Newer
Older
# ===========================
#
# Parameters
# ----------
#
# [*mysql_password*]
# The password for the MySQL user
# [*mysql_backup_password*]
# The password for the user used for MySQL backups
# [*skadereg_ro_password*]
# The password used for the read-only user
#
# [*skadereg_ro_user*]
# The username used for the read-only user
#
# Alexander Olofsson <alexander.olofsson@liu.se>
# Andreas Alvarsson <andal699@student.liu.se>
class aim_control (
String $mysql_password,
String $mysql_backup_password,
String $skadereg_ro_password,
String $skadereg_ro_user = 'skadereg_ro',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCsWZkkOYsZhOu0Eir+VxajCzWbZ238lrA8w6sbcB2RLJOftfseH4GRHfJaif4g21L4JGuyy7bbJ9JfjUpCG7YTXvo4s7lx0kvp+7+uIhdeugvPsCuMkflih1EkKw2n05OVyhEKU+MPHSaL7QAlSqGewLfLdZpYs9fm6S+Uj/WZRs3I4H77KirA9kSgTnw/3MjoZpU/+0MLD8Uly60D1tCGrgE9qx4SKB0f3zWv+7zw5ZPzDDVO+Sr2X6dvl639S7OE+Hygwkkz03shVrC3STJX/Q/c5f6RZ6/wIMnrEBt3vACR3RGigNO7GLY9uh0tA7/xg62RXdIsoz3Zl1QIn0m25G8GJdE6lWR1zRF/IOXZBjvKJjxYtbIrbWyDfjFq8YmM5KokIEqy2v3bW7hYb4YPrXpLjwaZi8FxgKSn+gHBRMB+vFJaR8fuUNXJdnQXxNl9ohyGec5Hzy5kIVE41Xn8gnvg5XAILCL9X3qVVk70hJ28scNdRkiQbkM11mz0h5s9mEzd74eAPlljzFkNBLAWzO0g4xdsr8QiSo3VQ15dzPyBcndl3yNwhPoGAJ7UApdIq3AZqSouykwGBHovNyHBm2F+orhMl35hBydRy0t/9rJ9czfkUfHT7Wolal0cihi8AvvGS7w3jDjxW//nZ724UcBsJh2ODSBMh0hU7Gx5Cw==', # lint:ignore:140chars
client => ['92.34.191.128'];
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDGB+/wkuPKTSY6pGSnuJNWt2vDq0hqwZrcuhtrHRz06gjzk2YbmJ7qxkDrwpicskreaqVzcWAP6VqUbhYREiCr7BB2X3AOSW6pyKH2nqTThfZ58IyfXv0SqJowUDRju+jzPTXxrl78YsoYGY108mYa3HeoG3N1QM6PSpuHskMctFyKa3DB1MkQGeywVx2Nen5dTE3MvU8jnnEDyqLe9FfHHOTGNGoToP6GcMfCxSwPI6PrAbzQcptdLTSDEs7tz8iMXtNaDGP/BgGxKwGWWeuOC1XvLMD0iGTIY/PVPH5owqX2UNT4AulyqRO+K3T2i2+sBg42QtqSBrg1Ih7/1C4yrjvqKqWcc/LQw6t+bu1Gjplahv/aW6QWX95R2eO7tdFfr4fAiOhh7rKOJY95xa8/9yEgO69P2rSf/BSpOP8wwYX8nLg7m8VKOcUfNCFdU6lEbnoGwKjkdn8xmDbswivzW7td0NOHKkUU+kIvMmvEbpDsYBuaJ4xrr3YTSBz7CGmaVaanTB8hxL7J+cN5uMix0My9mVo6iaWAIyDPGGlAZ/vZxAel6rDcOcEBwJXbLxTkI494Vtd0wF6DIvs9jDbGrd0+rnjLtOiyWGVIhI4YusnEj0P6mv7dEDF0kLoxbUHBZpYRK+iypRqp9/WxCGQVCnDJJfRHRowbsFl8Withyw==', # lint:ignore:140chars
client => ['192.168.0.32'];
'sagno626':
commonname => 'Saga Noren Karlsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQCauuRZ152TqWqd+d9zmXvZv9ybZEQ1J0Mld0i4N897lq/LwqGj88tPJnNaTcdpOA/+vsN8mdx9gPITBhzTiuZXT2dMc0weo9psgs+QajpdvOXN4/vIg6WU2dXxpm1Y4QeeiLlDTDflV6g1BQIQP50jJcoKSOT1kfnH69Kic8C72ymey1qBLvDb8UNYAJXYrWEY/tkPUo9T28+LA+lGeJ5bwjXzK1XL63PZiW8UMQHx6Bj+wrQnz1mjlVco/BNSnQZXoKNCpSMmnvl1sGNP7ZsdtJ0/VGgMefIsO+ArISyk37sAZTj0Q+2lgBtt49ovnBZZ/tYvZzxndB/jEFPfjPnr/V3jmKbQD5vI7K7uE4ROgqFCNW4wgqBtP5H/UGwIb3uXpYizK3XKjlyE7iRfxPylgjmUbQbNaYlA9WqbKmow4b/Iv3cD+09VZ1rS5w6qgQtxl5Kf+FfWTwRKQS6mlEsnUtpnslfhp4+uBSMNLBdhK2hH7srRvaY7zpXJ/hkQqgM='; # lint:ignore:140chars
}
group { 'skadereg':
ensure => present,
members => [
include liurepo::remi
exec { 'enable remi-php74':
command => 'dnf module enable php:remi-7.4 -y',
path => ['/bin', '/usr/bin'],
unless => 'dnf module list php:remi-7.4 | grep -q "[e]"',
require => Class['liurepo::remi'],
}
class { 'apache::mod::php':
package_name => 'php74',
php_version => '7',
}
include apache::mod::rewrite
package {
'php74-php-pdo':
ensure => installed;
'php74-php-mbstring':
ensure => installed;
'php74-php-mysqlnd':
ensure => installed;
'php74-php-common':
ensure => installed;
'php74-php':
ensure => installed;
}
file { '/etc/httpd/modules/libphp7.so':
ensure => link,
target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
before => Service['httpd'],
}
include profiles::letsencrypt
$cert = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.cert")
$chain = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.chain")
$key = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key")
file { '/var/www/skadereg/':
ensure => directory,
owner => 'apache',
group => 'skadereg',
mode => '0770',
recurse => true,
}
# TODO: Add setup for keys
vcsrepo { '/var/www/skadereg':
ensure => latest,
provider => git,
source => 'git@gitlab.liu.se:aim-control/laravel.git',
user => 'apache',
group => 'skadereg',
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
require => File['/var/www/skadereg/'], # Ensure directory is created first
}
apache::vhost { 'default:80':
servername => $facts['networking']['fqdn'],
default_vhost => true,
port => 80,
docroot => '/var/www/html',
redirect_status => 'permanent',
redirect_dest => "https://${facts['networking']['fqdn']}/",
}
apache::vhost { "${facts['networking']['fqdn']}:443":
servername => $facts['networking']['fqdn'],
port => 443,
ssl => true,
ssl_cert => $cert,
ssl_chain => $chain,
ssl_key => $key,
headers => ['Set Strict-Transport-Security "max-age=31536000"'],
docroot => '/var/www/skadereg/public',
docroot_owner => 'apache',
docroot_group => 'skadereg',
directories => [
{
path => '/var/www/skadereg/public',
allow_override => ['ALL'],
directoryindex => 'index.php',
}
],
require => Vcsrepo['/var/www/skadereg'], # Ensure VCS repo is checked out first
file { '/var/www/skadereg/.env':
ensure => file,
owner => 'apache',
group => 'skadereg',
mode => '0660',
content => template("${module_name}/dotenv.erb"),
require => Vcsrepo['/var/www/skadereg'], # Ensure VCS repo is checked out first
}
exec { 'artisan migrate':
command => 'php artisan migrate --force -n',
cwd => '/var/www/skadereg',
path => ['/opt/remi/php74/root/bin/'],
refreshonly => true,
group => 'skadereg',
user => 'apache',
subscribe => [Vcsrepo['/var/www/skadereg'], File['/var/www/skadereg'],],
}
cron { 'artisan schedule:run':
minute => '*',
hour => '*',
monthday => '*',
month => '*',
weekday => '*',
user => 'apache',
environment => ['PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash'],
command => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
}
class { 'mysql::server':
root_password => $mysql_password,
override_options => {
'port' => 33060,
'socket' => '/var/lib/mysql/mysql.sock', # Add socket path explicitly if needed
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
restart => true, # Ensure server restarts to apply configuration changes
}
# Create the database with the necessary charset
mysql::db { $db_name:
user => $skadereg_ro_user,
password => $skadereg_ro_password,
host => '%',
charset => 'utf8',
grant => ['SELECT'],
}
# Create the root user with full privileges
mysql_user { 'root@%':
ensure => 'present',
password_hash => mysql_password($mysql_password),
}
mysql_grant { 'root@%/*.*':
ensure => 'present',
options => ['GRANT'],
privileges => ['ALL'],
table => '*.*',
user => 'root@%',
}
# ['entries', 'guardian_confirmations', 'users'].each |String $table| {
# mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
# ensure => present,
# privileges => ['SELECT'],
# table => "${db_name}.${table}",
# user => "${skadereg_ro_user}@%",
# }
# }
# class { 'mysql::server::backup':
# backupuser => 'backupuser',
# backuppassword => $mysql_backup_password,
# backupdir => '/root/mysql_backups',
# backupdirmode => '700',
# backupdirowner => 'root',
# backupdirgroup => 'root',
# backuprotate => '7',
# time => ['1','0'],
# }