1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
node 'hornquist.se' {
include ::profiles::common
include ::profiles::client
include ::profiles::firewall
include ::nginx
# https://buddy.works/blog/how-deploy-projects-with-git
include ::blog
nsupdate { 'hornquist.se':
ensure => present,
nameserver => 'ns2.adrift.space',
iface => 'eth0',
records => [
{ type => 'A', ttl => 3600, domain => 'hornquist.se' },
{ type => 'A', ttl => 3600, domain => '*.hornquist.se' },
],
}
$certname = 'hornquist'
service { 'php7.4-fpm':
ensure => running,
enable => true,
}
service { 'fcgiwrap.socket':
ensure => running,
enable => true,
}
file { '/etc/systemd/system/php7.4-fpm.service.d':
ensure => directory,
}
file { '/etc/systemd/system/php7.4-fpm.service.d/override.conf':
ensure => file,
notify => Service['php7.4-fpm'],
content => @(EOF)
[Service]
RuntimeDirectory=php
| EOF
}
ensure_packages(['python3-certbot-nginx'],
{ ensure => installed })
letsencrypt::certonly { $certname:
ensure => present,
manage_cron => true,
plugin => 'nginx',
additional_args => [ '--quiet', ],
post_hook_commands => [ 'systemctl reload nginx.service', ],
domains => [
'blog.hornquist.se',
'blogg.hornquist.se',
'www.hornquist.se',
'hornquist.se',
'git.hornquist.se',
'wiki.hornquist.se',
],
}
nginx::resource::location { '= /':
# temprory redirect
location_custom_cfg => { return => '307 /hugo' },
ssl => true,
index_files => [],
server => [ 'blog', ],
}
}
node default {}
|