Mercurial > repos > other > Puppet
diff modules/website/manifests/init.pp @ 390:df5ad1612af7
Adapt configs to support Ubuntu
This is prep for running a VPS on a Mythic Beasts Raspberry Pi
* Switch paths where necessary
* Add optional modules that only apply on some OSes
* Change usernames and groups
* Don't do RPM-based stuff in Ubuntu
* Switch to using some of the new modules
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Mon, 03 Jan 2022 18:37:16 +0000 |
| parents | 05cad5ba9506 |
| children | 575764c36e16 |
line wrap: on
line diff
--- a/modules/website/manifests/init.pp Mon Jan 03 17:16:21 2022 +0000 +++ b/modules/website/manifests/init.pp Mon Jan 03 18:37:16 2022 +0000 @@ -31,8 +31,24 @@ "font-src" => "'self'" } + if $osfamily == 'RedHat' { + $apache_base_dir = "/etc/httpd/" + $vhost_dir = "/etc/httpd/conf.d/vhosts" + $apache_user = 'apache' + $apache_group = $apache_user + $apache_log_group = $apache_user + } + elsif $osfamily == 'Debian' { + $apache_base_dir = "/etc/apache2/" + $vhost_dir = "/etc/apache2/sites-available" + $apache_user = 'www-data' + $apache_group = $apache_user + $apache_log_group = $apache_user + } + + class { 'apache': - vhost_dir => "/etc/httpd/conf.d/vhosts", + vhost_dir => $vhost_dir, protocols => ["h2", "http/1.1"], default_mods => false, default_vhost => false, @@ -41,15 +57,21 @@ class { 'apache::mod::dir': indexes => [ 'index.html' ] } class { 'apache::mod::event': } class { 'apache::mod::http2': } + class { 'apache::mod::mime': mime_types_config => "${apache_base_dir}mime.types" } apache::mod { 'rewrite':; 'expires':; 'env':; 'setenvif':; 'headers':; - 'version':; 'allowmethods':; } + if $osfamily == 'RedHat' { + # Ubuntu builds the "version" module in, but CentOS doesn't + apache::mod { + 'version':; + } + } # Updating the httpd package puts back some configs that we # don't load the relevant modules for, so we'll try to make @@ -71,45 +93,33 @@ file { '/var/log/apache': ensure => directory, mode => '0750', - group => 'apache', + group => $apache_log_group, } - file { '/etc/httpd/conf.extra': + file { "${apache_base_dir}conf.extra": ensure => directory, recurse => true, source => "puppet:///modules/website/conf.extra", require => Class['apache'], notify => Service['httpd']; } - file { '/etc/httpd/conf/mime.types': + file { "${apache_base_dir}mime.types": ensure => present, source => "puppet:///modules/website/mime.types", require => Class['apache'], notify => Service['httpd']; } - file { '/etc/php.d/datetime.ini': - ensure => present, - source => "puppet:///modules/website/datetime.ini", - require => Class['apache'], - notify => Service['httpd']; - } - file { '/etc/httpd/conf.d/zzz-custom.conf': + file { "${apache_base_dir}conf.d/zzz-custom.conf": ensure => absent, require => Class['apache'], notify => Service['httpd']; } - file { '/etc/httpd/conf.d/zzz-0-custom.conf': + file { "${apache_base_dir}conf.d/zzz-0-custom.conf": ensure => present, source => "puppet:///modules/website/zzz-0-custom.conf", require => Class['apache'], notify => Service['httpd']; } - file { '/etc/httpd/conf.d/php.conf': - ensure => present, - source => "puppet:///modules/website/php.conf", - require => Class['apache'], - notify => Service['httpd']; - } - file { '/etc/httpd/conf.custom': + file { "${apache_base_dir}conf.custom": ensure => directory, recurse => true, source => "puppet:///private/apache/conf.custom", @@ -145,25 +155,28 @@ action => reject, } } - if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { + if $operatingsystem == 'CentOS' { exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package['policycoreutils-python'], unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', } - cron { 'letsencrypt-renewal': - command => '/usr/bin/certbot renew --quiet', - hour => '*/12', - minute => '21', - } if versioncmp($operatingsystemrelease, '8') < 0 { $certbot_pkg = 'python2-certbot-apache' } else { $certbot_pkg = 'python3-certbot-apache' } - package { $certbot_pkg: - ensure => installed, - } + } + elsif $operatingsystem == 'Ubuntu' { + $certbot_pkg = 'certbot' + } + cron { 'letsencrypt-renewal': + command => '/usr/bin/certbot renew --quiet', + hour => '*/12', + minute => '21', + } + package { $certbot_pkg: + ensure => installed, } }