Move remaining out of site.pp.

author: Hugo Hörnquist <hugo@lysator.liu.se> 2022-01-05 05:07:25 +0100
committer: Hugo Hörnquist <hugo@lysator.liu.se> 2022-01-05 05:07:25 +0100
commit: cad8f107bf7e81ab143cc7a2cb9660761589eb3b (patch)
tree: c7ed9628010a96bbc3dfda297e64da237107a049
parent: Set refreshonly for wpa_supplicant. (diff)
download: webdav_server-cad8f107bf7e81ab143cc7a2cb9660761589eb3b.tar.gz
webdav_server-cad8f107bf7e81ab143cc7a2cb9660761589eb3b.tar.xz
7 files changed, 135 insertions, 157 deletions
diff --git a/manifests/site.pp b/manifests/site.pp
deleted file mode 100644
index 03e8438..0000000
--- a/manifests/site.pp
+++ /dev/null
@@ -1,60 +0,0 @@
-
-node 'hornquist.se' {
-
-  include ::profiles::common
-  include ::profiles::client
-
-  include ::profiles::firewall
-
-  include ::nginx
-
-  # https://buddy.works/blog/how-deploy-projects-with-git
-  include ::blog
-
-  nsupdate { 'hornquist.se':
-    ensure     => present,
-    nameserver => 'ns2.adrift.space',
-    iface      => 'eth0',
-    records    => [
-      { type => 'A', ttl => 3600, domain => 'hornquist.se' },
-      { type => 'A', ttl => 3600, domain => '*.hornquist.se' },
-    ],
-  }
-
-  service { 'php7.4-fpm':
-    ensure => running,
-    enable => true,
-  }
-
-  service { 'fcgiwrap.socket':
-    ensure => running,
-    enable => true,
-  }
-
-  file { '/etc/systemd/system/php7.4-fpm.service.d':
-    ensure => directory,
-  }
-
-  file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf':
-    ensure => file,
-    notify => Service['php7.4-fpm'],
-    content => @(EOF)
-    [Service]
-    RuntimeDirectory=php
-    | EOF
-  }
-
-  include ::profiles::letsencrypt
-
-
-
-  nginx::resource::location { '= /':
-    # temprory redirect
-    location_custom_cfg => { return => '307 /hugo' },
-    ssl => true,
-    index_files => [],
-    server => [ 'blog', ],
-  }
-}
-
-node default {}
diff --git a/modules/blog/manifests/init.pp b/modules/blog/manifests/init.pp
index 9b5f050..1ecce39 100644
--- a/modules/blog/manifests/init.pp
+++ b/modules/blog/manifests/init.pp
@@ -1,6 +1,42 @@
 class blog (
   String $blog_root,
-  Hash[String,Hash] $blogs = {}
+  Hash[String,Hash] $blogs = {},
+  Optional[String] $domain = undef,
+  Optional[Array[String]] $domain_aliases = undef,
 ) {
   create_resources(blog::instance, $blogs)
+
+  if $domain {
+    $default = {
+      access_log           => 'absent',
+      error_log            => 'absent',
+      ssl                  => true,
+      ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+      ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+      use_default_location => false,
+    }
+    $domain_conf = {
+      server_name => [ $domain, ],
+      index_files => [ 'index.php', 'index.html', 'index.htm', ],
+      www_root    => $blog::blog_root,
+    }
+
+    $main_conf = {
+      "${safe_title} - server" => $default + $domain_conf,
+    }
+
+    create_resources(nginx::resource::server, $main_conf)
+
+    if $domain_aliases {
+      $alias_conf = {
+        "${safe_title} - aliases" => $default + {
+          server_name => $domain_aliases,
+          server_cfg_append => {
+            'return' => '301 $scheme://blog.hornquist.se$request_uri',
+          },
+        },
+      }
+      create_resources(nginx::resource::server, $alias_conf)
+    }
+  }
 }
diff --git a/modules/blog/manifests/instance.pp b/modules/blog/manifests/instance.pp
index 0bbdb32..adaa30d 100644
--- a/modules/blog/manifests/instance.pp
+++ b/modules/blog/manifests/instance.pp
@@ -4,8 +4,6 @@ define blog::instance (
   Boolean $has_comments = false,
   String $subtitle = '',
   Optional[String] $vcs_repo = undef,
-  Optional[String] $domain = undef,
-  Optional[Array[String]] $domain_aliases = undef,
 ) {
 
   $root = "${blog::blog_root}/${title}"
@@ -71,38 +69,7 @@ define blog::instance (
 
     $certname = lookup('certname')
 
-    if $domain {
-      $default = {
-        access_log           => 'absent',
-        error_log            => 'absent',
-        ssl                  => true,
-        ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-        ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
-        use_default_location => false,
-      }
-      $domain_conf = {
-        server_name => [ $domain, ],
-        index_files => [ 'index.php', 'index.html', 'index.htm', ],
-        www_root    => $blog::blog_root,
-      }
-
-      $main_conf = {
-        "${safe_title} - server" => $default + $domain_conf,
-      }
-
-      create_resources(nginx::resource::server, $main_conf)
-
-      if $domain_aliases {
-        $alias_conf = {
-          "${safe_title} - aliases" => $default + {
-            server_name => $domain_aliases,
-            server_cfg_append => {
-              'return' => '301 $scheme://blog.hornquist.se$request_uri',
-            },
-          },
-        }
-        create_resources(nginx::resource::server, $alias_conf)
-      }
+    if $blog::domain {
 
       nginx::resource::location { "${safe_title} - server - /":
         location    => '/',
diff --git a/modules/nsupdate/manifests/init.pp b/modules/nsupdate/manifests/init.pp
index 8141f5a..08c5080 100644
--- a/modules/nsupdate/manifests/init.pp
+++ b/modules/nsupdate/manifests/init.pp
@@ -1,64 +1,6 @@
-# type DNSRecordType = ['A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
-# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
-# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
-# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
-# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
-# 'TSIG', 'TXT', 'URI', 'ZA', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
-# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
-# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
-# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
-# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
-# 'TSIG', 'TXT', 'URI', 'ZONEMD']
-
-type DNSRecordType = Enum['A']
-
-type DNSRecord = Struct[{
-	domain => String,
-	type   => DNSRecordType,
-	ttl    => Integer,
-}]
-
-# Sets up a single instance of a reoccuring nsupdate.
-# Note that nsupdate::secret.$keyname needs to be made available through hiera
-# /etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml
-define nsupdate (
-  String $nameserver,
-  Array[DNSRecord] $records,
-  String $iface = $facts['networking']['primary'],
-  Enum['present', 'absent'] $ensure = present,
-  String $keyname = $name,
+class nsupdate (
+  Hash[String,Hash] $instances,
+  Hash[String,Hash] $secrets,
 ) {
-
-  require ::nsupdate::setup
-
-  file { "/usr/libexec/nsupdate/${name}":
-	ensure => $ensure,
-	mode => '0555',
-    content => epp('nsupdate/nsupdate.epp', {
-		iface      => $iface,
-		nameserver => $nameserver,
-		records    => $records,
-		keyname    => $keyname,
-	})
-  }
-
-  $key = lookup("nsupdate::secrets.\"${keyname}\"")
-  $secret = Sensitive($key['secret'])
-  file { "/var/lib/nsupdate/${keyname}.key":
-	ensure  => file,
-	mode    => '0400',
-	show_diff => false,
-    content => @("EOF")
-	key "${keyname}" {
-		algorithm ${key['algorithm']};
-		secret "${secret.unwrap}";
-	};
-	| EOF
-  }
-
-  cron { "nsupdate ${name}":
-	  ensure => $ensure,
-	  command => "/usr/libexec/nsupdate/${name}",
-	  minute => 0,
-  }
+  create_resources(nsupdate::instance, $instances)
 }
diff --git a/modules/nsupdate/manifests/instance.pp b/modules/nsupdate/manifests/instance.pp
new file mode 100644
index 0000000..7f2f3ff
--- /dev/null
+++ b/modules/nsupdate/manifests/instance.pp
@@ -0,0 +1,64 @@
+# type DNSRecordType = ['A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
+# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
+# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
+# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
+# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
+# 'TSIG', 'TXT', 'URI', 'ZA', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS',
+# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48',
+# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX',
+# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG',
+# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA',
+# 'TSIG', 'TXT', 'URI', 'ZONEMD']
+
+type DNSRecordType = Enum['A']
+
+type DNSRecord = Struct[{
+	domain => String,
+	type   => DNSRecordType,
+	ttl    => Integer,
+}]
+
+# Sets up a single instance of a reoccuring nsupdate.
+# Note that nsupdate::secret.$keyname needs to be made available through hiera
+# /etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml
+define nsupdate::instance (
+  String $nameserver,
+  Array[DNSRecord] $records,
+  String $iface = $facts['networking']['primary'],
+  Enum['present', 'absent'] $ensure = present,
+  String $keyname = $name,
+) {
+
+  require ::nsupdate::setup
+
+  file { "/usr/libexec/nsupdate/${name}":
+	ensure => $ensure,
+	mode => '0555',
+    content => epp('nsupdate/nsupdate.epp', {
+		iface      => $iface,
+		nameserver => $nameserver,
+		records    => $records,
+		keyname    => $keyname,
+	})
+  }
+
+  $key = $nsupdate::secrets[$keyname]
+  $secret = Sensitive($key['secret'])
+  file { "/var/lib/nsupdate/${keyname}.key":
+	ensure  => file,
+	mode    => '0400',
+	show_diff => false,
+    content => @("EOF")
+	key "${keyname}" {
+		algorithm ${key['algorithm']};
+		secret "${secret.unwrap}";
+	};
+	| EOF
+  }
+
+  cron { "nsupdate ${name}":
+	  ensure => $ensure,
+	  command => "/usr/libexec/nsupdate/${name}",
+	  minute => 0,
+  }
+}
diff --git a/modules/profiles/manifests/fcgiwrap.pp b/modules/profiles/manifests/fcgiwrap.pp
new file mode 100644
index 0000000..fa667d1
--- /dev/null
+++ b/modules/profiles/manifests/fcgiwrap.pp
@@ -0,0 +1,8 @@
+class profiles::fcgiwrap {
+  ensure_packages(['fcgiwrap'])
+
+  service { 'fcgiwrap.socket':
+    ensure => running,
+    enable => true,
+  }
+}
diff --git a/modules/profiles/manifests/phpfpm.pp b/modules/profiles/manifests/phpfpm.pp
new file mode 100644
index 0000000..2aaf0df
--- /dev/null
+++ b/modules/profiles/manifests/phpfpm.pp
@@ -0,0 +1,21 @@
+class profiles::phpfpm (
+  String $version = '7.4',
+) {
+
+  # The packageg php-fpm also exists, which simply pulls in php7.4-fpm
+
+  ensure_packages(["php${version}-fpm"])
+
+  service { "php${version}-fpm":
+    ensure => running,
+    enable => true,
+  }
+
+  systemd::dropin_file { 'runtime-dir.conf':
+    unit    => 'php${version}-fpm.service',
+    content =>  @(EOF)
+      [Service]
+      RuntimeDirectory=php
+      | EOF
+  }
+}
author	Hugo Hörnquist <hugo@lysator.liu.se>	2022-01-05 05:07:25 +0100
committer	Hugo Hörnquist <hugo@lysator.liu.se>	2022-01-05 05:07:25 +0100
commit	cad8f107bf7e81ab143cc7a2cb9660761589eb3b (patch)
tree	c7ed9628010a96bbc3dfda297e64da237107a049
parent	Set refreshonly for wpa_supplicant. (diff)
download	webdav_server-cad8f107bf7e81ab143cc7a2cb9660761589eb3b.tar.gz webdav_server-cad8f107bf7e81ab143cc7a2cb9660761589eb3b.tar.xz