-
Saga Norén Karlsson authoredSaga Norén Karlsson authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
init.pp 8.14 KiB
# Class: aim_control
# ===========================
#
# Parameters
# ----------
#
# [*mysql_password*]
# The password for the MySQL user
#
# [*mysql_backup_password*]
# The password for the user used for MySQL backups
#
# [*skadereg_ro_password*]
# The password used for the read-only user
#
# [*skadereg_ro_user*]
# The username used for the read-only user
#
# Authors
# -------
#
# Alexander Olofsson <alexander.olofsson@liu.se>
# Andreas Alvarsson <andal699@student.liu.se>
#
# Copyright
# ---------
#
# Copyright © Linköpings Universitet
#
class aim_control (
String $mysql_password,
String $mysql_backup_password,
String $skadereg_ro_password,
String $skadereg_ro_user = 'skadereg_ro',
) {
users::liu_user {
'samla949':
commonname => 'Samuel Larsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCsWZkkOYsZhOu0Eir+VxajCzWbZ238lrA8w6sbcB2RLJOftfseH4GRHfJaif4g21L4JGuyy7bbJ9JfjUpCG7YTXvo4s7lx0kvp+7+uIhdeugvPsCuMkflih1EkKw2n05OVyhEKU+MPHSaL7QAlSqGewLfLdZpYs9fm6S+Uj/WZRs3I4H77KirA9kSgTnw/3MjoZpU/+0MLD8Uly60D1tCGrgE9qx4SKB0f3zWv+7zw5ZPzDDVO+Sr2X6dvl639S7OE+Hygwkkz03shVrC3STJX/Q/c5f6RZ6/wIMnrEBt3vACR3RGigNO7GLY9uh0tA7/xg62RXdIsoz3Zl1QIn0m25G8GJdE6lWR1zRF/IOXZBjvKJjxYtbIrbWyDfjFq8YmM5KokIEqy2v3bW7hYb4YPrXpLjwaZi8FxgKSn+gHBRMB+vFJaR8fuUNXJdnQXxNl9ohyGec5Hzy5kIVE41Xn8gnvg5XAILCL9X3qVVk70hJ28scNdRkiQbkM11mz0h5s9mEzd74eAPlljzFkNBLAWzO0g4xdsr8QiSo3VQ15dzPyBcndl3yNwhPoGAJ7UApdIq3AZqSouykwGBHovNyHBm2F+orhMl35hBydRy0t/9rJ9czfkUfHT7Wolal0cihi8AvvGS7w3jDjxW//nZ724UcBsJh2ODSBMh0hU7Gx5Cw==', # lint:ignore:140chars
client => ['92.34.191.128'];
'tomla035':
commonname => 'Tom Larsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDGB+/wkuPKTSY6pGSnuJNWt2vDq0hqwZrcuhtrHRz06gjzk2YbmJ7qxkDrwpicskreaqVzcWAP6VqUbhYREiCr7BB2X3AOSW6pyKH2nqTThfZ58IyfXv0SqJowUDRju+jzPTXxrl78YsoYGY108mYa3HeoG3N1QM6PSpuHskMctFyKa3DB1MkQGeywVx2Nen5dTE3MvU8jnnEDyqLe9FfHHOTGNGoToP6GcMfCxSwPI6PrAbzQcptdLTSDEs7tz8iMXtNaDGP/BgGxKwGWWeuOC1XvLMD0iGTIY/PVPH5owqX2UNT4AulyqRO+K3T2i2+sBg42QtqSBrg1Ih7/1C4yrjvqKqWcc/LQw6t+bu1Gjplahv/aW6QWX95R2eO7tdFfr4fAiOhh7rKOJY95xa8/9yEgO69P2rSf/BSpOP8wwYX8nLg7m8VKOcUfNCFdU6lEbnoGwKjkdn8xmDbswivzW7td0NOHKkUU+kIvMmvEbpDsYBuaJ4xrr3YTSBz7CGmaVaanTB8hxL7J+cN5uMix0My9mVo6iaWAIyDPGGlAZ/vZxAel6rDcOcEBwJXbLxTkI494Vtd0wF6DIvs9jDbGrd0+rnjLtOiyWGVIhI4YusnEj0P6mv7dEDF0kLoxbUHBZpYRK+iypRqp9/WxCGQVCnDJJfRHRowbsFl8Withyw==', # lint:ignore:140chars
client => ['192.168.0.32'];
'sagno626':
commonname => 'Saga Noren Karlsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQCauuRZ152TqWqd+d9zmXvZv9ybZEQ1J0Mld0i4N897lq/LwqGj88tPJnNaTcdpOA/+vsN8mdx9gPITBhzTiuZXT2dMc0weo9psgs+QajpdvOXN4/vIg6WU2dXxpm1Y4QeeiLlDTDflV6g1BQIQP50jJcoKSOT1kfnH69Kic8C72ymey1qBLvDb8UNYAJXYrWEY/tkPUo9T28+LA+lGeJ5bwjXzK1XL63PZiW8UMQHx6Bj+wrQnz1mjlVco/BNSnQZXoKNCpSMmnvl1sGNP7ZsdtJ0/VGgMefIsO+ArISyk37sAZTj0Q+2lgBtt49ovnBZZ/tYvZzxndB/jEFPfjPnr/V3jmKbQD5vI7K7uE4ROgqFCNW4wgqBtP5H/UGwIb3uXpYizK3XKjlyE7iRfxPylgjmUbQbNaYlA9WqbKmow4b/Iv3cD+09VZ1rS5w6qgQtxl5Kf+FfWTwRKQS6mlEsnUtpnslfhp4+uBSMNLBdhK2hH7srRvaY7zpXJ/hkQqgM='; # lint:ignore:140chars
}
file { '/etc/sudoers.d/02-serious_sam' :
ensure => 'file',
owner => 'root',
mode => '0660',
content => 'sagno626 ALL=(ALL) ALL',
}
group { 'skadereg':
ensure => present,
members => [
'sagno626',
'apache',
],
require => [
Users::Liu_user['sagno626'],
], }
include aim_control::firewall
include apache
include liurepo::remi
exec { 'enable remi-php74':
command => 'dnf module enable php:remi-7.4 -y',
path => ['/bin', '/usr/bin'],
unless => 'dnf module list php:remi-7.4 | grep -q "[e]"',
require => Class['liurepo::remi'],
}
class { 'apache::mod::php':
package_name => 'php74',
php_version => '7',
}
include apache::mod::rewrite
package {
'php74-php-pdo':
ensure => installed;
'php74-php-mbstring':
ensure => installed;
'php74-php-mysqlnd':
ensure => installed;
'php74-php-common':
ensure => installed;
'php74-php':
ensure => installed;
}
file { '/etc/httpd/modules/libphp7.so':
ensure => link,
target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
before => Service['httpd'],
}
include profiles::letsencrypt
$cert = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.cert")
$chain = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.chain")
$key = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key")
file { '/var/www/skadereg/':
ensure => directory,
owner => 'apache',
group => 'skadereg',
mode => '0770',
recurse => true,
}
# TODO: Add setup for keys
vcsrepo { '/var/www/skadereg':
ensure => latest,
provider => git,
source => 'git@gitlab.liu.se:aim-control/laravel.git',
user => 'apache',
group => 'skadereg',
require => File['/var/www/skadereg/'],
}
apache::vhost { 'default:80':
servername => $facts['networking']['fqdn'],
default_vhost => true,
port => 80,
docroot => '/var/www/html',
redirect_status => 'permanent',
redirect_dest => "https://${facts['networking']['fqdn']}/",
}
apache::vhost { "${facts['networking']['fqdn']}:443":
servername => $facts['networking']['fqdn'],
port => 443,
ssl => true,
ssl_cert => $cert,
ssl_chain => $chain,
ssl_key => $key,
headers => ['Set Strict-Transport-Security "max-age=31536000"'],
docroot => '/var/www/skadereg/public',
docroot_owner => 'apache',
docroot_group => 'skadereg',
directories => [
{
path => '/var/www/skadereg/public',
allow_override => ['ALL'],
directoryindex => 'index.php',
}
],
require => Vcsrepo['/var/www/skadereg'],
}
file { '/var/www/skadereg/.env':
ensure => file,
owner => 'apache',
group => 'skadereg',
mode => '0660',
content => template("${module_name}/dotenv.erb"),
require => Vcsrepo['/var/www/skadereg'],
}
exec { 'artisan migrate':
command => 'php artisan migrate --force -n',
cwd => '/var/www/skadereg',
path => ['/opt/remi/php74/root/bin/'],
refreshonly => true,
group => 'skadereg',
user => 'apache',
subscribe => [Vcsrepo['/var/www/skadereg'], File['/var/www/skadereg'],],
}
cron { 'artisan schedule:run':
minute => '*',
hour => '*',
monthday => '*',
month => '*',
weekday => '*',
user => 'apache',
environment => ['PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash'],
command => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
}
$db_name = 'homestead'
class { 'mysql::server':
root_password => $mysql_password,
override_options => {
'mysqld' => {
'bind-address' => '0.0.0.0',
'port' => 33060,
'socket' => '/var/lib/mysql/mysql.sock',
},
},
restart => true,
}
mysql::db { $db_name:
user => $skadereg_ro_user,
password => $skadereg_ro_password,
host => '%', charset => 'utf8',
grant => ['SELECT'],
}
mysql_user { 'root@%':
ensure => 'present',
password_hash => mysql_password($mysql_password),
}
mysql_grant { 'root@%/*.*':
ensure => 'present',
options => ['GRANT'],
privileges => ['ALL'],
table => '*.*',
user => 'root@%',
}
# ['entries', 'guardian_confirmations', 'users'].each |String $table| {
# mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
# ensure => present,
# privileges => ['SELECT'],
# table => "${db_name}.${table}",
# user => "${skadereg_ro_user}@%",
# }
# }
class { 'mysql::server::backup':
backupuser => 'backupuser',
backuppassword => $mysql_backup_password,
backupdir => '/root/mysql_backups',
backupdirmode => '700',
backupdirowner => 'root',
backupdirgroup => 'root',
backuprotate => '7',
time => ['1','0'],
}
}