Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Salt states

branch: master
Octocat-spinner-32 acpid Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 analysis Use wrk for http bench. April 10, 2013
Octocat-spinner-32 bash Bash: add ~/bin to path if it exists. May 06, 2013
Octocat-spinner-32 common No longer using fish. May 13, 2013
Octocat-spinner-32 cron Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 development Use n for node version management. June 17, 2013
Octocat-spinner-32 dhcp Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 extra_packages Make extra_packages state more efficient. April 11, 2013
Octocat-spinner-32 iptables No newlines in iptables rules and use service restart in stead of ipt… December 14, 2012
Octocat-spinner-32 kernel Seperate out xen specific config. October 07, 2012
Octocat-spinner-32 logrotate Include upstream logrotate.conf changes. December 12, 2012
Octocat-spinner-32 netctl Require netctl.profiles from wire{d,less} state. April 11, 2013
Octocat-spinner-32 nginx Support configurable nginx workers per host. April 04, 2013
Octocat-spinner-32 ntp Ntpdate for laptops. February 20, 2013
Octocat-spinner-32 packaging Merge in upstream makepkg.conf changes. June 10, 2013
Octocat-spinner-32 pacman Optional siglevel for custom repos. April 10, 2013
Octocat-spinner-32 pam Increase max open file limits. November 01, 2012
Octocat-spinner-32 postgresql Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 redis Merge in upstream redis.conf changes. May 06, 2013
Octocat-spinner-32 salt Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 ssh Merge in upstream sshd_config changes. April 06, 2013
Octocat-spinner-32 systemd Merge in upstream journal.conf changes in systemd 200. April 07, 2013
Octocat-spinner-32 tarsnap Time tarnsap backups. October 30, 2012
Octocat-spinner-32 tmpfiles Safer usage of pillar data. October 07, 2012
Octocat-spinner-32 tsocks Tsocks support. March 11, 2013
Octocat-spinner-32 users Git annex needs full name in /etc/passwd. October 19, 2012
Octocat-spinner-32 uwsgi Systemd is now default for Arch Linux. November 23, 2012
Octocat-spinner-32 vbox Install guest iso with vbox state. April 04, 2013
Octocat-spinner-32 xen PV-Grub's only requirement is a menu.lst file. June 10, 2013
Octocat-spinner-32 xorg New pkg name for indel libva driver. October 18, 2012
Octocat-spinner-32 README.md Change from zsh to fish. May 02, 2013
Octocat-spinner-32 top.sls Streamline topfile. April 11, 2013
README.md

Salt states for uggedal.com. Developed for Arch Linux, but most states can easily be generalized.

Expected Pillar data

Private data is stored in pillar. Some of these states expect pillar data in a specific structure.

cron

# List of cron jobs:
cron_jobs:
  - cmd: /usr/local/venv/viva/bin/ctl sendnews
    user: http
    minute: '*/5'

iptables

# List of TCP ports to open for all:
accept_tcp_ports:
  - 80
  - 443

# List of TCP ports to open for specific sources:
accept_tcp_from:
  - port: 4505
    source:
      - 10.0.50.4
      - 10.0.50.28

# List of TCP ports to rate-limit (max 3 hits within 30 seconds):
limit_tcp_ports:
  - 22

netctl

# netctl wired/wireless profiles:
netctl_profiles:
  - name: wired
    connection: ethernet
    interface: eth0
  - name: home
    essid: myhomenet
    key_mgmt: WPA-PSK
    psk: thepresharedkey
  - name: work
    security: wpa-configsection
    essid: worknet
    key_mgmt: WPA-EAP
    eap: PEAP
    identity: 'My Name'
    password: myworkpassword
  - name: conference
    essid: confnet
  - name: openwithauth
    essid: opennet
    post_up: "curl -ksd 'u=me&p=qwer' https://open.tld >/dev/null"

nginx

# List of nginx sites (static and/or proxied over uwsgi or http protocol):
nginx_sites:
  - fqdn: mysite.com
    aliases:
      - www.mysite.com
    default: true
    root: /srv/http/mysite
    uwsgi: true
    upstreams: ["unix:/var/run/uwsgi/mysite.sock"]
    static_prefix: /static

pacman

# Extra pacman repos:
pacman_extra_repos:
  - name: myprivaterepo
    url: http://my.private.repo.com

postgresql

# List of postgresql databases:
postgresql_databases:
  - bravann
  - viva

ssh

# List of users allowed to log in with ssh:
allowed_users:
  - myunprivilegeduser

tarsnap

# List of cmds to run and take backup of with tarsnap:
tarsnap_backup_cmds:
  - /usr/local/venv/mysite/bin/manage backup > all.json

# List of paths to take backup of with tarsnap:
tarsnap_backup_paths:
  - /etc
  - /srv/http/mysite/static/uploads

users

# List of unprivileged users:
users:
  myuser:
    group: users
    uid: 3000
    gid: 100
    fullname: My User
    ssh_auth:
      key: verylongkeyhere
      comment: my@user.com

# List of groups all unprivileged users should be member of:
unprivileged_groups:
  - adm
# Whether to allow passwords for all unprivileged users:
unprivileged_keep_password: true

# Shell for all unprivileged users:
unprivileged_shell: /usr/bin/fish

uwsgi

# List of uwsgi instances:
uwsgi_services:
  - name: mysite
    module: "mysite:app"
    processes: 4
  - name: myothersite
    module: myothersite
    django: true
    idle: true
    processes: 1
Something went wrong with that request. Please try again.