diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-29 21:53:16 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-29 21:53:16 +0100 |
| commit | afb32748d1d1cadce59e7dab7033ed3c58e6bdee (patch) | |
| tree | 1c32008999b088c62c3463b2df7bdca012dc30af | |
| parent | Automatic ssh keys. (diff) | |
| download | webdav_server-afb32748d1d1cadce59e7dab7033ed3c58e6bdee.tar.gz webdav_server-afb32748d1d1cadce59e7dab7033ed3c58e6bdee.tar.xz | |
Reindent manifest.
| -rw-r--r-- | manifests/site.pp | 514 |
1 files changed, 257 insertions, 257 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 11f1afd..605e01e 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -137,274 +137,274 @@ node 'gandalf.adrift.space' { node 'hornquist.se' { - include ::profiles::firewall - - ensure_packages([ - 'cowsay', - ], { ensure => installed }) - - nsupdate { 'hornquist.se': - ensure => present, - nameserver => 'ns2.adrift.space', - iface => 'eth0', - records => [ - { type => 'A', ttl => 3600, domain => 'hornquist.se' }, - { type => 'A', ttl => 3600, domain => '*.hornquist.se' }, - ], - } - - $cgit_root = '/var/www/cgit' - $blog_root = '/var/www/blog' - - class { '::cgit': - root => $cgit_root, - root_title => 'Hornquist Git Repositiories', - root_desc => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ', - about_filter => 'hugo-pre.sh', - auth_filter => 'hugo-authentication.lua', - source_filter => 'hugo-highlighting.sh', - scan_path => '/home/git/git', - clone_url => [ - 'https://git.hornquist.se/$CGIT_REPO_URL', - 'git@hornquist.se:git/$CGIT_REPO_URL.git', - '(HTTP_only_for_public_repos)', - ], - } - - # https://buddy.works/blog/how-deploy-projects-with-git - blog { 'Hugos blog': - root => "${blog_root}/hugo", - } - - service { 'php7.4-fpm': - ensure => running, - enable => true, - } - - service { 'fcgiwrap.socket': - ensure => running, - enable => true, - } - - file { '/etc/systemd/system/php7.4-fpm.service.d': - ensure => directory, - } - - file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf': - ensure => file, - notify => Service['php7.4-fpm'], - content => @(EOF) - [Service] - RuntimeDirectory=php - | EOF - } - - # include apt - class { '::nginx': - manage_repo => false, - server_purge => true, - service_config_check => true, - } - - $certname = 'hornquist' - - class { '::letsencrypt': + include ::profiles::firewall + + ensure_packages([ + 'cowsay', + ], { ensure => installed }) + + nsupdate { 'hornquist.se': + ensure => present, + nameserver => 'ns2.adrift.space', + iface => 'eth0', + records => [ + { type => 'A', ttl => 3600, domain => 'hornquist.se' }, + { type => 'A', ttl => 3600, domain => '*.hornquist.se' }, + ], + } + + $cgit_root = '/var/www/cgit' + $blog_root = '/var/www/blog' + + class { '::cgit': + root => $cgit_root, + root_title => 'Hornquist Git Repositiories', + root_desc => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ', + about_filter => 'hugo-pre.sh', + auth_filter => 'hugo-authentication.lua', + source_filter => 'hugo-highlighting.sh', + scan_path => '/home/git/git', + clone_url => [ + 'https://git.hornquist.se/$CGIT_REPO_URL', + 'git@hornquist.se:git/$CGIT_REPO_URL.git', + '(HTTP_only_for_public_repos)', + ], + } + + # https://buddy.works/blog/how-deploy-projects-with-git + blog { 'Hugos blog': + root => "${blog_root}/hugo", + } + + service { 'php7.4-fpm': + ensure => running, + enable => true, + } + + service { 'fcgiwrap.socket': + ensure => running, + enable => true, + } + + file { '/etc/systemd/system/php7.4-fpm.service.d': + ensure => directory, + } + + file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf': + ensure => file, + notify => Service['php7.4-fpm'], + content => @(EOF) + [Service] + RuntimeDirectory=php + | EOF + } + + # include apt + class { '::nginx': + manage_repo => false, + server_purge => true, + service_config_check => true, + } + + $certname = 'hornquist' + + class { '::letsencrypt': config => { - email => 'hugo.hornquist@gmail.com', + email => 'hugo.hornquist@gmail.com', } # renew_cron_ensure => present, - } + } ensure_packages(['python3-certbot-nginx'], { ensure => installed }) - letsencrypt::certonly { $certname: + letsencrypt::certonly { $certname: ensure => present, manage_cron => true, plugin => 'nginx', additional_args => [ '--quiet', ], post_hook_commands => [ 'systemctl reload nginx.service', ], domains => [ - 'blog.hornquist.se', - 'blogg.hornquist.se', - 'www.hornquist.se', - 'hornquist.se', - 'git.hornquist.se', - 'wiki.hornquist.se', - ], - } - - nginx::resource::server { 'blogg': - server_name => [ 'blogg.hornquist.se', ], - access_log => 'absent', - error_log => 'absent', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - server_cfg_append => { - 'return' => '301 $scheme://blog.hornquist.se$request_uri', - } - } - - nginx::resource::server { 'blog': - server_name => [ - 'blog.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.php', 'index.html', 'index.htm', ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => $blog_root, - } - - nginx::resource::server { 'hornquist': - server_name => [ - 'hornquist.se', - 'www.hornquist.se', - '_', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.php', 'index.html', 'index.htm', ], - listen_options => 'default_server', - ssl => true, - ssl_cert => '/etc/letsencrypt/live/hornquist/fullchain.pem', - ssl_key => '/etc/letsencrypt/live/hornquist/privkey.pem', - use_default_location => false, - www_root => '/var/www/html', - # autoindex => 'on', - } - - nginx::resource::server { 'userdir': - server_name => [ - '~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ], - # SSL sites for userdir lack a cert due to wildcard certificates being - # "problematic". However, it's enabled here since a ::location with - # ssl => true WILL generate locations, even when server is missing. - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => '/home/$uname/.public', - # autoindex => 'on', - } - - - nginx::resource::server { 'wiki': - server_name => [ - 'wiki.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.html', ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => true, - www_root => '/var/www/wiki/public/html', - } - - nginx::resource::server { 'cgit': - server_name => [ - 'git.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => [ '$uri', '@cgit' ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => true, - www_root => $cgit_root, - ssl_redirect => true, - # /usr/lib/cgit/cgit.cgi - # /usr/share/cgit/cgit.css - } - - nginx::resource::location { '@cgit': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - ssl_only => true, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'cgit', - ], - } - - # TODO extra locations for dumb git clones? - - nginx::resource::location { '/': - try_files => ['$uri', '$uri/', '=404'], - index_files => [], - ssl => true, - autoindex => on, - server => [ - 'blog', - 'hornquist', - 'userdir', - ] - } - - nginx::resource::location { '/nyar': - location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' }, - ssl => true, - index_files => [], - server => [ 'hornquist', ], - } - - nginx::resource::location { '= /': - # temprory redirect - location_custom_cfg => { return => '307 /hugo' }, - ssl => true, - index_files => [], - server => [ 'blog', ], - } - - nginx::resource::location { '~ \.php$': - fastcgi_params => 'snippets/fastcgi-php.conf', - fastcgi => 'unix:/run/php/php-fpm.sock', - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } - - nginx::resource::location { '~ \.cgi$': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - # 'SCRIPT_FILENAME' => '$document_root/*.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'userdir', - ], - } - - nginx::resource::location { '~ /\.ht': - location_cfg_append => { deny => 'all' }, - index_files => [], - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } + 'blog.hornquist.se', + 'blogg.hornquist.se', + 'www.hornquist.se', + 'hornquist.se', + 'git.hornquist.se', + 'wiki.hornquist.se', + ], + } + + nginx::resource::server { 'blogg': + server_name => [ 'blogg.hornquist.se', ], + access_log => 'absent', + error_log => 'absent', + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => false, + server_cfg_append => { + 'return' => '301 $scheme://blog.hornquist.se$request_uri', + } + } + + nginx::resource::server { 'blog': + server_name => [ + 'blog.hornquist.se', + ], + access_log => 'absent', + error_log => 'absent', + index_files => [ 'index.php', 'index.html', 'index.htm', ], + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => false, + www_root => $blog_root, + } + + nginx::resource::server { 'hornquist': + server_name => [ + 'hornquist.se', + 'www.hornquist.se', + '_', + ], + access_log => 'absent', + error_log => 'absent', + index_files => [ 'index.php', 'index.html', 'index.htm', ], + listen_options => 'default_server', + ssl => true, + ssl_cert => '/etc/letsencrypt/live/hornquist/fullchain.pem', + ssl_key => '/etc/letsencrypt/live/hornquist/privkey.pem', + use_default_location => false, + www_root => '/var/www/html', + # autoindex => 'on', + } + + nginx::resource::server { 'userdir': + server_name => [ + '~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se', + ], + access_log => 'absent', + error_log => 'absent', + index_files => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ], + # SSL sites for userdir lack a cert due to wildcard certificates being + # "problematic". However, it's enabled here since a ::location with + # ssl => true WILL generate locations, even when server is missing. + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => false, + www_root => '/home/$uname/.public', + # autoindex => 'on', + } + + + nginx::resource::server { 'wiki': + server_name => [ + 'wiki.hornquist.se', + ], + access_log => 'absent', + error_log => 'absent', + index_files => [ 'index.html', ], + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => true, + www_root => '/var/www/wiki/public/html', + } + + nginx::resource::server { 'cgit': + server_name => [ + 'git.hornquist.se', + ], + access_log => 'absent', + error_log => 'absent', + index_files => [], + try_files => [ '$uri', '@cgit' ], + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => true, + www_root => $cgit_root, + ssl_redirect => true, + # /usr/lib/cgit/cgit.cgi + # /usr/share/cgit/cgit.css + } + + nginx::resource::location { '@cgit': + fastcgi_params => 'fastcgi_params', + fastcgi_param => { + 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', + 'PATH_INFO' => '$fastcgi_script_name', + 'QUERY_STRING' => '$args', + }, + ssl_only => true, + fastcgi => 'unix:/run/fcgiwrap.socket', + server => [ + 'cgit', + ], + } + + # TODO extra locations for dumb git clones? + + nginx::resource::location { '/': + try_files => ['$uri', '$uri/', '=404'], + index_files => [], + ssl => true, + autoindex => on, + server => [ + 'blog', + 'hornquist', + 'userdir', + ] + } + + nginx::resource::location { '/nyar': + location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' }, + ssl => true, + index_files => [], + server => [ 'hornquist', ], + } + + nginx::resource::location { '= /': + # temprory redirect + location_custom_cfg => { return => '307 /hugo' }, + ssl => true, + index_files => [], + server => [ 'blog', ], + } + + nginx::resource::location { '~ \.php$': + fastcgi_params => 'snippets/fastcgi-php.conf', + fastcgi => 'unix:/run/php/php-fpm.sock', + ssl => true, + server => [ + 'blog', + 'hornquist', + 'userdir', + ], + } + + nginx::resource::location { '~ \.cgi$': + fastcgi_params => 'fastcgi_params', + fastcgi_param => { + # 'SCRIPT_FILENAME' => '$document_root/*.cgi', + 'PATH_INFO' => '$fastcgi_script_name', + 'QUERY_STRING' => '$args', + }, + fastcgi => 'unix:/run/fcgiwrap.socket', + server => [ + 'userdir', + ], + } + + nginx::resource::location { '~ /\.ht': + location_cfg_append => { deny => 'all' }, + index_files => [], + ssl => true, + server => [ + 'blog', + 'hornquist', + 'userdir', + ], + } } |