Browse Source

Merge pull request #12 from myii/chore/standardise-structure

feat(yamllint): include for this repo and apply rules throughout
tags/v0.5.0
Niels Abspoel 5 years ago
parent
commit
03c2c2b68e
No account linked to committer's email address
5 changed files with 51 additions and 21 deletions
  1. +9
    -4
      .travis.yml
  2. +16
    -0
      .yamllint
  3. +13
    -10
      pillar.example
  4. +3
    -0
      test/integration/default/inspec.yml
  5. +10
    -7
      test/salt/pillar/default.sls

+ 9
- 4
.travis.yml View File

--- ---
stages: stages:
- test - test
- commitlint
- lint
- name: release - name: release
if: branch = master AND type != pull_request if: branch = master AND type != pull_request




jobs: jobs:
include: include:
# Define the commitlint stage
- stage: commitlint
# Define the `lint` stage (runs `yamllint` and `commitlint`)
- stage: lint
language: node_js language: node_js
node_js: lts/* node_js: lts/*
before_install: skip before_install: skip
script: script:
# Install and run `yamllint`
- pip install --user yamllint
# yamllint disable-line rule:line-length
- yamllint -s . .yamllint pillar.example test/salt/pillar/default.sls
# Install and run `commitlint`
- npm install @commitlint/config-conventional -D - npm install @commitlint/config-conventional -D
- npm install @commitlint/travis-cli -D - npm install @commitlint/travis-cli -D
- commitlint-travis - commitlint-travis
# Define the release stage that runs semantic-release
# Define the release stage that runs `semantic-release`
- stage: release - stage: release
language: node_js language: node_js
node_js: lts/* node_js: lts/*

+ 16
- 0
.yamllint View File

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
extends: default

# Files to ignore completely
# 1. All YAML files under directory `node_modules/`, introduced during the Travis run
ignore: |
node_modules/

rules:
line-length:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
max: 88

+ 13
- 10
pillar.example View File

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
ufw: ufw:


enabled: True
enabled: true


settings: settings:
loglevel: low loglevel: low
ipv6: True
ipv6: true
default_input_policy: 'DROP' default_input_policy: 'DROP'
default_output_policy: 'ACCEPT' default_output_policy: 'ACCEPT'
default_forward_policy: 'DROP' default_forward_policy: 'DROP'
default_application_policy: 'SKIP' default_application_policy: 'SKIP'
manage_builtins: False
manage_builtins: false
ipt_sysctl: '/etc/ufw/sysctl.conf' ipt_sysctl: '/etc/ufw/sysctl.conf'
ipt_modules: ipt_modules:
- nf_conntrack_ftp - nf_conntrack_ftp
# Deny from a specific port, by number. # Deny from a specific port, by number.
140: 140:
protocol: tcp protocol: tcp
deny: True
deny: true


# Deny everything from a specific ip address # Deny everything from a specific ip address
'*': '*':
protocol: tcp protocol: tcp
deny: True
deny: true
from_addr: 10.0.0.1 from_addr: 10.0.0.1


# Deny everything from multiple ip addresses and avoid # Deny everything from multiple ip addresses and avoid
'*/multiple': '*/multiple':
to_port: '*' to_port: '*'
protocol: tcp protocol: tcp
deny: True
deny: true
from_addr: from_addr:
- 10.0.0.2 - 10.0.0.2
- 10.0.0.3 - 10.0.0.3


# Limit a specific port, by number. # Limit a specific port, by number.
170: 170:
limit: True
limit: true
protocol: tcp protocol: tcp
comment: Print service comment: Print service


# Allow applications defined at /etc/ufw/applications.d/ # Allow applications defined at /etc/ufw/applications.d/
applications: applications:
OpenSSH: OpenSSH:
enabled: True
enabled: true
comment: We are using fail2ban anyway comment: We are using fail2ban anyway


# Limit access to salt master # Limit access to salt master
Saltmaster: Saltmaster:
limit: True
limit: true


# Deny access to Postgresql # Deny access to Postgresql
Postgresql: Postgresql:
deny: True
deny: true


# Allow all traffic in on the specified interface # Allow all traffic in on the specified interface
interfaces: interfaces:

+ 3
- 0
test/integration/default/inspec.yml View File

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: default name: default
title: ufw formula title: ufw formula
maintainer: SaltStack Formulas maintainer: SaltStack Formulas

+ 10
- 7
test/salt/pillar/default.sls View File

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
ufw: ufw:
enabled: True
enabled: true
settings: settings:
loglevel: 'low' loglevel: 'low'
applications: applications:
MySQL: MySQL:
comment: Allow MySQL comment: Allow MySQL
Postgresql: Postgresql:
limit: True
limit: true
comment: Limit Postgresql comment: Limit Postgresql
SSH223: SSH223:
deny: True
deny: true
comment: Deny Webscale SSH comment: Deny Webscale SSH
'*': '*':
deny: True
deny: true
from_addr: 10.0.0.0/8 from_addr: 10.0.0.0/8
services: services:
'*': '*':
deny: True
deny: true
from_addr: from_addr:
- 10.0.0.1 - 10.0.0.1
- 10.0.0.2 - 10.0.0.2
'22': '22':
protocol: tcp protocol: tcp
limit: True
limit: true
comment: Limit SSH comment: Limit SSH
'80': '80':
protocol: tcp protocol: tcp
deny: True
deny: true
comment: Deny HTTP comment: Deny HTTP
'443': '443':
protocol: tcp protocol: tcp

Loading…
Cancel
Save