aptly/server/single.yml - salt-models/reclass-system - Gitiles

 classes:
 - service.aptly.server.single
 - system.nginx.server.single
 - service.iptables.server
 parameters:
   _param:
     nginx_aptly_server_host: ${linux:network:fqdn}
   iptables:
     service:
       enabled: true
       chain:
         INPUT:
           rules:
             # Only local network can access WebDav and aptly API
             - destination_port: 8088
               protocol: tcp
               source_network: 10.0.107.0/24
               jump: ACCEPT
             - destination_port: 8088
               protocol: tcp
               source_network: 185.22.96.0/22
               jump: ACCEPT
             - destination_port: 8088
               protocol: tcp
               source_network: 10.0.174.0/23
               jump: ACCEPT
             - destination_port: 8088
               protocol: tcp
               source_network: 10.0.175.0/23
               jump: ACCEPT
             - destination_port: 8088
               protocol: tcp
               jump: DROP
             - destination_port: 8081
               protocol: tcp
               source_network: 10.0.107.0/24
               jump: ACCEPT
             - destination_port: 8081
               protocol: tcp
               source_network: 10.0.174.0/23
               jump: ACCEPT
             - destination_port: 8081
               protocol: tcp
               source_network: 10.0.175.0/23
               jump: ACCEPT
             - destination_port: 8081
               protocol: tcp
               jump: DROP
   nginx:
     server:
       site:
         aptly_server:
           enabled: true
           type: aptly
           name: server
           host:
             name: ${_param:nginx_aptly_server_host}
         aptly_api:
           enabled: true
           check: false
           type: nginx_proxy
           name: aptly_api
           proxy:
             host: 127.0.0.1
             port: 8080
             protocol: http
             size: 1G
           host:
             name: ${_param:nginx_aptly_server_host}
             port: 8081
   aptly:
     server:
       enabled: true
       secure: true
       gpg_keypair_id: ${_param:aptly_gpg_keypair_id}
       gpg_public_key: ${_param:aptly_gpg_public_key}
       gpg_private_key: ${_param:aptly_gpg_private_key}
	classes:
	- service.aptly.server.single
	- system.nginx.server.single
	- service.iptables.server
	parameters:
	_param:
	nginx_aptly_server_host: ${linux:network:fqdn}
	iptables:
	service:
	enabled: true
	chain:
	INPUT:
	rules:
	# Only local network can access WebDav and aptly API
	- destination_port: 8088
	protocol: tcp
	source_network: 10.0.107.0/24
	jump: ACCEPT
	- destination_port: 8088
	protocol: tcp
	source_network: 185.22.96.0/22
	jump: ACCEPT
	- destination_port: 8088
	protocol: tcp
	source_network: 10.0.174.0/23
	jump: ACCEPT
	- destination_port: 8088
	protocol: tcp
	source_network: 10.0.175.0/23
	jump: ACCEPT
	- destination_port: 8088
	protocol: tcp
	jump: DROP
	- destination_port: 8081
	protocol: tcp
	source_network: 10.0.107.0/24
	jump: ACCEPT
	- destination_port: 8081
	protocol: tcp
	source_network: 10.0.174.0/23
	jump: ACCEPT
	- destination_port: 8081
	protocol: tcp
	source_network: 10.0.175.0/23
	jump: ACCEPT
	- destination_port: 8081
	protocol: tcp
	jump: DROP
	nginx:
	server:
	site:
	aptly_server:
	enabled: true
	type: aptly
	name: server
	host:
	name: ${_param:nginx_aptly_server_host}
	aptly_api:
	enabled: true
	check: false
	type: nginx_proxy
	name: aptly_api
	proxy:
	host: 127.0.0.1
	port: 8080
	protocol: http
	size: 1G
	host:
	name: ${_param:nginx_aptly_server_host}
	port: 8081
	aptly:
	server:
	enabled: true
	secure: true
	gpg_keypair_id: ${_param:aptly_gpg_keypair_id}
	gpg_public_key: ${_param:aptly_gpg_public_key}
	gpg_private_key: ${_param:aptly_gpg_private_key}