Kingman Hall Reverse Proxy

config/roster

@@ -15,3 +15,9 @@ server3:
   port: 22
   user: cloyne
   sudo: True
+
+kingman-reverse-proxy:
+  host: kingmanhall.org
+  port: 22
+  user: pirate
+  sudo: True

pillars/kingman-reverse-proxy/init.sls

@@ -0,0 +1,3 @@
+include:
+  - kingman-reverse-proxy.network
+  - kingman-reverse-proxy.nginx

pillars/kingman-reverse-proxy/network.sls

@@ -0,0 +1,15 @@
+network:
+  system:
+    hostname: kingman-reverse-proxy
+    fqdn: kingmanhall.org
+  dns:
+    ipv4:
+      - 216.218.196.2
+  interfaces:
+    eth0:
+      ipv4:
+        - type: static
+          address: 64.62.133.46
+          netmask-address: 64.62.133.46/28
+          netmask: 255.255.255.248
+          gateway: 64.62.133.42

pillars/kingman-reverse-proxy/nginx.sls

@@ -0,0 +1,3 @@
+nginx:
+  - location: /
+    proxy-pass: http://localhost:3000

pillars/top.sls

@@ -5,3 +5,5 @@ base:
     - server2
   server3:
     - server3
+  kingman-reverse-proxy:
+    - kingman-reverse-proxy

states/raspi-network/dhcpcd.conf

@@ -0,0 +1,45 @@
+# A sample configuration for dhcpcd.
+# See dhcpcd.conf(5) for details.
+
+# Allow users of this group to interact with dhcpcd via the control socket.
+#controlgroup wheel
+
+# Inform the DHCP server of our hostname for DDNS.
+hostname
+
+# Use the hardware address of the interface for the Client ID.
+clientid
+# or
+# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
+# Some non-RFC compliant DHCP servers do not reply with this set.
+# In this case, comment out duid and enable clientid above.
+#duid
+
+# Persist interface configuration when dhcpcd exits.
+persistent
+
+# Rapid commit support.
+# Safe to enable by default because it requires the equivalent option set
+# on the server to actually work.
+option rapid_commit
+
+# A list of options to request from the DHCP server.
+option domain_name_servers, domain_name, domain_search, host_name
+option classless_static_routes
+# Most distributions have NTP support.
+option ntp_servers
+# Respect the network MTU. This is applied to DHCP routes.
+option interface_mtu
+
+# A ServerID is required by RFC2131.
+require dhcp_server_identifier
+
+# Generate Stable Private IPv6 Addresses instead of hardware based ones
+slaac private
+
+# Example static IP configuration:
+interface eth0
+static ip_address={{ pillar["network"]["interfaces"]["eth0"]["ipv4"][0]["netmask-address"] }}
+#static ip6_address=fd51:42f8:caae:d92e::ff/64
+static routers={{ pillar["network"]["interfaces"]["eth0"]["ipv4"][0]["gateway"] }}
+static domain_name_servers={{ pillar["network"]["dns"]["ipv4"][0] }}

states/raspi-network/init.sls

@@ -0,0 +1,7 @@
+/etc/dhcpcd.conf:
+  file.managed:
+    - source: salt://raspi-network/dhcpcd.conf
+    - template: jinja
+    - mode: 644
+    - user: root
+    - group: root

states/raspi-nginx/init.sls

@@ -0,0 +1,11 @@
+nginx:
+  pkg:
+    - latest
+
+/etc/nginx/sites-available/default:
+  file.managed:
+    - source: salt://raspi-nginx/proxy
+    - template: jinja
+    - mode: 644
+    - user: root
+    - group: root

states/raspi-nginx/proxy

@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  {%- for loc in salt['pillar.get']('nginx', {}) %}
+  location {{ loc["location"] }} {
+    proxy_pass {{ loc["proxy-pass"] }};
+  }
+  {%- endfor -%}
+}

states/top.sls

@@ -8,6 +8,11 @@ base:
     - pip
     - docker.base
     - docker.containers
-  
+
   server[2-3]:
     - mdadm
+
+  kingman-reverse-proxy:
+    - network
+    - raspi-network
+    - raspi-nginx