Skip to content

rabits/salt-stack-modules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
7zip
7zip
 
 
_modules
_modules
 
 
acestream
acestream
 
 
apport
apport
 
 
awesome
awesome
 
 
backup
backup
 
 
cash
cash
 
 
collectd
collectd
 
 
common
common
 
 
crypt
crypt
 
 
cryptsetup
cryptsetup
 
 
dnsmasq
dnsmasq
 
 
drone
drone
 
 
fglrx
fglrx
 
 
firefox
firefox
 
 
gawk
gawk
 
 
gimp
gimp
 
 
git
git
 
 
gogs
gogs
 
 
htop
htop
 
 
i2p
i2p
 
 
jarmon
jarmon
 
 
keepassx
keepassx
 
 
kernel
kernel
 
 
kodi
kodi
 
 
kvm
kvm
 
 
laptop
laptop
 
 
ldap-admin
ldap-admin
 
 
ldap
ldap
 
 
libcap2
libcap2
 
 
libva
libva
 
 
libvirt
libvirt
 
 
lightdm
lightdm
 
 
logwatch
logwatch
 
 
lvm
lvm
 
 
mc
mc
 
 
monit
monit
 
 
mpd
mpd
 
 
net
net
 
 
nginx
nginx
 
 
nmap
nmap
 
 
ntp
ntp
 
 
nut
nut
 
 
openssl
openssl
 
 
openvpn
openvpn
 
 
php
php
 
 
polipo
polipo
 
 
postgresql
postgresql
 
 
prosody
prosody
 
 
python
python
 
 
rar
rar
 
 
razerhydra
razerhydra
 
 
rstream
rstream
 
 
rsync
rsync
 
 
rxvt-unicode
rxvt-unicode
 
 
s3ql
s3ql
 
 
salt
salt
 
 
schroot
schroot
 
 
seafile
seafile
 
 
sensors
sensors
 
 
simulator
simulator
 
 
skype
skype
 
 
smart
smart
 
 
smplayer
smplayer
 
 
squid
squid
 
 
ssh
ssh
 
 
ssmtp
ssmtp
 
 
steam
steam
 
 
sysstat
sysstat
 
 
thunderbird
thunderbird
 
 
tinyproxy
tinyproxy
 
 
tmux
tmux
 
 
tor
tor
 
 
transmission
transmission
 
 
udev
udev
 
 
users
users
 
 
vim
vim
 
 
virtualbox
virtualbox
 
 
vsftpd
vsftpd
 
 
x86
x86
 
 
xen
xen
 
 
xonotic
xonotic
 
 
zip
zip
 
 
zsh
zsh
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 

Repository files navigation

Salt Stack Configuration

This is configuration states for the Salt Stack. Base system is Ubuntu 12.04/13.04 - but I think it can be used for other deb-based distros (Debian, Mint etc).

Also you can find my bicycle solutions for backup, monitoring, webservers - some configurations can be difficult to understand (collectd), but it's working and I hope it will be helpful for you))

Configs tree

I use next folder tree for states configuration (you can see it in salt/master config file) /srv/salt:

  • .git - nodes configuration
  • pillar/
  • top.sls
  • master/ - you can clone it as submodule into your configuration
    • .git - this repo with configs

    • generic config folders

../top.sls

Top config file with configuration of nodes example:

#
# Main node manifest
#

master:
  '*':
    - users
    - net
    - openvpn
    - collectd
    - backup

  'kernel:Linux':
    - match: grain
    - ssh
    - vim
    - mc
    - kernel
    - salt
    - htop
    - git
    - tmux
    - zsh
    - zip
    - rar
    - 7zip
    - udev
    - ssmtp
    - smart
  
  'roles:desktop or roles:media':
    - match: compound
    - lightdm

  '<salt server nodeid example>':
    - salt.master
    - collectd.server
    - openssl.ca
    - openvpn.server
    - nginx
    - jarmon
    - squid

  '<desktop nodeid example>':
    - awesome
    - rxvt-unicode
    - smplayer
    - keepassx
    - firefox
    - thunderbird
    - transmission
    - gimp
    - skype
    - xonotic
    - steam
    - kvm
    - crypt
    - schroot
    - nmap
    - nut
    - simulator
    - razerhydra

Minion grains

You could create grains in /etc/salt/grains in this format:

#
# Minion roles
#  remote  - change ssh to non-default port & removes PasswordAuthentication from sshd_config, usualy for dedicated servers
#  desktop - enables X11 forwarding for ssh
#  server  - used in top.sls
#  media   - used in top.sls
#

roles:
  - remote
  - server

Pillar

Please, be careful with pillar configuration - do not save it into main salt configuration. You need to create next files:

../pillar/top.sls:

#
# Configs
#

base:
  '*':
    - users
    - mail
    - ssl
    - openvpn
    - net
    - monitoring
    - backup
    - crypt

../pillar/backup.sls:

#
# Backup hosts & settings
#

# Don't forget to initialize backup partitions as described in master/backup/init.sls

backup:
  <nodeid>:
    keyfile: <path to file with cryptsetup luks password>
    disk: <path to encrypted partition>
    folders:
      - <folder to backup>
      - <folder to backup>
  <nodeid>:
    keyfile: /home/backup.key
    disk: /dev/sdb
    folders:
      - /home
      - /etc

../pillar/mail.sls:

#
# Mail configuration
#

mail:
  account:  <account>@gmail.com
  server:   smtp.gmail.com
  port:     587
  password: <account password>
  admin:    <email of administrator>

../pillar/monitoring.sls

#
# Monitoring configuration
#  rrd_dir - place for rrd files of collectd
#  stat_dir - place for jarmon
#  port - collectd client & server port
#

monitoring:
  rrd_dir:  /srv/rrd
  stat_dir: /srv/stat
  port:     4940

../pillar/net.sls

#
# Internal VPN Network
#

net:
  main_domain: <main domain of network like example.com>
  ssh_port: {{ '222' if 'remote' in grains['roles'] else '22' }}
  hosts:
    <nodeid>:
      vpn: server
      monitorserver: True
      hidden: True
      server: True
      ip: 10.10.0.1

    <nodeid>:
      server: True
      aliases:
        - <some alias for node in /etc/hosts>
      ip: 10.10.0.10

../pillar/openvpn.sls

#
# OpenVPN configs
#  host - vpn server dns
#  port - vpn server port
#  ccd - folder for client configurations
#

openvpn:
  host: <vpn server dns>
  port: 1194
  ccd: /etc/openvpn/ccd

../pillar/ssl.sls:
```yaml
#
# OpenSSL & CA settings
#

ssl:
  home:      '/srv/ssl'
  ca:        '/srv/ssl/ca'
  ca_config: '/srv/ssl/ca/ca.config'
  ca_crt:    '/srv/ssl/ca/ca.crt'
  ca_key:    '/srv/ssl/ca/ca.key'
  crl:       '/srv/ssl/ca/crl.pem'
  crls:      '/srv/ssl/crls'
  csrs:      '/srv/ssl/csrs'
  certs:     '/srv/ssl/certs'
  newcerts:  '/srv/ssl/newcerts'
  keys:      '/srv/ssl/keys'

../pillar/users.sls:

#
# Users
#

users:
  <username>:
    fullname: <user full name>
    shell: /bin/bash
    admin: True
    groups:
      - cdrom
      - dip
      - plugdev
    keys.pub:
      - <ssh public key string "ssh-rsa ...">

../pillar/crypt.sls:

#
# Crypt automount folders on login configuration
# Format:
#   <nodeid>:
#     <user>:
#       <folder>: <disk>
#

crypt:
  <nodeid>:
    user:
      /home/user: /dev/mapper/vg-home-user

About

Salt Stack modules

Resources

Readme
Activity

Stars

14 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages