Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

173 lines
4.8KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=yaml
  3. ---
  4. # For help on this file's format, see https://kitchen.ci/
  5. driver:
  6. name: docker
  7. use_sudo: false
  8. privileged: true
  9. run_command: /lib/systemd/systemd
  10. # Make sure the platforms listed below match up with
  11. # the `env.matrix` instances defined in `.travis.yml`
  12. platforms:
  13. ## SALT `develop`
  14. - name: debian-9-develop-py3
  15. driver:
  16. image: netmanagers/salt-develop-py3:debian-9
  17. provision_command:
  18. - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  19. - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
  20. - name: ubuntu-1804-develop-py3
  21. driver:
  22. image: netmanagers/salt-develop-py3:ubuntu-18.04
  23. provision_command:
  24. - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  25. - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
  26. - name: centos-7-develop-py3
  27. driver:
  28. image: netmanagers/salt-develop-py3:centos-7
  29. provision_command:
  30. - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  31. - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
  32. - name: fedora-29-develop-py3
  33. driver:
  34. image: netmanagers/salt-develop-py3:fedora-29
  35. provision_command:
  36. - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  37. - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
  38. - name: opensuse-leap-15-develop-py3
  39. driver:
  40. image: netmanagers/salt-develop-py3:opensuse-leap-15
  41. provision_command:
  42. - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
  43. - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
  44. run_command: /usr/lib/systemd/systemd
  45. ## SALT 2019.2
  46. - name: debian-9-2019-2-py3
  47. driver:
  48. image: netmanagers/salt-2019.2-py3:debian-9
  49. - name: ubuntu-1804-2019-2-py3
  50. driver:
  51. image: netmanagers/salt-2019.2-py3:ubuntu-18.04
  52. - name: centos-7-2019-2-py3
  53. driver:
  54. image: netmanagers/salt-2019.2-py3:centos-7
  55. - name: fedora-29-2019-2-py3
  56. driver:
  57. image: netmanagers/salt-2019.2-py3:fedora-29
  58. - name: opensuse-leap-15-2019-2-py3
  59. driver:
  60. image: netmanagers/salt-2019.2-py3:opensuse-leap-15
  61. run_command: /usr/lib/systemd/systemd
  62. ## SALT 2018.3
  63. - name: debian-9-2018-3-py2
  64. driver:
  65. image: netmanagers/salt-2018.3-py2:debian-9
  66. - name: ubuntu-1604-2018-3-py2
  67. driver:
  68. image: netmanagers/salt-2018.3-py2:ubuntu-16.04
  69. - name: centos-7-2018-3-py2
  70. driver:
  71. image: netmanagers/salt-2018.3-py2:centos-7
  72. - name: fedora-29-2018-3-py2
  73. driver:
  74. image: netmanagers/salt-2018.3-py2:fedora-29
  75. # TODO: Use this when fixed instead of `opensuse-leap-42`
  76. # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
  77. # - name: opensuse-leap-15-2018-3-py2
  78. # driver:
  79. # image: netmanagers/salt-2018.3-py2:opensuse-leap-15
  80. # run_command: /usr/lib/systemd/systemd
  81. - name: opensuse-leap-42-2018-3-py2
  82. driver:
  83. image: netmanagers/salt-2018.3-py2:opensuse-leap-42
  84. run_command: /usr/lib/systemd/systemd
  85. ## SALT 2017.7
  86. - name: debian-8-2017-7-py2
  87. driver:
  88. image: netmanagers/salt-2017.7-py2:debian-8
  89. - name: ubuntu-1604-2017-7-py2
  90. driver:
  91. image: netmanagers/salt-2017.7-py2:ubuntu-16.04
  92. - name: centos-6-2017-7-py2
  93. driver:
  94. image: netmanagers/salt-2017.7-py2:centos-6
  95. run_command: /sbin/init
  96. - name: fedora-28-2017-7-py2
  97. driver:
  98. image: netmanagers/salt-2017.7-py2:fedora-28
  99. - name: opensuse-leap-42-2017-7-py2
  100. driver:
  101. image: netmanagers/salt-2017.7-py2:opensuse-leap-42
  102. run_command: /usr/lib/systemd/systemd
  103. provisioner:
  104. name: salt_solo
  105. log_level: info
  106. salt_install: none
  107. require_chef: false
  108. formula: ufw
  109. salt_copy_filter:
  110. - .kitchen
  111. - .git
  112. state_top:
  113. base:
  114. '*':
  115. - ufw
  116. pillars:
  117. top.sls:
  118. base:
  119. '*':
  120. - ufw
  121. ufw.sls:
  122. ufw:
  123. enabled: True
  124. settings:
  125. loglevel: 'low'
  126. applications:
  127. MySQL:
  128. comment: Allow MySQL
  129. Postgresql:
  130. limit: True
  131. comment: Limit Postgresql
  132. SSH223:
  133. deny: True
  134. comment: Deny Webscale SSH
  135. '*':
  136. deny: True
  137. from_addr: 10.0.0.0/8
  138. services:
  139. '*':
  140. deny: True
  141. from_addr:
  142. - 10.0.0.1
  143. - 10.0.0.2
  144. '22':
  145. protocol: tcp
  146. limit: True
  147. comment: Limit SSH
  148. '80':
  149. protocol: tcp
  150. deny: True
  151. comment: Deny HTTP
  152. '443':
  153. protocol: tcp
  154. comment: Allow HTTPS
  155. verifier:
  156. # https://www.inspec.io/
  157. name: inspec
  158. sudo: true
  159. # cli, documentation, html, progress, json, json-min, json-rspec, junit
  160. reporter:
  161. - cli
  162. inspec_tests:
  163. - path: test/integration/default
  164. suites:
  165. - name: default