changeset 446:ba3c446d5a47

Update config to support Ubuntu Also fixed a CSP heading that seemed to be a problem on the VM
author IBBoard <dev@ibboard.co.uk>
date Mon, 08 May 2023 13:47:39 +0100
parents 9268fe05d0ab
children 1a9de0661666
files manifests/templates.pp
diffstat 1 files changed, 36 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/manifests/templates.pp	Mon May 08 13:45:23 2023 +0100
+++ b/manifests/templates.pp	Mon May 08 13:47:39 2023 +0100
@@ -2,6 +2,7 @@
 File<| tag == 'repo-config' |>
 -> anchor { 'Repo-config': }
 -> YumRepo<| |>
+-> Apt::Source<| |>
 -> anchor { 'Repos': }
 -> Package<| |>
 
@@ -289,6 +290,17 @@
 	else {
 		# Other distros can take the default devel status
 		$dev = $::python::params::dev
+
+		apt::source {
+			'ibboard':
+				location => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/xUbuntu_22.04/',
+				release => '/',
+				repos => '',
+				key => {
+					id => 'EDC682701D792970AD8645E7A7A55B845DCFCBE2',
+					source => "https://download.opensuse.org/repositories/home:IBBoard:server/xUbuntu_22.04/Release.key"
+				}
+		}
 	}
 
 	if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, '8') >= 0 {
@@ -316,7 +328,7 @@
 }
 
 class tools {
-	$packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ]
+	$packages = [ 'sqlite', 'bash-completion', 'nano', 'zip', 'bzip2', 'mlocate', 'patch', 'tmux', 'wget', 'rsync' ]
 	package { $packages:
 		ensure => installed;
 	}
@@ -426,7 +438,15 @@
 		$extra_extras = {
 			'posix' => {
 			        ini_prefix => '20-',
-			}
+			},
+			# Sodium has been bundled since 7.2, but CentOS packages it separately
+			'sodium' => {
+			        ini_prefix => '20-',
+			},
+			# JSON is integrated into PHP 8+ and so it's only a plugin in CentOS
+			'json' => {
+			        ini_prefix => '20-',
+			},
 		}
 		if versioncmp($operatingsystemrelease, '8') >= 0 {
 			yumrepo { 'remirepo-safe':
@@ -478,6 +498,11 @@
 		$php_suffix = ''
 		$variant_prefix = 'php-'
 		$extra_prefix = ''
+		# Work around constant re-install by enabling virtual packages
+		# https://github.com/voxpupuli/puppet-php/issues/387
+		Package {
+			allow_virtual => true
+		}
 		$extra_extras = {}
 	}
 
@@ -510,9 +535,6 @@
 			'intl' => {
 			        ini_prefix => '20-',
 			},
-			'json' => {
-			        ini_prefix => '20-',
-			},
 			'mysqlnd' => {
 				ini_prefix => '20-',
 			},
@@ -522,9 +544,6 @@
 			'simplexml' => {
 			        ini_prefix => '20-',
 			},
-			'sodium' => {
-			        ini_prefix => '20-',
-			},
 			'soap' => {
 			        ini_prefix => '20-',
 			},
@@ -536,6 +555,9 @@
 			},
 			'pdo_mysql' => {
 				ini_prefix => '30-',
+				# Provided by the php-mysql package in CentOS and declared with "Provides"
+				# And Ubuntu is the same but without the "Provides"
+				provider => "none",
 			},
 			'xmlreader' => {
 				ini_prefix => '30-',
@@ -638,8 +660,11 @@
 		target => '/usr/share/zoneinfo/Europe/London',
 	}
 
-	package { 'mod_cspnonce':
-		ensure => "installed",
+	# Debian doesn't handle sensible depends like module names because of the underscore
+	# So we need to use the package name
+	package { "mod_cspnonce":
+		name => $osfamily == 'Debian' ? { true => "libapache2-mod-cspnonce", default => "mod_cspnonce" },
+		ensure => installed,
 	}
 
 	# Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things)
@@ -799,7 +824,7 @@
 		csp_override => {
 			"report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce",
 			"font-src" => "'self' https://fonts.gstatic.com/ data:",
-			"img-src" => "'self' https://secure.gravatar.com/ data:",
+			"img-src" => "'self' https://secure.gravatar.com/ https://ps.w.org/ https://s.w.org/ data:",
 			"style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'",
 			"connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/",
 			"frame-ancestors" => "'self'"