-
Notifications
You must be signed in to change notification settings - Fork 36
/
pillar.example
191 lines (177 loc) · 4.81 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
systemd:
## tofs pattern
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# dirs:
# files: files_alt
# default: default_alt
source_files:
networkd:
- 'alt_network'
resolved:
- 'alt_resolved.conf'
timesyncd:
- 'alt_timesyncd.conf'
## units
# The valid units type are listed in
# https://github.com/saltstack-formulas/systemd-formula/blob/master/systemd/units/unittypes.yaml
service:
syncthing-someuser:
# these two parameters are passed to systemctl to manage the unit status
# (enabled / disabled) and (running / stopped) and are not passed to the
# service file contents.
# Default to
# enabled: true
# status: stop
# to be backward compatible
enabled: true
status: stop
Unit:
Description: Syncthing P2P sync service for someuser
After: network.target
Service:
ExecStart: /usr/bin/syncthing
User: someuser
Group: someuser
Environment: STNORESTART=yes HOME=/home/someuser
Install:
WantedBy: multi-user.target
rsync:
status: start
Unit:
Description: fast remote file copy program daemon
Documentation: 'man:rsync(1) man:rsyncd.conf(5)'
ConditionPathExists:
- /etc/rsyncd.conf
- /etc/passwd
After: network.target
Service:
ExecStart: /usr/bin/rsync --daemon --no-detach
Install:
WantedBy: multi-user.target
systemd-journald:
enabled: true
status: start
dropin: true
Unit:
Description: Fancy new description
Service:
WatchdocSec: 2min
RestartSec: 2
path:
trigger-service-on-changes:
# this parameter is passed to systemctl to enable/disable the unit
# Defaults to
# enabled: true
# to be backward compatible
# enabled: true
Path:
PathModified: /path/to/watch
Unit: oneshot_service_to_trigger.service
Install:
WantedBy: multi-user.target
## resolved
resolved:
config_source: pillar
config:
DNS: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
FallbackDNS: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
Domains: ''
LLMNR: 'no'
MulticastDNS: 'no'
DNSSEC: 'allow-downgrade'
DNSOverTLS: 'off'
Cache: 'yes'
DNSStubListener: 'yes'
ReadEtcHosts: 'yes'
## timesyncd
timesyncd:
timezone: 'UTC'
config_source: pillar
config:
NTP: 0.europe.pool.ntp.org 1.europe.pool.ntp.org 2.europe.pool.ntp.org
FallbackNTP: 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org
RootDistanceMaxSec: 5
PollIntervalMinSec: 32
PollIntervalMaxSec: 2048
## networkd
networkd:
fileattr:
br0.network:
user: systemd-network
group: systemd-network
mode: "0600"
profiles:
network:
# br0.network
br0:
- Match:
- Name: br0
- Network:
- DHCP: "yes"
netdev:
# br0.netdev
br0:
- NetDev:
- Name: br0
- Kind: bridge
- Bridge:
- HelloTimeSec: 0
- MaxAgeSec: 0
- ForwardDelaySec: 0
- STP: 'no'
link:
# 10-dmz.link
10-dmz:
- Match:
- MACAddress: '00:a0:de:63:7a:e6'
- Link:
- Name: dmz0
# 10-internet.link
10-internet:
- Match:
- Path: 'pci-0000:00:1a.0-*'
- Link:
- Name: internet0
## journald
journald:
config_source: pillar
config:
SplitMode: uid
SyncIntervalSec: 5m
RateLimitIntervalSec: 30s
RateLimitBurst: 10000
SystemMaxUse: 2g
SystemKeepFree: 3g
SystemMaxFileSize: 4g
SystemMaxFiles: 100
RuntimeMaxFiles: 100
MaxFileSec: 1month
ForwardToSyslog: 'yes'
ForwardToKMsg: 'no'
ForwardToConsole: 'no'
ForwardToWall: 'yes'
TTYPath: /dev/console
MaxLevelStore: debug
MaxLevelSyslog: debug
MaxLevelKMsg: notice
MaxLevelConsole: info
MaxLevelWall: emerg
LineMax: 48K
ReadKMsg: 'yes'
Audit: 'no'