stuff

f7c086b7 · root · dbc15f69 · f7c086b7 · f7c086b7 · f7c086b7
Commit f7c086b7 authored Aug 12, 2020 by root
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -37,22 +37,26 @@ node 'd-group' {
    email => 'webb@d-group.se',
  }
+  # package { 'libapache2-mod-php':
+  #   ensure => 'latest',
+  # }
  file { ['/var/log/apache2', '/var/log/django', ]:
    group => 'www-data',
    mode  => '0775',
    ensure => 'directory',
  }
  class {'apache':
-# TODO serveradmin?
+        default_vhost => false,
-        # default_vhost => false,
+	# required by php module
-        # mpm_module => 'prefork',
+        mpm_module => 'prefork',
        # purge_configs => false,
        serveradmin => 'webb@d-group.se',
        }
  $root =  '/var/www/d-group.se'
  ensure_packages (['python-certbot-apache'], { ensure => installed })
-  letsencrypt::certonly { 'd-group certs':
+  letsencrypt::certonly { 'd-group.se':
     domains              => [ 'd-group.se', ], # 'www.d-group.se', 'domd.nu',
                              # 'www.domd.nu', 'admin.d-group.se',
                              # 'wiki.d-group.se', 'www.xn--dmd-sna.nu',
@@ -62,24 +66,30 @@ node 'd-group' {
     suppress_cron_output => true,
     cron_hour            => '4',
     cron_minute          => '17',
-     # plugin               => 'apache',
+     plugin               => 'apache',
-     cron_success_command => '/bin/systemctl reload apache2.service',
+     # cron_success_command => '/bin/systemctl reload apache2.service',
  }
-  # apache::vhost { 'd-group.se-non-ssl':
+  apache::vhost { 'd-group.se-non-ssl':
-  #   ssl => false,
+    servername => 'd-group.se',
-  #   redirect_status => 'permanent',
+    ssl => false,
-  #   redirect_dest => 'https://d-group.se/',
+    port => 80,
+    redirect_status => 'permanent',
+    redirect_dest => 'https://d-group.se/',
    # before => Letsencrypt::Certonly['d-group certs'],
-  #   docroot => '/var/www',
+    docroot => '/var/www/d-group.se',
-  # }
+  }
  apache::vhost { 'd-group.se':
    servername => 'd-group.se',
-    # ssl => true,
+    ssl => true,
+    port => 443,
    serveraliases => ['www.d-group.se'],
    docroot => "${root}/d-group.se",
-    default_vhost => true,
+    # default_vhost => true,
+    ssl_cert          => "/etc/letsencrypt/live/d-group.se/fullchain.pem",
+    ssl_key           => "/etc/letsencrypt/live/d-group.se/privkey.pem",
+    require => Letsencrypt::Certonly['d-group.se'],
    wsgi_script_aliases => { '/' => "${root}/d-group.se/dgroup/wsgi_production.py", },
    wsgi_daemon_process => 'd-group.se',
@@ -115,9 +125,7 @@ node 'd-group' {
  }
+  dgroup::codeigniter { 'admin.d-group.se': 
-  dgroup::simple { 'admin.d-group.se': 
    root => $root,
  }
@@ -126,19 +134,20 @@ node 'd-group' {
  }
-  dgroup::simple { 'domd.nu':
+  # dgroup::simple { 'domd.nu':
-    root => $root,
+  #   root => $root,
-    serveraliases => [ 'www.domd.nu', 
+  #   serveraliases => [ 'www.domd.nu', 
-                       'xn--dmd-sna.nu',
+  #                      'xn--dmd-sna.nu',
-                       'www.xn--dmd-sna.nu', ],
+  #                      'www.xn--dmd-sna.nu', ],
-  }
+  # }
-  dgroup::simple { 'tentakravallen.se':
+  # dgroup::simple { 'tentakravallen.se':
-    root => '/var/www',
+  #   root => '/var/www',
-    serveraliases => [ 'www.tentakravallen.se', ],
+  #   serveraliases => [ 'www.tentakravallen.se', ],
-  }
+  # }
 include ::apache::mod::rewrite
+ include ::apache::mod::php
 class { '::apache::mod::wsgi':
   package_name => 'libapache2-mod-wsgi-py3',
   mod_path => 'mod_wsgi.so',

--- a/modules/dgroup/manifests/codeigniter.pp
+++ b/modules/dgroup/manifests/codeigniter.pp
+define dgroup::codeigniter (
+  $root,
+) {
+  ensure_packages (['php-mbstring', 'php-intl'], {
+    ensure => 'latest',
+  })
+  file_line { 'php intl':
+    ensure => present,
+    path => '/etc/php/7.2/apache2/php.ini',
+    line => 'extension=intl',
+    match => '^;extension=intl',
+  }
+  #exec { 'writable writable':
+  #  command => "chmod -R g+rw $docroot/writable",
+  #  path => ['/usr/bin', '/bin'],
+  #}
+  #exec { 'writable writable':
+  #  command => "chgrp -R www-data $docroot/writable",
+  #  path => ['/usr/bin', '/bin'],
+  #}
+  # file { "$docroot/writable":
+  #   ensure => directory,
+  #   recurse => true,
+  #   group => www-data,
+  #   mode => '0775',
+  # }
+  $docroot = "${root}/${name}/public"
+  $base_directories = [
+    { 'path' => '/', options => 'FollowSymLinks', 'allowoverride' => 'None', },
+    { 'path' => $docroot,
+      'options' => 'FollowSymLinks MultiViews', 
+      'allowoverride' => 'all',
+      'order' => 'allow,deny',
+      'allow' => 'from all',
+    },
+    { 'path' => '/usr/lib/cgi-bin', 
+      'options' => '+ExecCGI -MultiViews +SymLinksIfOwnerMatch', 
+      'allowoverride' => 'none',
+      'order' => 'allow,deny',
+      'allow' => 'from all',
+    },
+    { 'path' => '/usr/share/doc', 
+      'options' => 'MultiViews FollowSymLinks', 
+      'allowoverride' => 'none',
+      'order' => 'deny,allow',
+      'deny' => 'from all',
+      'allow' => 'from 127.0.0.0/255.0.0.0 ::1/128',
+     },
+  ]
+  $base_aliases = [
+    { alias => '/doc/', path => '/usr/share/doc' },
+    { scriptalias => '/cgi-bin/', path => '/usr/lib/cgi-bin' },
+  ]
+  apache::vhost { $name:
+    servername => $name,
+    port => 80,
+    #serveraliases => $serveraliases,
+    docroot => $docroot,
+    aliases => $base_aliases,
+    directories => $base_directories,
+    error_log_file => 'error.log',
+    access_log_file => 'access.log',
+  }
+}
--- a/modules/dgroup/manifests/simple.pp
+++ b/modules/dgroup/manifests/simple.pp
@@ -32,6 +32,7 @@ define dgroup::simple (
  apache::vhost { $name:
    servername => $name,
+    port => 80,
    serveraliases => $serveraliases,
    docroot => "${root}/${name}",
    aliases => $base_aliases,