CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
24876eecd956ca9eec9da71b53137ef00a11a02c
securityonion/salt/nginx/init.sls
m0duspwnens 24876eecd9 change refs from sosnet to sosbridge
2022-12-22 14:02:40 -05:00

135 lines
3.7 KiB
Plaintext
Raw Blame History

{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %}
{% from 'docker/docker.map.jinja' import DOCKER %}
include:
- ssl
# Drop the correct nginx config based on role
nginxconfdir:
file.directory:
- name: /opt/so/conf/nginx/html
- user: 939
- group: 939
- makedirs: True
nginxhtml:
file.recurse:
- name: /opt/so/conf/nginx/html
- source: salt://nginx/html/
- user: 939
- group: 939
nginxconf:
file.managed:
- name: /opt/so/conf/nginx/nginx.conf
- user: 939
- group: 939
- template: jinja
- source: salt://nginx/etc/nginx.conf
nginxlogdir:
file.directory:
- name: /opt/so/log/nginx/
- user: 939
- group: 939
- makedirs: True
nginxtmp:
file.directory:
- name: /opt/so/tmp/nginx/tmp
- user: 939
- group: 939
- makedirs: True
navigatorconfig:
file.managed:
- name: /opt/so/conf/navigator/navigator_config.json
- source: salt://nginx/files/navigator_config.json
- user: 939
- group: 939
- makedirs: True
- template: jinja
navigatordefaultlayer:
file.managed:
- name: /opt/so/conf/navigator/nav_layer_playbook.json
- source: salt://nginx/files/nav_layer_playbook.json
- user: 939
- group: 939
- makedirs: True
- replace: False
- template: jinja
navigatorpreattack:
file.managed:
- name: /opt/so/conf/navigator/pre-attack.json
- source: salt://nginx/files/pre-attack.json
- user: 939
- group: 939
- makedirs: True
- replace: False
navigatorenterpriseattack:
file.managed:
- name: /opt/so/conf/navigator/enterprise-attack.json
- source: salt://nginx/files/enterprise-attack.json
- user: 939
- group: 939
- makedirs: True
- replace: False
so-nginx:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}
- hostname: so-nginx
- networks:
- sosbridge:
- ipv4_address: {{ DOCKER.containers['so-nginx'].ip }}
- binds:
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /opt/so/log/nginx/:/var/log/nginx:rw
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw
- /opt/so/saltstack/local/salt/elastic-fleet/files/so_agent-installers/:/opt/socore/html/packages
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
- /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro
# ATT&CK Navigator binds
- /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro
- /opt/so/conf/navigator/nav_layer_playbook.json:/opt/socore/html/navigator/assets/playbook.json:ro
- /opt/so/conf/navigator/enterprise-attack.json:/opt/socore/html/navigator/assets/enterprise-attack.json:ro
- /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro
- /nsm/repo:/opt/socore/html/repo:ro
{% endif %}
- cap_add: NET_BIND_SERVICE
- port_bindings:
- 80:80
- 443:443
- watch:
- file: nginxconf
- file: nginxconfdir
- require:
- file: nginxconf
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- x509: managerssl_key
- x509: managerssl_crt
- file: navigatorconfig
- file: navigatordefaultlayer
{% endif %}
append_so-nginx_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-nginx
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}
Reference in New Issue View Git Blame Copy Permalink