Initial commit.

author: Hugo Hörnquist <hugo@hornquist.se> 2021-06-29 18:41:59 +0200
committer: Hugo Hörnquist <hugo@hornquist.se> 2021-06-29 18:41:59 +0200
commit: 74f508b9bba9ebbccc891307ee90c357c82e4f4c (patch)
tree: 62bb7949857a56797380ddf060968b45dc40e6c0 /manifests/site.pp
download: webdav_server-74f508b9bba9ebbccc891307ee90c357c82e4f4c.tar.gz
webdav_server-74f508b9bba9ebbccc891307ee90c357c82e4f4c.tar.xz
1 files changed, 245 insertions, 0 deletions
diff --git a/manifests/site.pp b/manifests/site.pp
new file mode 100644
index 0000000..a18bec7
--- /dev/null
+++ b/manifests/site.pp
@@ -0,0 +1,245 @@
+node 'hornquist.se' {
+	ensure_packages([
+		'cowsay',
+	], { ensure => installed })
+
+	$cgit_root = '/var/www/cgit';
+
+	class { '::cgit':
+		root => $cgit_root,
+		root_title    => 'Hornquist Git Repositiories',
+		root_desc     => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ',
+		about_filter  => 'hugo-pre.sh',
+		auth_filter   => 'hugo-authentication.lua',
+		source_filter => 'hugo-highlighting.sh',
+		scan_path     => '/home/git/git',
+		clone_url     => [
+			'https://git.hornquist.se/$CGIT_REPO_URL',
+			'git@hornquist.se:$CGIT_REPO_URL.git',
+			'(HTTP_only_for_public_repos)',
+		],
+	}
+
+	service { 'php7.4-fpm':
+		ensure => running,
+		enable => true,
+	}
+
+	service { 'fcgiwrap.socket':
+		ensure => running,
+		enable => true,
+	}
+
+	file { '/etc/systemd/system/php7.4-fpm.service.d':
+		ensure => directory,
+	}
+
+	file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf':
+		ensure => file,
+		notify => Service['php7.4-fpm'],
+		content => @(EOF)
+		[Service]
+		RuntimeDirectory=php
+		| EOF
+	}
+
+	# include apt
+	class { '::nginx':
+		manage_repo => false,
+		server_purge => true,
+		service_config_check => true,
+	}
+
+	$certname = 'hornquist'
+
+	class { 'letsencrypt':
+		email => 'hugo.hornquist@gmail.com',
+	}
+
+	letsencrypt::certonly { $certname:
+		domains => [
+			'blog.hornquist.se',
+			'blogg.hornquist.se',
+			'www.hornquist.se',
+			'hornquist.se',
+			'git.hornquist.se',
+			'wiki.hornquist.se',
+		],
+		plugin => 'nginx',
+	}
+
+	nginx::resource::server { 'blogg':
+		server_name => [ 'blogg.hornquist.se', ],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		ssl                  => true,
+		ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+		ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+		use_default_location => false,
+		server_cfg_append => {
+			'return' => '301 $scheme://blog.hornquist.se$request_uri',
+		}
+	}
+
+	nginx::resource::server { 'blog':
+		server_name => [
+			'blog.hornquist.se',
+		],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		index_files          => [ 'index.php', 'index.html', 'index.htm', ],
+		ssl                  => true,
+		ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+		ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+		use_default_location => false,
+		www_root             => '/var/www/blog',
+	}
+
+	nginx::resource::server { 'hornquist':
+		server_name => [
+			'hornquist.se',
+			'www.hornquist.se',
+			'_',
+		],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		index_files          => [ 'index.php', 'index.html', 'index.htm', ],
+		listen_options       => 'default_server',
+		ssl                  => true,
+		ssl_cert             => '/etc/letsencrypt/live/hornquist/fullchain.pem',
+		ssl_key              => '/etc/letsencrypt/live/hornquist/privkey.pem',
+		use_default_location => false,
+		www_root             => '/var/www/html',
+		# autoindex => 'on',
+	}
+
+	nginx::resource::server { 'userdir':
+		server_name => [
+			'~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se',
+		],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		index_files          => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ],
+		# SSL sites for userdir lack a cert due to wildcard certificates being
+		# "problematic". However, it's enabled here since a ::location with
+		# ssl => true WILL generate locations, even when server is missing.
+		ssl                  => true,
+		ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+		ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+		use_default_location => false,
+		www_root             => '/home/$uname/.public',
+		# autoindex => 'on',
+	}
+
+
+	nginx::resource::server { 'wiki':
+		server_name => [
+			'wiki.hornquist.se',
+		],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		index_files          => [ 'index.html', ],
+		ssl                  => true,
+		ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+		ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+		use_default_location => true,
+		www_root             => '/var/www/wiki/html',
+	}
+
+	nginx::resource::server { 'cgit':
+		server_name => [
+			'git.hornquist.se',
+		],
+		access_log           => 'absent',
+		error_log            => 'absent',
+		index_files          => [],
+		try_files => [ '$uri', '@cgit' ],
+		ssl                  => true,
+		ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+		ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
+		use_default_location => true,
+		www_root             => $cgit_root,
+		ssl_redirect => true,
+		# /usr/lib/cgit/cgit.cgi
+		# /usr/share/cgit/cgit.css
+	}
+
+	nginx::resource::location { '@cgit':
+		fastcgi_params => 'fastcgi_params',
+		fastcgi_param => {
+			'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi',
+			'PATH_INFO' => '$fastcgi_script_name',
+			'QUERY_STRING' => '$args',
+		},
+		ssl_only => true,
+		fastcgi => 'unix:/run/fcgiwrap.socket',
+		server => [
+			'cgit',
+		],
+	}
+
+	# TODO extra locations for dumb git clones?
+
+	nginx::resource::location { '/':
+		try_files => ['$uri', '$uri/', '=404'],
+		index_files => [],
+		ssl => true,
+		autoindex => on,
+		server => [
+			'blog',
+			'hornquist',
+			'userdir',
+		]
+	}
+
+	nginx::resource::location { '/nyar':
+		location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' },
+		ssl => true,
+		index_files => [],
+		server => [ 'hornquist', ],
+	}
+
+	nginx::resource::location { '= /':
+		# temprory redirect
+		location_custom_cfg => { return => '307 /hugo' },
+		ssl => true,
+		index_files => [],
+		server => [ 'blog', ],
+	}
+
+	nginx::resource::location { '~ \.php$':
+		fastcgi_params => 'snippets/fastcgi-php.conf',
+		fastcgi => 'unix:/run/php/php-fpm.sock',
+		ssl => true,
+		server => [
+			'blog',
+			'hornquist',
+			'userdir',
+		],
+	}
+
+	nginx::resource::location { '~ \.cgi$':
+		fastcgi_params => 'fastcgi_params',
+		fastcgi_param => {
+			# 'SCRIPT_FILENAME' => '$document_root/*.cgi',
+			'PATH_INFO' => '$fastcgi_script_name',
+			'QUERY_STRING' => '$args',
+		},
+		fastcgi => 'unix:/run/fcgiwrap.socket',
+		server => [
+			'userdir',
+		],
+	}
+
+	nginx::resource::location { '~ \.ht':
+		location_cfg_append => { deny => 'all' },
+		index_files => [],
+		ssl => true,
+		server => [
+			'blog',
+			'hornquist',
+			'userdir',
+		],
+	}
+
+}
author	Hugo Hörnquist <hugo@hornquist.se>	2021-06-29 18:41:59 +0200
committer	Hugo Hörnquist <hugo@hornquist.se>	2021-06-29 18:41:59 +0200
commit	74f508b9bba9ebbccc891307ee90c357c82e4f4c (patch)
tree	62bb7949857a56797380ddf060968b45dc40e6c0 /manifests/site.pp
download	webdav_server-74f508b9bba9ebbccc891307ee90c357c82e4f4c.tar.gz webdav_server-74f508b9bba9ebbccc891307ee90c357c82e4f4c.tar.xz