Mercurial > repos > other > Puppet
annotate modules/website/manifests/https/multitld.pp @ 263:f99974dc0f1a
Add a way to skip setting CSP
NextCloud manages CSP itself, so we don't need the header in the
PIM subdomain causing confusion and incorrect results
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 29 Dec 2019 16:43:55 +0000 |
| parents | 4519b727cc4c |
| children | 13825cc1ec57 |
| rev | line source |
|---|---|
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 define website::https::multitld ( |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 $docroot = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 $ip = $website::primary_ip, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 $priority = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 $base = $name, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 $main_tld = $website::tld, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 $extra_tlds = $website::extra_tlds, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 $ssl_ca_chain = undef, |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
9 $letsencrypt_name = undef, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 $docroot_owner = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 $docroot_group = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 $custom_fragment = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 $force_no_index = undef, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 $force_no_www = undef, |
| 263 | 15 $csp = true, |
| 16 $csp_override = undef, | |
| 17 $csp_report = true, | |
|
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
18 $csp_report_override = undef, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 ) { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 if ! defined(Class['website']) { |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 fail('You must include the website base class before using any website defined resources') |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 validate_array($extra_tlds) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 validate_re($main_tld, '^[a-z]+(\.[a-z]+)?', 'TLD must be in the form "com" or "co.uk"') |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 $alias = domain_to_short_domain($base) |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
29 $base_aliases = prefix($extra_tlds, "${base}.") |
|
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
30 if $base != $alias { |
|
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
31 $aliases = concat(concat($base_aliases, "${alias}.${main_tld}"), |
|
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
32 prefix($extra_tlds, "${alias}.")) |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 } else { |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
34 $aliases = $base_aliases |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 } |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
36 |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 $main_domain = "${base}.${main_tld}" |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 website::https { $main_domain: |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 priority => $priority, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 ip => $ip, |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
41 serveraliases => $aliases, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 docroot => $docroot, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 docroot_owner => $docroot_owner, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 docroot_group => $docroot_group, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 ssl_ca_chain => $ssl_ca_chain, |
|
150
060f81349dd6
Restructure HTTPS certificates and multiple TLD sites for clarity
IBBoard <dev@ibboard.co.uk>
parents:
11
diff
changeset
|
46 letsencrypt_name => $letsencrypt_name, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 custom_fragment => $custom_fragment, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 force_no_index => $force_no_index, |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 force_no_www => $force_no_www, |
| 263 | 50 csp => $csp, |
|
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
51 csp_override => $csp_override, |
| 263 | 52 csp_report => $csp_report, |
|
236
4519b727cc4c
Make Content-Security-Policy cleaner and easier to set
IBBoard <dev@ibboard.co.uk>
parents:
150
diff
changeset
|
53 csp_report_override => $csp_report_override, |
|
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 } |
|
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 } |