Mercurial > repos > other > Puppet
changeset 446:ba3c446d5a47
Update config to support Ubuntu
Also fixed a CSP heading that seemed to be a problem on the VM
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 08 May 2023 13:47:39 +0100 |
parents | 9268fe05d0ab |
children | 1a9de0661666 |
files | manifests/templates.pp |
diffstat | 1 files changed, 36 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/manifests/templates.pp Mon May 08 13:45:23 2023 +0100 +++ b/manifests/templates.pp Mon May 08 13:47:39 2023 +0100 @@ -2,6 +2,7 @@ File<| tag == 'repo-config' |> -> anchor { 'Repo-config': } -> YumRepo<| |> +-> Apt::Source<| |> -> anchor { 'Repos': } -> Package<| |> @@ -289,6 +290,17 @@ else { # Other distros can take the default devel status $dev = $::python::params::dev + + apt::source { + 'ibboard': + location => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/xUbuntu_22.04/', + release => '/', + repos => '', + key => { + id => 'EDC682701D792970AD8645E7A7A55B845DCFCBE2', + source => "https://download.opensuse.org/repositories/home:IBBoard:server/xUbuntu_22.04/Release.key" + } + } } if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 { @@ -316,7 +328,7 @@ } class tools { - $packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ] + $packages = [ 'sqlite', 'bash-completion', 'nano', 'zip', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ] package { $packages: ensure => installed; } @@ -426,7 +438,15 @@ $extra_extras = { 'posix' => { ini_prefix => '20-', - } + }, + # Sodium has been bundled since 7.2, but CentOS packages it separately + 'sodium' => { + ini_prefix => '20-', + }, + # JSON is integrated into PHP 8+ and so it's only a plugin in CentOS + 'json' => { + ini_prefix => '20-', + }, } if versioncmp($operatingsystemrelease, '8') >= 0 { yumrepo { 'remirepo-safe': @@ -478,6 +498,11 @@ $php_suffix = '' $variant_prefix = 'php-' $extra_prefix = '' + # Work around constant re-install by enabling virtual packages + # https://github.com/voxpupuli/puppet-php/issues/387 + Package { + allow_virtual => true + } $extra_extras = {} } @@ -510,9 +535,6 @@ 'intl' => { ini_prefix => '20-', }, - 'json' => { - ini_prefix => '20-', - }, 'mysqlnd' => { ini_prefix => '20-', }, @@ -522,9 +544,6 @@ 'simplexml' => { ini_prefix => '20-', }, - 'sodium' => { - ini_prefix => '20-', - }, 'soap' => { ini_prefix => '20-', }, @@ -536,6 +555,9 @@ }, 'pdo_mysql' => { ini_prefix => '30-', + # Provided by the php-mysql package in CentOS and declared with "Provides" + # And Ubuntu is the same but without the "Provides" + provider => "none", }, 'xmlreader' => { ini_prefix => '30-', @@ -638,8 +660,11 @@ target => '/usr/share/zoneinfo/Europe/London', } - package { 'mod_cspnonce': - ensure => "installed", + # Debian doesn't handle sensible depends like module names because of the underscore + # So we need to use the package name + package { "mod_cspnonce": + name => $osfamily == 'Debian' ? { true => "libapache2-mod-cspnonce", default => "mod_cspnonce" }, + ensure => installed, } # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) @@ -799,7 +824,7 @@ csp_override => { "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", "font-src" => "'self' https://fonts.gstatic.com/ data:", - "img-src" => "'self' https://secure.gravatar.com/ data:", + "img-src" => "'self' https://secure.gravatar.com/ https://ps.w.org/ https://s.w.org/ data:", "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'", "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", "frame-ancestors" => "'self'"