Blame - aptly/server/single.yml - salt-models/reclass-system

blob: e8da341c238d016d5aebb82a15c0e2b5a5de48c5 [file] [log] [blame]

Ales Komarek	3f76e68	2016-12-05 11:53:00 +0100	[diff] [blame]	1	classes:
				2	- service.aptly.server.single
				3	- system.nginx.server.single
				4	- service.iptables.server
				5	parameters:
				6	_param:
Ales Komarek	3f76e68	2016-12-05 11:53:00 +0100	[diff] [blame]	7	nginx_aptly_server_host: ${linux:network:fqdn}
Filip Pytloun	ca51c85	2017-03-13 18:05:52 +0100	[diff] [blame]	8	aptly_server_secure: true
Andrey	6c6eeb7	2017-08-17 16:35:14 -0500	[diff] [blame]	9	aptly_server_mirror_sources: false
				10	aptly_server_mirror_ubuntu_sources: ${_param:aptly_server_mirror_sources}
Ales Komarek	3f76e68	2016-12-05 11:53:00 +0100	[diff] [blame]	11	iptables:
				12	service:
				13	enabled: true
				14	chain:
				15	INPUT:
				16	rules:
				17	# Only local network can access WebDav and aptly API
				18	- destination_port: 8088
				19	protocol: tcp
				20	source_network: 10.0.107.0/24
				21	jump: ACCEPT
				22	- destination_port: 8088
				23	protocol: tcp
				24	source_network: 185.22.96.0/22
				25	jump: ACCEPT
				26	- destination_port: 8088
				27	protocol: tcp
				28	source_network: 10.0.174.0/23
				29	jump: ACCEPT
				30	- destination_port: 8088
				31	protocol: tcp
				32	source_network: 10.0.175.0/23
				33	jump: ACCEPT
				34	- destination_port: 8088
				35	protocol: tcp
				36	jump: DROP
				37	- destination_port: 8081
				38	protocol: tcp
				39	source_network: 10.0.107.0/24
				40	jump: ACCEPT
				41	- destination_port: 8081
				42	protocol: tcp
				43	source_network: 10.0.174.0/23
				44	jump: ACCEPT
				45	- destination_port: 8081
				46	protocol: tcp
				47	source_network: 10.0.175.0/23
				48	jump: ACCEPT
				49	- destination_port: 8081
				50	protocol: tcp
				51	jump: DROP
				52	nginx:
				53	server:
				54	site:
				55	aptly_server:
				56	enabled: true
				57	type: aptly
				58	name: server
				59	host:
				60	name: ${_param:nginx_aptly_server_host}
				61	aptly_api:
				62	enabled: true
				63	check: false
				64	type: nginx_proxy
				65	name: aptly_api
				66	proxy:
				67	host: 127.0.0.1
				68	port: 8080
				69	protocol: http
				70	size: 1G
				71	host:
				72	name: ${_param:nginx_aptly_server_host}
				73	port: 8081
				74	aptly:
				75	server:
				76	enabled: true
Filip Pytloun	ca51c85	2017-03-13 18:05:52 +0100	[diff] [blame]	77	secure: ${_param:aptly_server_secure}
Petr Michalec	0e558dd	2017-01-18 20:06:52 +0100	[diff] [blame]	78	gpg:
				79	keypair_id: ${_param:aptly_gpg_keypair_id}
				80	public_key: ${_param:aptly_gpg_public_key}
				81	private_key: ${_param:aptly_gpg_private_key}