Remove nginx configuration capabilities.

In addition the whole vagrant setup was dropped, since it was based on debian lenny.

Remove nginx configuration capabilities.
e6420a56 · Dennis Ahrens · e5657adf · e5657adf · e5657adf · e5657adf
Commit e6420a56 authored 2 years ago by Dennis Ahrens
--- a/.saltstack/master
+++ b/.saltstack/master
-auto_accept: True
--- a/.saltstack/minion
+++ b/.saltstack/minion
-master: 10.0.0.5
--- a/.saltstack/pillar/postgrest.sls
+++ b/.saltstack/pillar/postgrest.sls
-../../pillar.example
\ No newline at end of file
--- a/.saltstack/pillar/sslcert/cert.pem
+++ b/.saltstack/pillar/sslcert/cert.pem
-----BEGIN CERTIFICATE-----
-MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
-BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
-BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
-VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
-NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
-bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
-ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
-Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
-o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
-IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
-Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
-5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
-rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
-UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
-NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
-sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
-U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
-2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
-aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
-o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
-x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
-mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
-E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
-T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
-R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
-ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
-nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
-2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
-/FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
-Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
-----END CERTIFICATE-----
--- a/.saltstack/pillar/sslcert/dhparam.pem
+++ b/.saltstack/pillar/sslcert/dhparam.pem
-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
-j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
-LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
-iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
-kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
-kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
-----END DH PARAMETERS-----
--- a/.saltstack/pillar/sslcert/key.pem
+++ b/.saltstack/pillar/sslcert/key.pem
-----BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
-z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
-fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
-5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
-uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
-qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
-pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
-9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
-k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
-nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
-oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
-YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
-nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
-G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
-uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
-HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
-o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
-cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
-Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
-T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
-pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
-R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
-NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
-G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
-2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
-eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
-Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
-IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
-h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
-ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
-MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
-EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
-dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
-I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
-aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
-snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
-DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
-i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
-td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
-d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
-VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
-lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
-Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
-v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
-OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
-+xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
-pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
-hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
-gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
-tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
-----END PRIVATE KEY-----
--- a/.saltstack/pillar/sslcert/new_cert.sh
+++ b/.saltstack/pillar/sslcert/new_cert.sh
-#!/bin/bash
-openssl req -newkey rsa:4096 -x509 -keyout key.pem -new -out cert.pem -reqexts SAN -extensions SAN -days 3650 -nodes -subj "/C=DE/ST=Niedersachsen/L=Hannover/O=Hochschule Hannover/CN=apiv2.postgrest.local" -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:apiv2.postgrest.local,DNS:icmscache.postgrest.local"))
-openssl dhparam -out dhparam.pem 2048
--- a/.saltstack/pillar/sslcert/postgrest.sls
+++ b/.saltstack/pillar/sslcert/postgrest.sls
-sslcert:
-  postgrest:
-    fqdns:
-      - apiv2.postgrest.local
-      - icmscache.postgrest.local
-    key: |
-      -----BEGIN PRIVATE KEY-----
-      MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDm73oZddpOSRUQ
-      z2Wh8fDuAolV2H1G7YO5vEKuvjYOISDbNJFHzmcc3ezVghGWcNzk6EWjzxGs6FpI
-      fOdow/7Sd4rm5aXE4mafSsoNEqNSdONLD8k2fm3onPJFBFraSgMrvatK5Z/fmLBX
-      5XmRNZLd0U1wevsaKy1cXFGo8CAAKgSCEiskSIvXRkyWpIq9ULcsT0VoinzWflsJ
-      uAu1AZxjlJ9ko2r8WT0T9MJOexKuwMMsrg4nPXTA+U/6mloilGNDs8z9zrjPHrzc
-      qwFfDWq0/SIpaBt0wYfqhyiuReafw7YBjnVvmfj+J9Wr3ZHxHWRE7i03BPDuslFf
-      pxhBrlgz8kqc3uE1pH+Q3xUAg67a7R17AyA0IZggYcCuhcXG8uda4bZndRTDlMf0
-      9BrJ4EwgAiTSfHvAipDV9/OyZFHEh0lLf9cIqeFggtc+2LijMjGrNdlkcjfNjQnl
-      k+5VWxRjVZxlIzrpQibDAGA2VzS1bNkiAcuiw0jlXogjryVn7eZ5KZz7UhMu6mor
-      nwdiDLb9Ezc7JnyYhqszAmkDbbMdG4BUDwNnUhfOefzCBtNTrMy3SLOFvrBcRkBF
-      oidvCogoIdKa/tIOwlmmnPtABFNNYrmhOymmlfDYczrVvSUEaO0loZolhelbjfmD
-      YAZSHj3INH1cQiA4NO7Q095eONnmNwIDAQABAoICAAJp7F/JwI9i6ipz0H8h1T/X
-      nPHdwml0YBUX56aF7HC3Xe2MnhwfByrhEvGkW2S0J0rpNpkgt/GTuCXb0Fti+Q3g
-      G/6P1ey55RKzKGt8j2J0QE/viU3dgm6U/V9FTWHMtj3FzL2KquIeaXFxv5SJ99AD
-      uQh88JT0cJPvjxbx85Os3MEzSWomq/eDD5fffme+KTv4VCRklitzxKXUW6L3slfE
-      HOpjXuHmWOIVg9ZoKOjUsPWNmC5G0SqXMIPRCzIjVOpHPdRFTd80VgsEao5AyKW9
-      o5bFNMxCnZYQ9ZbkuiVfWU6o24dgF58ocW5LcZQQl5S03JofnhkQmhMi3vkIxnk3
-      cNy5lOob4OcVH8Mlc/TmMaSOhQgp6BVee90CV+mQLvrvpNWFnv0hBsneKfQwHrWa
-      Z3crGYEOKcxwemdZKhQokjoLjwuklwnEO/BOH0rkSHgCZ6z+G/KILZSjUMI8Ke4z
-      T8Hlss600QfPsxjMLkj67qI+p7o9NQAsSfHydrdV2e9Lzk+3rTUSNvrMfhsZENp8
-      pfbeskreu+IGxpUi1WBTU7GlqYAUMSTkv/XcrfdhZOq+tKlmBaufSHMpGDnB1QGz
-      R/oSjO40rhdltmFSM+7T7U2KarOvnbW29ogaB/pgKzZsQoRHZIo3RQtglxq/mc6G
-      NRNYHG8Gv5NaYApzupGJAoIBAQD07Q0SGxaVYg09llbjKT6I3zrA/5ZYMHyL0iAj
-      G0ccTezl0KTDS+zVzzPQ7iqR+3L4Xj+cQJiqFYAhxMcuVtI1Y0Db6Zeua5r7ACns
-      2G2lw6E6ntk+LuqJ3ySlNU5lFdQzY5OeeVWNEjvWQ5eGZt5hTdDaLfO6L9ZBlHJR
-      eZ4CFvV0GnYPmvqGE/h48DnxkUDXHL/q52EaS2aD7BXLvrbSi1gLAvA5inWRgInv
-      Ci9RQT7A3wywl7Gi+HeLlMJgU35/IR9LaYrJGa/LDi3SGcw3gH0d/bPsAdjF9S3B
-      IFiPTwtn14OUiwsUQ6NC6mAu+U9MPT97XwBtkOGeuIQsYKPLAoIBAQDxYH1SU+C5
-      h0rQpE67ZDfNzdqLh+HTxtYTgl25ZiSdN3g3CBS+TNs5lWI6yRSgko36Db2kjs/N
-      ef0pNVZBx6A7VM6NGLfAh/NlkV4l9ALhgP1SbHlYTugylnRbs5bfgljae6MBsJuy
-      MFKSCn7yCNP5YEXVx/Qy3X6/eiURLwpc8pbdpRTGDEsIAhttgdIV7vcYbmAT6FhN
-      EubIQem9ay8Vv+zvBKxHjs9q+BD8kW9XUpzsNZoPkMOx1CizBLcbiC1zuZKsrh53
-      dQD73bxlVGav2Iu9aHPaXp5B6/BGu6SxyHxWjzsz9XHO0mkIX9YD/Qtmt98K2vQR
-      I5iFuYlpJjHFAoIBAAFCasvKCd6wx2KmsEGwx5qKk1HEvrArZ6iMZw/nJwF1QR+Z
-      aA99B3W+AAU2BFAF2/x895TFHEPbonIKAgAyABi4LvAyjk4eTYi24oBOSJoOnHih
-      snpIYXpeBGE5GfMZHqM5AtxQwWjdTCN464GMa95SOR22GMe/UTm7Gq9ikbZvCcoU
-      DMFdyaYA2kk86v9cANpaUn5RvEUXWCqbfy0yCNyiTMyZskSJertJzuvEwKOJU1pI
-      i1cpIIe3AV5dYHaAV2kt8WxA2a7ZC/deVkv7R/qNFZee41r2U3gJH7gbg3kRLfzV
-      td6ArIjpJCDG9cGoFIlO01G+FlF56j8Xsc5MnOsCggEAWBds5VTzWQKFTWwJx94l
-      d5i/P9kRk+anTmtvpTAgALizyPHMED+gan2YYffs7UVPR4koQxxTvpvcxuNOXadr
-      VPv4fgodVcjIDbNl9tf9DSu0SBaKmq4BlCTQxn7eeyfpIaOps/4udHOqTt5Bwjdy
-      lTqLgh/9gWrQzTTYvlK6p31pje6njDgEUiHivK56a8LQrzvpGJrdTxOs4j0b/yNV
-      Bc0LvZepAFygWlu6Z1L0nZvq5VISrceZhBb3243G/edPH0MEwryxJcuv1jvwe9K3
-      v0l6hl/OmE2b2FcxU787th6DMlwHsUjMhjzIVGQViVMajBxi7GVIWdDx4yv5eESW
-      OQKCAQEA5OYP+oCi5mmuLHqQJzYetbq9wIg01gpQpKkQK5n2B/6A13IVxoBppd8p
-      +xH3UekLrTw7TymqAYKWYORap2vD3vjcUqOJ3AxXsiXX49Ook6Q6qHlL5Ynhxuob
-      pf0vvP8eRR+SGdueVfbcMHb3NjaOAoJKDlpee6bxYmDVOWWyIoQ42IaniOn9ar37
-      hzxz0Xa2XsBcIc9quXtFcR/u7gGqXs+EjZPzdFirTUXywc0d3rPXDRlQvHDuedhn
-      gEo51PZ0A8srnCglRqm1oV2++meng89A5O48MEjgWlvhAcD2ck4ToChEmhWoZAxR
-      tJE4tKgPbG4Vctz6vNkdEkG5oAVYQQ==
-      -----END PRIVATE KEY-----
-    pem: |
-      -----BEGIN CERTIFICATE-----
-      MIIFuTCCA6GgAwIBAgIUcUudURLszmTKTnF9Q3W009BYOsQwDQYJKoZIhvcNAQEL
-      BQAwdjELMAkGA1UEBhMCREUxFjAUBgNVBAgMDU5pZWRlcnNhY2hzZW4xETAPBgNV
-      BAcMCEhhbm5vdmVyMRwwGgYDVQQKDBNIb2Noc2NodWxlIEhhbm5vdmVyMR4wHAYD
-      VQQDDBVhcGl2Mi5wb3N0Z3Jlc3QubG9jYWwwHhcNMTkwNDA4MDkzNDMzWhcNMjkw
-      NDA1MDkzNDMzWjB2MQswCQYDVQQGEwJERTEWMBQGA1UECAwNTmllZGVyc2FjaHNl
-      bjERMA8GA1UEBwwISGFubm92ZXIxHDAaBgNVBAoME0hvY2hzY2h1bGUgSGFubm92
-      ZXIxHjAcBgNVBAMMFWFwaXYyLnBvc3RncmVzdC5sb2NhbDCCAiIwDQYJKoZIhvcN
-      AQEBBQADggIPADCCAgoCggIBAObvehl12k5JFRDPZaHx8O4CiVXYfUbtg7m8Qq6+
-      Ng4hINs0kUfOZxzd7NWCEZZw3OToRaPPEazoWkh852jD/tJ3iublpcTiZp9Kyg0S
-      o1J040sPyTZ+beic8kUEWtpKAyu9q0rln9+YsFfleZE1kt3RTXB6+xorLVxcUajw
-      IAAqBIISKyRIi9dGTJakir1QtyxPRWiKfNZ+Wwm4C7UBnGOUn2SjavxZPRP0wk57
-      Eq7AwyyuDic9dMD5T/qaWiKUY0OzzP3OuM8evNyrAV8NarT9IiloG3TBh+qHKK5F
-      5p/DtgGOdW+Z+P4n1avdkfEdZETuLTcE8O6yUV+nGEGuWDPySpze4TWkf5DfFQCD
-      rtrtHXsDIDQhmCBhwK6Fxcby51rhtmd1FMOUx/T0GsngTCACJNJ8e8CKkNX387Jk
-      UcSHSUt/1wip4WCC1z7YuKMyMas12WRyN82NCeWT7lVbFGNVnGUjOulCJsMAYDZX
-      NLVs2SIBy6LDSOVeiCOvJWft5nkpnPtSEy7qaiufB2IMtv0TNzsmfJiGqzMCaQNt
-      sx0bgFQPA2dSF855/MIG01OszLdIs4W+sFxGQEWiJ28KiCgh0pr+0g7CWaac+0AE
-      U01iuaE7KaaV8NhzOtW9JQRo7SWhmiWF6VuN+YNgBlIePcg0fVxCIDg07tDT3l44
-      2eY3AgMBAAGjPzA9MDsGA1UdEQQ0MDKCFWFwaXYyLnBvc3RncmVzdC5sb2NhbIIZ
-      aWNtc2NhY2hlLnBvc3RncmVzdC5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEApOJ4
-      o0YwOvR534c9EvAKN4tiXgQKEmyjmdfS0741JH0t3gAhrEX6KVAX7Vf99x6CZcS1
-      x+czf1my3EIZpwQolBEpf73Xtjppn1Y5GlEVb3S15pIW8Pglj262p3XtpzSlfq8v
-      mcYiC9JOaruseSIKc8xKuTmwgU8n6rQTKfMvg3wetTlgGji/GeD40+paGDSqtikP
-      E+pve0cgcQqDA3cYwT9LNvN2BGhi4KU9O0poSJYMqXR4ErzI+ZAxj82vkcsxmDba
-      T1tjvrmUscZ2LX2dIrgs/jbRSugQiPUmuhE0s4TJfLtJCPOnvPzDmiCf47oiOz+G
-      R6FJo/yDZr0tdS5RNoFZsngS/N6rbPkooQrfPfHVnlRHR3foUR2bJQp2PKxqqtLQ
-      ENjbdeLDQCqMDo0BMXvZvgGek4vA+W21FteqskTnOKU+Yv3sUTJVKHmxtTXciz6a
-      nmKCOYtTB+kHbNyz+ovGUZ/oRK4t8xwgpKL6c09OX7k/pvnb8VnYeUDLE1wfW+n4
-      2o3fk+oiPkFU79g5u748ZGDE2U3Pl460hsAfV31QjERbSHr7DwVF7dpnE9jH+tu+
-      /FWMLpovASWCdh9tDoR9XzonmF72E+gKcYww2M1GSGQQm/4oJYmNIlAZd8lEB4Wh
-      Gz30Lx+MReUNuzvChwap0oSq0axECnEsVPvRYUs=
-      -----END CERTIFICATE-----
-    dhparam: |
-      -----BEGIN DH PARAMETERS-----
-      MIIBCAKCAQEA9b8X8Plp+vLeVpQf8Nz2u9+lt8eF6BYj517XzJX8MsgPI1XU7dA4
-      j75yitn1kd3R8q/PyTQgmbRdh54EfNEfiCnbY/2X+0c4L1rZqXx+GeUdAAXgjuye
-      LjA/zd0RprK6TOpIOYQ7MO4P35T8Ora8jDXvf/Q386vCRQ5fiuVR5+nH9R4KBi7H
-      iqM9N5dyhRNJIZZMeQ0T+zmeywazeicYszKunJqjQ0jZ1D+J1UUTHjH6/Lp1lVqA
-      kJHCWa7GkBOfROmYFjeJ3v5Hfjkry/uXtvVoVfFIUGA4dPoCBRLzfNAGMhPzx0Gr
-      kaW8ir0Mykld8mdgoCThKuHPhUnJ3wWamwIBAg==
-      -----END DH PARAMETERS-----
--- a/.saltstack/pillar/top.sls
+++ b/.saltstack/pillar/top.sls
-base:
-  postgrest*:
-    - sslcert.postgrest
-    - postgrest
--- a/.saltstack/salt/postgrest
+++ b/.saltstack/salt/postgrest
-../../postgrest
\ No newline at end of file
--- a/.saltstack/salt/sslcert.sls
+++ b/.saltstack/salt/sslcert.sls
-{% if salt['pillar.get']('sslcert') %}
-
-sslcert_create_dir:
-  file.directory:
-    - name: /root/certs/
-    - user: root
-    - group: root
-
-{% for app_name, cert in salt['pillar.get']('sslcert').iteritems() %}
-
-sslcert_{{ app_name }}_pem:
-  file.managed:
-    - name: /root/certs/{{ app_name }}.pem
-    - user: root
-    - group: root
-    - mode: 600
-    - show_diff: False
-    - contents_pillar: sslcert:{{ app_name }}:pem
-    - requires:
-      - file: sslcert_create_dir
-
-sslcert_{{ app_name }}_key:
-  file.managed:
-    - name: /root/certs/{{ app_name }}.key
-    - user: root
-    - group: root
-    - mode: 600
-    - show_diff: False
-    - contents_pillar: sslcert:{{ app_name }}:key
-    - requires:
-      - file: sslcert_create_dir
-
-{% if cert.dhparam is defined %}
-sslcert_{{ app_name }}_dhparam:
-  file.managed:
-    - name: /root/certs/{{ app_name }}.dhparam.pem
-    - user: root
-    - group: root
-    - mode: 600
-    - show_diff: False
-    - contents_pillar: sslcert:{{ app_name }}:dhparam
-    - requires:
-      - file: sslcert_create_dir
-{% endif %}
-
-{% if cert.client_ca is defined %}
-ssl_cert_{{ app_name }}_client_ca:
-  file.managed:
-    - name: /root/certs/{{ app_name }}.client_ca.pem
-    - user: root
-    - group: root
-    - mode: 600
-    - show_diff: False
-    - contents_pillar: sslcert:{{ app_name }}:client_ca
-    - requires:
-      - file: sslcert_create_dir
-{% endif %}
-{% endfor %}
-{% endif %}
--- a/.saltstack/salt/top.sls
+++ b/.saltstack/salt/top.sls
-base:
-  'postgrest*':
-    - postgrest
-    - sslcert
--- a/README.md
+++ b/README.md
@@ -4,13 +4,13 @@ The postgrest-formula is used to deploy postgREST instances.

 Have a look at the pillar.example (which is used for testing as well) to get an idea of how it works.

-**/srv/pillar/postgrest/your\_instance.sls:**
+**/srv/pillar/postgrest/your_instance.sls:**

 ```yaml
 postgrest:
  your_instance:
    tag: v5.2.0
-    hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
+    hash: "5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38"
    config:
      db-uri: "postgres://api_v2_authenticator@127.0.0.1/api_db"
      db-schema: "api_v2"
@@ -23,7 +23,7 @@ postgrest:

 ```yaml
 base:
-  'your_instance*':
+  "your_instance*":
    - postgrest.your_instance
 ```

@@ -40,6 +40,7 @@ base:
 `config`: This is postgREST specific configuration as explained [here](http://postgrest.org/en/stable/install.html#configuration)

 #### How do I know the `jwt-secret` though?
+
 You don't. You generate it: `pwgen -sn 32`

 ## Development
@@ -76,8 +77,4 @@ You can access your PostgREST instances at:

 ### nginx

-This formula is capable of installing and configuring nginx.
-Therefore you need to have an `nginx` block below your instance configuration as
-you can see in `pillar.example`.
-If you omit this block the formula does not care about nginx.
-This is useful, if you want to use the nginx formula.
+Use the nginx-formula to get an TLS terminating reverse proxy in front.
--- a/Vagrantfile
+++ b/Vagrantfile
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  # salt master
-  config.vm.define "saltmaster" do |saltmaster_cfg|
-    saltmaster_cfg.vm.box = "debian/jessie64"
-
-    saltmaster_cfg.vm.synced_folder ".saltstack/salt/", "/srv/salt", type: "rsync"
-    saltmaster_cfg.vm.synced_folder ".saltstack/pillar/", "/srv/pillar", type: "rsync"
-
-    saltmaster_cfg.vm.hostname = "saltmaster"
-    saltmaster_cfg.vm.network "private_network", ip: "10.0.0.5"
-    saltmaster_cfg.vm.provision :salt do |salt|
-      salt.install_master = true
-      salt.no_minion = true
-      salt.master_config = ".saltstack/master"
-    end
-  end
-
-  # postgrest test minion
-  (1..2).each do |i|
-    config.vm.define "postgrest-0#{i}" do |postgrest|
-      postgrest.vm.box = "debian/jessie64"
-      postgrest.vm.hostname = "postgrest-0#{i}"
-      postgrest.vm.network "forwarded_port", guest: 80, host: "800#{i}".to_i, host_ip:"127.0.0.1"
-      postgrest.vm.network "forwarded_port", guest: 443, host: "443#{i}".to_i, host_ip:"127.0.0.1"
-      postgrest.vm.network "private_network", type: "dhcp"
-      postgrest.vm.provision :salt do |salt|
-        salt.install_master = false
-        salt.minion_config = ".saltstack/minion"
-        salt.run_highstate = false
-      end
-      # Ensure these states are run in the correct order, highstating does not work here
-      postgrest.vm.provision "shell", inline: "salt-call state.sls sslcert,postgrest"
-      postgrest.vm.provision "shell", inline: "systemctl start api_v2-postgrest.service"
-      postgrest.vm.provision "shell", inline: "systemctl start icmscache-postgrest.service"
-    end
-  end
-end
--- a/pillar.example
+++ b/pillar.example
@@ -9,14 +9,6 @@ postgrest:
        jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
        db-anon-role: "api_v2_anonymous"

-      nginx:
-        ssl_cert_name: postgrest
-        http: false
-        https: true
-        redirect_to_https: true
-        fqdn: apiv2.postgrest.local
-
-
    icmscache:
      tag: v5.2.0
      hash: '5f564d1c6dfad2fd25d5394c2cae42ebe0d736342eba25742cd45d2cbf61cf38'
@@ -26,10 +18,3 @@ postgrest:
        jwt-secret: "aimi6fiep2ohPahqu6Jithahphai1aJe"
        db-anon-role: "icmscache_anonymous"
        server-port: 3001
-
-      nginx:
-        ssl_cert_name: postgrest
-        http: false
-        https: true
-        redirect_to_https: true
-        fqdn: icmscache.postgrest.local
--- a/postgrest/init.sls
+++ b/postgrest/init.sls
 include:
  - postgrest.common
-  - postgrest.nginx
  - postgrest.postgrest
--- a/postgrest/nginx.sls
+++ b/postgrest/nginx.sls
-{% for instance_name, instance_conf in salt['pillar.get']("postgrest:instances").items() %}
-{% if instance_conf.nginx is defined %}
-
-postgrest_nginx_package:
-  pkg.installed:
-    - pkgs:
-      - nginx
-
-postgrest_{{ instance_name }}_nginx_conf:
-  file.managed:
-    - name: /etc/nginx/sites-available/{{ instance_name }}.conf
-    - source: salt://postgrest/tpl/nginx.conf
-    - template: jinja
-    - context:
-      nginx_conf: {{ instance_conf.nginx }}
-      postgrest_port: {{ instance_conf.config.get('server-port', '3000') }}
-      instance_name: {{ instance_name }}
-    - mode: 644
-    - user: root
-    - group: root
-    - require:
-      - pkg: postgrest_packages
-
-postgrest_{{ instance_name }}_nginx_enable:
-  file.symlink:
-    - name: /etc/nginx/sites-enabled/{{ instance_name }}.conf
-    - target: /etc/nginx/sites-available/{{ instance_name }}.conf
-
-postgrest_{{ instance_name }}_nginx_running:
-  service.running:
-    - name: nginx
-    - reload: True
-    - watch:
-      - file: /etc/nginx/sites-enabled/*
-{% endif %}
-{% endfor %}
--- a/postgrest/tpl/nginx.conf
+++ b/postgrest/tpl/nginx.conf
-# This file is written by salt. Don't even think about it.
-upstream postgrest_{{ instance_name }} {
-    server                      127.0.0.1:{{ postgrest_port }};
-    keepalive                   64;
-}
-
-{% if nginx_conf.http or nginx_conf.redirect_to_https %}
-server {
-    listen                      {{ nginx_conf.get('http_port', '80') }};
-    server_name                 {{ nginx_conf.fqdn }};
-    {% if nginx_conf.redirect_to_https %}
-    return                      301 https://$server_name$request_uri;
-    {% elif nginx_conf.http %}
-    location / {
-        default_type            application/json;
-        proxy_hide_header       Content-Location;
-        add_header              Content-Location /$upstream_http_content_location;
-        proxy_pass              http://postgrest_{{ instance_name }};
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_http_version      1.1;
-        proxy_set_header        Upgrade $http_upgrade;
-        proxy_set_header        Connection "upgrade";
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-    }
-    {% endif %}
-}
-{% endif %}
-
-{% if nginx_conf.https %}
-server {
-    server_name                 {{ nginx_conf.fqdn }};
-    listen                      {{ nginx_conf.get('https_port', '443') }};
-
-    ssl_session_cache           shared:SSL:50m;
-    ssl_session_timeout         5m;
-
-    ssl                         on;
-    ssl_certificate             /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.fullchain.pem;
-    ssl_certificate_key         /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.key;
-
-    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
-    ssl_dhparam                 /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name', instance_name) }}.dhparam.pem;
-    {% if nginx_conf.client_ca is defined %}
-    ssl_verify_client           on;
-    ssl_client_certificate      /etc/hsh-certs/{{ nginx_conf.get('ssl_cert_name'), instance_name }}
-    {% endif %}
-
-    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers   on;
-    ssl_ciphers                 "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-    # don't send the nginx version number in error pages and Server header
-    server_tokens               off;
-    # config to don't allow the browser to render the page inside an frame or iframe
-    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
-    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
-    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
-    add_header                  X-Frame-Options SAMEORIGIN;
-
-    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
-    # to disable content-type sniffing on some browsers.
-    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
-    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
-    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
-    add_header                  X-Content-Type-Options nosniff;
-
-    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
-    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
-    # this particular website if it was disabled by the user.
-    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-    add_header                  X-XSS-Protection "1; mode=block";
-
-    # be as restrictive as possible
-    add_header                  Content_Security_Policy "default-src 'none'";
-
-    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
-    # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
-    add_header                  Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-
-    location / {
-        default_type            application/json;
-        proxy_hide_header       Content-Location;
-        add_header              Content-Location /$upstream_http_content_location;
-        proxy_pass              http://postgrest_{{ instance_name }};
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_http_version      1.1;
-        proxy_set_header        Upgrade $http_upgrade;
-        proxy_set_header        Connection "upgrade";
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-    }
-}
-{% endif %}