Mercurial > repos > other > Puppet
comparison manifests/templates.pp @ 246:c3fa3d65aa83
Update configs for Puppet 6
This *should* all be backward compatible
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 21 Dec 2019 14:19:47 -0500 |
| parents | 7d8e664ebcc9 |
| children | 308f69ca988c |
comparison
equal
deleted
inserted
replaced
| 245:b0f8b88fea5c | 246:c3fa3d65aa83 |
|---|---|
| 1 # Make sure packages come after their repos | 1 # Make sure packages come after their repos |
| 2 YumRepo<| |> -> Package<| |> | 2 YumRepo<| |> -> Package<| |> |
| 3 | 3 |
| 4 # Make sure all files are in place before starting services | 4 # Make sure all files are in place before starting services |
| 5 File<| |> -> Service<| |> | 5 File<| tag != 'post-service' |> -> Service<| |> |
| 6 | |
| 7 # Set some shortcut variables | |
| 8 #$os = $operatingsystem | |
| 9 $osver = $operatingsystemrelease | |
| 10 $server = '' | |
| 6 | 11 |
| 7 | 12 |
| 8 class basenode { | 13 class basenode { |
| 9 $os = $operatingsystem | |
| 10 $osver = "v${operatingsystemrelease}" | |
| 11 include sudo | 14 include sudo |
| 12 | 15 |
| 13 include defaultusers | 16 include defaultusers |
| 14 include logwatch | 17 include logwatch |
| 15 | 18 |
| 43 $primary_ip ${fqdn}", | 46 $primary_ip ${fqdn}", |
| 44 } | 47 } |
| 45 | 48 |
| 46 require repos | 49 require repos |
| 47 include basenode | 50 include basenode |
| 48 include private | 51 include privat |
| 49 include dnsresolver | 52 include dnsresolver |
| 50 include ssh::server | 53 include ssh::server |
| 51 include vcs::server | 54 include vcs::server |
| 52 include vcs::client | 55 include vcs::client |
| 53 class { 'webserver': | 56 class { 'webserver': |
| 181 require => Package['bind'], | 184 require => Package['bind'], |
| 182 } | 185 } |
| 183 | 186 |
| 184 file { '/etc/resolv.conf': | 187 file { '/etc/resolv.conf': |
| 185 ensure => present, | 188 ensure => present, |
| 186 content => "nameserver 127.0.0.1" | 189 content => "nameserver 127.0.0.1", |
| 190 require => Service['named'], | |
| 191 tag => 'post-service', | |
| 187 } | 192 } |
| 188 } | 193 } |
| 189 | 194 |
| 190 class repos { | 195 class repos { |
| 191 yumrepo { 'epel': | 196 yumrepo { 'epel': |
| 440 extras => [ 'process', 'intl', 'pecl-imagick', 'bcmath', 'pecl-zip' ], | 445 extras => [ 'process', 'intl', 'pecl-imagick', 'bcmath', 'pecl-zip' ], |
| 441 } | 446 } |
| 442 | 447 |
| 443 #Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user | 448 #Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user |
| 444 | 449 |
| 445 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { | 450 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { |
| 446 $mysqlpackage = 'mariadb' | 451 $mysqlpackage = 'mariadb' |
| 447 $mysqlsuffix = '' | 452 $mysqlsuffix = '' |
| 448 | 453 |
| 449 $extra_packages = [ | 454 $extra_packages = [ |
| 450 'policycoreutils-python', # Required for SELinux | 455 'policycoreutils-python', # Required for SELinux |
| 493 'xsendfile' | 498 'xsendfile' |
| 494 ] | 499 ] |
| 495 apache::mod { | 500 apache::mod { |
| 496 $mods:; | 501 $mods:; |
| 497 } | 502 } |
| 498 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { | 503 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { |
| 499 apache::mod { | 504 apache::mod { |
| 500 'authn_core':; | 505 'authn_core':; |
| 501 } | 506 } |
| 502 } | 507 } |
| 503 $apache_packages = [ 'mod_xsendfile' ] | 508 $apache_packages = [ 'mod_xsendfile' ] |
| 504 package { $apache_packages: | 509 package { $apache_packages: |
| 506 } | 511 } |
| 507 | 512 |
| 508 #Configure our sites, using templates for the custom fragments where the extra content is too long | 513 #Configure our sites, using templates for the custom fragments where the extra content is too long |
| 509 include adminsite | 514 include adminsite |
| 510 website::https::multitld { 'www.ibboard': | 515 website::https::multitld { 'www.ibboard': |
| 511 custom_fragment => template("private/apache/ibboard.fragment"), | 516 custom_fragment => template("privat/apache/ibboard.fragment"), |
| 512 letsencrypt_name => 'ibboard.co.uk', | 517 letsencrypt_name => 'ibboard.co.uk', |
| 513 csp_override => { | 518 csp_override => { |
| 514 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", | 519 "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", |
| 515 "default-src" => "'none'", | 520 "default-src" => "'none'", |
| 516 "img-src" => "'self' https://live.staticflickr.com/", | 521 "img-src" => "'self' https://live.staticflickr.com/", |
| 535 class adminsite{ | 540 class adminsite{ |
| 536 apache::mod { 'info':; 'status':; 'cgi':; } | 541 apache::mod { 'info':; 'status':; 'cgi':; } |
| 537 website::https::multitld { 'admin.ibboard': | 542 website::https::multitld { 'admin.ibboard': |
| 538 force_no_index => false, | 543 force_no_index => false, |
| 539 ssl_ca_chain => '', | 544 ssl_ca_chain => '', |
| 540 custom_fragment => template("private/apache/admin.fragment"), | 545 custom_fragment => template("privat/apache/admin.fragment"), |
| 541 } | 546 } |
| 542 cron { 'loadavg': | 547 cron { 'loadavg': |
| 543 command => '/usr/local/bin/run-loadavg-logger', | 548 command => '/usr/local/bin/run-loadavg-logger', |
| 544 user => apache, | 549 user => apache, |
| 545 minute => '*/6' | 550 minute => '*/6' |
| 554 | 559 |
| 555 class hiveworldterrasite { | 560 class hiveworldterrasite { |
| 556 website::https::multitld { 'www.hiveworldterra': | 561 website::https::multitld { 'www.hiveworldterra': |
| 557 force_no_www => false, | 562 force_no_www => false, |
| 558 letsencrypt_name => 'hiveworldterra.co.uk', | 563 letsencrypt_name => 'hiveworldterra.co.uk', |
| 559 custom_fragment => template("private/apache/hwt.fragment"), | 564 custom_fragment => template("privat/apache/hwt.fragment"), |
| 560 } | 565 } |
| 561 website::https::multitld { 'forums.hiveworldterra': | 566 website::https::multitld { 'forums.hiveworldterra': |
| 562 letsencrypt_name => 'hiveworldterra.co.uk', | 567 letsencrypt_name => 'hiveworldterra.co.uk', |
| 563 custom_fragment => template("private/apache/forums.fragment"), | 568 custom_fragment => template("privat/apache/forums.fragment"), |
| 564 } | 569 } |
| 565 website::https::multitld { 'skins.hiveworldterra': | 570 website::https::multitld { 'skins.hiveworldterra': |
| 566 letsencrypt_name => 'hiveworldterra.co.uk', | 571 letsencrypt_name => 'hiveworldterra.co.uk', |
| 567 custom_fragment => template("private/apache/skins.fragment"), | 572 custom_fragment => template("privat/apache/skins.fragment"), |
| 568 } | 573 } |
| 569 website::https::redir { 'hiveworldterra.ibboard.co.uk': | 574 website::https::redir { 'hiveworldterra.ibboard.co.uk': |
| 570 redir => 'https://www.hiveworldterra.co.uk/', | 575 redir => 'https://www.hiveworldterra.co.uk/', |
| 571 docroot => "${website::basedir}/hiveworldterra", | 576 docroot => "${website::basedir}/hiveworldterra", |
| 572 letsencrypt_name => 'hiveworldterra.co.uk', | 577 letsencrypt_name => 'hiveworldterra.co.uk', |
| 576 class bdstrikesite { | 581 class bdstrikesite { |
| 577 website::https::multitld { 'www.bdstrike': | 582 website::https::multitld { 'www.bdstrike': |
| 578 docroot_owner => $defaultusers::secondary_user, | 583 docroot_owner => $defaultusers::secondary_user, |
| 579 docroot_group => 'editors', | 584 docroot_group => 'editors', |
| 580 letsencrypt_name => 'bdstrike.co.uk', | 585 letsencrypt_name => 'bdstrike.co.uk', |
| 581 custom_fragment => template("private/apache/bdstrike.fragment"), | 586 custom_fragment => template("privat/apache/bdstrike.fragment"), |
| 582 csp_override => {"frame-ancestors" => "'self'"}, | 587 csp_override => {"frame-ancestors" => "'self'"}, |
| 583 csp_report_override => { | 588 csp_report_override => { |
| 584 "font-src" => "'self' https://fonts.gstatic.com/", | 589 "font-src" => "'self' https://fonts.gstatic.com/", |
| 585 "img-src" => "'self' https://secure.gravatar.com/", | 590 "img-src" => "'self' https://secure.gravatar.com/", |
| 586 "style-src" => "'self' https://fonts.googleapis.com/" | 591 "style-src" => "'self' https://fonts.googleapis.com/" |
| 627 ensure => installed, | 632 ensure => installed, |
| 628 } | 633 } |
| 629 | 634 |
| 630 website::https::multitld { 'www.warfoundry': | 635 website::https::multitld { 'www.warfoundry': |
| 631 letsencrypt_name => 'warfoundry.co.uk', | 636 letsencrypt_name => 'warfoundry.co.uk', |
| 632 custom_fragment => template("private/apache/warfoundry.fragment"), | 637 custom_fragment => template("privat/apache/warfoundry.fragment"), |
| 633 } | 638 } |
| 634 website::https::multitld { 'dev.ibboard': | 639 website::https::multitld { 'dev.ibboard': |
| 635 #Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!) | 640 #Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!) |
| 636 # http://en.wikipedia.org/wiki/Server_Name_Indication#No_support | 641 # http://en.wikipedia.org/wiki/Server_Name_Indication#No_support |
| 637 priority => 1, | 642 priority => 1, |
| 638 letsencrypt_name => 'dev.ibboard.co.uk', | 643 letsencrypt_name => 'dev.ibboard.co.uk', |
| 639 custom_fragment => template("private/apache/dev.fragment"), | 644 custom_fragment => template("privat/apache/dev.fragment"), |
| 640 force_no_index => false, | 645 force_no_index => false, |
| 641 } | 646 } |
| 642 } | 647 } |
| 643 | 648 |
| 644 class webmailpimsite { | 649 class webmailpimsite { |
| 645 # Webmail and Personal Information Management (PIM) sites | 650 # Webmail and Personal Information Management (PIM) sites |
| 646 website::https { 'webmail.ibboard.co.uk': | 651 website::https { 'webmail.ibboard.co.uk': |
| 647 force_no_index => false, | 652 force_no_index => false, |
| 648 ssl_ca_chain => '', | 653 ssl_ca_chain => '', |
| 649 custom_fragment => template("private/apache/webmail.fragment"), | 654 custom_fragment => template("privat/apache/webmail.fragment"), |
| 650 } | 655 } |
| 651 website::https { 'pim.ibboard.co.uk': | 656 website::https { 'pim.ibboard.co.uk': |
| 652 docroot_owner => 'apache', | 657 docroot_owner => 'apache', |
| 653 docroot_group => 'editors', | 658 docroot_group => 'editors', |
| 654 force_no_index => false, | 659 force_no_index => false, |
| 655 lockdown_requests => false, | 660 lockdown_requests => false, |
| 656 ssl_ca_chain => '', | 661 ssl_ca_chain => '', |
| 657 custom_fragment => template("private/apache/pim.fragment"), | 662 custom_fragment => template("privat/apache/pim.fragment"), |
| 658 } | 663 } |
| 659 cron { 'owncloudcron': | 664 cron { 'owncloudcron': |
| 660 command => "/usr/local/bin/owncloud-cron", | 665 command => "/usr/local/bin/owncloud-cron", |
| 661 user => 'apache', | 666 user => 'apache', |
| 662 minute => '*/15', | 667 minute => '*/15', |