Initial commit
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
new file mode 100644
index 0000000..9d53feb
--- /dev/null
+++ b/CHANGELOG.rst
@@ -0,0 +1,9 @@
+
+==============
+apache-formula
+==============
+
+0.0.1
+-----
+
+- Initial commit to Community form
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..cc41a65
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,15 @@
+
+ Copyright (c) 2013 Salt Stack Formulas
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..beb4b3e
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,129 @@
+======
+Apache
+======
+
+Install and configure Apache webserver
+
+Available states
+================
+
+.. contents::
+ :local:
+
+``apache.server``
+--------------------
+
+Setup apache server
+
+Available metadata
+==================
+
+.. contents::
+ :local:
+
+``metadata.apache.server.single``
+--------------------------
+
+Setup basic server
+
+Configuration parameters
+========================
+
+
+Example reclass
+===============
+
+Simple Apache proxy
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ enabled: true
+ bind:
+ address: '0.0.0.0'
+ ports:
+ - 80
+ modules:
+ - proxy
+ - proxy_http
+ - proxy_balancer
+
+
+Apache plain static sites (eg. sphinx generated, from git/hg sources)
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ enabled: true
+ bind:
+ address: '0.0.0.0'
+ ports:
+ - 80
+ modules:
+ - rewrite
+ - status
+ site:
+ - enabled: true
+ name: 'sphinxdoc'
+ type: 'static'
+ host:
+ name: 'doc.domain.com'
+ port: 80
+ source:
+ engine: local
+ - enabled: true
+ name: 'impressjs'
+ type: 'static'
+ host:
+ name: 'pres.domain.com'
+ port: 80
+ source:
+ engine: git
+ address: 'git@repo1.domain.cz:impress/billometer.git'
+ revision: 'master'
+
+Example pillar
+==============
+
+Roundcube webmail, postfixadmin and mailman
+
+.. code-block:: yaml
+
+ classes:
+ - service.apache.server.single
+ parameters:
+ apache:
+ server:
+ modules:
+ - cgi
+ - php
+ site:
+ roundcube:
+ enabled: true
+ type: static
+ name: roundcube
+ root: /usr/share/roundcube
+ locations:
+ - uri: /admin
+ path: /usr/share/postfixadmin
+ - uri: /mailman
+ path: /usr/lib/cgi-bin/mailman
+ script: true
+ - uri: /pipermail
+ path: /var/lib/mailman/archives/public
+ - uri: /images/mailman
+ path: /usr/share/images/mailman
+ host:
+ name: mail.example.com
+ aliases:
+ - mail.example.com
+ - lists.example.com
+ - mail01.example.com
+ - mail01
+
+Read more
+=========
+
+* https://httpd.apache.org/docs/
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..3b04cfb
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+0.2
diff --git a/apache/files/_locations.conf b/apache/files/_locations.conf
new file mode 100644
index 0000000..ebfb1e1
--- /dev/null
+++ b/apache/files/_locations.conf
@@ -0,0 +1,10 @@
+
+ {%- if site.locations is defined %}
+ {%- for location in site.locations %}
+ {%- if location.script is defined and location.script %}
+ ScriptAlias {{ location.uri }} {{ location.path }}
+ {%- else %}
+ Alias {{ location.uri }} {{ location.path }}
+ {%- endif %}
+ {%- endfor %}
+ {%- endif %}
diff --git a/apache/files/_log.conf b/apache/files/_log.conf
new file mode 100644
index 0000000..d13556e
--- /dev/null
+++ b/apache/files/_log.conf
@@ -0,0 +1,5 @@
+
+ LogLevel warn
+
+ ErrorLog /var/log/apache2/{{ site_name }}.error.log
+ CustomLog /var/log/apache2/{{ site_name }}.access.log combined
diff --git a/apache/files/_name.conf b/apache/files/_name.conf
new file mode 100644
index 0000000..03f0dd2
--- /dev/null
+++ b/apache/files/_name.conf
@@ -0,0 +1,8 @@
+ {%- if site.host.admin is defined %}
+ ServerAdmin {{ site.host.admin }}
+ {%- endif %}
+
+ ServerName {{ site.host.name }}
+ {%- if site.host.aliases is defined %}
+ ServerAlias {{ site.host.aliases|join(' ') }}
+ {%- endif %}
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
new file mode 100644
index 0000000..cc727c4
--- /dev/null
+++ b/apache/files/_ssl.conf
@@ -0,0 +1,11 @@
+
+ {%- if site.ssl is defined %}
+ {%- if site.ssl.enabled %}
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt
+ SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key
+ SSLCertificateChainFile /etc/ssl/certs/ca-chain.crt
+ {%- set ssl_mode = site.ssl.get('mode', 'secure') %}
+ {%- include "apache/files/ssl/"+ssl_mode %}
+ {%- endif %}
+ {%- endif %}
diff --git a/apache/files/_ssl_normal.conf b/apache/files/_ssl_normal.conf
new file mode 100644
index 0000000..b99fe80
--- /dev/null
+++ b/apache/files/_ssl_normal.conf
@@ -0,0 +1,2 @@
+
+SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
\ No newline at end of file
diff --git a/apache/files/_ssl_secure.conf b/apache/files/_ssl_secure.conf
new file mode 100644
index 0000000..553bce8
--- /dev/null
+++ b/apache/files/_ssl_secure.conf
@@ -0,0 +1,2 @@
+
+SSLCipherSuite HIGH:!aNULL:!MD5
\ No newline at end of file
diff --git a/apache/files/collectd.conf b/apache/files/collectd.conf
new file mode 100644
index 0000000..78e2514
--- /dev/null
+++ b/apache/files/collectd.conf
@@ -0,0 +1,9 @@
+{%- from "apache/map.jinja" import server with context %}
+LoadPlugin "apache"
+<Plugin "apache">
+ <Instance "apache80">
+ URL "http://localhost/server-status?auto"
+# User "collectd"
+# Password "hoh2Coo6"
+ </Instance>
+</Plugin>
\ No newline at end of file
diff --git a/apache/files/proxy.conf b/apache/files/proxy.conf
new file mode 100644
index 0000000..060d45b
--- /dev/null
+++ b/apache/files/proxy.conf
@@ -0,0 +1,20 @@
+{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
+<VirtualHost *:{% if site.host.port is defined %}{{ site.host.port }}{% else %}{% if site.ssl is defined %}443{% else %}80{% endif %}{% endif %}>
+ {%- include "apache/files/_name.conf %}
+ {%- include "apache/files/_ssl.conf %}
+ {%- include "apache/files/_log.conf %}
+
+ {%- if site.host.admin is defined %}
+ ServerAdmin {{ site.host.admin }}
+ {%- endif %}
+ ServerSignature Off
+ DocumentRoot /var/www
+ ProxyPass / {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }}/
+ <Location / >
+ ProxyPassReverse {{ site.proxy.protocol }}://{{ site.proxy.host }}:{{ site.proxy.port }}/
+ <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
+ Order Deny,Allow
+ Allow from all
+ </Limit>
+ </Location>
+</VirtualHost>
diff --git a/apache/files/redirect.conf b/apache/files/redirect.conf
new file mode 100644
index 0000000..872ddb1
--- /dev/null
+++ b/apache/files/redirect.conf
@@ -0,0 +1,8 @@
+{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
+<VirtualHost *:80>
+ {%- include "apache/files/_name.conf %}
+ {%- if site.host.admin is defined %}
+ ServerAdmin {{ site.host.admin }}
+ {%- endif %}
+ Redirect permanent / {{ site.target_url }}
+</VirtualHost>
diff --git a/apache/files/static.conf b/apache/files/static.conf
new file mode 100644
index 0000000..c29b166
--- /dev/null
+++ b/apache/files/static.conf
@@ -0,0 +1,19 @@
+{%- set site = salt['pillar.get']('apache:server:site:'+site_name) %}
+{%- if site.root is defined %}
+{%- set root = site.root %}
+{%- else %}
+{%- set root = '/srv/static/sites/'+site.name %}
+{%- endif %}
+<VirtualHost *:80>
+ {%- include "apache/files/_name.conf" %}
+ {%- include "apache/files/_ssl.conf" %}
+ {%- include "apache/files/_log.conf" %}
+ DocumentRoot {{ root }}
+ <Directory {{ root }}>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ </Directory>
+ {%- include "apache/files/_locations.conf" %}
+</VirtualHost>
diff --git a/apache/files/stats.conf b/apache/files/stats.conf
new file mode 100644
index 0000000..fd53e1d
--- /dev/null
+++ b/apache/files/stats.conf
@@ -0,0 +1,18 @@
+{%- from "apache/map.jinja" import server with context %}
+<VirtualHost 127.0.0.1:80>
+
+ ServerAdmin root@localhost
+
+ {%- if 'status' in server.modules %}
+
+ ExtendedStatus on
+ <Location /server-status>
+ SetHandler server-status
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.0/255.0.0.0 ::1/128
+ </Location>
+
+ {% endif %}
+
+</VirtualHost>
diff --git a/apache/init.sls b/apache/init.sls
new file mode 100644
index 0000000..f22d2ac
--- /dev/null
+++ b/apache/init.sls
@@ -0,0 +1,5 @@
+
+include:
+{%- if pillar.apache.server is defined %}
+- apache.server
+{%- endif %}
diff --git a/apache/map.jinja b/apache/map.jinja
new file mode 100644
index 0000000..79bc237
--- /dev/null
+++ b/apache/map.jinja
@@ -0,0 +1,46 @@
+
+{% set server = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['apache2'],
+ 'service': 'apache2',
+ 'mod_wsgi': 'libapache2-mod-wsgi',
+ 'mod_php': 'libapache2-mod-php5',
+ 'mod_perl': 'libapache2-mod-perl2',
+ 'vhost_dir': '/etc/apache2/sites-available',
+ 'conf_dir': '/etc/apache2/conf.d',
+ 'conf_ext': '.conf',
+ 'log_dir': '/var/log/apache2',
+ 'wwwdir': '/srv',
+ },
+ 'Arch': {
+ 'pkgs': ['apache'],
+ 'service': 'httpd',
+ 'mod_wsgi': 'wsgi-apache',
+ 'mod_php': 'php-apache',
+ 'vhost_dir': '/etc/httpd/conf/extra',
+ 'conf_dir': '/etc/httpd/conf',
+ 'conf_ext': '.conf',
+ 'log_dir': '/var/log/httpd',
+ 'wwwdir': '/srv',
+ },
+ 'RedHat': {
+ 'pkgs': ['httpd'],
+ 'service': 'httpd',
+ 'mod_wsgi': 'mod_wsgi',
+ 'vhost_dir': '/etc/httpd/conf.d',
+ 'conf_dir': '/etc/httpd/conf.d',
+ 'conf_ext': '.conf',
+ 'log_dir': '/var/log/httpd',
+ 'www_dir': '/var/www',
+ },
+ 'FreeBSD': {
+ 'pkgs': ['apache22'],
+ 'service': 'apache22',
+ 'mod_wsgi': 'ap22-mod_wsgi3',
+ 'vhost_dir': '/usr/local/etc/apache22/Includes',
+ 'conf_dir': '/usr/local/etc/apache22/Includes',
+ 'conf_ext': '',
+ 'log_dir': '/var/log/',
+ 'www_dir': '/usr/local/www/apache22/',
+ },
+}, merge=salt['pillar.get']('apache:server')) %}
diff --git a/apache/server/init.sls b/apache/server/init.sls
new file mode 100644
index 0000000..df5ed64
--- /dev/null
+++ b/apache/server/init.sls
@@ -0,0 +1,3 @@
+include:
+- apache.server.service
+- apache.server.site
\ No newline at end of file
diff --git a/apache/server/service.sls b/apache/server/service.sls
new file mode 100644
index 0000000..96dadcc
--- /dev/null
+++ b/apache/server/service.sls
@@ -0,0 +1,86 @@
+{%- from "apache/map.jinja" import server with context %}
+{%- if server.enabled %}
+
+apache_packages:
+ pkg.installed:
+ - names: {{ server.pkgs }}
+
+{%- for module in server.modules %}
+
+{%- if module == 'passenger' %}
+
+apache_passenger_package:
+ pkg.installed:
+ - name: libapache2-mod-passenger
+ - require:
+ - pkg: apache_packages
+
+{%- endif %}
+
+{%- if module == 'php' %}
+
+apache_php_package:
+ pkg.installed:
+ - name: {{ server.mod_php }}
+ - require:
+ - pkg: apache_packages
+
+{%- set module = 'php5' %}
+
+{%- endif %}
+
+{%- if module == 'perl' %}
+
+apache_perl_package:
+ pkg.installed:
+ - name: {{ server.mod_perl }}
+ - require:
+ - pkg: apache_packages
+
+{%- endif %}
+
+{%- if module == 'wsgi' %}
+
+apache_wsgi_package:
+ pkg.installed:
+ - name: {{ server.mod_wsgi }}
+ - require:
+ - pkg: apache_packages
+
+{%- endif %}
+
+apache_{{ module }}_enable:
+ cmd.run:
+ - name: "a2enmod {{ module }}"
+ - creates: /etc/apache2/mods-enabled/{{ module }}.load
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+
+{%- endfor %}
+
+/etc/apache2/sites-enabled/000-default.conf:
+ file.absent
+
+apache_service:
+ service.running:
+ - name: {{ server.service }}
+ - reload: true
+ - enable: true
+ - require:
+ - pkg: apache_packages
+
+{%- else %}
+
+apache_service_dead:
+ service.dead:
+ - name: {{ server.service }}
+
+apache_remove_packages:
+ pkg.purged:
+ - pkgs: {{ server.pkgs }}
+ - require:
+ - service: apache_service_dead
+
+{%- endif %}
diff --git a/apache/server/site.sls b/apache/server/site.sls
new file mode 100644
index 0000000..69c1317
--- /dev/null
+++ b/apache/server/site.sls
@@ -0,0 +1,114 @@
+{%- from "apache/map.jinja" import server with context %}
+{%- if server.enabled %}
+
+{%- if server.site is defined %}
+{%- for site_name, site in server.site.iteritems() %}
+
+{% if site.enabled %}
+
+{{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
+ file.managed:
+ {%- if site.type in ['proxy', 'redirect', 'static', 'stats'] %}
+ - source: salt://apache/files/{{ site.type }}.conf
+ {%- else %}
+ - source: salt://{{ site.type }}/files/apache.conf
+ {%- endif %}
+ - template: jinja
+ - defaults:
+ site_name: "{{ site_name }}"
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+
+{%- if site.get('ssl', {'enabled': False}).enabled %}
+
+/etc/ssl/certs/{{ site.host.name }}.crt:
+ file.managed:
+ {%- if site.ssl.cert is defined %}
+ - contents_pillar: apache:server:site:{{ site_name }}:cert
+ {%- else %}
+ - source: salt://pki/{{ site.ssl.authority }}/certs/{{ site.host.name }}.cert.pem
+ {%- endif %}
+ - require:
+ - pkg: apache_packages
+
+/etc/ssl/private/{{ site.host.name }}.key:
+ file.managed:
+ {%- if site.ssl.cert is defined %}
+ - contents_pillar: apache:server:site:{{ site_name }}:key
+ {%- else %}
+ - source: salt://pki/{{ site.ssl.authority }}/certs/{{ site.host.name }}.key.pem
+ {%- endif %}
+ - require:
+ - pkg: apache_packages
+
+/etc/ssl/certs/ca-chain.crt:
+ file.managed:
+ {%- if site.ssl.cert is defined %}
+ - contents_pillar: apache:server:site:{{ site_name }}:chain
+ {%- else %}
+ - source: salt://pki/{{ site.ssl.authority }}/{{ site.ssl.authority }}-chain.cert.pem
+ {%- endif %}
+ - require:
+ - pkg: apache_packages
+
+{%- endif %}
+
+{%- if grains.os_family == "Debian" %}
+
+/etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
+ file.symlink:
+ - target: {{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ - require:
+ - file: {{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}
+ - watch_in:
+ - service: apache_service
+
+/etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}:
+ file.absent
+
+{%- endif %}
+
+{%- if site.type == "static" %}
+
+{%- if site.source is defined %}
+
+{{ site.name }}_dir:
+ file.directory:
+ - name: /srv/static/sites/{{ site.name }}
+ - makedirs: true
+
+{%- if site.source.engine == 'git' %}
+
+{{ site.source.address }}:
+ git.latest:
+ - target: /srv/static/sites/{{ site.name }}
+ - rev: {{ site.source.revision }}
+ - require:
+ - file: {{ site.name }}_dir
+
+{%- endif %}
+
+{%- endif %}
+
+{%- endif %}
+
+{%- else %}
+
+{{ server.vhost_dir }}/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
+ file.absent
+
+{%- if grains.os_family == "Debian" %}
+
+/etc/apache2/sites-enabled/{{ site.type }}_{{ site.name }}{{ server.conf_ext }}:
+ file.absent
+
+{%- endif %}
+
+{%- endif %}
+
+{%- endfor %}
+{%- endif %}
+
+{%- endif %}
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..40e4131
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,11 @@
+salt-formula-apache (0.2) trusty; urgency=medium
+
+ * First public release
+
+ -- Filip Pytloun <filip.pytloun@tcpcloud.eu> Tue, 06 Oct 2015 16:38:36 +0200
+
+salt-formula-apache (0.1) trusty; urgency=medium
+
+ * Initial release
+
+ -- Filip Pytloun <filip.pytloun@tcpcloud.eu> Thu, 13 Aug 2015 23:23:41 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..379d337
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,15 @@
+Source: salt-formula-apache
+Maintainer: Filip Pytloun <filip.pytloun@tcpcloud.eu>
+Section: admin
+Priority: optional
+Build-Depends: debhelper (>= 9)
+Standards-Version: 3.9.6
+Homepage: http://www.tcpcloud.eu
+Vcs-Browser: https://github.com/tcpcloud/salt-formula-apache
+Vcs-Git: https://github.com/tcpcloud/salt-formula-apache.git
+
+Package: salt-formula-apache
+Architecture: all
+Depends: ${misc:Depends}, salt-master, reclass
+Description: Apache Salt formula
+ Install and configure Apache webserver.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..9d6e02b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,15 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: salt-formula-apache
+Upstream-Contact: Filip Pytloun <filip.pytloun@tcpcloud.eu>
+Source: https://github.com/tcpcloud/salt-formula-apache
+
+Files: *
+Copyright: 2014-2015 tcp cloud
+License: Apache-2.0
+ Copyright (C) 2014-2015 tcp cloud
+ .
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ .
+ On a Debian system you can find a copy of this license in
+ /usr/share/common-licenses/Apache-2.0.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..d585829
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1,3 @@
+README.rst
+CHANGELOG.rst
+VERSION
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..6d37417
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,2 @@
+apache/* /usr/share/salt-formulas/env/apache/
+metadata/service/* /usr/share/salt-formulas/reclass/service/apache/
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..abde6ef
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
new file mode 100644
index 0000000..21f3319
--- /dev/null
+++ b/metadata/service/server/single.yml
@@ -0,0 +1,15 @@
+applications:
+- apache
+parameters:
+ apache:
+ server:
+ enabled: true
+ bind:
+ address: 0.0.0.0
+ ports:
+ - 80
+ - 443
+ protocol: tcp
+ modules:
+ - ssl
+ - rewrite