initial commit for playground: vagrant with nginx+nodejs+bower

Nikolaus Schlemm
Showing 10 changed files with 497 additions and 0 deletions Show diff stats
.gitignore
Vagrantfile
salt/minion
salt/roots/core.sls
salt/roots/nginx/init.sls
salt/roots/nodejs.sls
salt/roots/playground/init.sls
salt/roots/playground/nginx.conf
salt/roots/python.sls
salt/roots/top.sls
@@ -0,0 +1,2 @@
+.vagrant/
+static/
@@ -0,0 +1,129 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "ubuntu/trusty64"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # If true, then any SSH connections made will enable agent forwarding.
+  # Default value: false
+  config.ssh.forward_agent = true
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+  config.vm.synced_folder '.', '/vagrant' #, nfs: true
+  config.vm.synced_folder "salt/roots/", "/srv/salt/" #, nfs: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Don't boot with headless mode
+  #   vb.gui = true
+  #
+  #   # Use VBoxManage to customize the VM. For example to change memory:
+  #   vb.customize ["modifyvm", :id, "--memory", "1024"]
+  # end
+  #
+  # View the documentation for the provider you're using for more
+  # information on available options.
+
+  config.vm.provision :salt do |salt|
+    salt.minion_config = "salt/minion"
+    salt.run_highstate = true
+  end
+
+  # Enable provisioning with CFEngine. CFEngine Community packages are
+  # automatically installed. For example, configure the host as a
+  # policy server and optionally a policy file to run:
+  #
+  # config.vm.provision "cfengine" do |cf|
+  #   cf.am_policy_hub = true
+  #   # cf.run_file = "motd.cf"
+  # end
+  #
+  # You can also configure and bootstrap a client to an existing
+  # policy server:
+  #
+  # config.vm.provision "cfengine" do |cf|
+  #   cf.policy_server_address = "10.0.2.15"
+  # end
+
+  # Enable provisioning with Puppet stand alone.  Puppet manifests
+  # are contained in a directory path relative to this Vagrantfile.
+  # You will need to create the manifests directory and a manifest in
+  # the file default.pp in the manifests_path directory.
+  #
+  # config.vm.provision "puppet" do |puppet|
+  #   puppet.manifests_path = "manifests"
+  #   puppet.manifest_file  = "default.pp"
+  # end
+
+  # Enable provisioning with chef solo, specifying a cookbooks path, roles
+  # path, and data_bags path (all relative to this Vagrantfile), and adding
+  # some recipes and/or roles.
+  #
+  # config.vm.provision "chef_solo" do |chef|
+  #   chef.cookbooks_path = "../my-recipes/cookbooks"
+  #   chef.roles_path = "../my-recipes/roles"
+  #   chef.data_bags_path = "../my-recipes/data_bags"
+  #   chef.add_recipe "mysql"
+  #   chef.add_role "web"
+  #
+  #   # You may also specify custom JSON attributes:
+  #   chef.json = { mysql_password: "foo" }
+  # end
+
+  # Enable provisioning with chef server, specifying the chef server URL,
+  # and the path to the validation key (relative to this Vagrantfile).
+  #
+  # The Opscode Platform uses HTTPS. Substitute your organization for
+  # ORGNAME in the URL and validation key.
+  #
+  # If you have your own Chef Server, use the appropriate URL, which may be
+  # HTTP instead of HTTPS depending on your configuration. Also change the
+  # validation key to validation.pem.
+  #
+  # config.vm.provision "chef_client" do |chef|
+  #   chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
+  #   chef.validation_key_path = "ORGNAME-validator.pem"
+  # end
+  #
+  # If you're using the Opscode platform, your validator client is
+  # ORGNAME-validator, replacing ORGNAME with your organization name.
+  #
+  # If you have your own Chef Server, the default validation client name is
+  # chef-validator, unless you changed the configuration.
+  #
+  #   chef.validation_client_name = "ORGNAME-validator"
+end
@@ -0,0 +1,220 @@
+##### Primary configuration settings #####
+##########################################
+# Set the location of the salt master server, if the master server cannot be
+# resolved, then the minion will fail to start.
+master: localhost
+
+# Set the port used by the master reply and authentication server
+#master_port: 4506
+
+# The user to run salt
+#user: root
+
+# The root directory prepended to these options: pki_dir, cachedir, log_file.
+#root_dir: /
+
+# The directory to store the pki information in
+#pki_dir: /etc/salt/pki
+
+# Explicitly declare the id for this minion to use, if left commented the id
+# will be the hostname as returned by the python call: socket.getfqdn()
+# Since salt uses detached ids it is possible to run multiple minions on the
+# same machine but with different ids, this can be useful for salt compute
+# clusters.
+#id: testing
+
+# Append a domain to a hostname in the event that it does not exist. This is
+# usefule for systems where socket.getfqdn() does not actually result in a
+# FQDN (for instance, Solaris).
+#append_domain:
+
+# If the the connection to the server is interrupted, the minion will
+# attempt to reconnect. sub_timeout allows you to control the rate
+# of reconnection attempts (in seconds). To disable reconnects, set
+# this value to 0.
+#sub_timeout: 60
+
+# Where cache data goes
+#cachedir: /var/cache/salt
+
+# The minion can locally cache the return data from jobs sent to it, this
+# can be a good way to keep track of jobs the minion has executed
+# (on the minion side). By default this feature is disabled, to enable
+# set cache_jobs to True
+#cache_jobs: False
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the time, in
+# seconds, between those reconnection attempts.
+#acceptance_wait_time = 10
+
+# When healing a dns_check is run, this is to make sure that the originally
+# resolved dns has not changed, if this is something that does not happen in
+# your environment then set this value to False.
+#dns_check: True
+
+
+##### Minion module management #####
+##########################################
+# Disable specific modules. This allows the admin to limit the level of
+# access the master has to the minion
+#disable_modules: [cmd,test]
+#disable_returners: []
+#
+# Modules can be loaded from arbitrary paths. This enables the easy deployment
+# of third party modules. Modules for returners and minions can be loaded.
+# Specify a list of extra directories to search for minion modules and
+# returners. These paths must be fully qualified!
+#module_dirs: []
+#returner_dirs: []
+#states_dirs: []
+#render_dirs: []
+#
+# A module provider can be statically overwritten or extended for the minion
+# via the providers option, in this case the default module will be
+# overwritten by the specified module. In this example the pkg module will
+# be provided by the yumpkg5 module instead of the system default.
+#
+# providers:
+# pkg: yumpkg5
+#
+# Enable Cython modules searching and loading. (Default: False)
+#cython_enable: False
+
+##### State Management Settings #####
+###########################################
+# The state management system executes all of the state templates on the minion
+# to enable more granular control of system state management. The type of
+# template and serialization used for state management needs to be configured
+# on the minion, the default renderer is yaml_jinja. This is a yaml file
+# rendered from a jinja template, the available options are:
+# yaml_jinja
+# yaml_mako
+# json_jinja
+# json_mako
+#
+#renderer: yaml_jinja
+#
+# state_verbose allows for the data returned from the minion to be more
+# verbose. Normaly only states that fail or states that have changes are
+# returned, but setting state_verbose to True will return all states that
+# were checked
+#state_verbose: False
+#
+# autoload_dynamic_modules Turns on automatic loading of modules found in the
+# environments on the master. This is turned on by default, to turn of
+# autoloading modules when states run set this value to False
+#autoload_dynamic_modules: True
+#
+# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
+# the dynamic modules on the master, this means that if a dynamic module is
+# not on the master it will be deleted from the minion. By default this is
+# enabled and can be disabled by changing this value to False
+#clean_dynamic_modules: True
+#
+# Normally the minion is not isolated to any single environment on the master
+# when running states, but the environment can be isolated on the minion side
+# by statically setting it. Remember that the recommended way to manage
+# environments is to issolate via the top file.
+#environment: None
+#
+# If using the local file directory, then the state top file name needs to be
+# defined, by default this is top.sls.
+#state_top: top.sls
+
+##### File Directory Settings #####
+##########################################
+# The Salt Minion can redirect all file server operations to a local directory,
+# this allows for the same state tree that is on the master to be used if
+# coppied completely onto the minion. This is a literal copy of the settings on
+# the master but used to reference a local directory on the minion.
+
+# Set the file client, the client defaults to looking on the master server for
+# files, but can be directed to look at the local file directory setting
+# defined below by setting it to local.
+file_client: local
+
+# The file directory works on environments passed to the minion, each environment
+# can have multiple root directories, the subdirectories in the multiple file
+# roots cannot match, otherwise the downloaded files will not be able to be
+# reliably ensured. A base environment is required to house the top file.
+# Example:
+# file_roots:
+# base:
+# - /srv/salt/
+# dev:
+# - /srv/salt/dev/services
+# - /srv/salt/dev/states
+# prod:
+# - /srv/salt/prod/services
+# - /srv/salt/prod/states
+#
+# Default:
+#file_roots:
+# base:
+# - /srv/salt
+
+# The hash_type is the hash to use when discovering the hash of a file in
+# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
+# and sha512 are also supported.
+#hash_type: md5
+
+# The Salt pillar is searched for locally if file_client is set to local. If
+# this is the case, and pillar data is defined, then the pillar_roots need to
+# also be configured on the minion:
+#pillar_roots:
+# base:
+# - /srv/pillar
+
+###### Security settings #####
+###########################################
+# Enable "open mode", this mode still maintains encryption, but turns off
+# authentication, this is only intended for highly secure environments or for
+# the situation where your keys end up in a bad state. If you run in open mode
+# you do so at your own risk!
+#open_mode: False
+
+
+###### Thread settings #####
+###########################################
+# Disable multiprocessing support, by default when a minion receives a
+# publication a new process is spawned and the command is executed therein.
+#multiprocessing: True
+
+###### Logging settings #####
+###########################################
+# The location of the minion log file
+#log_file: /var/log/salt/minion
+#
+# The level of messages to send to the log file.
+# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'.
+# Default: 'warning'
+#log_level: warning
+#
+# Logger levels can be used to tweak specific loggers logging levels.
+# For example, if you want to have the salt library at the 'warning' level,
+# but you still wish to have 'salt.modules' at the 'debug' level:
+# log_granular_levels: {
+# 'salt': 'warning',
+# 'salt.modules': 'debug'
+# }
+#
+#log_granular_levels: {}
+
+###### Module configuration #####
+###########################################
+# Salt allows for modules to be passed arbitrary configuration data, any data
+# passed here in valid yaml format will be passed on to the salt minion modules
+# for use. It is STRONGLY recommended that a naming convention be used in which
+# the module name is followed by a . and then the value. Also, all top level
+# data must be applied via the yaml dict construct, some examples:
+#
+# A simple value for the test module:
+#test.foo: foo
+#
+# A list for the test module:
+#test.bar: [baz,quo]
+#
+# A dict for the test module:
+#test.baz: {spam: sausage, cheese: bread}
+
@@ -0,0 +1,14 @@
+core-packages:
+  pkg.installed:
+    - names:
+      - ack-grep
+      - aptitude
+      - bash-completion
+      - colordiff
+      - command-not-found
+      - curl
+      - dstat
+      - git
+      - htop
+      - pydf
+      - vim
@@ -0,0 +1,15 @@
+nginx:
+  pkgrepo.managed:
+    - ppa: nginx/stable
+    - require_in:
+      - pkg: nginx
+  pkg:
+    - installed
+#    - latest
+    - required:
+      - pkgrepo: nginx
+  service:
+    - running
+    - watch:
+      - pkg: nginx
+#      - file: /etc/nginx/nginx.conf
@@ -0,0 +1,17 @@
+nodesource_repo:
+  pkgrepo.managed:
+    - humanname: Nodesource
+    - name: deb https://deb.nodesource.com/node {{ grains['oscodename'] }} main
+    - dist: {{ grains['oscodename'] }}
+    - file: /etc/apt/sources.list.d/nodesource.list
+    - key_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+
+nodejs:
+  pkg.installed:
+    - require:
+      - pkgrepo: nodesource_repo
+
+npm:
+  pkg.installed:
+    - require:
+      - pkg: nodejs
@@ -0,0 +1,43 @@
+include:
+  - nginx
+  - nodejs
+  - python
+
+www-data:
+  user.present:
+    - groups:
+      - vagrant
+    - remove_groups: False
+
+/vagrant/static:
+  file.directory:
+    - user: vagrant
+    - group: vagrant
+# fails on mac ...
+#    - mode: 0775
+
+bower:
+  npm.installed:
+    - require:
+      - pkg: npm
+
+/etc/nginx/sites-available/default:
+  file.managed:
+    - source: salt://playground/nginx.conf
+    - user: www-data
+    - group: www-data
+    - mode: 0400
+
+/etc/nginx/sites-enabled/default:
+  file.symlink:
+    - target: /etc/nginx/sites-available/default
+    - require:
+      - file:  /etc/nginx/sites-available/default
+
+extend:
+  nginx:
+    service:
+      - watch:
+        - file: /etc/nginx/sites-available/default
+        - file: /etc/nginx/sites-enabled/default
+        - user: www-data
@@ -0,0 +1,38 @@
+server {
+	listen 80;
+
+	server_name playground.local 127.0.0.1 localhost;
+
+    # Vagrant requirement
+    sendfile off;
+
+	access_log /var/log/nginx/playground-access.log;
+	error_log /var/log/nginx/playground-error.log;
+
+	location /static/ {
+		expires max;
+		add_header    Cache-Control  public;
+		alias /vagrant/static/;
+    }
+
+	location /media/ {
+		expires off;
+		alias /vagrant/media/;
+	}
+
+	location /docs/ {
+		expires off;
+		alias /vagrant/docs/_build/html/;
+	}
+
+	location / {
+#		include /etc/nginx/uwsgi_params;
+#		uwsgi_pass unix:///run/uwsgi/app/playground/socket;
+#		proxy_set_header X-Forwarded-Protocol $scheme;
+#		proxy_pass_header Server;
+#		proxy_set_header Host $http_host;
+#		proxy_redirect off;
+#		proxy_set_header X-Real-IP $remote_addr;
+#		proxy_set_header X-Scheme $scheme;
+	}
+}
@@ -0,0 +1,12 @@
+ipython:
+  pkg.installed
+
+python:
+  pkg.installed
+
+python-dev:
+  pkg.installed
+
+python-pip:
+  pkg.installed
+
@@ -0,0 +1,7 @@
+base:
+  '*':
+    - playground
+    - core
+    - nginx
+    - nodejs
+    - python
...	...	@@ -0,0 +1,129 @@
	1	+# -- mode: ruby --
	2	+# vi: set ft=ruby :
	3	+
	4	+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
	5	+VAGRANTFILE_API_VERSION = "2"
	6	+
	7	+Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	8	+ # All Vagrant configuration is done here. The most common configuration
	9	+ # options are documented and commented below. For a complete reference,
	10	+ # please see the online documentation at vagrantup.com.
	11	+
	12	+ # Every Vagrant virtual environment requires a box to build off of.
	13	+ config.vm.box = "ubuntu/trusty64"
	14	+
	15	+ # Disable automatic box update checking. If you disable this, then
	16	+ # boxes will only be checked for updates when the user runs
	17	+ # `vagrant box outdated`. This is not recommended.
	18	+ # config.vm.box_check_update = false
	19	+
	20	+ # Create a forwarded port mapping which allows access to a specific port
	21	+ # within the machine from a port on the host machine. In the example below,
	22	+ # accessing "localhost:8080" will access port 80 on the guest machine.
	23	+ config.vm.network "forwarded_port", guest: 80, host: 8080
	24	+
	25	+ # Create a private network, which allows host-only access to the machine
	26	+ # using a specific IP.
	27	+ # config.vm.network "private_network", ip: "192.168.33.10"
	28	+
	29	+ # Create a public network, which generally matched to bridged network.
	30	+ # Bridged networks make the machine appear as another physical device on
	31	+ # your network.
	32	+ # config.vm.network "public_network"
	33	+
	34	+ # If true, then any SSH connections made will enable agent forwarding.
	35	+ # Default value: false
	36	+ config.ssh.forward_agent = true
	37	+
	38	+ # Share an additional folder to the guest VM. The first argument is
	39	+ # the path on the host to the actual folder. The second argument is
	40	+ # the path on the guest to mount the folder. And the optional third
	41	+ # argument is a set of non-required options.
	42	+ # config.vm.synced_folder "../data", "/vagrant_data"
	43	+ config.vm.synced_folder '.', '/vagrant' #, nfs: true
	44	+ config.vm.synced_folder "salt/roots/", "/srv/salt/" #, nfs: true
	45	+
	46	+ # Provider-specific configuration so you can fine-tune various
	47	+ # backing providers for Vagrant. These expose provider-specific options.
	48	+ # Example for VirtualBox:
	49	+ #
	50	+ # config.vm.provider "virtualbox" do \|vb\|
	51	+ # # Don't boot with headless mode
	52	+ # vb.gui = true
	53	+ #
	54	+ # # Use VBoxManage to customize the VM. For example to change memory:
	55	+ # vb.customize ["modifyvm", :id, "--memory", "1024"]
	56	+ # end
	57	+ #
	58	+ # View the documentation for the provider you're using for more
	59	+ # information on available options.
	60	+
	61	+ config.vm.provision :salt do \|salt\|
	62	+ salt.minion_config = "salt/minion"
	63	+ salt.run_highstate = true
	64	+ end
	65	+
	66	+ # Enable provisioning with CFEngine. CFEngine Community packages are
	67	+ # automatically installed. For example, configure the host as a
	68	+ # policy server and optionally a policy file to run:
	69	+ #
	70	+ # config.vm.provision "cfengine" do \|cf\|
	71	+ # cf.am_policy_hub = true
	72	+ # # cf.run_file = "motd.cf"
	73	+ # end
	74	+ #
	75	+ # You can also configure and bootstrap a client to an existing
	76	+ # policy server:
	77	+ #
	78	+ # config.vm.provision "cfengine" do \|cf\|
	79	+ # cf.policy_server_address = "10.0.2.15"
	80	+ # end
	81	+
	82	+ # Enable provisioning with Puppet stand alone. Puppet manifests
	83	+ # are contained in a directory path relative to this Vagrantfile.
	84	+ # You will need to create the manifests directory and a manifest in
	85	+ # the file default.pp in the manifests_path directory.
	86	+ #
	87	+ # config.vm.provision "puppet" do \|puppet\|
	88	+ # puppet.manifests_path = "manifests"
	89	+ # puppet.manifest_file = "default.pp"
	90	+ # end
	91	+
	92	+ # Enable provisioning with chef solo, specifying a cookbooks path, roles
	93	+ # path, and data_bags path (all relative to this Vagrantfile), and adding
	94	+ # some recipes and/or roles.
	95	+ #
	96	+ # config.vm.provision "chef_solo" do \|chef\|
	97	+ # chef.cookbooks_path = "../my-recipes/cookbooks"
	98	+ # chef.roles_path = "../my-recipes/roles"
	99	+ # chef.data_bags_path = "../my-recipes/data_bags"
	100	+ # chef.add_recipe "mysql"
	101	+ # chef.add_role "web"
	102	+ #
	103	+ # # You may also specify custom JSON attributes:
	104	+ # chef.json = { mysql_password: "foo" }
	105	+ # end
	106	+
	107	+ # Enable provisioning with chef server, specifying the chef server URL,
	108	+ # and the path to the validation key (relative to this Vagrantfile).
	109	+ #
	110	+ # The Opscode Platform uses HTTPS. Substitute your organization for
	111	+ # ORGNAME in the URL and validation key.
	112	+ #
	113	+ # If you have your own Chef Server, use the appropriate URL, which may be
	114	+ # HTTP instead of HTTPS depending on your configuration. Also change the
	115	+ # validation key to validation.pem.
	116	+ #
	117	+ # config.vm.provision "chef_client" do \|chef\|
	118	+ # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
	119	+ # chef.validation_key_path = "ORGNAME-validator.pem"
	120	+ # end
	121	+ #
	122	+ # If you're using the Opscode platform, your validator client is
	123	+ # ORGNAME-validator, replacing ORGNAME with your organization name.
	124	+ #
	125	+ # If you have your own Chef Server, the default validation client name is
	126	+ # chef-validator, unless you changed the configuration.
	127	+ #
	128	+ # chef.validation_client_name = "ORGNAME-validator"
	129	+end
...	...
...	...	@@ -0,0 +1,220 @@
	1	+##### Primary configuration settings #####
	2	+##########################################
	3	+# Set the location of the salt master server, if the master server cannot be
	4	+# resolved, then the minion will fail to start.
	5	+master: localhost
	6	+
	7	+# Set the port used by the master reply and authentication server
	8	+#master_port: 4506
	9	+
	10	+# The user to run salt
	11	+#user: root
	12	+
	13	+# The root directory prepended to these options: pki_dir, cachedir, log_file.
	14	+#root_dir: /
	15	+
	16	+# The directory to store the pki information in
	17	+#pki_dir: /etc/salt/pki
	18	+
	19	+# Explicitly declare the id for this minion to use, if left commented the id
	20	+# will be the hostname as returned by the python call: socket.getfqdn()
	21	+# Since salt uses detached ids it is possible to run multiple minions on the
	22	+# same machine but with different ids, this can be useful for salt compute
	23	+# clusters.
	24	+#id: testing
	25	+
	26	+# Append a domain to a hostname in the event that it does not exist. This is
	27	+# usefule for systems where socket.getfqdn() does not actually result in a
	28	+# FQDN (for instance, Solaris).
	29	+#append_domain:
	30	+
	31	+# If the the connection to the server is interrupted, the minion will
	32	+# attempt to reconnect. sub_timeout allows you to control the rate
	33	+# of reconnection attempts (in seconds). To disable reconnects, set
	34	+# this value to 0.
	35	+#sub_timeout: 60
	36	+
	37	+# Where cache data goes
	38	+#cachedir: /var/cache/salt
	39	+
	40	+# The minion can locally cache the return data from jobs sent to it, this
	41	+# can be a good way to keep track of jobs the minion has executed
	42	+# (on the minion side). By default this feature is disabled, to enable
	43	+# set cache_jobs to True
	44	+#cache_jobs: False
	45	+
	46	+# When waiting for a master to accept the minion's public key, salt will
	47	+# continuously attempt to reconnect until successful. This is the time, in
	48	+# seconds, between those reconnection attempts.
	49	+#acceptance_wait_time = 10
	50	+
	51	+# When healing a dns_check is run, this is to make sure that the originally
	52	+# resolved dns has not changed, if this is something that does not happen in
	53	+# your environment then set this value to False.
	54	+#dns_check: True
	55	+
	56	+
	57	+##### Minion module management #####
	58	+##########################################
	59	+# Disable specific modules. This allows the admin to limit the level of
	60	+# access the master has to the minion
	61	+#disable_modules: [cmd,test]
	62	+#disable_returners: []
	63	+#
	64	+# Modules can be loaded from arbitrary paths. This enables the easy deployment
	65	+# of third party modules. Modules for returners and minions can be loaded.
	66	+# Specify a list of extra directories to search for minion modules and
	67	+# returners. These paths must be fully qualified!
	68	+#module_dirs: []
	69	+#returner_dirs: []
	70	+#states_dirs: []
	71	+#render_dirs: []
	72	+#
	73	+# A module provider can be statically overwritten or extended for the minion
	74	+# via the providers option, in this case the default module will be
	75	+# overwritten by the specified module. In this example the pkg module will
	76	+# be provided by the yumpkg5 module instead of the system default.
	77	+#
	78	+# providers:
	79	+# pkg: yumpkg5
	80	+#
	81	+# Enable Cython modules searching and loading. (Default: False)
	82	+#cython_enable: False
	83	+
	84	+##### State Management Settings #####
	85	+###########################################
	86	+# The state management system executes all of the state templates on the minion
	87	+# to enable more granular control of system state management. The type of
	88	+# template and serialization used for state management needs to be configured
	89	+# on the minion, the default renderer is yaml_jinja. This is a yaml file
	90	+# rendered from a jinja template, the available options are:
	91	+# yaml_jinja
	92	+# yaml_mako
	93	+# json_jinja
	94	+# json_mako
	95	+#
	96	+#renderer: yaml_jinja
	97	+#
	98	+# state_verbose allows for the data returned from the minion to be more
	99	+# verbose. Normaly only states that fail or states that have changes are
	100	+# returned, but setting state_verbose to True will return all states that
	101	+# were checked
	102	+#state_verbose: False
	103	+#
	104	+# autoload_dynamic_modules Turns on automatic loading of modules found in the
	105	+# environments on the master. This is turned on by default, to turn of
	106	+# autoloading modules when states run set this value to False
	107	+#autoload_dynamic_modules: True
	108	+#
	109	+# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
	110	+# the dynamic modules on the master, this means that if a dynamic module is
	111	+# not on the master it will be deleted from the minion. By default this is
	112	+# enabled and can be disabled by changing this value to False
	113	+#clean_dynamic_modules: True
	114	+#
	115	+# Normally the minion is not isolated to any single environment on the master
	116	+# when running states, but the environment can be isolated on the minion side
	117	+# by statically setting it. Remember that the recommended way to manage
	118	+# environments is to issolate via the top file.
	119	+#environment: None
	120	+#
	121	+# If using the local file directory, then the state top file name needs to be
	122	+# defined, by default this is top.sls.
	123	+#state_top: top.sls
	124	+
	125	+##### File Directory Settings #####
	126	+##########################################
	127	+# The Salt Minion can redirect all file server operations to a local directory,
	128	+# this allows for the same state tree that is on the master to be used if
	129	+# coppied completely onto the minion. This is a literal copy of the settings on
	130	+# the master but used to reference a local directory on the minion.
	131	+
	132	+# Set the file client, the client defaults to looking on the master server for
	133	+# files, but can be directed to look at the local file directory setting
	134	+# defined below by setting it to local.
	135	+file_client: local
	136	+
	137	+# The file directory works on environments passed to the minion, each environment
	138	+# can have multiple root directories, the subdirectories in the multiple file
	139	+# roots cannot match, otherwise the downloaded files will not be able to be
	140	+# reliably ensured. A base environment is required to house the top file.
	141	+# Example:
	142	+# file_roots:
	143	+# base:
	144	+# - /srv/salt/
	145	+# dev:
	146	+# - /srv/salt/dev/services
	147	+# - /srv/salt/dev/states
	148	+# prod:
	149	+# - /srv/salt/prod/services
	150	+# - /srv/salt/prod/states
	151	+#
	152	+# Default:
	153	+#file_roots:
	154	+# base:
	155	+# - /srv/salt
	156	+
	157	+# The hash_type is the hash to use when discovering the hash of a file in
	158	+# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
	159	+# and sha512 are also supported.
	160	+#hash_type: md5
	161	+
	162	+# The Salt pillar is searched for locally if file_client is set to local. If
	163	+# this is the case, and pillar data is defined, then the pillar_roots need to
	164	+# also be configured on the minion:
	165	+#pillar_roots:
	166	+# base:
	167	+# - /srv/pillar
	168	+
	169	+###### Security settings #####
	170	+###########################################
	171	+# Enable "open mode", this mode still maintains encryption, but turns off
	172	+# authentication, this is only intended for highly secure environments or for
	173	+# the situation where your keys end up in a bad state. If you run in open mode
	174	+# you do so at your own risk!
	175	+#open_mode: False
	176	+
	177	+
	178	+###### Thread settings #####
	179	+###########################################
	180	+# Disable multiprocessing support, by default when a minion receives a
	181	+# publication a new process is spawned and the command is executed therein.
	182	+#multiprocessing: True
	183	+
	184	+###### Logging settings #####
	185	+###########################################
	186	+# The location of the minion log file
	187	+#log_file: /var/log/salt/minion
	188	+#
	189	+# The level of messages to send to the log file.
	190	+# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'.
	191	+# Default: 'warning'
	192	+#log_level: warning
	193	+#
	194	+# Logger levels can be used to tweak specific loggers logging levels.
	195	+# For example, if you want to have the salt library at the 'warning' level,
	196	+# but you still wish to have 'salt.modules' at the 'debug' level:
	197	+# log_granular_levels: {
	198	+# 'salt': 'warning',
	199	+# 'salt.modules': 'debug'
	200	+# }
	201	+#
	202	+#log_granular_levels: {}
	203	+
	204	+###### Module configuration #####
	205	+###########################################
	206	+# Salt allows for modules to be passed arbitrary configuration data, any data
	207	+# passed here in valid yaml format will be passed on to the salt minion modules
	208	+# for use. It is STRONGLY recommended that a naming convention be used in which
	209	+# the module name is followed by a . and then the value. Also, all top level
	210	+# data must be applied via the yaml dict construct, some examples:
	211	+#
	212	+# A simple value for the test module:
	213	+#test.foo: foo
	214	+#
	215	+# A list for the test module:
	216	+#test.bar: [baz,quo]
	217	+#
	218	+# A dict for the test module:
	219	+#test.baz: {spam: sausage, cheese: bread}
	220	+
...	...
...	...	@@ -0,0 +1,14 @@
	1	+core-packages:
	2	+ pkg.installed:
	3	+ - names:
	4	+ - ack-grep
	5	+ - aptitude
	6	+ - bash-completion
	7	+ - colordiff
	8	+ - command-not-found
	9	+ - curl
	10	+ - dstat
	11	+ - git
	12	+ - htop
	13	+ - pydf
	14	+ - vim
...	...
...	...	@@ -0,0 +1,15 @@
	1	+nginx:
	2	+ pkgrepo.managed:
	3	+ - ppa: nginx/stable
	4	+ - require_in:
	5	+ - pkg: nginx
	6	+ pkg:
	7	+ - installed
	8	+# - latest
	9	+ - required:
	10	+ - pkgrepo: nginx
	11	+ service:
	12	+ - running
	13	+ - watch:
	14	+ - pkg: nginx
	15	+# - file: /etc/nginx/nginx.conf
...	...
...	...	@@ -0,0 +1,17 @@
	1	+nodesource_repo:
	2	+ pkgrepo.managed:
	3	+ - humanname: Nodesource
	4	+ - name: deb https://deb.nodesource.com/node {{ grains['oscodename'] }} main
	5	+ - dist: {{ grains['oscodename'] }}
	6	+ - file: /etc/apt/sources.list.d/nodesource.list
	7	+ - key_url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
	8	+
	9	+nodejs:
	10	+ pkg.installed:
	11	+ - require:
	12	+ - pkgrepo: nodesource_repo
	13	+
	14	+npm:
	15	+ pkg.installed:
	16	+ - require:
	17	+ - pkg: nodejs
...	...
...	...	@@ -0,0 +1,43 @@
	1	+include:
	2	+ - nginx
	3	+ - nodejs
	4	+ - python
	5	+
	6	+www-data:
	7	+ user.present:
	8	+ - groups:
	9	+ - vagrant
	10	+ - remove_groups: False
	11	+
	12	+/vagrant/static:
	13	+ file.directory:
	14	+ - user: vagrant
	15	+ - group: vagrant
	16	+# fails on mac ...
	17	+# - mode: 0775
	18	+
	19	+bower:
	20	+ npm.installed:
	21	+ - require:
	22	+ - pkg: npm
	23	+
	24	+/etc/nginx/sites-available/default:
	25	+ file.managed:
	26	+ - source: salt://playground/nginx.conf
	27	+ - user: www-data
	28	+ - group: www-data
	29	+ - mode: 0400
	30	+
	31	+/etc/nginx/sites-enabled/default:
	32	+ file.symlink:
	33	+ - target: /etc/nginx/sites-available/default
	34	+ - require:
	35	+ - file: /etc/nginx/sites-available/default
	36	+
	37	+extend:
	38	+ nginx:
	39	+ service:
	40	+ - watch:
	41	+ - file: /etc/nginx/sites-available/default
	42	+ - file: /etc/nginx/sites-enabled/default
	43	+ - user: www-data
...	...
...	...	@@ -0,0 +1,38 @@
	1	+server {
	2	+ listen 80;
	3	+
	4	+ server_name playground.local 127.0.0.1 localhost;
	5	+
	6	+ # Vagrant requirement
	7	+ sendfile off;
	8	+
	9	+ access_log /var/log/nginx/playground-access.log;
	10	+ error_log /var/log/nginx/playground-error.log;
	11	+
	12	+ location /static/ {
	13	+ expires max;
	14	+ add_header Cache-Control public;
	15	+ alias /vagrant/static/;
	16	+ }
	17	+
	18	+ location /media/ {
	19	+ expires off;
	20	+ alias /vagrant/media/;
	21	+ }
	22	+
	23	+ location /docs/ {
	24	+ expires off;
	25	+ alias /vagrant/docs/_build/html/;
	26	+ }
	27	+
	28	+ location / {
	29	+# include /etc/nginx/uwsgi_params;
	30	+# uwsgi_pass unix:///run/uwsgi/app/playground/socket;
	31	+# proxy_set_header X-Forwarded-Protocol $scheme;
	32	+# proxy_pass_header Server;
	33	+# proxy_set_header Host $http_host;
	34	+# proxy_redirect off;
	35	+# proxy_set_header X-Real-IP $remote_addr;
	36	+# proxy_set_header X-Scheme $scheme;
	37	+ }
	38	+}
...	...
...	...	@@ -0,0 +1,12 @@
	1	+ipython:
	2	+ pkg.installed
	3	+
	4	+python:
	5	+ pkg.installed
	6	+
	7	+python-dev:
	8	+ pkg.installed
	9	+
	10	+python-pip:
	11	+ pkg.installed
	12	+
...	...
...	...	@@ -0,0 +1,7 @@
	1	+base:
	2	+ '*':
	3	+ - playground
	4	+ - core
	5	+ - nginx
	6	+ - nodejs
	7	+ - python
...	...