node 'gandalf.adrift.space' { include ::rss_filter include ::networking nspawn::machine { 'busting': os => 'debian', enable => true, os_opts => { os_version => 'buster', } } # busting 10.0.0.42/23 nspawn::machine { 'yoursql': os => 'arch', enable => true, } class { '::dns': forwarders => [ '8.8.8.8', '8.8.4.4', ], dnssec_enable => 'no', dnssec_validation => 'no', # allow_query_cache => [ 'localnets', ], allow_recursion => [ 'localnets', ], empty_zones_enable => 'no', acls => { slaves => [ '83.250.160.195', ], }, config_check => false, manage_service => false, } $rev_zone = dns::reverse_dns($facts['networking']['network6'])[32,-1] dns::zone { default: manage_file => false, manage_file_name => true, ; 'hugo': ; 'hornquist.se': update_policy => { 'hornquist.se' => { action => 'grant', matchtype => 'zonesub', rr => 'ANY', } }, ; 'adrift.space': update_policy => { 'hornquist.se' => { action => 'grant', matchtype => 'zonesub', rr => 'ANY', }, 'hornquist.se' => { action => 'grant', matchtype => 'name', tname => 'dyntest.adrift.space', rr => 'TXT', }, }, allow_transfer => [ slaves, ], ; 'sub.adrift.space': ; '0.0.10.in-addr.arpa': reverse => true, ; '1.0.10.in-addr.arpa': reverse => true, zonetype => 'forward', forward => 'only', forwarders => [ '10.0.0.1', ], ; $rev_zone: reverse => true, ; } $key = lookup('nsupdate::secrets."hornquist.se"') dns::key { 'hornquist.se': algorithm => $key['algorithm'], secret => $key['secret'], } dns::logging::channel { 'xfer-log': log_type => 'file', file_path => '/var/log/named/log', print_category => 'yes', print_severity => 'yes', severity => 'info', file_size => '500K', file_versions => 5, } dns::logging::channel { 'default_syslog': log_type => 'syslog', syslog_facility => 'local2', severity => 'info', } dns::logging::category { [ 'xfer-in', 'xfer-out', 'notify', ]: channels => [ 'xfer-log', ], } # TODO restart named profiles::remarkable { 'any name': addr => '3', } include ::profiles::common include ::profiles::client include ::losetup include ::profiles::xmonad include ::profiles::workstation include ::profiles::dolphin include ::profiles::imagemagick systemd_mount { '/usr/net': what => 'elrond:/files', where => '/usr/net', wantedBy => 'remote-fs.target', automount => true, } include ::profiles::syncthing include ::profiles::gandalf_web include ::profiles::transmission include ::shiori profiles::webdav_server { '/dav': file_path => '/var/www/webdav', nginx_server => 'gandalf', users => lookup('profiles::webdav_server::users'), } } node 'hornquist.se' { include ::profiles::common include ::profiles::client include ::profiles::firewall include ::nginx # https://buddy.works/blog/how-deploy-projects-with-git include ::blog nsupdate { 'hornquist.se': ensure => present, nameserver => 'ns2.adrift.space', iface => 'eth0', records => [ { type => 'A', ttl => 3600, domain => 'hornquist.se' }, { type => 'A', ttl => 3600, domain => '*.hornquist.se' }, ], } $certname = 'hornquist' service { 'php7.4-fpm': ensure => running, enable => true, } service { 'fcgiwrap.socket': ensure => running, enable => true, } file { '/etc/systemd/system/php7.4-fpm.service.d': ensure => directory, } file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf': ensure => file, notify => Service['php7.4-fpm'], content => @(EOF) [Service] RuntimeDirectory=php | EOF } ensure_packages(['python3-certbot-nginx'], { ensure => installed }) letsencrypt::certonly { $certname: ensure => present, manage_cron => true, plugin => 'nginx', additional_args => [ '--quiet', ], post_hook_commands => [ 'systemctl reload nginx.service', ], domains => [ 'blog.hornquist.se', 'blogg.hornquist.se', 'www.hornquist.se', 'hornquist.se', 'git.hornquist.se', 'wiki.hornquist.se', ], } nginx::resource::location { '= /': # temprory redirect location_custom_cfg => { return => '307 /hugo' }, ssl => true, index_files => [], server => [ 'blog', ], } } node default {}