Browse Source

add complementary states for letsencrypt and vault

master
Sean Johnson 4 years ago
parent
commit
6793f357a5
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG Key ID: 9FA15B87469EA850
  1. 17
      app/letsencrypt.sls
  2. 9
      app/vault.sls
  3. 4
      top.sls

17
app/letsencrypt.sls

@ -0,0 +1,17 @@
---
certbot certificates group:
group.present:
- name: certificates
- system: true
certbot certificates readable by certificates group:
file.directory:
- name: /etc/letsencrypt/live/
- group: certificates
- recurse:
- group
- mode
- dir_mode: 0600
- file_mode: 0644
- follow_symlinks: true

9
app/vault.sls

@ -0,0 +1,9 @@
---
vault user has access to certbot certificates:
user.present:
- name: vault
- optional_groups:
- certificates
- watch_in:
- service: vault

4
top.sls

@ -15,6 +15,7 @@ base:
'roles:letsencrypt':
- match: grain
- letsencrypt
- app.letsencrypt
'roles:salt_master':
- match: grain
@ -60,4 +61,5 @@ base:
'roles:vault_server':
- match: grain
- app.consul.tls
- vault
- vault
- app.vault
Loading…
Cancel
Save