v+3QSdha6dBcZo1ihor01jUW01+fRyv62LN + V838eqRa4TPM2e7lJcxHjTXadZlMxM5TcS4F7kNJgMMjGI79QwR3xJipW0J9GqJb + h5QrJcCth7fWdVz/rIBlFFR0XR/uH8DlIQRK8zfuFa7AgvrsgD8z/jtjnSo1IDTO + CVBjkonidFSYQxpyizq419Vky4edbujmVyUoHHw1KiVsRQESYwrRa+Q2sTMLHXPg + hWRH+omU7ac74mwL8//8Avlo9qmul/32mvt2QGVqZox3YZYggrwlUUXBBsHA1VS7 + TeZyfCDedl+jTWtXzMvFeEGlyFuwwTTDvQBedIZiYLlyKtN4alZXvhI7OJGoK8iv + ZJAvlK9/oZJ9zPtn/yxP1tgp6aJdm9eueqaqTvq90pfT8tTsdTaagZ21rx6etylq + TsZ4MrNebDRHDtAY+zMkOnLyNTNPz1Ax5orQXst1Kd5v1E2vM1HJkhyrg6IlZC7D + w6SKl4v0P21XxqBaHlpB2oRwaTZCipZ5WaoE5xBLTQqFAQ4DslgfDDfB4G8QA/91 + vrTa0IAflnq5wiOAkxEHIzm6MpMB8FltVCfSt5rLV6ytd0UQ6O++b9YhPKIKDRe2 + fVXqUlRYwqbdxdjTqE5Yy9vN2cHZW4z7caobfYiH0QMJzOBM9rNUn9i+il5nVGXb + /Loam8QjTpVyfnmWR3EDr85iXYKK0uQeqXL1xD/VDwP8CjBwjTeZpGGakuVp4sOC + VJQqhtcrJmvYivgAG7RbmJ1t6RmzqeU5HogtiL9n4cDyrmNkkTDwiZNPvHFmWLjZ + e2Mrjxchu0j0iCEn/rtnKabKI+HjI2DaULM0/Gz4N72lV0qIrS0y5OwU0RIae2yi + 11k0F7gjk6VemSmrtUgRbxOFAg4DiLcKbyvsTOYQB/9v0AWj7xIv8vXVnuutM+kP + UAXOO2ZN3iQGcTJ0KCWGqMV2YgQS52fIXEnM4cVQQTbN/951QIdAKSzINgTRxxhs + e2mVtiPOtm9H51JHQnOY6Vyz8en4GGDExeVyvofVASTI3CRONl00gMCCHYyfT+cf + 7wot75qSLHgKYrLxDKYxDpAKAMB3CO9YRl4EKYipZowMqLQq3DGj4DK2MV6nsh1q + oFtoK6Sy9P3unYMzPstSJUZfyDS2O9PdLlJouL95SxmwfL7RivbwkvgIKM28sP42 + iEf9aQ2EyHSMfq+bTfI6CREG5m0qy6Y16XRPffobi95snlpN/Tg1H8H39A0QMIa5 + B/9IMEht6HqQMLbJa7rOIeb+o7iWYHSfqHC20s8yIN+0Nvnc6j7pUxFJsHfFXu9t + mqEcpZ/xcfA2Bs6UXwdKdwjfEfJRcVQ1tX2bHsOtUFPTnE3QV/C9JyG/z2iK6Lne + de10IwexVM7nX5s3RVShJrc69cAIkb5yvcL9jUMWhKtoPRosap1AMcroKXr0e1jX + BRrSJj/ETxtMfmOPOtrS+NCl3nEuSvZ5bZQjJihWfbAynm+BIkKUmXmlSdVs6NkM + tgHMkrR3CPRouLktH67cZb3L/y6qbdfgnr8lmHEglSolY8sRewIWX7PBrnId2GXG + 07tKYHUgECd9mC+ff3GAjQnrhQIMA6zwzgobrGmRAQ//Tzv0im3SE3ESn9r5bi3a + uqniRW/MpqfoSqgDHq5ikkwOj1bmxRYZoRnCKh1F573r8XnCUhvhNZgXj+tcoCKA + 8z6itJE/8Q3g3dGHhR7i/1RLIArq/IsjAar0s0mJYtn7vr3dzZr52Cf+Y31vBXOl + rPN7H/giB0qqNxhZgY4zdVV9z7sbugdk9O0c3VQy1S1ZuaCL1YpyO03ZULqABM3o + meV+Pr6U2qRJGOzHQtsGztq/pxkYWG81Ai+2rctYUlYY+tEx+Q435AXfd2Wez1CA + 4RBKWSRoKPXGceR0JFp2MheX5PVwqJ898uGxg+A2MtwLQgVrBARBcQCcq0G0Sq1R + a+b491WRbILjUtpNsytpLueID1AMZrKYOMaoa0eHdFH5naz4Xa/5GyB4jOxP+a1V + OTW380G+Qowe09MW9Ra6Lz4UAOJaSeLvoxXOwcdTAuwjFlPo/LDdZp9Ali/XEd51 + 8cu5MScAJQvm8oVDtQcK1Q21ff+tzxYh4miIZWWWgmU7FaEl/ZycREbamzTrg3KM + F1j9m4ivhVchACFAxJUIl08iGucn0BgXp+n8Sj9CgkUcBZkc+7JWcYJ3ndgaj6qx + HV4NksxGxXv9Wy4K8XsF9NS+haq5VOwVCNUl9/h/wiUQnhlqWqSp9cu3Kl1WHHTe + mVmK79RkavShYSfAD1Do5GbSSwGQ8qME3xDdNnalKnQJbcjTJL8cYRdMlBArDy8Y + 0qLE+1YRloqrlgjCVMGJvpBLQaw5iuV/jdjzYKS2OaFSgfX4RLdKQTFr0Vh6Lg== + =SS0G + -----END PGP MESSAGE----- + secret_access_key: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/9GJmi4NDSY4lm13PBhQ34M6D1QqHoGrVRRj57l2fmKTZa + ZrBWcrTUSTwLEHEiNTO66ep2yxaWhVYRcy+ep1H3MMJWEhLKDgsE8LHgNLvUNdFx + FD5IMts+DCoAQGkVR+r5srDYtrMXy01soRcF+NZ7uYV/8OxRkru5MlbKR05YWNj/ + MT//hYwh9Pg6enPc2kFyP0iGjjgafw2Y0GUFvBDxYwIRFnigrsLN8BxE001QvTuI + JSZdAKUJ/gEgwO9/P1IKBKnekiICQ4jaOfR/W3az3+LWa4wui/PaxbCxY99Un0lr + co2fuJZhz2qnBCC4AfeGEbwk+WUuseMwPMaBoj4+m6SSSYUcLzDt5D6HO6ryJ2+c + 5ZkgWnJ77m3UJHYzkjHfx5nWDySjOezJTRWSdn9scnKAzc1sk1iGulqqTBBY7qG/ + RZoQ/eimP5emuHWNoukX+eEuuxk3ij1cQXmggFDni9JGeFMj7sQNoxwjAgayWjp9 + hSqZSgofmZ66+CbtEW29r7peqRWfgN/Q0GjlEI8s6tf6sZTzoMgHWfAwk2DL/VmO + ZVNtH0nZ/0Mt1AZSfyNu41ftoIELDaxez1ML0pDYamsYmYtZTIXW162SFVMYwBQV + JaZqQ0CVt8AsmFzjOduUjnlHPuZzxx199EvwMgWnHxQG1xqsV3nmFUY4WwwtImAP + /RDtj/+NyE57iFpt0eZoSi04PASH3jA7wVFi2viPtHhJcZyQyiPQBoco2oxvSjIX + cRQ0uFxu+bS/mIuzDNQXso83MhdneeazpOPWyYE8Yr9At+Y0BNwQmEyn50bS3tiJ + TB0DAmUnRs6DyTfXqbWhfmavjFKYB9tv630s5Q1YQlIfesgDiq6O+jhG6HKEkip1 + U+557qDz69uWkkhmTQeShdFwZVGppSI1y92CxMtoOdlYpr8llYEusStkHy76emts + hI+oZy0Px0N7bNAlvs1GLxABAk7mGdbuuqeushY94Ym/rp1RRtDfxajh2tGSksMo + +CCtj9j/Wg4LfH+R2nue6oYFUTCGBopYC0Sm6pEWjI1W920MntdV54NdeoiwmxHs + 1Z12VkcLALu6Lj7GJMU3hhstQrHteHzYw+tnphXqmb+BefXvSaHrDY+BMeD9Ts/q + Q4keLQ6aXj3EMD8wlSjta6MD4p1MD3yLsf1HpjhVd7suZwbF4cpX3lZ8e66Yocoq + BIO03A7qRXi9Ry7mMwvFL9VmURP213gAvS1wg7qR1r6KIZbK8IKKK+kpzhdobdvo + PdBVlHaO5UufQeuXkGj+aVWIAZCl5a9Lh2ENEfC9JbVd3EmrkfE4NLqjCaxYBooP + Cjb9Ojf2hG3y6GOAjDjrnL+vKIAw1Nlp1LdSiyPTP55VhQIMA8amgupjyC8cARAA + u3xwi40P0LMDgCZCinljFRaH3K4i/ZrkBf9Puu3dfYBlp1iRDJ6avhSknOREf7vn + KwhXSxQf6+ZPB3wfIRLPiQkOpCAfaTppfMikZQ+VmICzwi7vAWVoJxNHwr+eYCYy + OY3b4UDZLPLqGAfrHcoEUf4RampKokon4Kr+D1SMqe5aFgbhcBBllEsVrIGTyz20 + ze9Xcm7NUJEbXy0KaKfBpvirEfiXmc1rsE6pyp2tfN64GKT7pH2YKmgZBXQL34Tg + FpQkMYu/hrD8SJjKfdZsmPWolXqxdctMLRsrF2riZR9tRXzxhQd2ZabCNIQKaDvQ + C992byfPShHn2PpbrsE+KXALF3m2seluBx7Ogg+0td6ps7lL59UvDhR71XVC5+Qp + CE4jO3FhhRbaeU/kSGp309oGAlb8sqJeso1ekA2vCcvQOTSi5Nr6rAMUZTPxVhP9 + enxmyE4F3oKnxDylzyWzoRIyvjytckoF0FwwPbtBfxcNg67s02IQznaR546LpGrI + FUGfVTPJguh5PZ3+B7BVt8tKoHEwcCNfJP5/4GJgQQG8N30HTQE+ZpG4ewcYj4yw + ADQGHK3VW8p4WglkYjGjiLPd8TkHYC3gp07XpgUPt5U0zBXvkf9eabLsO3cBgoV7 + 2Z8dkQCJpxHr2ZVYb5BZV+En0HIx+3KXOV7liaJkABqFAQ4DslgfDDfB4G8QA/9X + eM76B5ryKMkKIrtkRWTGkiu1haaYQ9+eMz2oVL/ZAU3TzCZuocCSM3PVKMcZypXP + HyoHZwwtbrGYw9Vl1LSOtvAypfMVQPjnRgANVuAm11b8AoclSh7NvkMUYQ8AMNoh + hS7hznApJJnyaBajg1SDc4bWPa24N1NEK/dJT5YhkQQAvCOecjfS6avx70ybJBRD + ql9wnqIBYlKpsJCoRMdAAeRoGgH8zwHesVwZSje4Sh6lNrNGmPqIuONstjsUIpqm + +4DCGqzv1wf2TtJ9uS6sVzMYUgesynJ+Xw+P5t/pNyy9eOxi4/kA1B1AfEThviRM + woh1p4KmJzEPx/T2jGHGORSFAg4DiLcKbyvsTOYQCACrlQIhddik5RDH3QEHh9xk + id3shkJOSQkFnUOvkYqp7L62BKmyl1L0ko+/FRa0zOS3qBMhuNfZxEu1V/pZsaYj + G0y+uh0Uw/hb+c82P8QMa3PdtCu33/jAMxUBnZEGiKTKm0t44PG+MJHCvJLMsX38 + aAtuxKen392LjYwFXDOX4hmPkyRIh3CIFfps/v/QjMl22yfR7RIZb3eTNXhcBM2n + VoUoC/Xe3HK12xHPoLtsbsQYrFPRJPByr3Muj8kn4ZN0aug5vQ4oLEsa2/fjOAeT + O9c9VuyySLumrMSFz+dr5e/4q2dgLB6aLfcnccb3t00QoPcpMc1zNjohGH7IC9Zq + B/91w/lLY3JQBQX+MkG+xNXMuS8RPMe5MOMmcxGoxhLd9pu7ReTBnhb+KTRbemt3 + NfufOQjmsaofJOWzMSRHRCTfvqdXvlESas7mKGrTYmLn+Wl6rnZxloJHmszmwT+r + WdpGY0MmMHAhTVyYzwH8xjNfxFv9qoyd2MFQnjlB/5V2qJs52YmxQ9m/zQ5ZhNB0 + guTwQg55A3I3u0BIFkjvL79YCP4cJo60gwKDDPxWr7MSSVoFruKab08I+8btJcdC + a29MaQWX3joYV8qdLn5ZVLbDbQWMTWZy69a2Av40tHedsJBX2iUq8OBut/OLY3Cg + XdQFo36xD76t5GN5+MAQdNrxhQIMA6zwzgobrGmRAQ/+KeD6B4U7jHYbgaHr+IsG + HKrhSsd/fFc3IrDeezDbUse4Uh3YuMsVFiQFbLLV8pkESJSm9IFPxttmr0c5zbrD + Fd9GoZkfBA58vD/l9ZT1I+39gLdoh9LvfuzCTup1XWCqlaKFD2FGjWZ2cItRQx/E + gipBbcCfiF8TnMSdBlMt9IZC3uS22ENOEbegn5BLDWhKaGvqhdcreupuFbBW8aPn + nBqtG7DQBTtQfJ/NVxVyUd9gY9i9SWV7ZMSupFU4XKBZisjckv+8oqG0t+iiPm22 + k+yJwG0sj2FWZTH2gctofExhUr1eCnErip6rwcXj/Ffu7EdfrUZhbQZlGxI9DWGK + FMef9Rxh4tJ6NF+55nV55Zihhdfg0ISz0J4Jifje7wTkyfTomb2jEaBcJ5neHCAx + 74VlF0P1cCcnyt/liYamtYb9jL3tF5u1KlGbz/Mkgrnj/FSdNxLwLYlO5BJ8FeBV + IZpoeuj+8kE96dCekcODwF0PyWLxM/SdbdXUonuyreWfgKidTC8UxlsyVPq8yYz8 + SrB4Z2tdRLFFdosA9VgZjYwhw0n0I7jmlLlC8yS1Og9MZvCsCEHEVrfBeBdBKB8n + t46paJ7qLKuHuyRrY1H5JCv72j/C1sMIPVMvTtLPjcHkSvPGJcRqC1pwUsuVxSgz + qnGJlrEQqSDibXO40+lnpTfSWwE8KOAcPxl1iSpNP0io9P8S1RVA3scqVPcsLb+n + RyvtM93BnNtiTaq1KhT38YC+vOuVQixQ9n0VGL1A8q6ir9qOl3J4pE7wax60MAr3 + JY8fdpDahlS2Ish0+gw= + =nRKJ + -----END PGP MESSAGE----- + +postgres: + users: + paste: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+KAGtTUu46FDc0LsttarxXvIGEmBoRiGIrhh+F+iqAjdn + 09KxyvSAMYWghMLEFPJ2T9HdIKD9t+D5p/4OZuDG4kcqvU9IS5SZlZNjQLv3bI47 + rDM65pdkvegRkaoDCU/ahBcRnr3/WDYSFepe/BM3dvHoxqqdvgDAvW1TponXRxtQ + MIR2MzFfLEUSwVx0mOamAcf30vP/w5w3TYMZzAfYCeo4i6w83b+S30GXaYUeQV6b + Y4AK8ioxXt7rMPqJxGd6wWb+S7llmTd6MscXovWzTbazNNcdTGlA4U/y6CDHHsYT + TqPVSAV2SxIWpP+CwYGZy4/2rJ+b4kgQiFtbRQDPhdBF8M1eI1/r1pPh7YVotr/4 + l0MItV6A6ubzktN4Fhw/15qdQWJLHV1bb2rZLWwaxRQQiToqR5njQDV+DXk8fVCJ + PueNTxWWT2bGjks9vaNhdsUIvYH4/7nqNQcGXf0PG3QZ09ZMy4Qs6wBkzQt2EL+k + ElU+lriTJsJrMxfQ+A51dFQGSiOXlCXJXPoset4/ilnYMqSBcf+NFnthRW381cZa + QikDStWDo2H9lyiV0PSgFG6Sw6paC6r0oCCF9B7Dt4+cctQgf2QJYjrA4b7oFRBc + 9ufoGBUhC5N2FumsEUq6nuSiL/D4daGkhpHRkgIcSkWKv6kqXMbksT76wp1ny/4P + /ibGv8+7miwELGOnI8c3h5QmsnXTsSATsGWUk9SnOoHt9EFeAZSo+G7LkLKxO/sR + sPsttovFrORkTqit1avbdc+3CZz8YK6lgQkT//EMilvrGDRzuuDZ4vFvOKLv66DN + owwhT7UCOs4AVkEThfsZ+I53s6P/fQ45PvGcvRsS3pjXwf6w0t4CdD4wxhawH8pE + wgv/W65yKkElMx4BRowuW2gnkVVCfs72TCtZBqxwhY09pwcDUlt7XlzGr9nhYROJ + 877T3TKWJNPgOIDVCvpnNH73mc1NKZTIfOLLEphv61Slk1hzjlpNikOikBDSBpP5 + zl0OHve5wsK+8VYDaHIjiv0wjBlndLvU9/bOmaA2jzWprcVnDLe9S//VzhUpc9y4 + r8dZdihAIf41EbqV3g3fGP5rc1j7CzV/aWRSuTqUtSvOtMQD+3kokh3lAhEZHeCB + 0IgBmRafYeWn802HZhDm9WeZNOXrjvhNqtW3cHf+BzF2o9RLWR8sfw+eBAYIelir + ct8IJuTU0Gwp0ZIE+RHVU8ij0jzkJ2Nlo+doe+SCFdd4EaDhxEXF+yakNcUuqt9h + +rFMqZaWxBG1Q5eS9lj8+GP7e+EvVbD3L64uRd5Ys/CT4WB0KcYppUHRiewsn+Ev + tBzXZzoA4OlRcxMDYL0ZaGT6TyXJ6b/xwSHYLF0EWcmWhQIMA8amgupjyC8cARAA + ugc3zXCiZkw6KAlxinu7GkY2kQ+VcQa6o0Aec55rOy0rsZASpNPZH5eU14HsTzUC + Exm1w3ghc4gDJUuE2miA303FjMpDr0EvSzn3CetJFRxhvEjP0C+D1QwFWTPryDmQ + HMZ64bU8SUHcchFB72j2Ikjv2gCGqg3/AgtbTa5ZVND/50hNarA1ymomC/4Pu5/Z + mQ1DznWz9RlmmbhsJKMDJS257FEz4KGOadVmJhujU6hoP6pjcICdtgfJCfi+SYAJ + eH+MlarY8HJfhZ8PFir0gwsMNI82CHVizNe1HKXHvrPNUKLcf+MN4F6S4sF0s3xe + YkvzqyxICCHl3aw6cGyxMUzw3+7PGdOMoNZta7hHZTwZMWFVKjhQjigx2nkojb2T + rgE26Xi6mphtEjLjt2bzDOdZut2HPdisMe2EM8ALEZCyL1DeldzAbf5e8El6KfBJ + yNMnvks3BLLI4s6tshhCSscZCizG6oCELKJ+f4QYaKB/bjc/DDHEfDftKCOgYe66 + qM+WN5HtOzx3iAIAzu4GZzdOcXJNRqHtby431RWtbA3/w6xZ/dD6hrQUHNM9C+nQ + IbXfhdmaEU88Q1numuBmk9OEgs6CRAGwImbkLPzFUNtcEfcgr1M4f4g6NhysCLpj + OamTSA674VNZGcGFW2sGctzc3oRwj1gO0kvEuVlXKaiFAQ4DslgfDDfB4G8QA/9z + nzQ4ZmQ3+WDTVmWmnVQVJladc/mzWjOCkMQ93Lxah7kQnq5zRLcQC32aywofhw1p + mikTWswlfPWwYHCfg1IV0tkuHz53bTW+z0UoLf37vooeFaYThIxQwjkzRYW33/3b + dH4/FfOaS5SadFa+XZBzDlfbAX9LtXoEuNoG1PVW4wQAjtpZNcLn2kkPJpLENWX6 + gll54NazX2m2LjHs4xlpxMW99bAaDe8oFxwYQ+vEw8vgRwp4R2VVWjBi9q6XOS6/ + vl32fpPuNNVJKPuhcivMwzmim+XZj0osVY8gdKPeiba2MZenS+FWkpMTZB4RM8XP + MUwbUGjkt7wcbJHcMJk2xPeFAg4DiLcKbyvsTOYQB/4xJ6Q05wXrnPVDM8BF+9u+ + zzhv0ZR4lqfkZbWVldfPbaIBXEkIowF+ElUv6VfEnxW0k9KupL9lYj8P4B+5gTjF + 2TLiG9IseK01raGcei/mtxy+JpTeTUtUzDnfNW7rlQGDxwiDm9rhD+Dg9rKLA1I6 + kiA064Ke85j80Hc0w5A4L4aqP+3p5A6rQeBYdSLCAqe/gw127CbPx1JbdXW9r3fd + Osh//nIciDpi5PBHStsI1IrUeifridSc6ZMELD7BXvutnVk2JZxpDASBN7MWK5hk + DkUncC2/lfByLicgllTTpMJb5q9T64wrRh+qMo4DLKEBCBbaeRlOT9NePUcir9RW + B/9YvWMMWOjVOQpER1o/2+th4N6hIoEm5DmlyVbjotqOa6iXl6V7zIEjXuqq6O2V + uwRaaSCfYvTVnSNITuz1Z5sN1zkjW4SH67vAnuuD20OUU9jxejc6zGMe6Di3E3YJ + oMbDlHFxug9+FS8qyc9UvKb+lkX6e5Wmd9CpdO1MT7DekOT3Qccpl4aebX11QxdJ + ozEUQJcCIRx4Cq/Dq+aGvi9Zt5N7vVBmhzDP3oa7dyPGZ2pI+GD2V12IxAL6ZWBJ + sK5WstneIbbMqKMnjI7myNZxERnBp1k2ww410u1Ph+hO7Z9nooEAN3rTuCWfQeVH + erL41hsFGOK0FaQQyM0sS1VxhQIMA6zwzgobrGmRAQ/9GRkMHwLo0oBG0yRv4cKS + 9P0Vkm2gkLpfV94GxJvK87W4OUfAX3HXxBqalht7+7Kn9Pc3db6u1AVrbOWNyVfx + iMPsNfqZkJalScs6ygs/QSTgfR7Lx5ILkhP800Td4sevgjc9g7QSVbB6mA2jHKME + tcSkoEFh+7xTOOgVVgcuT7lBWtky2moVnu1Tvlehm4MNEty3nqm87qsxNq5iMaeM + WbvuI8dlkKQWBbVA4sJyvlPWY6BHGy+bQfeBMSn74nsN/q7AntRvdi4JdGwyF5Ze + RAwW2Ltr6UWldM+ZK6isPLHamE2l2Attxn2xDlJVKdUOg9Ev2b9c+X6PSnlm5VIM + J59Bpn94xZ/FcherjhfBudN67Upt1pl1ue8UzwqDNxQpCK2v/WK/9K2SMjEUg7ZG + dBMWQpSypb9jBmKwZh+jM50yvPSZNTaqGDNRCtvLRSMcgNqYuQ+hbu+qxUggq9Gg + NrN4rHivtmo/DK3WnZ9lVwCk8umon1RgT3ESEzEoTZiPkCISufvzrhQMDlI1aZZi + 7FQzxFR5hRNLba6q26YWW5vijL4LHE0XiNNGXNrg5PWKvDpR4D097se6+pzvGFwb + Ulism5f5QhINT8TAUJmvRf8qg/7vQl4Iz6L+aWWWZw9ZqIP6V1fURHfH4TRVo4K9 + nMnr+ZPxAIAqtwvNMUIhg9zSQwEc3JIS046URZM1fXvuUvUgjc33kD8WmL9dJPP8 + 7B2ld6kQdsOR6d5D2sJEFrdCp5oaD/z0xxkLVI8YsVlWDURIITE= + =49/2 + -----END PGP MESSAGE----- \ No newline at end of file diff --git a/salt/profile/paste/files/database.yml b/salt/profile/paste/files/database.yml new file mode 100644 index 0000000..5dfde7d --- /dev/null +++ b/salt/profile/paste/files/database.yml @@ -0,0 +1,7 @@ +production: + adapter: postgresql + encoding: unicode + database: "{{ pillar['profile']['paste']['database_name'] }}" + username: "{{ pillar['profile']['paste']['database_user'] }}" + password: "{{ pillar['postgres']['users']['paste']['password'] }}" + host: "{{ pillar['profile']['paste']['database_host'] }}" diff --git a/salt/profile/paste/files/paste.service b/salt/profile/paste/files/paste.service new file mode 100644 index 0000000..cb99db1 --- /dev/null +++ b/salt/profile/paste/files/paste.service @@ -0,0 +1,17 @@ +[Unit] +Description=Paste Rails application +After=network.target + +[Service] +Type=simple + +User=paste + +WorkingDirectory=/srv/www/paste-o-o + +ExecStart=/usr/bin/bundler.{{ ruby }} exec puma -C /srv/www/paste-o-o/config/puma.rb ./config.ru + +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/salt/profile/paste/files/site.yml b/salt/profile/paste/files/site.yml new file mode 100644 index 0000000..e7bae12 --- /dev/null +++ b/salt/profile/paste/files/site.yml @@ -0,0 +1,20 @@ +production: + program_name: openSUSE Paste + theme: openSUSE + authentication: + openid_connect: + name: :oidc + scope: + - :openid + - :email + - :profile + response_type: :code + uid_field: preferred_username + client_options: + port: 443 + scheme: https + host: id.opensuse.org + identifier: "{{ pillar['profile']['paste']['openidc']['client_id'] }}" + secret: "{{ pillar['profile']['paste']['openidc']['secret'] }}" + redirect_uri: https://paste-test.opensuse.org/auth/oidc/callback + sign_up_link: "https://idp-portal.suse.com/univention/self-service/#page=createaccount" diff --git a/salt/profile/paste/files/storage.yml b/salt/profile/paste/files/storage.yml new file mode 100644 index 0000000..749b81c --- /dev/null +++ b/salt/profile/paste/files/storage.yml @@ -0,0 +1,8 @@ +local: + service: S3 + access_key_id: "{{ pillar['profile']['paste']['s3']['access_key_id'] }}" + secret_access_key: "{{ pillar['profile']['paste']['s3']['secret_access_key'] }}" + region: us-east-1 + bucket: paste-o-o + endpoint: https://s3.opensuse-project.net + force_path_style: true diff --git a/salt/profile/paste/init.sls b/salt/profile/paste/init.sls new file mode 100644 index 0000000..8ebe8ed --- /dev/null +++ b/salt/profile/paste/init.sls @@ -0,0 +1,103 @@ +{% set ruby = "ruby3.1" %} + +paste_dependencies: + pkg.installed: + - pkgs: + - git + - tar + - make + - gcc-c++ + - zlib-devel + - postgresql-devel + - postgresql-server-devel + - {{ ruby }}-devel + - {{ ruby }}-rubygem-bundler + - system-user-wwwrun + +paste_user: + user.present: + - name: paste + +/srv/www/paste-o-o: + file.directory: + - user: paste + +https://github.com/openSUSE/paste-o-o.git: + git.latest: + - branch: main + - target: /srv/www/paste-o-o + - rev: master + - user: paste + +paste_ruby_dependencies: + cmd.run: + - name: bundler.{{ ruby }} install + - cwd: /srv/www/paste-o-o + - runas: paste + +paste_db_migration: + cmd.run: + - name: bin/rails db:migrate + - cwd: /srv/www/paste-o-o + - env: + - RAILS_ENV: 'production' + - runas: paste + +paste_assets_precompile: + cmd.run: + - name: bin/rails assets:precompile + - cwd: /srv/www/paste-o-o + - env: + - RAILS_ENV: 'production' + - runas: paste + +/etc/systemd/system/paste.service: + file.managed: + - source: salt://profile/paste/files/paste.service + - template: jinja + - context: + ruby: {{ ruby }} + - require_in: + - service: paste_service + +/srv/www/paste-o-o/config/site.yml: + file.managed: + - source: salt://profile/paste/files/site.yml + - template: jinja + - user: paste + - require_in: + - service: paste_service + - watch_in: + - module: paste_restart + +/srv/www/paste-o-o/config/storage.yml: + file.managed: + - source: salt://profile/paste/files/storage.yml + - template: jinja + - user: paste + - require_in: + - service: paste_service + - watch_in: + - module: paste_restart + +/srv/www/paste-o-o/config/database.yml: + file.managed: + - source: salt://profile/paste/files/database.yml + - template: jinja + - user: paste + - require_in: + - service: paste_service + - watch_in: + - module: paste_restart + +paste_service: + service.running: + - name: paste.service + - enable: True + +paste_restart: + module.wait: + - name: service.restart + - m_name: paste.service + - require: + - service: paste_service diff --git a/salt/role/paste.sls b/salt/role/paste.sls new file mode 100644 index 0000000..decd3f7 --- /dev/null +++ b/salt/role/paste.sls @@ -0,0 +1,3 @@ +include: + - profile.web.server.nginx + - profile.paste