WIP Caddy caddy formula
This commit is contained in:
commit
acd87c1814
5 changed files with 111 additions and 0 deletions
29
Caddyfile.jinja
Normal file
29
Caddyfile.jinja
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
# THIS FILE IS MANAGED BY SALT! NO TOUCHY TOUCHY, JUST LOOKY LOOKY!
|
||||||
|
|
||||||
|
(header) {
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy interest-cohort=()
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security max-age=31536000;
|
||||||
|
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# clickjacking protection
|
||||||
|
X-Frame-Options DENY
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
|
||||||
|
X-XSS-Protection 1
|
||||||
|
|
||||||
|
Content-Security-Policy default-src https:
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% for site in salt['pillar.get']('caddy:sites') %}
|
||||||
|
{{ site }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
29
caddy/Caddyfile.jinja
Normal file
29
caddy/Caddyfile.jinja
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
# THIS FILE IS MANAGED BY SALT! NO TOUCHY TOUCHY, JUST LOOKY LOOKY!
|
||||||
|
|
||||||
|
(header) {
|
||||||
|
header {
|
||||||
|
# disable FLoC tracking
|
||||||
|
Permissions-Policy interest-cohort=()
|
||||||
|
|
||||||
|
# enable HSTS
|
||||||
|
Strict-Transport-Security max-age=31536000;
|
||||||
|
|
||||||
|
# disable clients from sniffing the media type
|
||||||
|
X-Content-Type-Options nosniff
|
||||||
|
|
||||||
|
# clickjacking protection
|
||||||
|
X-Frame-Options DENY
|
||||||
|
|
||||||
|
# keep referrer data off of HTTP connections
|
||||||
|
Referrer-Policy no-referrer-when-downgrade
|
||||||
|
|
||||||
|
X-XSS-Protection 1
|
||||||
|
|
||||||
|
Content-Security-Policy default-src https:
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% for site in salt['pillar.get']('caddy:sites') %}
|
||||||
|
{{ site }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
20
caddy/init.sls
Normal file
20
caddy/init.sls
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
{% if grains['os'] == 'Ubuntu' %}
|
||||||
|
caddy repository available:
|
||||||
|
pkgrepo.managed:
|
||||||
|
- name: deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
|
||||||
|
- key_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
caddy installed:
|
||||||
|
pkg.installed:
|
||||||
|
- name: caddy
|
||||||
|
|
||||||
|
caddy service running:
|
||||||
|
service.running:
|
||||||
|
- name: caddy
|
||||||
|
|
||||||
|
write caddy config file:
|
||||||
|
file.managed:
|
||||||
|
- name: /etc/caddy/Caddyfile
|
||||||
|
- source: salt://caddy/Caddyfile.jinja
|
||||||
|
- template: jinja
|
||||||
20
init.sls
Normal file
20
init.sls
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
{% if grains['os'] == 'Ubuntu' %}
|
||||||
|
caddy repository available:
|
||||||
|
pkgrepo.managed:
|
||||||
|
- name: deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main
|
||||||
|
- key_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
caddy installed:
|
||||||
|
pkg.installed:
|
||||||
|
- name: caddy
|
||||||
|
|
||||||
|
caddy service running:
|
||||||
|
service.running:
|
||||||
|
- name: caddy
|
||||||
|
|
||||||
|
write caddy config file:
|
||||||
|
file.managed:
|
||||||
|
- name: /etc/caddy/Caddyfile
|
||||||
|
- source: salt://caddy/Caddyfile.jinja
|
||||||
|
- template: jinja
|
||||||
13
pillar.example
Normal file
13
pillar.example
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
caddy:
|
||||||
|
sites:
|
||||||
|
- |
|
||||||
|
example.flipdot.org {
|
||||||
|
import header
|
||||||
|
respond "Hello World"
|
||||||
|
}
|
||||||
|
|
||||||
|
- |
|
||||||
|
testing.flipdot.org {
|
||||||
|
import header
|
||||||
|
reverse_proxy localhost:3000
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue