From c8e9b56cf3b7664e980f312b75c6bfac9b276703 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 3 Jan 2022 22:15:39 +0100
Subject: stuff

---
 manifests/site.pp | 221 +++---------------------------------------------------
 1 file changed, 9 insertions(+), 212 deletions(-)

(limited to 'manifests')

diff --git a/manifests/site.pp b/manifests/site.pp
index 1c75199..1097af3 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -134,40 +134,11 @@ node 'gandalf.adrift.space' {
     automount => true,
   }
 
-  class { '::profiles::syncthing':
-    enable_for => [ 'hugo', ],
-  }
-
-  $certname = 'adrift.space'
-
-  class { '::profiles::gandalf_web':
-    certname => $certname,
-  }
-
-  nginx::resource::location { '/varselklotet':
-    server         => 'gandalf',
-    location_alias => '/home/hugo/wiki/varselklotet',
-    try_files      => ['$uri', '$uri/', '=404'],
-    autoindex      => 'on',
-    ssl            => true,
-    ssl_only       => true,
-    index_files    => [],
-  }
-
-  class { 'profiles::transmission':
-    nginx_server => 'gandalf',
-  }
+  include ::profiles::syncthing
+  include ::profiles::gandalf_web
+  include ::profiles::transmission
 
-  class { 'shiori':
-    port          => 8081,
-    group_members => [
-      'hugo',
-    ],
-    nginx         => {
-      server_name => "bookmark.${facts['fqdn']}",
-      certname    => $certname,
-    }
-  }
+  include ::shiori
 
   profiles::webdav_server { '/dav':
     file_path    => '/var/www/webdav',
@@ -184,10 +155,10 @@ node 'hornquist.se' {
 
   include ::profiles::firewall
 
-  ensure_packages([
-    'cowsay',
-  ], { ensure => installed })
+  include ::nginx
 
+  # https://buddy.works/blog/how-deploy-projects-with-git
+  include ::blog
   nsupdate { 'hornquist.se':
     ensure     => present,
     nameserver => 'ns2.adrift.space',
@@ -198,33 +169,8 @@ node 'hornquist.se' {
     ],
   }
 
-  $blog_root = '/var/www/blog'
   $certname = 'hornquist'
 
-  class { '::cgit':
-    root => '/var/www/cgit',
-    root_title    => 'Hornquist Git Repositiories',
-    root_desc     => 'ᛏᚨᚾᛞᛖᛋ᛫ᛖᚾᛞᚨᛋᛏ᛫ᛗᛟᛏ᛫ᛚᚨᛞᚨᚾᛋ᛫ᛈᛚᚨᚾ',
-
-    about_filter  => 'hugo-pre.sh',
-    auth_filter   => 'hugo-authentication.lua',
-    source_filter => 'hugo-highlighting.sh',
-
-    scan_path     => '/home/git/git',
-    enable_http_clone => false,
-    clone_url     => [
-      'https://git.hornquist.se/$CGIT_REPO_URL.git',
-      'git@hornquist.se:git/$CGIT_REPO_URL.git',
-    ],
-    manage_server => 'nginx',
-    server_name   => 'git.hornquist.se',
-    certname      => $certname,
-  }
-
-  # https://buddy.works/blog/how-deploy-projects-with-git
-  blog { 'Hugos blog':
-    root => "${blog_root}/hugo",
-  }
 
   service { 'php7.4-fpm':
     ensure => running,
@@ -249,33 +195,8 @@ node 'hornquist.se' {
     | EOF
   }
 
-  # include apt
-  class { '::nginx':
-    manage_repo          => false,
-    server_purge         => true,
-    service_config_check => true,
-    http_format_log      => 'my_format',
-    log_format           => {
-      'nginx_default' => '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"',
-      'my_format' => '$remote_addr - $remote_user [$time_local] "$request_method $server_name$request_uri" $status $body_bytes_sent "$http_referer" "$http_user_agent"',
-    },
-    # default 'error'
-    nginx_error_log_severity => 'notice',
-    http_cfg_append    => {
-      rewrite_log => 'on',
-    },
-  }
-
-
-  class { '::letsencrypt':
-      config => {
-        email => 'hugo.hornquist@gmail.com',
-      }
-      # renew_cron_ensure => present,
-  }
-
-    ensure_packages(['python3-certbot-nginx'],
-      { ensure => installed })
+  ensure_packages(['python3-certbot-nginx'],
+    { ensure => installed })
 
   letsencrypt::certonly { $certname:
       ensure             => present,
@@ -293,96 +214,7 @@ node 'hornquist.se' {
     ],
   }
 
-  nginx::resource::server {
-  default:
-    access_log           => 'absent',
-    error_log            => 'absent',
-    ssl                  => true,
-    ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-    ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    use_default_location => false,
-    ;
-  'blogg':
-    server_name => [ 'blogg.hornquist.se', ],
-    server_cfg_append => {
-      'return' => '301 $scheme://blog.hornquist.se$request_uri',
-    },
-    ;
-  'blog':
-    server_name => [ 'blog.hornquist.se', ],
-    index_files          => [ 'index.php', 'index.html', 'index.htm', ],
-    www_root             => $blog_root,
-  }
-
-  nginx::resource::server { 'hornquist':
-    server_name => [
-      'hornquist.se',
-      'www.hornquist.se',
-      '_',
-    ],
-    access_log           => 'absent',
-    error_log            => 'absent',
-    index_files          => [ 'index.php', 'index.html', 'index.htm', ],
-    listen_options       => 'default_server',
-    ssl                  => true,
-    ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-    ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    use_default_location => false,
-    www_root             => '/var/www/html',
-    # autoindex => 'on',
-  }
-
-  nginx::resource::server { 'userdir':
-    server_name => [
-      '~^(?P<uname>[a-z][-a-z0-9]*)\.hornquist\.se',
-    ],
-    access_log           => 'absent',
-    error_log            => 'absent',
-    index_files          => [ 'index.cgi', 'index.php', 'index.html', 'index.htm', ],
-    # SSL sites for userdir lack a cert due to wildcard certificates being
-    # "problematic". However, it's enabled here since a ::location with
-    # ssl => true WILL generate locations, even when server is missing.
-    ssl                  => true,
-    ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-    ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    use_default_location => false,
-    www_root             => '/home/$uname/.public',
-    # autoindex => 'on',
-  }
-
-
-  nginx::resource::server { 'wiki':
-    server_name => [
-      'wiki.hornquist.se',
-    ],
-    access_log           => 'absent',
-    error_log            => 'absent',
-    index_files          => [ 'index.html', ],
-    ssl                  => true,
-    ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-    ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    use_default_location => true,
-    www_root             => '/var/www/wiki/public/html',
-  }
-
-  nginx::resource::location { '/':
-    try_files => ['$uri', '$uri/', '=404'],
-    index_files => [],
-    ssl => true,
-    autoindex => on,
-    server => [
-      'blog',
-      'hornquist',
-      'userdir',
-    ]
-  }
 
-  nginx::resource::location { '/nyar':
-    location_custom_cfg => { return => '307 http://www.lysator.liu.se/~hugo/song/2018.html' },
-    ssl => true,
-    index_files => [],
-    server => [ 'hornquist', ],
-  }
 
   nginx::resource::location { '= /':
     # temprory redirect
@@ -391,41 +223,6 @@ node 'hornquist.se' {
     index_files => [],
     server => [ 'blog', ],
   }
-
-  nginx::resource::location { '~ \.php$':
-    fastcgi_params => 'snippets/fastcgi-php.conf',
-    fastcgi => 'unix:/run/php/php-fpm.sock',
-    ssl => true,
-    server => [
-      'blog',
-      'hornquist',
-      'userdir',
-    ],
-  }
-
-  nginx::resource::location { '~ \.cgi$':
-    fastcgi_params => 'fastcgi_params',
-    fastcgi_param => {
-      # 'SCRIPT_FILENAME' => '$document_root/*.cgi',
-      'PATH_INFO' => '$fastcgi_script_name',
-      'QUERY_STRING' => '$args',
-    },
-    fastcgi => 'unix:/run/fcgiwrap.socket',
-    server => [
-      'userdir',
-    ],
-  }
-
-  nginx::resource::location { '~ /\.ht':
-    location_cfg_append => { deny => 'all' },
-    index_files => [],
-    ssl => true,
-    server => [
-      'blog',
-      'hornquist',
-      'userdir',
-    ],
-  }
 }
 
 node default {}
-- 
cgit v1.2.3