From 6e020a8333d64967ffb09fe375a78f8816e0728c Mon Sep 17 00:00:00 2001
From: LinuxSquare <7436714-OfficialLinuxSquare@users.noreply.gitlab.com>
Date: Fri, 27 Oct 2023 17:09:51 +0200
Subject: [PATCH] podman - npm: redefine unprivileged ports

---
 .../containers/files/files_unprivileged_ports.jinja   |  3 +++
 podman/containers/npm.sls                             | 11 +++++++----
 2 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 podman/containers/files/files_unprivileged_ports.jinja

diff --git a/podman/containers/files/files_unprivileged_ports.jinja b/podman/containers/files/files_unprivileged_ports.jinja
new file mode 100644
index 0000000..3093811
--- /dev/null
+++ b/podman/containers/files/files_unprivileged_ports.jinja
@@ -0,0 +1,3 @@
+{%- for port in UNPRIVILEGED_PORTS %}
+net.ipv4.ip_unprivileged_port_start={{ port }}
+{%- endfor %}
diff --git a/podman/containers/npm.sls b/podman/containers/npm.sls
index 21b8f79..26246e3 100644
--- a/podman/containers/npm.sls
+++ b/podman/containers/npm.sls
@@ -42,7 +42,10 @@ podman_containers_npm_letsencrypt_dir:
 podman_containers_npm_privileged_ports:
   file.managed:
     - name: /etc/sysctl.d/podman.conf
-    - text: |
-        net.ipv4.ip_unprivileged_port_start=80
-        net.ipv4.ip_unprivileged_port_start=443
-        net.ipv4.ip_unprivileged_port_start=81
+    - source: salt://{{ tpldir }}/files/files_unprivileged_ports.jinja
+    - template: jinja
+    - context:
+        UNPRIVILEGED_PORTS: [22, 80, 81, 443]
+    - user: root
+    - group: root
+    - mode: '0644'