diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-03 22:15:39 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-03 22:21:50 +0100 |
| commit | c8e9b56cf3b7664e980f312b75c6bfac9b276703 (patch) | |
| tree | 6a1a2dc13e88fe0b661b550d685e578f03a19051 /manifests | |
| parent | Allow lists in networkd config. (diff) | |
| download | webdav_server-c8e9b56cf3b7664e980f312b75c6bfac9b276703.tar.gz webdav_server-c8e9b56cf3b7664e980f312b75c6bfac9b276703.tar.xz | |
stuff
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/site.pp | 221 |
1 files changed, 9 insertions, 212 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 1c75199..1097af3 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -134,40 +134,11 @@ node 'gandalf.adrift.space' { automount => true, } - class { '::profiles::syncthing': - enable_for => [ 'hugo', ], - } - - $certname = 'adrift.space' - - class { '::profiles::gandalf_web': - certname => $certname, - } - - nginx::resource::location { '/varselklotet': - server => 'gandalf', - location_alias => '/home/hugo/wiki/varselklotet', - try_files => ['$uri', '$uri/', '=404'], - autoindex => 'on', - ssl => true, - ssl_only => true, - index_files => [], - } - - class { 'profiles::transmission': - nginx_server => 'gandalf', - } + include ::profiles::syncthing + include ::profiles::gandalf_web + include ::profiles::transmission - class { 'shiori': - port => 8081, - group_members => [ - 'hugo', - ], - nginx => { - server_name => "bookmark.${facts['fqdn']}", - certname => $certname, - } - } + include ::shiori profiles::webdav_server { '/dav': file_path => '/var/www/webdav', @@ -184,10 +155,10 @@ node 'hornquist.se' { include ::profiles::firewall - ensure_packages([ - 'cowsay', - ], { ensure => installed }) + include ::nginx + # https://buddy.works/blog/how-deploy-projects-with-git + include ::blog nsupdate { 'hornquist.se': ensure => present, nameserver => 'ns2.adrift.space', @@ -198,33 +169,8 @@ node 'hornquist.se' { ], } - $blog_root = '/var/www/blog' $certname = 'hornquist' - class { '::cgit': - root => '/var/www/cgit', - root_title => 'Hornquist Git Repositiories', - root_desc => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ', - - about_filter => 'hugo-pre.sh', - auth_filter => 'hugo-authentication.lua', - source_filter => 'hugo-highlighting.sh', - - scan_path => '/home/git/git', - enable_http_clone => false, - clone_url => [ - 'https://git.hornquist.se/$CGIT_REPO_URL.git', - 'git@hornquist.se:git/$CGIT_REPO_URL.git', - ], - manage_server => 'nginx', - server_name => 'git.hornquist.se', - certname => $certname, - } - - # https://buddy.works/blog/how-deploy-projects-with-git - blog { 'Hugos blog': - root => "${blog_root}/hugo", - } service { 'php7.4-fpm': ensure => running, @@ -249,33 +195,8 @@ node 'hornquist.se' { | EOF } - # include apt - class { '::nginx': - manage_repo => false, - server_purge => true, - service_config_check => true, - http_format_log => 'my_format', - log_format => { - 'nginx_default' => '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"', - 'my_format' => '$remote_addr - $remote_user [$time_local] "$request_method $server_name$request_uri" $status $body_bytes_sent "$http_referer" "$http_user_agent"', - }, - # default 'error' - nginx_error_log_severity => 'notice', - http_cfg_append => { - rewrite_log => 'on', - }, - } - - - class { '::letsencrypt': - config => { - email => 'hugo.hornquist@gmail.com', - } - # renew_cron_ensure => present, - } - - ensure_packages(['python3-certbot-nginx'], - { ensure => installed }) + ensure_packages(['python3-certbot-nginx'], + { ensure => installed }) letsencrypt::certonly { $certname: ensure => present, @@ -293,96 +214,7 @@ node 'hornquist.se' { ], } - nginx::resource::server { - default: - access_log => 'absent', - error_log => 'absent', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - ; - 'blogg': - server_name => [ 'blogg.hornquist.se', ], - server_cfg_append => { - 'return' => '301 $scheme://blog.hornquist.se$request_uri', - }, - ; - 'blog': - server_name => [ 'blog.hornquist.se', ], - index_files => [ 'index.php', 'index.html', 'index.htm', ], - www_root => $blog_root, - } - - nginx::resource::server { 'hornquist': - server_name => [ - 'hornquist.se', - 'www.hornquist.se', - '_', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.php', 'index.html', 'index.htm', ], - listen_options => 'default_server', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => '/var/www/html', - # autoindex => 'on', - } - - nginx::resource::server { 'userdir': - server_name => [ - '~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ], - # SSL sites for userdir lack a cert due to wildcard certificates being - # "problematic". However, it's enabled here since a ::location with - # ssl => true WILL generate locations, even when server is missing. - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - www_root => '/home/$uname/.public', - # autoindex => 'on', - } - - - nginx::resource::server { 'wiki': - server_name => [ - 'wiki.hornquist.se', - ], - access_log => 'absent', - error_log => 'absent', - index_files => [ 'index.html', ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => true, - www_root => '/var/www/wiki/public/html', - } - - nginx::resource::location { '/': - try_files => ['$uri', '$uri/', '=404'], - index_files => [], - ssl => true, - autoindex => on, - server => [ - 'blog', - 'hornquist', - 'userdir', - ] - } - nginx::resource::location { '/nyar': - location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' }, - ssl => true, - index_files => [], - server => [ 'hornquist', ], - } nginx::resource::location { '= /': # temprory redirect @@ -391,41 +223,6 @@ node 'hornquist.se' { index_files => [], server => [ 'blog', ], } - - nginx::resource::location { '~ \.php$': - fastcgi_params => 'snippets/fastcgi-php.conf', - fastcgi => 'unix:/run/php/php-fpm.sock', - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } - - nginx::resource::location { '~ \.cgi$': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - # 'SCRIPT_FILENAME' => '$document_root/*.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'userdir', - ], - } - - nginx::resource::location { '~ /\.ht': - location_cfg_append => { deny => 'all' }, - index_files => [], - ssl => true, - server => [ - 'blog', - 'hornquist', - 'userdir', - ], - } } node default {} |