diff --git a/manifests/site.pp b/manifests/site.pp index e7eb8a8479402caf13a6c370880dd6d4a0298aa2..6ceddc3905125f8584b2617da652915062ada8b9 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -23,16 +23,16 @@ node 'd-group' { ensure => 'installed', } + # Required by d-group.se, which more or less runs a dev environment + # in production. class { 'python': - ensure => 'latest', - version => 'python3', - dev => 'latest', + ensure => 'latest', + version => 'python3', + dev => 'latest', virtualenv => 'latest', - pip => 'latest', + pip => 'latest', } - # include ::mysql::client - class { '::letsencrypt': email => 'webb@d-group.se', } @@ -42,116 +42,113 @@ node 'd-group' { # } file { ['/var/log/apache2', '/var/log/django', ]: - group => 'www-data', - mode => '0775', ensure => 'directory', + group => 'www-data', + mode => '0775', } - class {'apache': - default_vhost => false, - # required by php module - mpm_module => 'prefork', - # purge_configs => false, - serveradmin => 'webb@d-group.se', - } - $root = '/var/www/d-group.se' - ensure_packages (['python-certbot-apache'], { ensure => installed }) - letsencrypt::certonly { 'd-group.se': - domains => [ 'd-group.se', ], # 'www.d-group.se', 'domd.nu', - # 'www.domd.nu', 'admin.d-group.se', - # 'wiki.d-group.se', 'www.xn--dmd-sna.nu', - # 'xn--dmd-sna.nu', 'tentakravallen.se', - # 'www.tentakravallen.se', ], - manage_cron => true, - suppress_cron_output => true, - cron_hour => '4', - cron_minute => '17', - plugin => 'apache', - # cron_success_command => '/bin/systemctl reload apache2.service', + class {'apache': + default_vhost => false, + # required by php module + mpm_module => 'prefork', + # purge_configs => false, + serveradmin => 'webb@d-group.se', } - apache::vhost { 'd-group.se-non-ssl': - servername => 'd-group.se', - ssl => false, - port => 80, - redirect_status => 'permanent', - redirect_dest => 'https://d-group.se/', - # before => Letsencrypt::Certonly['d-group certs'], - docroot => '/var/www/d-group.se', - } + $root = '/var/www/d-group.se' - apache::vhost { 'd-group.se': - servername => 'd-group.se', - ssl => true, - port => 443, - serveraliases => ['www.d-group.se'], - docroot => "${root}/d-group.se", - # default_vhost => true, - ssl_cert => "/etc/letsencrypt/live/d-group.se/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/d-group.se/privkey.pem", - require => Letsencrypt::Certonly['d-group.se'], - - wsgi_script_aliases => { '/' => "${root}/d-group.se/dgroup/wsgi_production.py", }, - wsgi_daemon_process => 'd-group.se', - wsgi_daemon_process_options => { - # TODO this doesn't work. Currently path is modified in script - # python-home => '/var/www/d-group.se/d-group.se/.venv', - python-path => '/var/www/d-group.se/d-group.se:/var/www/d-group.se/d-group.se/.venv/lib/python3.6/site-packages', - }, - # wsgi_process_group => 'd-group.se', - error_log_file => 'error.log', - access_log_file => 'access.log', - directories => [ - { 'path' => "${root}/d-group.se/static_files", - 'order' => 'deny,allow', - 'allow' => 'from all', }, - { 'path' => "${root}/d-group.se/dgroup", }, - { 'path' => "${root}/d-group.se/wsgi_production.py", - 'order' => 'deny,allow', - 'allow' => 'from all', - 'provider' => 'files', + ensure_packages (['python-certbot-apache'], { ensure => installed }) + letsencrypt::certonly { 'd-group.se': + domains => [ 'd-group.se', ], # 'www.d-group.se', 'domd.nu', + # 'www.domd.nu', 'admin.d-group.se', + # 'wiki.d-group.se', 'www.xn--dmd-sna.nu', + # 'xn--dmd-sna.nu', 'tentakravallen.se', + # 'www.tentakravallen.se', ], + manage_cron => true, + suppress_cron_output => true, + cron_hour => '4', + cron_minute => '17', + plugin => 'apache', + # cron_success_command => '/bin/systemctl reload apache2.service', + } + + apache::vhost { 'd-group.se-non-ssl': + servername => 'd-group.se', + ssl => false, + port => 80, + redirect_status => 'permanent', + redirect_dest => 'https://d-group.se/', + docroot => '/var/www/d-group.se', + # before => Letsencrypt::Certonly['d-group certs'], + } + + apache::vhost { 'd-group.se': + # default_vhost => true, + servername => 'd-group.se', + ssl => true, + port => 443, + serveraliases => ['www.d-group.se'], + docroot => "${root}/d-group.se", + ssl_cert => '/etc/letsencrypt/live/d-group.se/fullchain.pem', + ssl_key => '/etc/letsencrypt/live/d-group.se/privkey.pem', + require => Letsencrypt::Certonly['d-group.se'], + wsgi_script_aliases => { '/' => "${root}/d-group.se/dgroup/wsgi_production.py", }, + wsgi_daemon_process => 'd-group.se', + wsgi_daemon_process_options => { + # TODO this doesn't work. Currently path is modified in script + # python-home => '/var/www/d-group.se/d-group.se/.venv', + python-path => '/var/www/d-group.se/d-group.se:/var/www/d-group.se/d-group.se/.venv/lib/python3.6/site-packages', }, - ], - aliases => [ - { alias => '/robots.txt', - path => "${root}/d-group.se/static_files/robots.txt" }, - { alias => '/favicon.ico', - path => "${root}/d-group.se/static_files/favicon.ico" }, - { alias => '/static', - path => "${root}/d-group.se/static_files/" }, - { alias => '/application/views/default/static', - path => "${root}/d-group.se/static_files/" }, - ] - - } - - dgroup::codeigniter { 'admin.d-group.se': + # wsgi_process_group => 'd-group.se', + error_log_file => 'error.log', + access_log_file => 'access.log', + directories => [ + { 'path' => "${root}/d-group.se/static_files", + 'order' => 'deny,allow', + 'allow' => 'from all', }, + { 'path' => "${root}/d-group.se/dgroup", }, + { 'path' => "${root}/d-group.se/wsgi_production.py", + 'order' => 'deny,allow', + 'allow' => 'from all', + 'provider' => 'files', + }, + ], + aliases => [ + { alias => '/robots.txt', path => "${root}/d-group.se/static_files/robots.txt" }, + { alias => '/favicon.ico', path => "${root}/d-group.se/static_files/favicon.ico" }, + { alias => '/static', path => "${root}/d-group.se/static_files/" }, + { alias => '/application/views/default/static', path => "${root}/d-group.se/static_files/" }, + ] + + } + + dgroup::codeigniter { 'admin.d-group.se': root => $root, - } + } - dgroup::simple { 'wiki.d-group.se': + dgroup::simple { 'wiki.d-group.se': root => $root, - } - - - # dgroup::simple { 'domd.nu': - # root => $root, - # serveraliases => [ 'www.domd.nu', - # 'xn--dmd-sna.nu', - # 'www.xn--dmd-sna.nu', ], - # } - - # dgroup::simple { 'tentakravallen.se': - # root => '/var/www', - # serveraliases => [ 'www.tentakravallen.se', ], - # } - - include ::apache::mod::rewrite - include ::apache::mod::php - class { '::apache::mod::wsgi': - package_name => 'libapache2-mod-wsgi-py3', - mod_path => 'mod_wsgi.so', - } + } + + + # dgroup::simple { 'domd.nu': + # root => $root, + # serveraliases => [ 'www.domd.nu', + # 'xn--dmd-sna.nu', + # 'www.xn--dmd-sna.nu', ], + # } + + # dgroup::simple { 'tentakravallen.se': + # root => '/var/www', + # serveraliases => [ 'www.tentakravallen.se', ], + # } + + include ::apache::mod::rewrite + include ::apache::mod::php + class { '::apache::mod::wsgi': + package_name => 'libapache2-mod-wsgi-py3', + mod_path => 'mod_wsgi.so', + } } node 'liufs' { diff --git a/modules/apache b/modules/apache index b73542a99913bb21416f6ad08b6114dfc95d3501..98cf15c01cc7467f9d493a479db063b6a8812ec5 160000 --- a/modules/apache +++ b/modules/apache @@ -1 +1 @@ -Subproject commit b73542a99913bb21416f6ad08b6114dfc95d3501 +Subproject commit 98cf15c01cc7467f9d493a479db063b6a8812ec5 diff --git a/modules/dgroup/manifests/codeigniter.pp b/modules/dgroup/manifests/codeigniter.pp index 195396303b42be5d4a42c012621c6f5ccf7835ad..8689d735125b07f10c20b4a8c549824aa453d22f 100644 --- a/modules/dgroup/manifests/codeigniter.pp +++ b/modules/dgroup/manifests/codeigniter.pp @@ -1,3 +1,5 @@ +# Setup for codeigniter page framework. +# Should preferably be own mobule. define dgroup::codeigniter ( $root, ) { @@ -8,9 +10,9 @@ define dgroup::codeigniter ( file_line { 'php intl': ensure => present, - path => '/etc/php/7.2/apache2/php.ini', - line => 'extension=intl', - match => '^;extension=intl', + path => '/etc/php/7.2/apache2/php.ini', + line => 'extension=intl', + match => '^;extension=intl', } #exec { 'writable writable': @@ -32,26 +34,29 @@ define dgroup::codeigniter ( $docroot = "${root}/${name}/public" $base_directories = [ - { 'path' => '/', options => 'FollowSymLinks', 'allowoverride' => 'None', }, - { 'path' => $docroot, - 'options' => 'FollowSymLinks MultiViews', + { 'path' => '/', + 'options' => 'FollowSymLinks', + 'allowoverride' => 'None', + }, + { 'path' => $docroot, + 'options' => 'FollowSymLinks MultiViews', 'allowoverride' => 'all', - 'order' => 'allow,deny', - 'allow' => 'from all', + 'order' => 'allow,deny', + 'allow' => 'from all', }, - { 'path' => '/usr/lib/cgi-bin', - 'options' => '+ExecCGI -MultiViews +SymLinksIfOwnerMatch', + { 'path' => '/usr/lib/cgi-bin', + 'options' => '+ExecCGI -MultiViews +SymLinksIfOwnerMatch', 'allowoverride' => 'none', - 'order' => 'allow,deny', - 'allow' => 'from all', + 'order' => 'allow,deny', + 'allow' => 'from all', }, - { 'path' => '/usr/share/doc', - 'options' => 'MultiViews FollowSymLinks', + { 'path' => '/usr/share/doc', + 'options' => 'MultiViews FollowSymLinks', 'allowoverride' => 'none', - 'order' => 'deny,allow', - 'deny' => 'from all', - 'allow' => 'from 127.0.0.0/255.0.0.0 ::1/128', - }, + 'order' => 'deny,allow', + 'deny' => 'from all', + 'allow' => 'from 127.0.0.0/255.0.0.0 ::1/128', + }, ] $base_aliases = [ @@ -60,13 +65,13 @@ define dgroup::codeigniter ( ] apache::vhost { $name: - servername => $name, - port => 80, - #serveraliases => $serveraliases, - docroot => $docroot, - aliases => $base_aliases, - directories => $base_directories, - error_log_file => 'error.log', + #serveraliases => $serveraliases, + servername => $name, + port => 80, + docroot => $docroot, + aliases => $base_aliases, + directories => $base_directories, + error_log_file => 'error.log', access_log_file => 'access.log', } } diff --git a/modules/dgroup/manifests/simple.pp b/modules/dgroup/manifests/simple.pp index f4d28d847b5393edf68208ed8b22632787f83c73..08668e1b9d193d3078f97a446701714d6b8fefd5 100644 --- a/modules/dgroup/manifests/simple.pp +++ b/modules/dgroup/manifests/simple.pp @@ -1,28 +1,33 @@ +# General base endpoint for some of d-groups servers. +# Should really be cleaned up and renamed. define dgroup::simple ( $root, $serveraliases = [], ) { $base_directories = [ - { 'path' => '/', options => 'FollowSymLinks', 'allowoverride' => 'None', }, - { 'path' => "${root}/${name}/", - 'options' => 'FollowSymLinks MultiViews', + { 'path' => '/', + 'options' => 'FollowSymLinks', + 'allowoverride' => 'None', + }, + { 'path' => "${root}/${name}/", + 'options' => 'FollowSymLinks MultiViews', 'allowoverride' => 'all', - 'order' => 'allow,deny', - 'allow' => 'from all', + 'order' => 'allow,deny', + 'allow' => 'from all', }, - { 'path' => '/usr/lib/cgi-bin', - 'options' => '+ExecCGI -MultiViews +SymLinksIfOwnerMatch', + { 'path' => '/usr/lib/cgi-bin', + 'options' => '+ExecCGI -MultiViews +SymLinksIfOwnerMatch', 'allowoverride' => 'none', - 'order' => 'allow,deny', - 'allow' => 'from all', + 'order' => 'allow,deny', + 'allow' => 'from all', }, - { 'path' => '/usr/share/doc', - 'options' => 'MultiViews FollowSymLinks', + { 'path' => '/usr/share/doc', + 'options' => 'MultiViews FollowSymLinks', 'allowoverride' => 'none', - 'order' => 'deny,allow', - 'deny' => 'from all', - 'allow' => 'from 127.0.0.0/255.0.0.0 ::1/128', - }, + 'order' => 'deny,allow', + 'deny' => 'from all', + 'allow' => 'from 127.0.0.0/255.0.0.0 ::1/128', + }, ] $base_aliases = [ @@ -31,13 +36,13 @@ define dgroup::simple ( ] apache::vhost { $name: - servername => $name, - port => 80, - serveraliases => $serveraliases, - docroot => "${root}/${name}", - aliases => $base_aliases, - directories => $base_directories, - error_log_file => 'error.log', + servername => $name, + port => 80, + serveraliases => $serveraliases, + docroot => "${root}/${name}", + aliases => $base_aliases, + directories => $base_directories, + error_log_file => 'error.log', access_log_file => 'access.log', } }