diff --git a/pillar/prod/top.sls b/pillar/prod/top.sls index 4621c50a..97655bc1 100644 --- a/pillar/prod/top.sls +++ b/pillar/prod/top.sls @@ -43,6 +43,7 @@ base: 'docs': - match: nodegroup + - firewall.http - firewall.rs-lb-backend - groups.docs - secrets.docs diff --git a/salt/docs/config/github-webhook-secret-environment b/salt/docs/config/github-webhook-secret-environment new file mode 100644 index 00000000..4a3853a8 --- /dev/null +++ b/salt/docs/config/github-webhook-secret-environment @@ -0,0 +1 @@ +GITHUB_WEBHOOK_SECRET={{ github_webhook_secret }} diff --git a/salt/docs/init.sls b/salt/docs/init.sls index 5eb3575b..2a8b2483 100644 --- a/salt/docs/init.sls +++ b/salt/docs/init.sls @@ -32,6 +32,39 @@ docsbuild: - require: - group: docs +/srv/docsbuild/.config/environment.d: + file.directory: + - user: docsbuild + - group: docsbuild + - mode: 750 + - require: + - user: docsbuild + +/srv/docsbuild/.config/environment.d/github-webhook-secret.conf: + file.managed: + - user: docsbuild + - group: docsbuild + - mode: 640 + - require: + - file: /srv/docsbuild/.config/environment.d + - template: jinja + - source: salt://docs/config/github-webhook-secret-environment + - context: + github_webhook_secret: {{ pillar.get('docs', {}).get('github', {}).get('hook', {}).get('secret', '') }} + +/var/lib/systemd/linger/docsbuild: + file.exists: + - user: root + - group: root + - mode: 0644 + +/var/run/docsbuild: + file.directory: + - user: docsbuild + - mode: 755 + - require: + - user: docsbuild + docsbuild-scripts: git.latest: - name: https://github.com/python/docsbuild-scripts.git