-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
151 lines (141 loc) · 5.88 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# vim: ft=yaml
# yamllint disable rule:comments-indentation
---
unifios:
# Manage API rate limits
api_ratelimit:
# The default is quite low if you have automation in place
# with clients that do not do caching. You will receive
# HTTP 429 Too Many Requests after you reach this limit.
# The actual API does not have default limits as low.
# This value is for successful logins per minute.
login_success: 5
# Manage SSH keys for the root account.
# This is just a helper. For more comprehensive OpenSSH management, I would
# advise using https://github.com/lkubb/salt-openssh-formula
# (works with salt-ssh)
authorized_keys:
absent: []
present: []
sync: []
# Manage a certificate for the GUI
cert:
# A minion ID of the CA server to use.
# This also works for SSH minions. If unspecified,
# will sign it locally on the target.
ca_server: null
# When ca_server is specified, a signing_policy is required
signing_policy: null
# Parameters for x509.certificate_managed
certificate_managed:
authorityKeyIdentifier: keyid:always
basicConstraints: critical, CA:false
days_remaining: 7
days_valid: 30
subjectKeyIdentifier: hash
# Parameters for x509.private_key_managed
private_key_managed:
algo: rsa
keysize: 3072
new: true
# Settings for DNS DNAT service/timer
dns_dnat:
# Destination IP v4 for rogue DNS packets
dest: null
# Interface names for which all DNS packets should be
# routed to dest
forced_interfaces: []
# CIDR subnets for which all DNS packets should be
# routed to dest
forced_subnets: []
# If the rerouted target can be part of the same network as the source,
# the source IP of DNAT'd packets should be changed, otherwise the response
# packet will be sent directly and discarded.
# Set this to the firewall's IP address of the problematic network.
hairpin_snat: null
# https://www.freedesktop.org/software/systemd/man/latest/systemd.timer.html
# This will be serialized as set. If you want to remove parameters, set their
# values to null.
timer:
# https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
# This runs the idempotent check script every 5 minutes
OnCalendar: '*:0/5'
Persistent: true
# state.apply / highstate helper.
# List of mods in salt://unifios/mods/ that should be included
mods: []
# state.apply / highstate helper.
# This installs the on_boot service by default when just
# ``unifios`` is applied. The mods included in this formula
# do not require it, but this allows you to sync simple scripts
# that you require to run on each reboot without writing the
# corresponding state file as a mod.
on_boot_service: true
# Manage pip packages and pip installation
# Pip installation is not part of the pip_pkgs mod and needs
# to be applied via unifios.helpers.pip_pkgs specifically
pip:
# Wanted Python packages. This will be dumped verbatim into `names` for
# `pip.installed`, so items can either be strings or a single-key dict
# with param overrides.
pkgs: []
# Unwanted Python packages
pkgs_absent: []
# By setting remote_source.url below to something falsy, you can automatically
# query the package index for a matching release. Specify an existing one or
# set this to `latest` for auto-updating behavior.
release: 23.3.1
# If the pip wheel is not found on your fileserver sources, this state will
# pull it from PyPI by default. You can override the sources here. If you
# always want to query the index, unset `url` below.
remote_source:
digest: 55eb67bb6171d37447e82213be585b75fe2b12b359e993773aca4de9247a052b
url: https://files.pythonhosted.org/packages/47/6a/453160888fab7c6a432a6e25f8afe6256d0d9f2cbd25971021da6491d899/pip-23.3.1-py3-none-any.whl # yamllint disable-line rule:line-length
# Manage system packages
pkgs:
# Wanted packages
present: []
# Unwanted packages
absent: []
lookup:
cert:
crt_path: unifi-core/config/unifi-core.crt
key_path: unifi-core/config/unifi-core.key
pip:
dist_packages: /usr/lib/python3/dist-packages
releases_url: https://pypi.org/pypi/pip/json
# The mods in this formula are written for UnifiOS 3.x, where
# persistence is possible without installing a package. Their
# corresponding scripts will be put into this directory.
# If you're using this for 1.x, you will need to sync the on_boot.d
# directory. Note that the installation for the services is not
# implemented, see https://github.com/unifi-utilities/unifios-utilities/tree/v1.12.x
script_dir: /data/scripts
working_dir: /data/salt_workdir
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- roles
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
# I.e.: salt://unifios/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# The entries under `source_files` are prepended to the default source files
# given for the state
source_files:
UniFi OS configuration is managed:
- 'example_alt.tmpl'
- 'example_alt.tmpl.jinja'