Mercurial > repos > other > Puppet
view modules/website/manifests/init.pp @ 256:0ebd8efeef04
Merge Puppet divergences and fix SSL chain issues it caused
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 29 Dec 2019 15:31:28 +0000 |
parents | 5a903aa91469 47750947f4dc |
children | 241fbf45e6f3 |
line wrap: on
line source
class website( $base_dir, $cert_dir = '/etc/pki/custom', $primary_ip, $secondary_ip, $default_owner, $default_group, $default_tld = 'com', $default_extra_tlds = [] ){ validate_re($base_dir, '^(/[^/]+)*$', "${base_dir} is invalid - base_dir must be a directory without trailing slash.") validate_re($cert_dir, '^(/[^/]+)*$', "${cert_dir} is invalid - cert_dir must be a directory without trailing slash.") validate_array($default_extra_tlds) $basedir = $base_dir $certdir = $cert_dir $docroot_owner = $default_owner $docroot_group = $default_group $ca_chain = "/etc/letsencrypt/live/${::fqdn}/chain.pem" $tld = $default_tld $extra_tlds = $default_extra_tlds $htmlphpfragment = "Include conf.extra/html-php.conf" $filterfragment = "Include conf.custom/filter.conf" $cmsfragment = "Include conf.extra/cms_rewrites.conf" $csp_base = {"frame-ancestors" => "'none'", "base-uri" => "'none'"} $csp_report_base = { "default-src" => "'none'", "img-src" => "'self'", "script-src" => "'self'", "style-src" => "'self'", "font-src" => "'self'" } class { 'apache': default_mods => false, default_vhost => false, mpm_module => false, } class { 'apache::mod::dir': indexes => [ 'index.html' ] } class { 'apache::mod::prefork': serverlimit => 45, maxclients => 45, maxspareservers => 6, } apache::mod { 'rewrite':; 'expires':; 'env':; 'setenvif':; 'headers':; 'version':; } # Updating the httpd package puts back some configs that we # don't load the relevant modules for, so we'll try to make # them blank so that RPM/Yum makes ".rpmnew" files instead $unused_default_mods = [ "${::apache::mod_dir}/autoindex.conf", "${::apache::mod_dir}/userdir.conf", "${::apache::mod_dir}/welcome.conf", ] file { $unused_default_mods: ensure => file, content => '', require => Class['apache'], } file { $base_dir: ensure => directory; } file { '/var/log/apache': ensure => directory, mode => '0750', group => 'apache', } file { '/etc/httpd/conf.extra': ensure => directory, recurse => true, source => "puppet:///modules/website/conf.extra", require => Class['apache'], notify => Service['httpd']; } file { '/etc/httpd/conf/mime.types': ensure => present, source => "puppet:///modules/website/mime.types", require => Class['apache'], notify => Service['httpd']; } file { '/etc/php.d/datetime.ini': ensure => present, source => "puppet:///modules/website/datetime.ini", require => Class['apache'], notify => Service['httpd']; } file { '/etc/httpd/conf.d/zzz-custom.conf': ensure => absent, require => Class['apache'], notify => Service['httpd']; } file { '/etc/httpd/conf.d/zzz-0-custom.conf': ensure => present, source => "puppet:///modules/website/zzz-0-custom.conf", require => Class['apache'], notify => Service['httpd']; } file { '/etc/httpd/conf.d/php.conf': ensure => present, source => "puppet:///modules/website/php.conf", require => Class['apache'], notify => Service['httpd']; } file { '/etc/httpd/conf.custom': ensure => directory, recurse => true, source => "puppet:///private/apache/conf.custom", require => Class['apache'], notify => Service['httpd']; } file { $cert_dir: ensure => directory; } if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '7') >= 0 { exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package['policycoreutils-python'], unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', } cron { 'letsencrypt-renewal': command => '/usr/bin/certbot renew --quiet', hour => '*/12', minute => '21', } if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 { $certbot_package = 'python3-certbot-apache' } else { $certbot_package = 'python2-certbot-apache' } package { 'python-certbot-apache': name => $certbot_package, ensure => installed, } } }