other/Puppet: modules/website/manifests/init.pp annotate

annotate modules/website/manifests/init.pp @ 482:d83de9b3a62b default tip

Update hiera.yaml within Puppet config Forgot that we manage it from here. Now has content to match new packages

author	IBBoard <dev@ibboard.co.uk>
date	Fri, 30 Aug 2024 16:10:36 +0100
parents	2c3e745be8d2
children

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class website(
277 13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	2 Pattern[/^(\/[^\/]+)*$/] $base_dir,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	3 Pattern[/^(\/[^\/]+)*$/] $cert_dir = '/etc/pki/custom',
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	4 Stdlib::IP::Address $primary_ip,
288 be66955bf27d Fix another optional argument IBBoard <dev@ibboard.co.uk> parents: 287 diff changeset	5 Optional[Stdlib::IP::Address::V6] $proxy_4to6_ip_prefix = undef,
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	6 Optional[Integer] $proxy_4to6_mask = undef,
287 97e732f67770 Make upstream proxies optional to match undef default IBBoard <dev@ibboard.co.uk> parents: 286 diff changeset	7 Optional[Array] $proxy_upstream = undef,
277 13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	8 String $default_owner,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	9 String $default_group,
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	10 String $default_tld = 'com',
13825cc1ec57 Replace deprecated validation methods IBBoard <dev@ibboard.co.uk> parents: 266 diff changeset	11 Array $default_extra_tlds = []
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 ){
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	13
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 $basedir = $base_dir
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	15 $certdir = $cert_dir
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 $docroot_owner = $default_owner
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 $docroot_group = $default_group
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	18 $ca_chain = "/etc/letsencrypt/live/${facts['networking']['fqdn']}/chain.pem"
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 $tld = $default_tld
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 $extra_tlds = $default_extra_tlds
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 $htmlphpfragment = "Include conf.extra/html-php.conf"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 $filterfragment = "Include conf.custom/filter.conf"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 $cmsfragment = "Include conf.extra/cms_rewrites.conf"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	24
410 575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	25 $csp_base = {
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	26 "frame-ancestors" => "'none'",
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	27 "base-uri" => "'none'",
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	28 "object-src" => "'none'",
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	29 }
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 135 diff changeset	30 $csp_report_base = {
4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 135 diff changeset	31 "default-src" => "'none'",
4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 135 diff changeset	32 "img-src" => "'self'",
410 575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	33 "script-src" => "'self' 'nonce-%{CSP_NONCE}e'",
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	34 "style-src" => "'self' 'nonce-%{CSP_NONCE}e'",
575764c36e16 Setup CSP Nonce on the server IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	35 "font-src" => "'self' 'nonce-%{CSP_NONCE}e'"
236 4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 135 diff changeset	36 }
4519b727cc4c Make Content-Security-Policy cleaner and easier to set IBBoard <dev@ibboard.co.uk> parents: 135 diff changeset	37
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	38 if $facts["os"]["family"] == 'RedHat' {
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	39 $apache_base_dir = "/etc/httpd/"
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	40 $vhost_dir = "/etc/httpd/conf.d/vhosts"
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	41 $apache_user = 'apache'
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	42 $apache_group = $apache_user
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	43 $apache_log_group = $apache_user
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	44 }
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	45 elsif $facts["os"]["family"] == 'Debian' {
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	46 $apache_base_dir = "/etc/apache2/"
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	47 $vhost_dir = "/etc/apache2/sites-available"
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	48 $apache_user = 'www-data'
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	49 $apache_group = $apache_user
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	50 $apache_log_group = $apache_user
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	51 }
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	52
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	53
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 class { 'apache':
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	55 vhost_dir => $vhost_dir,
359 05cad5ba9506 Enable HTTP/2 IBBoard <dev@ibboard.co.uk> parents: 354 diff changeset	56 protocols => ["h2", "http/1.1"],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 default_mods => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 default_vhost => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 mpm_module => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 class { 'apache::mod::dir': indexes => [ 'index.html' ] }
354 aad5c00b0525 Switch to Apache "events" and PHP via FCGI IBBoard <dev@ibboard.co.uk> parents: 353 diff changeset	62 class { 'apache::mod::event': }
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	63 # class { 'apache::mod::http2': }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	64 class { 'apache::mod::mime': mime_types_config => "${apache_base_dir}mime.types" }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 apache::mod {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 'rewrite':;
254 5a903aa91469 Change header types and add module to fix NextCloud header checks IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	67 'expires':;
5a903aa91469 Change header types and add module to fix NextCloud header checks IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	68 'env':;
5a903aa91469 Change header types and add module to fix NextCloud header checks IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	69 'setenvif':;
5a903aa91469 Change header types and add module to fix NextCloud header checks IBBoard <dev@ibboard.co.uk> parents: 236 diff changeset	70 'headers':;
353 e046606cf218 Fix access control rules IBBoard <dev@ibboard.co.uk> parents: 313 diff changeset	71 'allowmethods':;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 }
119 95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	73
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	74 # Updating the httpd package puts back some configs that we
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	75 # don't load the relevant modules for, so we'll try to make
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	76 # them blank so that RPM/Yum makes ".rpmnew" files instead
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	77 $unused_default_mods = [
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	78 "${::apache::mod_dir}/autoindex.conf",
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	79 "${::apache::mod_dir}/userdir.conf",
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	80 "${::apache::mod_dir}/welcome.conf",
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	81 ]
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	82 file { $unused_default_mods:
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	83 ensure => file,
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	84 content => '',
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	85 require => Class['apache'],
119 95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	86 }
95502bafeaa3 Blank some Apache configs to prevent httpd update breaking the server IBBoard <dev@ibboard.co.uk> parents: 115 diff changeset	87
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	88 file { $base_dir:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	89 ensure => directory;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	90 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	91 file { '/var/log/apache':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	92 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	93 mode => '0750',
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	94 group => $apache_log_group,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	96 file { "${apache_base_dir}conf.extra":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	98 recurse => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	99 source => "puppet:///modules/website/conf.extra",
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	100 require => Class['apache'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	101 notify => Service['httpd'];
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	102 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	103 file { "${apache_base_dir}mime.types":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	104 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 source => "puppet:///modules/website/mime.types",
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	106 require => Class['apache'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 notify => Service['httpd'];
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	108 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	109 file { "${apache_base_dir}conf.d/zzz-custom.conf":
115 b35a9df52965 Make sure that custom config comes before site configs IBBoard <dev@ibboard.co.uk> parents: 98 diff changeset	110 ensure => absent,
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	111 require => Class['apache'],
115 b35a9df52965 Make sure that custom config comes before site configs IBBoard <dev@ibboard.co.uk> parents: 98 diff changeset	112 notify => Service['httpd'];
b35a9df52965 Make sure that custom config comes before site configs IBBoard <dev@ibboard.co.uk> parents: 98 diff changeset	113 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	114 file { "${apache_base_dir}conf.d/zzz-0-custom.conf":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	115 ensure => present,
115 b35a9df52965 Make sure that custom config comes before site configs IBBoard <dev@ibboard.co.uk> parents: 98 diff changeset	116 source => "puppet:///modules/website/zzz-0-custom.conf",
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	117 require => Class['apache'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	118 notify => Service['httpd'];
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	120 file { "${apache_base_dir}conf.custom":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	122 recurse => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	123 source => "puppet:///private/apache/conf.custom",
248 72deb9ebb15e Make sure that web server files come after package creates dir IBBoard <dev@ibboard.co.uk> parents: 246 diff changeset	124 require => Class['apache'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	125 notify => Service['httpd'];
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	126 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	127 file { $cert_dir:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	128 ensure => directory;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	129 }
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	130 firewall { '100 allow https and http':
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	131 destination => $primary_ip,
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	132 dport => [80, 443],
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	133 proto => tcp,
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	134 jump => accept,
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	135 }
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	136 if ($proxy_4to6_ip_prefix != undef) and ($proxy_upstream != undef) {
281 af7df930a670 Add 4-to-6 proxy and mod_remoteip setup IBBoard <dev@ibboard.co.uk> parents: 279 diff changeset	137 apache::mod { "remoteip": }
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	138 $proxy_4to6_ip = "$proxy_4to6_ip_prefix:0000/$proxy_4to6_mask"
281 af7df930a670 Add 4-to-6 proxy and mod_remoteip setup IBBoard <dev@ibboard.co.uk> parents: 279 diff changeset	139
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	140 $proxy_upstream.each \|String $upstream_addr\| {
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	141 firewall { "100 limit PROXY protocol to upstream $upstream_addr":
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	142 source => $upstream_addr,
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	143 destination => $proxy_4to6_ip,
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	144 dport => [80, 443],
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	145 proto => tcp,
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	146 jump => accept,
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	147 }
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	148 }
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	149 firewall { "101 block all other PROXY protocol access":
284 9431aec4d998 Switch to using IPv6 prefix and IP per site IBBoard <dev@ibboard.co.uk> parents: 281 diff changeset	150 destination => $proxy_4to6_ip,
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	151 dport => [80, 443],
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	152 proto => tcp,
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	153 jump => reject,
279 e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	154 }
e36b7f4f85f2 Start to support IPv6 servers IBBoard <dev@ibboard.co.uk> parents: 278 diff changeset	155 }
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	156 if $facts["os"]["name"] == 'Ubuntu' {
2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	157 $certbot_pkg = 'python3-certbot-apache'
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	158 }
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	159 else {
2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 451 diff changeset	160 fail("Unsupported OS: ${facts['os']['name']}")
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	161 }
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	162 cron { 'letsencrypt-renewal':
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	163 command => '/usr/bin/certbot renew --quiet',
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	164 hour => '*/12',
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	165 minute => '21',
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	166 }
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	167 package { $certbot_pkg:
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 359 diff changeset	168 ensure => installed,
48 5cdc1c96c477 Add SELinux support for website content IBBoard <dev@ibboard.co.uk> parents: 1 diff changeset	169 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	170 }

Mercurial > repos > other > Puppet

annotate modules/website/manifests/init.pp @ 482:d83de9b3a62b default tip