merge with dev and resolve conflicts

salt/nginx/etc/nginx.conf.so-eval

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -180,7 +182,20 @@ http {
 			proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_set_header      Proxy "";
 			proxy_set_header      X-Forwarded-Proto $scheme;
-		} 
+		}
+
+        {%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
 		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;

salt/nginx/etc/nginx.conf.so-manager

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -232,6 +234,19 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		}
 
+		{%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
+
 	{%- if FLEET_NODE %}
 		location /fleet/ {
 			return 301 https://{{ FLEET_IP }}/fleet;

salt/nginx/etc/nginx.conf.so-managersearch

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -180,6 +182,19 @@ http {
 			proxy_set_header      Proxy "";
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		} 
+
+		{%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
 		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;

salt/nginx/etc/nginx.conf.so-standalone

@@ -2,6 +2,7 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -182,6 +183,20 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		} 
 		
+		{%- if ISAIRGAP is sameas true %}
+                location /repo/ {
+                        allow all;
+                        sendfile on;
+                        sendfile_max_chunk 1m;
+                        autoindex on;
+                        autoindex_exact_size off;
+                        autoindex_format html;
+                        autoindex_localtime on;
+                }
+
+		{%- endif %}
+
+		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;

salt/nginx/init.sls

@@ -8,6 +8,7 @@
 {% set MANAGER = salt['grains.get']('master') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
+{% set ISAIRGAP = salt['pillar.get']('global:airgap') %}
 
 # Drop the correct nginx config based on role
 nginxconfdir:
@@ -77,6 +78,9 @@ so-nginx:
       - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
       - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro
       - /opt/so/conf/fleet/packages:/opt/socore/html/packages
+      {% if ISAIRGAP is sameas true %}
+      - /nsm/repo:/opt/socore/html/repo:ro
+      {% endif %}
       # ATT&CK Navigator binds
       - /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro
       - /opt/so/conf/navigator/nav_layer_playbook.json:/opt/socore/html/navigator/assets/playbook.json:ro