Salt states
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
acpid Systemd is now default for Arch Linux. Nov 23, 2012
analysis Use wrk for http bench. Apr 10, 2013
bash Bash: add ~/bin to path if it exists. May 6, 2013
common No longer using fish. May 13, 2013
cron Systemd is now default for Arch Linux. Nov 23, 2012
development Use n for node version management. Jun 17, 2013
dhcp Systemd is now default for Arch Linux. Nov 23, 2012
extra_packages Make extra_packages state more efficient. Apr 11, 2013
iptables No newlines in iptables rules and use service restart in stead of ipt… Dec 14, 2012
kernel Seperate out xen specific config. Oct 7, 2012
logrotate Include upstream logrotate.conf changes. Dec 12, 2012
netctl Require netctl.profiles from wire{d,less} state. Apr 11, 2013
nginx Support configurable nginx workers per host. Apr 4, 2013
ntp Ntpdate for laptops. Feb 20, 2013
packaging Merge in upstream makepkg.conf changes. Jun 10, 2013
pacman Optional siglevel for custom repos. Apr 10, 2013
pam Increase max open file limits. Nov 1, 2012
postgresql Systemd is now default for Arch Linux. Nov 23, 2012
redis Merge in upstream redis.conf changes. May 6, 2013
salt Systemd is now default for Arch Linux. Nov 23, 2012
ssh Merge in upstream sshd_config changes. Apr 6, 2013
systemd Merge in upstream journal.conf changes in systemd 200. Apr 7, 2013
tarsnap Time tarnsap backups. Oct 30, 2012
tmpfiles Safer usage of pillar data. Oct 7, 2012
tsocks Tsocks support. Mar 11, 2013
users Git annex needs full name in /etc/passwd. Oct 19, 2012
uwsgi Systemd is now default for Arch Linux. Nov 23, 2012
vbox Install guest iso with vbox state. Apr 4, 2013
xen PV-Grub's only requirement is a menu.lst file. Jun 10, 2013
xorg New pkg name for indel libva driver. Oct 17, 2012
README.md Change from zsh to fish. May 2, 2013
top.sls Streamline topfile. Apr 11, 2013

README.md

Salt states for uggedal.com. Developed for Arch Linux, but most states can easily be generalized.

Expected Pillar data

Private data is stored in pillar. Some of these states expect pillar data in a specific structure.

cron

# List of cron jobs:
cron_jobs:
  - cmd: /usr/local/venv/viva/bin/ctl sendnews
    user: http
    minute: '*/5'

iptables

# List of TCP ports to open for all:
accept_tcp_ports:
  - 80
  - 443

# List of TCP ports to open for specific sources:
accept_tcp_from:
  - port: 4505
    source:
      - 10.0.50.4
      - 10.0.50.28

# List of TCP ports to rate-limit (max 3 hits within 30 seconds):
limit_tcp_ports:
  - 22

netctl

# netctl wired/wireless profiles:
netctl_profiles:
  - name: wired
    connection: ethernet
    interface: eth0
  - name: home
    essid: myhomenet
    key_mgmt: WPA-PSK
    psk: thepresharedkey
  - name: work
    security: wpa-configsection
    essid: worknet
    key_mgmt: WPA-EAP
    eap: PEAP
    identity: 'My Name'
    password: myworkpassword
  - name: conference
    essid: confnet
  - name: openwithauth
    essid: opennet
    post_up: "curl -ksd 'u=me&p=qwer' https://open.tld >/dev/null"

nginx

# List of nginx sites (static and/or proxied over uwsgi or http protocol):
nginx_sites:
  - fqdn: mysite.com
    aliases:
      - www.mysite.com
    default: true
    root: /srv/http/mysite
    uwsgi: true
    upstreams: ["unix:/var/run/uwsgi/mysite.sock"]
    static_prefix: /static

pacman

# Extra pacman repos:
pacman_extra_repos:
  - name: myprivaterepo
    url: http://my.private.repo.com

postgresql

# List of postgresql databases:
postgresql_databases:
  - bravann
  - viva

ssh

# List of users allowed to log in with ssh:
allowed_users:
  - myunprivilegeduser

tarsnap

# List of cmds to run and take backup of with tarsnap:
tarsnap_backup_cmds:
  - /usr/local/venv/mysite/bin/manage backup > all.json

# List of paths to take backup of with tarsnap:
tarsnap_backup_paths:
  - /etc
  - /srv/http/mysite/static/uploads

users

# List of unprivileged users:
users:
  myuser:
    group: users
    uid: 3000
    gid: 100
    fullname: My User
    ssh_auth:
      key: verylongkeyhere
      comment: my@user.com

# List of groups all unprivileged users should be member of:
unprivileged_groups:
  - adm
# Whether to allow passwords for all unprivileged users:
unprivileged_keep_password: true

# Shell for all unprivileged users:
unprivileged_shell: /usr/bin/fish

uwsgi

# List of uwsgi instances:
uwsgi_services:
  - name: mysite
    module: "mysite:app"
    processes: 4
  - name: myothersite
    module: myothersite
    django: true
    idle: true
    processes: 1