From 30d6afa40a37dbf27902f467a8f70d53c764f173 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Thu, 13 Aug 2020 00:11:59 +0200
Subject: [PATCH] Move d-group main site into own pp file.
---
manifests/site.pp | 102 +++++------------------------
modules/dgroup/manifests/dgroup.pp | 93 ++++++++++++++++++++++++++
2 files changed, 110 insertions(+), 85 deletions(-)
create mode 100644 modules/dgroup/manifests/dgroup.pp
diff --git a/manifests/site.pp b/manifests/site.pp
index 6ceddc3..92dbbaa 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -23,15 +23,6 @@ node 'd-group' {
ensure => 'installed',
}
- # Required by d-group.se, which more or less runs a dev environment
- # in production.
- class { 'python':
- ensure => 'latest',
- version => 'python3',
- dev => 'latest',
- virtualenv => 'latest',
- pip => 'latest',
- }
class { '::letsencrypt':
email => 'webb@d-group.se',
@@ -41,11 +32,6 @@ node 'd-group' {
# ensure => 'latest',
# }
- file { ['/var/log/apache2', '/var/log/django', ]:
- ensure => 'directory',
- group => 'www-data',
- mode => '0775',
- }
class {'apache':
default_vhost => false,
@@ -55,80 +41,32 @@ node 'd-group' {
serveradmin => 'webb@d-group.se',
}
+ file { '/var/log/apache2':
+ ensure => 'directory',
+ group => 'www-data',
+ mode => '0775',
+ }
+
$root = '/var/www/d-group.se'
- ensure_packages (['python-certbot-apache'], { ensure => installed })
- letsencrypt::certonly { 'd-group.se':
- domains => [ 'd-group.se', ], # 'www.d-group.se', 'domd.nu',
+ dgroup::dgroup { 'd-group.se':
+ root => $root,
+ }
+
+ # TODO certs for below
+ # 'domd.nu',
# 'www.domd.nu', 'admin.d-group.se',
# 'wiki.d-group.se', 'www.xn--dmd-sna.nu',
# 'xn--dmd-sna.nu', 'tentakravallen.se',
# 'www.tentakravallen.se', ],
- manage_cron => true,
- suppress_cron_output => true,
- cron_hour => '4',
- cron_minute => '17',
- plugin => 'apache',
- # cron_success_command => '/bin/systemctl reload apache2.service',
- }
-
- apache::vhost { 'd-group.se-non-ssl':
- servername => 'd-group.se',
- ssl => false,
- port => 80,
- redirect_status => 'permanent',
- redirect_dest => 'https://d-group.se/',
- docroot => '/var/www/d-group.se',
- # before => Letsencrypt::Certonly['d-group certs'],
- }
-
- apache::vhost { 'd-group.se':
- # default_vhost => true,
- servername => 'd-group.se',
- ssl => true,
- port => 443,
- serveraliases => ['www.d-group.se'],
- docroot => "${root}/d-group.se",
- ssl_cert => '/etc/letsencrypt/live/d-group.se/fullchain.pem',
- ssl_key => '/etc/letsencrypt/live/d-group.se/privkey.pem',
- require => Letsencrypt::Certonly['d-group.se'],
- wsgi_script_aliases => { '/' => "${root}/d-group.se/dgroup/wsgi_production.py", },
- wsgi_daemon_process => 'd-group.se',
- wsgi_daemon_process_options => {
- # TODO this doesn't work. Currently path is modified in script
- # python-home => '/var/www/d-group.se/d-group.se/.venv',
- python-path => '/var/www/d-group.se/d-group.se:/var/www/d-group.se/d-group.se/.venv/lib/python3.6/site-packages',
- },
- # wsgi_process_group => 'd-group.se',
- error_log_file => 'error.log',
- access_log_file => 'access.log',
- directories => [
- { 'path' => "${root}/d-group.se/static_files",
- 'order' => 'deny,allow',
- 'allow' => 'from all', },
- { 'path' => "${root}/d-group.se/dgroup", },
- { 'path' => "${root}/d-group.se/wsgi_production.py",
- 'order' => 'deny,allow',
- 'allow' => 'from all',
- 'provider' => 'files',
- },
- ],
- aliases => [
- { alias => '/robots.txt', path => "${root}/d-group.se/static_files/robots.txt" },
- { alias => '/favicon.ico', path => "${root}/d-group.se/static_files/favicon.ico" },
- { alias => '/static', path => "${root}/d-group.se/static_files/" },
- { alias => '/application/views/default/static', path => "${root}/d-group.se/static_files/" },
- ]
-
- }
-
- dgroup::codeigniter { 'admin.d-group.se':
+
+ dgroup::codeigniter { 'admin.d-group.se':
root => $root,
- }
+ }
- dgroup::simple { 'wiki.d-group.se':
+ dgroup::simple { 'wiki.d-group.se':
root => $root,
- }
+ }
# dgroup::simple { 'domd.nu':
@@ -143,12 +81,6 @@ node 'd-group' {
# serveraliases => [ 'www.tentakravallen.se', ],
# }
- include ::apache::mod::rewrite
- include ::apache::mod::php
- class { '::apache::mod::wsgi':
- package_name => 'libapache2-mod-wsgi-py3',
- mod_path => 'mod_wsgi.so',
- }
}
node 'liufs' {
diff --git a/modules/dgroup/manifests/dgroup.pp b/modules/dgroup/manifests/dgroup.pp
new file mode 100644
index 0000000..d9bd4ee
--- /dev/null
+++ b/modules/dgroup/manifests/dgroup.pp
@@ -0,0 +1,93 @@
+# Module for main d-group.se site.
+# Some form of django/wsgi dev environment running in production.
+# Hopefully someone packages it better, and updates this file
+# accordingly.
+define dgroup::dgroup (
+ $root,
+ $site = $name,
+) {
+
+ class { 'python':
+ ensure => 'latest',
+ version => 'python3',
+ dev => 'latest',
+ virtualenv => 'latest',
+ pip => 'latest',
+ }
+
+
+ file { '/var/log/django':
+ ensure => 'directory',
+ group => 'www-data',
+ mode => '0775',
+ }
+
+ ensure_packages (['python-certbot-apache'], { ensure => installed })
+ letsencrypt::certonly { $site:
+ domains => [ $site, ], # "www.${site}"
+ manage_cron => true,
+ suppress_cron_output => true,
+ cron_hour => '4',
+ cron_minute => '17',
+ plugin => 'apache',
+ # cron_success_command => '/bin/systemctl reload apache2.service',
+ }
+
+ apache::vhost { "${site}-non-ssl":
+ servername => $site,
+ ssl => false,
+ port => 80,
+ redirect_status => 'permanent',
+ redirect_dest => "https://${site}/",
+ docroot => $root,
+ # before => Letsencrypt::Certonly['d-group certs'],
+ }
+
+ apache::vhost { $site:
+ # default_vhost => true,
+ servername => $site,
+ ssl => true,
+ port => 443,
+ serveraliases => ["www.${site}"],
+ docroot => "${root}/${site}",
+ ssl_cert => "/etc/letsencrypt/live/${site}/fullchain.pem",
+ ssl_key => "/etc/letsencrypt/live/${site}/privkey.pem",
+ require => Letsencrypt::Certonly[$site],
+ wsgi_script_aliases => { '/' => "${root}/${site}/dgroup/wsgi_production.py", },
+ wsgi_daemon_process => 'd-group.se',
+ wsgi_daemon_process_options => {
+ # TODO this doesn't work. Currently path is modified in script
+ # python-home => '/var/www/d-group.se/d-group.se/.venv',
+ python-path => "${root}/${site}:${root}/${site}/.venv/lib/python3.6/site-packages",
+ },
+ # wsgi_process_group => 'd-group.se',
+ error_log_file => 'error.log',
+ access_log_file => 'access.log',
+ directories => [
+ { 'path' => "${root}/${site}/static_files",
+ 'order' => 'deny,allow',
+ 'allow' => 'from all', },
+ { 'path' => "${root}/${site}/dgroup", },
+ { 'path' => "${root}/${site}/wsgi_production.py",
+ 'order' => 'deny,allow',
+ 'allow' => 'from all',
+ 'provider' => 'files',
+ },
+ ],
+ aliases => [
+ { alias => '/robots.txt', path => "${root}/${site}/static_files/robots.txt" },
+ { alias => '/favicon.ico', path => "${root}/${site}/static_files/favicon.ico" },
+ { alias => '/static', path => "${root}/${site}/static_files/" },
+ { alias => '/application/views/default/static', path => "${root}/${site}/static_files/" },
+ ]
+ }
+
+
+ require ::apache::mod::rewrite
+ require ::apache::mod::php
+ class { '::apache::mod::wsgi':
+ package_name => 'libapache2-mod-wsgi-py3',
+ mod_path => 'mod_wsgi.so',
+ }
+
+}
--
GitLab