diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-03 22:15:39 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-03 22:21:50 +0100 |
commit | c8e9b56cf3b7664e980f312b75c6bfac9b276703 (patch) | |
tree | 6a1a2dc13e88fe0b661b550d685e578f03a19051 | |
parent | Allow lists in networkd config. (diff) | |
download | webdav_server-c8e9b56cf3b7664e980f312b75c6bfac9b276703.tar.gz webdav_server-c8e9b56cf3b7664e980f312b75c6bfac9b276703.tar.xz |
stuff
-rw-r--r-- | data/common.yaml | 30 | ||||
-rw-r--r-- | data/nodes/gandalf.adrift.space.yaml | 51 | ||||
-rw-r--r-- | manifests/site.pp | 221 | ||||
-rw-r--r-- | modules/blog/files/special-files.ini | 0 | ||||
-rw-r--r-- | modules/blog/manifests/blog.pp | 6 | ||||
-rw-r--r-- | modules/blog/manifests/init.pp | 78 | ||||
-rw-r--r-- | modules/blog/manifests/instance.pp | 129 | ||||
-rw-r--r-- | modules/blog/templates/settings.php.epp | 13 | ||||
-rw-r--r-- | modules/blog/templates/special-files.ini.epp | 16 | ||||
-rw-r--r-- | modules/profiles/manifests/gandalf_web.pp | 55 | ||||
-rw-r--r-- | modules/profiles/manifests/puppetserver.pp | 2 | ||||
-rw-r--r-- | modules/syslinux/lib/facter/efibootmgr.rb | 30 |
12 files changed, 272 insertions, 359 deletions
diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..7f015df --- /dev/null +++ b/data/common.yaml @@ -0,0 +1,30 @@ +certname: "%{fqdn}" + +nginx::nginx_servers_defaluts: + ssl: true + ssl_cert: "/etc/letsencrypt/live/%{certname}/fullchain.pem" + ssl_key: "/etc/letsencrypt/live/%{certname}/privkey.pem" + use_default_location: false + index_files: + - index.html + - index.htm + access_log: absent + error_log: absent + ssl_redirect: true + +nginx::manage_repo: false +nginx::surver_purge: true +nginx::service_config_check: true +nginx::http_format_log: my_format +nginx::log_formats: + nginx_default: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referrer" "$http_user_agent"' + my_format: '$remote_addr - $remote_user [$time_local] "$request_method $server_name$request_uri" $status $body_bytes_sent "$http_referer" "$http_user_agent"' +nginx::nginx_error_log_severity: notice +nginx::cfg_append: + rewrite_log: on +nginx::server_purge: true + +nginx::nginx_locations_defaults: + index_files: [] + ssl: true + autoindex: on diff --git a/data/nodes/gandalf.adrift.space.yaml b/data/nodes/gandalf.adrift.space.yaml new file mode 100644 index 0000000..2f89cd6 --- /dev/null +++ b/data/nodes/gandalf.adrift.space.yaml @@ -0,0 +1,51 @@ +--- +nginx::package_name: nginx-mainline +nginx::http_cfg_append: + 'charset': utf-8 +nginx::mime_types_preserve_defaults: true +ngnix::mime_types: + 'text/plain': 'wiki txt' +nginx::include_modules_enabled: true + +nginx::nginx_servers: + "%{facts.hostname}": + ipv6_enable: true + listen_options: defalut_server + ipv6_listen_options: default_server + server_name: + - _ + www_root: /var/www/adrift.space + "repo.%{fqdn}": + ipv6_enable: true, + ipv6_listen_options: '', + server_name: + - "repo.%{fqdn}" + ssl_redirect: true, + www_root: /usr/net/repo + use_default_location: true + +nginx::nginx_locations: + '/': + try_files: + - '$uri' + - '$uri/' + - '=404', + ssl_only: true + autoindex: on + server: "%{fqdn}" + '/varselklotet': + server: "%{fqdn}" + location_alias: /home/hugo/wiki/varselklotet + +shiori::port: 8081 +shiori:group_members: + - hugo +shiori::nginx: + server_name: "bookmark.${fqdn}" + certname: "%{certname}" + +profiles::syncthing::enable_for: + - hugo + +profiles::gandalf_web::certname: "%{certname}" +profiles::transmission:nginx_server: "%{fqdn}" diff --git a/manifests/site.pp b/manifests/site.pp index 1c75199..1097af3 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -134,40 +134,11 @@ node 'gandalf.adrift.space' { automount => true, } - class { '::profiles::syncthing': - enable_for => [ 'hugo', ], - } - - $certname = 'adrift.space' - - class { '::profiles::gandalf_web': - certname => $certname, - } - - nginx::resource::location { '/varselklotet': - server => 'gandalf', - location_alias => '/home/hugo/wiki/varselklotet', - try_files => ['$uri', '$uri/', '=404'], - autoindex => 'on', - ssl => true, - ssl_only => true, - index_files => [], - } - - class { 'profiles::transmission': - nginx_server => 'gandalf', - } + include ::profiles::syncthing + include ::profiles::gandalf_web + include ::profiles::transmission - class { 'shiori': - port => 8081, - group_members => [ - 'hugo', - ], - nginx => { - server_name => "bookmark.${facts['fqdn']}", - certname => $certname, - } - } + include ::shiori profiles::webdav_server { '/dav': file_path => '/var/www/webdav', @@ -184,10 +155,10 @@ node 'hornquist.se' { include ::profiles::firewall - ensure_packages([ - 'cowsay', - ], { ensure => installed }) + include ::nginx + # https://buddy.works/blog/how-deploy-projects-with-git + include ::blog nsupdate { 'hornquist.se': ensure => present, nameserver => 'ns2.adrift.space', @@ -198,33 +169,8 @@ node 'hornquist.se' { ], } - $blog_root = '/var/www/blog' $certname = 'hornquist' - class { '::cgit': - root => '/var/www/cgit', - root_title => 'Hornquist Git Repositiories', - root_desc => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ', - - about_filter => 'hugo-pre.sh', - auth_filter => 'hugo-authentication.lua', - source_filter => 'hugo-highlighting.sh', - - scan_path => '/home/git/git', - enable_http_clone => false, - clone_url => [ - 'https://git.hornquist.se/$CGIT_REPO_URL.git', - 'git@hornquist.se:git/$CGIT_REPO_URL.git', - ], - manage_server => 'nginx', - server_name => 'git.hornquist.se', - certname => $certname, - } - - # https://buddy.works/blog/how-deploy-projects-with-git - blog { 'Hugos blog': - root => "${blog_root}/hugo", - } service { 'php7.4-fpm': ensure => running, @@ -249,33 +195,8 @@ node 'hornquist.se' { | EOF } - # include apt - class { '::nginx': - manage_repo => false, - server_purge => true, - service_config_check => true, - http_format_log => 'my_format', - log_format => { - 'nginx_default' => '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"', - 'my_format' => '$remote_addr - $remote_user [$time_local] "$request_method $server_name$request_uri" $status $body_bytes_sent "$http_referer" "$http_user_agent"', - }, - # default 'error' - nginx_error_log_severity => 'notice', - http_cfg_append => { - rewrite_log => 'on', - }, - } - - - class { '::letsencrypt': - config => { - email => 'hugo.hornquist@gmail.com', - } - # renew_cron_ensure => present, - } - - ensure_packages(['python3-certbot-nginx'], - { ensure => installed }) + ensure_packages(['python3-certbot-nginx'], + { ensure => installed }) letsencrypt::certonly { $certname: ensure => present, @@ -293,96 +214,7 @@ node 'hornquist.se' { ], } - nginx::resource::server { - default: - access_log => 'absent', - error_log => 'absent', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - ; - 'blogg': - server_name => [ 'blogg.hornquist.se', ], - server_cfg_append => { - 'return' => '301 $scheme://blog.hornquist.se$request_uri', - }, - ; - 'blog': - server_name => [ 'blog.hornquist.se', ], - index_files => [ 'index.php', 'index.html', 'index.htm', ], - www_root => $blog_root, - } - - nginx::resource::server { 'hornquist': - server_name => [ - 'hornquist.se', - 'www.hornquist.se', - '_', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.php', 'index.html', 'index.htm', ], - listen_options => 'default_server', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => '/var/www/html', - # autoindex => 'on', - } - - nginx::resource::server { 'userdir': - server_name => [ - '~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ], - # SSL sites for userdir lack a cert due to wildcard certificates being - # "problematic". However, it's enabled here since a ::location with - # ssl => true WILL generate locations, even when server is missing. - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => '/home/$uname/.public', - # autoindex => 'on', - } - - - nginx::resource::server { 'wiki': - server_name => [ - 'wiki.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.html', ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => true, - www_root => '/var/www/wiki/public/html', - } - - nginx::resource::location { '/': - try_files => ['$uri', '$uri/', '=404'], - index_files => [], - ssl => true, - autoindex => on, - server => [ - 'blog', - 'hornquist', - 'userdir', - ] - } - nginx::resource::location { '/nyar': - location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' }, - ssl => true, - index_files => [], - server => [ 'hornquist', ], - } nginx::resource::location { '= /': # temprory redirect @@ -391,41 +223,6 @@ node 'hornquist.se' { index_files => [], server => [ 'blog', ], } - - nginx::resource::location { '~ \.php$': - fastcgi_params => 'snippets/fastcgi-php.conf', - fastcgi => 'unix:/run/php/php-fpm.sock', - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } - - nginx::resource::location { '~ \.cgi$': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - # 'SCRIPT_FILENAME' => '$document_root/*.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'userdir', - ], - } - - nginx::resource::location { '~ /\.ht': - location_cfg_append => { deny => 'all' }, - index_files => [], - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } } node default {} diff --git a/modules/blog/files/special-files.ini b/modules/blog/files/special-files.ini new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/modules/blog/files/special-files.ini diff --git a/modules/blog/manifests/blog.pp b/modules/blog/manifests/blog.pp new file mode 100644 index 0000000..9b5f050 --- /dev/null +++ b/modules/blog/manifests/blog.pp @@ -0,0 +1,6 @@ +class blog ( + String $blog_root, + Hash[String,Hash] $blogs = {} +) { + create_resources(blog::instance, $blogs) +} diff --git a/modules/blog/manifests/init.pp b/modules/blog/manifests/init.pp deleted file mode 100644 index a639311..0000000 --- a/modules/blog/manifests/init.pp +++ /dev/null @@ -1,78 +0,0 @@ -define blog ( - String $root, -) { - vcsrepo { $root: - ensure => latest, - provider => git, - source => 'https://github.com/HugoNikanor/website-blog-2.git', - revision => 'master', - # keep_local_changes => true, - owner => 'hugo', - group => 'www-data', - } - - vcsrepo { "${root}/entries": - ensure => latest, - provider => git, - source => '/home/git/git/blog-entries.git', - revision => 'master', - owner => 'hugo', - group => 'www-data', - } - - file { "${root}/settings.php": - ensure => file, - content => @(EOF) - <?php - # FILE MANAGED BY PUPPET - $author = "Hugo Hornquist"; - $blog_title = "HugoNikanors blogg‽"; - $blog_subtitle = "A blog about nothing, but mostly itself."; - $http_host = $_SERVER["HTTP_HOST"]; - $urlbase = "http://$http_host/hugo"; - $has_comments = false; - | EOF - } - - file { "${root}/footnote": - ensure => directory, - recurse => true, - } - - $foot_files = [ - ['about.md', 'About'], - ['contact.md', 'Contact'], - ['legal.md', 'Legal'], - ['qna.md', '"Q&A"'], - ] - - $foot_files.each |$item| { - file { "${root}/footnote/${item[0]}": - source => "puppet:///modules/blog/footers/${item[0]}", - } - } - - - $files_ini = join($foot_files.map |$item| { - @("EOF") - files[] = ${item[0]} - title[] = ${item[1]} - | EOF - }) - - file { "${root}/special-files.ini": - ensure => file, - content => @("EOF") - ; FILE MANAGED BY PUPPET - ; - ; Which files on the website that are "special" - ; This basicly means that they shouldn't have comments - [footnote] - ${files_ini} - - [other] - files[] = list - files[] = entry-not-found.md - | EOF - } -} diff --git a/modules/blog/manifests/instance.pp b/modules/blog/manifests/instance.pp new file mode 100644 index 0000000..dfe95be --- /dev/null +++ b/modules/blog/manifests/instance.pp @@ -0,0 +1,129 @@ +define blog::instance ( + String $blog_title = $name, + String $author, + Boolean $has_comments = false, + String $subtitle = '', + Optional[String] $vcs_repo = undef, + Optional[String] $domain = undef, + Optional[String] $domain_aliases = undef, +) { + + $root = "${blog::blog_root}/${title}" + + vcsrepo { $root: + ensure => latest, + provider => git, + source => 'https://github.com/HugoNikanor/website-blog-2.git', + revision => 'master', + # keep_local_changes => true, + owner => 'hugo', + group => 'www-data', + } + + if $vcs_repo { + vcsrepo { "${root}/entries": + ensure => latest, + provider => git, + source => $vcs_repo, + revision => 'master', + owner => 'hugo', + group => 'www-data', + } + } else { + file { "${root}/entries": + ensure => directory, + } + } + + file { "${root}/settings.php": + ensure => file, + content => epp('blog/settings.php.epp', { + author => $author, + title => $title, + subtitle => $subtitle, + has_comments => $has_comments, + }), + } + + file { "${root}/footnote": + ensure => directory, + recurse => true, + } + + $foot_files = [ + ['about.md', 'About'], + ['contact.md', 'Contact'], + ['legal.md', 'Legal'], + ['qna.md', '"Q&A"'], + ] + + $foot_files.each |$item| { + file { "${root}/footnote/${item[0]}": + source => "puppet:///modules/blog/footers/${item[0]}", + } + } + + file { "${root}/special-files.ini": + ensure => file, + content => $foot_files, + } + + if $domain { + $default = { + access_log => 'absent', + error_log => 'absent', + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + use_default_location => false, + } + $domain_conf = { + server_name => [ $domain, ], + index_files => [ 'index.php', 'index.html', 'index.htm', ], + www_root => $blog::blog_root, + } + + $main_conf = { + "${blog_title} - server" => $default + $domain_conf, + } + + create_resources(nginx::resource::server, $main_conf) + + if $domain_aliases { + $alias_conf = { + "${blog_title} - aliases" => $default + { + server_name => [ $domain_aliases ], + server_cfg_append => { + 'return' => '301 $scheme://blog.hornquist.se$request_uri', + }, + }, + } + create_resources(nginx::resource::server, $alias_conf) + } + + nginx::resource::location { "${blog_title} - server - /": + location => '/', + try_files => ['$uri', '$uri/', '=404'], + index_files => [], + ssl => true, + autoindex => on, + server => [ "${blog_title} - server", ] + } + + nginx::resource::location { "${blog_title} - server - php": + location => '~ \.php$', + fastcgi_params => 'snippets/fastcgi-php.conf', + fastcgi => 'unix:/run/php/php-fpm.sock', + ssl => true, + server => [ "${blog_title} - server", ], + } + + nginx::resource::location { "${blog_title} - server - ht": + location => '~ /\.ht', + location_cfg_append => { deny => 'all' }, + index_files => [], + ssl => true, + server => [ "${blog_title} - server", ], + } + } +} diff --git a/modules/blog/templates/settings.php.epp b/modules/blog/templates/settings.php.epp new file mode 100644 index 0000000..8f2e62d --- /dev/null +++ b/modules/blog/templates/settings.php.epp @@ -0,0 +1,13 @@ +<%- | String $author, + String $title, + String $subtitle, + Boolean $has_comments = false, +-%> +<?php +# FILE MANAGED BY PUPPET +$author = "<%= $author %>"; +$blog_title = "<%= $title %>"; +$blog_subtitle = "<%= $subtitle %>"; +$http_host = $_SERVER["HTTP_HOST"]; +$urlbase = "http://$http_host/hugo"; +$has_comments = <%= if $has_comments { 'true' } else { 'false' } %>; diff --git a/modules/blog/templates/special-files.ini.epp b/modules/blog/templates/special-files.ini.epp new file mode 100644 index 0000000..66b779a --- /dev/null +++ b/modules/blog/templates/special-files.ini.epp @@ -0,0 +1,16 @@ +<%- | Array[Tuple[String,String]] $foot_files, +| -%> +; FILE MANAGED BY PUPPET +; +; Which files on the website that are "special" +; This basicly means that they shouldnt have comments +[footnote] +<%- for $foot_files.each |$item| { -%> +files[] = <%= $item[0] %> +title[] = <%= $item[1] %> +<%- } -%> + +[other] +files[] = list +files[] = entry-not-found.md + diff --git a/modules/profiles/manifests/gandalf_web.pp b/modules/profiles/manifests/gandalf_web.pp index 1295d83..98b539f 100644 --- a/modules/profiles/manifests/gandalf_web.pp +++ b/modules/profiles/manifests/gandalf_web.pp @@ -2,21 +2,7 @@ class profiles::gandalf_web ( String $certname, ) { - class { '::nginx': - manage_repo => false, - # server_purge => true, - package_name => 'nginx-mainline', - service_config_check => true, - http_cfg_append => { - 'charset' => 'utf-8', - }, - mime_types_preserve_defaults => true, - mime_types => { - 'text/plain' => 'wiki txt', - }, - include_modules_enabled => true, - server_purge => true, - } + include ::nginx file { '/etc/nginx/modules-enabled': ensure => directory, @@ -60,43 +46,4 @@ class profiles::gandalf_web ( post_hook_commands => [ 'systemctl restart nginx.service', ], } - - nginx::resource::server { 'gandalf': - ipv6_enable => true, - listen_options => 'default_server', - ipv6_listen_options => 'default_server', - server_name => [ '_' ], - access_log => absent, - error_log => absent, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_redirect => true, - index_files => [ 'index.html', ], - www_root => '/var/www/adrift.space', - use_default_location => false, - } - - nginx::resource::location { '/': - try_files => ['$uri', '$uri/', '=404'], - index_files => [], - ssl => true, - ssl_only => true, - autoindex => on, - server => 'gandalf', - } - - nginx::resource::server { 'repo.gandalf.adrift.space': - ipv6_enable => true, - ipv6_listen_options => '', - server_name => [ 'repo.gandalf.adrift.space', ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_redirect => true, - index_files => [ 'index.html', ], - www_root => '/usr/net/repo/', - use_default_location => true, - } - } diff --git a/modules/profiles/manifests/puppetserver.pp b/modules/profiles/manifests/puppetserver.pp index 77d0d47..0dd1146 100644 --- a/modules/profiles/manifests/puppetserver.pp +++ b/modules/profiles/manifests/puppetserver.pp @@ -49,7 +49,7 @@ class profiles::puppetserver { { 'name' => 'local nodes', 'path' => 'nodes/%{trusted.certname}.yaml' - } + }, ] } diff --git a/modules/syslinux/lib/facter/efibootmgr.rb b/modules/syslinux/lib/facter/efibootmgr.rb index fdf95e0..f4a03f4 100644 --- a/modules/syslinux/lib/facter/efibootmgr.rb +++ b/modules/syslinux/lib/facter/efibootmgr.rb @@ -1,19 +1,21 @@ -Facter.add('efi') do - setcode do - out = {} - data = Facter::Core::Execution.execute('efibootmgr') - boots = {} - data.split("\n").each do |item| - if a = item.match(/BootOrder: (.*)/) then - out['BootOrder'] = a[1].split(',') - elsif a = item.match(/(\w*): (.*)/) then +if Facter::Core::Execution.which('efibootmgr') do + Facter.add('efi') do + setcode do + out = {} + data = Facter::Core::Execution.execute('efibootmgr') + boots = {} + data.split("\n").each do |item| + if a = item.match(/BootOrder: (.*)/) then + out['BootOrder'] = a[1].split(',') + elsif a = item.match(/(\w*): (.*)/) then out[a[1]] = a[2] - elsif a = item.match(/Boot(\d*)(\*?) (.*)/) - # a[2] contains if it's active - boots[a[1]] = a[3] + elsif a = item.match(/Boot(\d*)(\*?) (.*)/) + # a[2] contains if it's active + boots[a[1]] = a[3] + end end + out['boots'] = boots + out end - out['boots'] = boots - out end end |