Mercurial > repos > other > Puppet

comparison manifests/templates.pp @ 446:ba3c446d5a47

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update config to support Ubuntu Also fixed a CSP heading that seemed to be a problem on the VM
author IBBoard <dev@ibboard.co.uk>
date Mon, 08 May 2023 13:47:39 +0100
parents e4de05e3a2f8
children 1a9de0661666
comparison
equal deleted inserted replaced
445:9268fe05d0ab 446:ba3c446d5a47
1 # Make sure packages come after their repos 1 # Make sure packages come after their repos
2 File<| tag == 'repo-config' |> 2 File<| tag == 'repo-config' |>
3 -> anchor { 'Repo-config': } 3 -> anchor { 'Repo-config': }
4 -> YumRepo<| |> 4 -> YumRepo<| |>
5 -> Apt::Source<| |>
5 -> anchor { 'Repos': } 6 -> anchor { 'Repos': }
6 -> Package<| |> 7 -> Package<| |>
7 8
8 # Make sure all files are in place before starting services 9 # Make sure all files are in place before starting services
9 # FIXME: Title matches are to fix a dependency cycle 10 # FIXME: Title matches are to fix a dependency cycle
287 $dev = 'present' 288 $dev = 'present'
288 } 289 }
289 else { 290 else {
290 # Other distros can take the default devel status 291 # Other distros can take the default devel status
291 $dev = $::python::params::dev 292 $dev = $::python::params::dev
293
294 apt::source {
295 'ibboard':
296 location => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/xUbuntu_22.04/',
297 release => '/',
298 repos => '',
299 key => {
300 id => 'EDC682701D792970AD8645E7A7A55B845DCFCBE2',
301 source => "https://download.opensuse.org/repositories/home:IBBoard:server/xUbuntu_22.04/Release.key"
302 }
303 }
292 } 304 }
293 305
294 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 { 306 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 {
295 # The following may possibly work to ensure a CentOS Streams install. 307 # The following may possibly work to ensure a CentOS Streams install.
296 # Or it might fail for inexplicable reasons. 308 # Or it might fail for inexplicable reasons.
314 dev => $dev, 326 dev => $dev,
315 } 327 }
316 } 328 }
317 329
318 class tools { 330 class tools {
319 $packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ] 331 $packages = [ 'sqlite', 'bash-completion', 'nano', 'zip', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ]
320 package { $packages: 332 package { $packages:
321 ensure => installed; 333 ensure => installed;
322 } 334 }
323 if $osfamily == 'RedHat' { 335 if $osfamily == 'RedHat' {
324 package { 'yum-utils': 336 package { 'yum-utils':
424 $variant_prefix = 'php-' 436 $variant_prefix = 'php-'
425 $extra_prefix = 'pecl-' 437 $extra_prefix = 'pecl-'
426 $extra_extras = { 438 $extra_extras = {
427 'posix' => { 439 'posix' => {
428 ini_prefix => '20-', 440 ini_prefix => '20-',
429 } 441 },
442 # Sodium has been bundled since 7.2, but CentOS packages it separately
443 'sodium' => {
444 ini_prefix => '20-',
445 },
446 # JSON is integrated into PHP 8+ and so it's only a plugin in CentOS
447 'json' => {
448 ini_prefix => '20-',
449 },
430 } 450 }
431 if versioncmp($operatingsystemrelease, '8') >= 0 { 451 if versioncmp($operatingsystemrelease, '8') >= 0 {
432 yumrepo { 'remirepo-safe': 452 yumrepo { 'remirepo-safe':
433 mirrorlist => 'http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror', 453 mirrorlist => 'http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror',
434 descr => "Extra CentOS packages from Remi", 454 descr => "Extra CentOS packages from Remi",
476 } 496 }
477 elsif $operatingsystem == 'Ubuntu' { 497 elsif $operatingsystem == 'Ubuntu' {
478 $php_suffix = '' 498 $php_suffix = ''
479 $variant_prefix = 'php-' 499 $variant_prefix = 'php-'
480 $extra_prefix = '' 500 $extra_prefix = ''
501 # Work around constant re-install by enabling virtual packages
502 # https://github.com/voxpupuli/puppet-php/issues/387
503 Package {
504 allow_virtual => true
505 }
481 $extra_extras = {} 506 $extra_extras = {}
482 } 507 }
483 508
484 #Configure the PHP version to use 509 #Configure the PHP version to use
485 class { 'website::php': 510 class { 'website::php':
508 ini_prefix => '20-', 533 ini_prefix => '20-',
509 }, 534 },
510 'intl' => { 535 'intl' => {
511 ini_prefix => '20-', 536 ini_prefix => '20-',
512 }, 537 },
513 'json' => {
514 ini_prefix => '20-',
515 },
516 'mysqlnd' => { 538 'mysqlnd' => {
517 ini_prefix => '20-', 539 ini_prefix => '20-',
518 }, 540 },
519 'pdo' => { 541 'pdo' => {
520 ini_prefix => '20-', 542 ini_prefix => '20-',
521 }, 543 },
522 'simplexml' => { 544 'simplexml' => {
523 ini_prefix => '20-', 545 ini_prefix => '20-',
524 }, 546 },
525 'sodium' => {
526 ini_prefix => '20-',
527 },
528 'soap' => { 547 'soap' => {
529 ini_prefix => '20-', 548 ini_prefix => '20-',
530 }, 549 },
531 'xmlwriter' => { 550 'xmlwriter' => {
532 ini_prefix => '20-', 551 ini_prefix => '20-',
534 'mysqli' => { 553 'mysqli' => {
535 ini_prefix => '30-', 554 ini_prefix => '30-',
536 }, 555 },
537 'pdo_mysql' => { 556 'pdo_mysql' => {
538 ini_prefix => '30-', 557 ini_prefix => '30-',
558 # Provided by the php-mysql package in CentOS and declared with "Provides"
559 # And Ubuntu is the same but without the "Provides"
560 provider => "none",
539 }, 561 },
540 'xmlreader' => { 562 'xmlreader' => {
541 ini_prefix => '30-', 563 ini_prefix => '30-',
542 }, 564 },
543 'zip' => { 565 'zip' => {
636 file { "/etc/localtime": 658 file { "/etc/localtime":
637 ensure => 'link', 659 ensure => 'link',
638 target => '/usr/share/zoneinfo/Europe/London', 660 target => '/usr/share/zoneinfo/Europe/London',
639 } 661 }
640 662
641 package { 'mod_cspnonce': 663 # Debian doesn't handle sensible depends like module names because of the underscore
642 ensure => "installed", 664 # So we need to use the package name
665 package { "mod_cspnonce":
666 name => $osfamily == 'Debian' ? { true => "libapache2-mod-cspnonce", default => "mod_cspnonce" },
667 ensure => installed,
643 } 668 }
644 669
645 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) 670 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things)
646 $mods = [ 671 $mods = [
647 'auth_basic', 672 'auth_basic',
797 letsencrypt_name => 'bdstrike.co.uk', 822 letsencrypt_name => 'bdstrike.co.uk',
798 custom_fragment => template("privat/apache/bdstrike.fragment"), 823 custom_fragment => template("privat/apache/bdstrike.fragment"),
799 csp_override => { 824 csp_override => {
800 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", 825 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce",
801 "font-src" => "'self' https://fonts.gstatic.com/ data:", 826 "font-src" => "'self' https://fonts.gstatic.com/ data:",
802 "img-src" => "'self' https://secure.gravatar.com/ data:", 827 "img-src" => "'self' https://secure.gravatar.com/ https://ps.w.org/ https://s.w.org/ data:",
803 "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'", 828 "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'",
804 "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", 829 "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/",
805 "frame-ancestors" => "'self'" 830 "frame-ancestors" => "'self'"
806 }, 831 },
807 csp_report_override => { 832 csp_report_override => {