Mercurial > repos > other > Puppet
comparison manifests/templates.pp @ 446:ba3c446d5a47
Update config to support Ubuntu
Also fixed a CSP heading that seemed to be a problem on the VM
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 08 May 2023 13:47:39 +0100 |
parents | e4de05e3a2f8 |
children | 1a9de0661666 |
comparison
equal
deleted
inserted
replaced
445:9268fe05d0ab | 446:ba3c446d5a47 |
---|---|
1 # Make sure packages come after their repos | 1 # Make sure packages come after their repos |
2 File<| tag == 'repo-config' |> | 2 File<| tag == 'repo-config' |> |
3 -> anchor { 'Repo-config': } | 3 -> anchor { 'Repo-config': } |
4 -> YumRepo<| |> | 4 -> YumRepo<| |> |
5 -> Apt::Source<| |> | |
5 -> anchor { 'Repos': } | 6 -> anchor { 'Repos': } |
6 -> Package<| |> | 7 -> Package<| |> |
7 | 8 |
8 # Make sure all files are in place before starting services | 9 # Make sure all files are in place before starting services |
9 # FIXME: Title matches are to fix a dependency cycle | 10 # FIXME: Title matches are to fix a dependency cycle |
287 $dev = 'present' | 288 $dev = 'present' |
288 } | 289 } |
289 else { | 290 else { |
290 # Other distros can take the default devel status | 291 # Other distros can take the default devel status |
291 $dev = $::python::params::dev | 292 $dev = $::python::params::dev |
293 | |
294 apt::source { | |
295 'ibboard': | |
296 location => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/xUbuntu_22.04/', | |
297 release => '/', | |
298 repos => '', | |
299 key => { | |
300 id => 'EDC682701D792970AD8645E7A7A55B845DCFCBE2', | |
301 source => "https://download.opensuse.org/repositories/home:IBBoard:server/xUbuntu_22.04/Release.key" | |
302 } | |
303 } | |
292 } | 304 } |
293 | 305 |
294 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 { | 306 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 { |
295 # The following may possibly work to ensure a CentOS Streams install. | 307 # The following may possibly work to ensure a CentOS Streams install. |
296 # Or it might fail for inexplicable reasons. | 308 # Or it might fail for inexplicable reasons. |
314 dev => $dev, | 326 dev => $dev, |
315 } | 327 } |
316 } | 328 } |
317 | 329 |
318 class tools { | 330 class tools { |
319 $packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ] | 331 $packages = [ 'sqlite', 'bash-completion', 'nano', 'zip', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ] |
320 package { $packages: | 332 package { $packages: |
321 ensure => installed; | 333 ensure => installed; |
322 } | 334 } |
323 if $osfamily == 'RedHat' { | 335 if $osfamily == 'RedHat' { |
324 package { 'yum-utils': | 336 package { 'yum-utils': |
424 $variant_prefix = 'php-' | 436 $variant_prefix = 'php-' |
425 $extra_prefix = 'pecl-' | 437 $extra_prefix = 'pecl-' |
426 $extra_extras = { | 438 $extra_extras = { |
427 'posix' => { | 439 'posix' => { |
428 ini_prefix => '20-', | 440 ini_prefix => '20-', |
429 } | 441 }, |
442 # Sodium has been bundled since 7.2, but CentOS packages it separately | |
443 'sodium' => { | |
444 ini_prefix => '20-', | |
445 }, | |
446 # JSON is integrated into PHP 8+ and so it's only a plugin in CentOS | |
447 'json' => { | |
448 ini_prefix => '20-', | |
449 }, | |
430 } | 450 } |
431 if versioncmp($operatingsystemrelease, '8') >= 0 { | 451 if versioncmp($operatingsystemrelease, '8') >= 0 { |
432 yumrepo { 'remirepo-safe': | 452 yumrepo { 'remirepo-safe': |
433 mirrorlist => 'http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror', | 453 mirrorlist => 'http://cdn.remirepo.net/enterprise/$releasever/safe/$basearch/mirror', |
434 descr => "Extra CentOS packages from Remi", | 454 descr => "Extra CentOS packages from Remi", |
476 } | 496 } |
477 elsif $operatingsystem == 'Ubuntu' { | 497 elsif $operatingsystem == 'Ubuntu' { |
478 $php_suffix = '' | 498 $php_suffix = '' |
479 $variant_prefix = 'php-' | 499 $variant_prefix = 'php-' |
480 $extra_prefix = '' | 500 $extra_prefix = '' |
501 # Work around constant re-install by enabling virtual packages | |
502 # https://github.com/voxpupuli/puppet-php/issues/387 | |
503 Package { | |
504 allow_virtual => true | |
505 } | |
481 $extra_extras = {} | 506 $extra_extras = {} |
482 } | 507 } |
483 | 508 |
484 #Configure the PHP version to use | 509 #Configure the PHP version to use |
485 class { 'website::php': | 510 class { 'website::php': |
508 ini_prefix => '20-', | 533 ini_prefix => '20-', |
509 }, | 534 }, |
510 'intl' => { | 535 'intl' => { |
511 ini_prefix => '20-', | 536 ini_prefix => '20-', |
512 }, | 537 }, |
513 'json' => { | |
514 ini_prefix => '20-', | |
515 }, | |
516 'mysqlnd' => { | 538 'mysqlnd' => { |
517 ini_prefix => '20-', | 539 ini_prefix => '20-', |
518 }, | 540 }, |
519 'pdo' => { | 541 'pdo' => { |
520 ini_prefix => '20-', | 542 ini_prefix => '20-', |
521 }, | 543 }, |
522 'simplexml' => { | 544 'simplexml' => { |
523 ini_prefix => '20-', | 545 ini_prefix => '20-', |
524 }, | 546 }, |
525 'sodium' => { | |
526 ini_prefix => '20-', | |
527 }, | |
528 'soap' => { | 547 'soap' => { |
529 ini_prefix => '20-', | 548 ini_prefix => '20-', |
530 }, | 549 }, |
531 'xmlwriter' => { | 550 'xmlwriter' => { |
532 ini_prefix => '20-', | 551 ini_prefix => '20-', |
534 'mysqli' => { | 553 'mysqli' => { |
535 ini_prefix => '30-', | 554 ini_prefix => '30-', |
536 }, | 555 }, |
537 'pdo_mysql' => { | 556 'pdo_mysql' => { |
538 ini_prefix => '30-', | 557 ini_prefix => '30-', |
558 # Provided by the php-mysql package in CentOS and declared with "Provides" | |
559 # And Ubuntu is the same but without the "Provides" | |
560 provider => "none", | |
539 }, | 561 }, |
540 'xmlreader' => { | 562 'xmlreader' => { |
541 ini_prefix => '30-', | 563 ini_prefix => '30-', |
542 }, | 564 }, |
543 'zip' => { | 565 'zip' => { |
636 file { "/etc/localtime": | 658 file { "/etc/localtime": |
637 ensure => 'link', | 659 ensure => 'link', |
638 target => '/usr/share/zoneinfo/Europe/London', | 660 target => '/usr/share/zoneinfo/Europe/London', |
639 } | 661 } |
640 | 662 |
641 package { 'mod_cspnonce': | 663 # Debian doesn't handle sensible depends like module names because of the underscore |
642 ensure => "installed", | 664 # So we need to use the package name |
665 package { "mod_cspnonce": | |
666 name => $osfamily == 'Debian' ? { true => "libapache2-mod-cspnonce", default => "mod_cspnonce" }, | |
667 ensure => installed, | |
643 } | 668 } |
644 | 669 |
645 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) | 670 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) |
646 $mods = [ | 671 $mods = [ |
647 'auth_basic', | 672 'auth_basic', |
797 letsencrypt_name => 'bdstrike.co.uk', | 822 letsencrypt_name => 'bdstrike.co.uk', |
798 custom_fragment => template("privat/apache/bdstrike.fragment"), | 823 custom_fragment => template("privat/apache/bdstrike.fragment"), |
799 csp_override => { | 824 csp_override => { |
800 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", | 825 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", |
801 "font-src" => "'self' https://fonts.gstatic.com/ data:", | 826 "font-src" => "'self' https://fonts.gstatic.com/ data:", |
802 "img-src" => "'self' https://secure.gravatar.com/ data:", | 827 "img-src" => "'self' https://secure.gravatar.com/ https://ps.w.org/ https://s.w.org/ data:", |
803 "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'", | 828 "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'", |
804 "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", | 829 "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", |
805 "frame-ancestors" => "'self'" | 830 "frame-ancestors" => "'self'" |
806 }, | 831 }, |
807 csp_report_override => { | 832 csp_report_override => { |