-
Saga Norén Karlsson authoredSaga Norén Karlsson authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
init.pp 8.24 KiB
# Class: aim_control
# ===========================
#
# Parameters
# ----------
#
# [*mysql_password*]
# The password for the MySQL user
#
# [*mysql_backup_password*]
# The password for the user used for MySQL backups
#
# [*skadereg_ro_password*]
# The password used for the read-only user
#
# [*skadereg_ro_user*]
# The username used for the read-only user
#
# Authors
# -------
#
# Alexander Olofsson <alexander.olofsson@liu.se>
# Andreas Alvarsson <andal699@student.liu.se>
#
# Copyright
# ---------
#
# Copyright © Linköpings Universitet
#
class aim_control (
String $mysql_password,
String $mysql_backup_password,
String $skadereg_ro_password,
String $skadereg_ro_user = 'skadereg_ro',
) {
users::liu_user {
'samla949':
commonname => 'Samuel Larsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCsWZkkOYsZhOu0Eir+VxajCzWbZ238lrA8w6sbcB2RLJOftfseH4GRHfJaif4g21L4JGuyy7bbJ9JfjUpCG7YTXvo4s7lx0kvp+7+uIhdeugvPsCuMkflih1EkKw2n05OVyhEKU+MPHSaL7QAlSqGewLfLdZpYs9fm6S+Uj/WZRs3I4H77KirA9kSgTnw/3MjoZpU/+0MLD8Uly60D1tCGrgE9qx4SKB0f3zWv+7zw5ZPzDDVO+Sr2X6dvl639S7OE+Hygwkkz03shVrC3STJX/Q/c5f6RZ6/wIMnrEBt3vACR3RGigNO7GLY9uh0tA7/xg62RXdIsoz3Zl1QIn0m25G8GJdE6lWR1zRF/IOXZBjvKJjxYtbIrbWyDfjFq8YmM5KokIEqy2v3bW7hYb4YPrXpLjwaZi8FxgKSn+gHBRMB+vFJaR8fuUNXJdnQXxNl9ohyGec5Hzy5kIVE41Xn8gnvg5XAILCL9X3qVVk70hJ28scNdRkiQbkM11mz0h5s9mEzd74eAPlljzFkNBLAWzO0g4xdsr8QiSo3VQ15dzPyBcndl3yNwhPoGAJ7UApdIq3AZqSouykwGBHovNyHBm2F+orhMl35hBydRy0t/9rJ9czfkUfHT7Wolal0cihi8AvvGS7w3jDjxW//nZ724UcBsJh2ODSBMh0hU7Gx5Cw==', # lint:ignore:140chars
client => ['92.34.191.128'];
'tomla035':
commonname => 'Tom Larsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDGB+/wkuPKTSY6pGSnuJNWt2vDq0hqwZrcuhtrHRz06gjzk2YbmJ7qxkDrwpicskreaqVzcWAP6VqUbhYREiCr7BB2X3AOSW6pyKH2nqTThfZ58IyfXv0SqJowUDRju+jzPTXxrl78YsoYGY108mYa3HeoG3N1QM6PSpuHskMctFyKa3DB1MkQGeywVx2Nen5dTE3MvU8jnnEDyqLe9FfHHOTGNGoToP6GcMfCxSwPI6PrAbzQcptdLTSDEs7tz8iMXtNaDGP/BgGxKwGWWeuOC1XvLMD0iGTIY/PVPH5owqX2UNT4AulyqRO+K3T2i2+sBg42QtqSBrg1Ih7/1C4yrjvqKqWcc/LQw6t+bu1Gjplahv/aW6QWX95R2eO7tdFfr4fAiOhh7rKOJY95xa8/9yEgO69P2rSf/BSpOP8wwYX8nLg7m8VKOcUfNCFdU6lEbnoGwKjkdn8xmDbswivzW7td0NOHKkUU+kIvMmvEbpDsYBuaJ4xrr3YTSBz7CGmaVaanTB8hxL7J+cN5uMix0My9mVo6iaWAIyDPGGlAZ/vZxAel6rDcOcEBwJXbLxTkI494Vtd0wF6DIvs9jDbGrd0+rnjLtOiyWGVIhI4YusnEj0P6mv7dEDF0kLoxbUHBZpYRK+iypRqp9/WxCGQVCnDJJfRHRowbsFl8Withyw==', # lint:ignore:140chars
client => ['192.168.0.32'];
'sagno626':
commonname => 'Saga Noren Karlsson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQCauuRZ152TqWqd+d9zmXvZv9ybZEQ1J0Mld0i4N897lq/LwqGj88tPJnNaTcdpOA/+vsN8mdx9gPITBhzTiuZXT2dMc0weo9psgs+QajpdvOXN4/vIg6WU2dXxpm1Y4QeeiLlDTDflV6g1BQIQP50jJcoKSOT1kfnH69Kic8C72ymey1qBLvDb8UNYAJXYrWEY/tkPUo9T28+LA+lGeJ5bwjXzK1XL63PZiW8UMQHx6Bj+wrQnz1mjlVco/BNSnQZXoKNCpSMmnvl1sGNP7ZsdtJ0/VGgMefIsO+ArISyk37sAZTj0Q+2lgBtt49ovnBZZ/tYvZzxndB/jEFPfjPnr/V3jmKbQD5vI7K7uE4ROgqFCNW4wgqBtP5H/UGwIb3uXpYizK3XKjlyE7iRfxPylgjmUbQbNaYlA9WqbKmow4b/Iv3cD+09VZ1rS5w6qgQtxl5Kf+FfWTwRKQS6mlEsnUtpnslfhp4+uBSMNLBdhK2hH7srRvaY7zpXJ/hkQqgM='; # lint:ignore:140chars
}
file { '/etc/sudoers.d/02-serious_sam' :
ensure => 'file',
owner => 'root',
mode => '0660',
content => 'sagno626 ALL=(ALL) ALL',
}
group { 'skadereg':
ensure => present,
members => [
'sagno626',
'apache',
],
require => [
Users::Liu_user['sagno626'],
], }
include aim_control::firewall
include apache
include liurepo::remi
exec { 'enable remi-php74':
command => 'dnf module enable php:remi-7.4 -y',
path => ['/bin', '/usr/bin'],
unless => 'dnf module list php:remi-7.4 | grep -q "[e]"',
require => Class['liurepo::remi'],
}
class { 'apache::mod::php':
package_name => 'php74',
php_version => '7',
}
include apache::mod::rewrite
package {
'php74-php-pdo':
ensure => installed;
'php74-php-mbstring':
ensure => installed;
'php74-php-mysqlnd':
ensure => installed;
'php74-php-common':
ensure => installed;
'php74-php':
ensure => installed;
}
file { '/etc/httpd/modules/libphp7.so':
ensure => link,
target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
before => Service['httpd'],
}
include profiles::letsencrypt
$cert = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.cert")
$chain = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.chain")
$key = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key")
# apache::vhost { 'default:80':
# servername => $facts['networking']['fqdn'],
# default_vhost => true,
# port => '80',
# docroot => '/var/www/html',
# redirect_status => 'permanent',
# redirect_dest => "https://${facts['networking']['fqdn']}/",
# }
# apache::vhost { "${facts['networking']['fqdn']}:443":
# servername => $facts['networking']['fqdn'],
# port => '443',
# ssl => true,
# ssl_cert => $cert,
# ssl_chain => $chain,
# ssl_key => $key,
# headers => ['Set Strict-Transport-Security "max-age=31536000"',],
# docroot => '/var/www/skadereg/public',
# docroot_owner => 'apache',
# docroot_group => 'skadereg',
# directories => [
# {
# path => '/var/www/skadereg/public',
# allow_override => [ 'ALL' ],
# directoryindex => 'index.php',
# } # ],
# }
# file { '/var/www/skadereg/':
# ensure => directory,
# owner => 'apache',
# group => 'skadereg',
# mode => '0770',
# recurse => true,
# }
# -> vcsrepo { '/var/www/skadereg':
# ensure => latest,
# before => File['/var/www/skadereg/public'],
# provider => git,
# source => 'git@gitlab.liu.se:aim-control/laravel.git',
# user => 'apache',
# group => 'skadereg',
# }
# -> file { '/var/www/skadereg/.env':
# ensure => file,
# owner => 'apache',
# group => 'skadereg',
# mode => '0660',
# content => template("${module_name}/dotenv.erb"),
# }
# exec { 'artisan migrate':
# command => 'php artisan migrate --force -n',
# cwd => '/var/www/skadereg',
# path => [ '/opt/remi/php74/root/bin/' ],
# refreshonly => true,
# group => 'skadereg',
# user => 'apache',
# subscribe => [ Vcsrepo['/var/www/skadereg'], File[ '/var/www/skadereg' ], ],
# }
# cron { 'artisan schedule:run':
# minute => '*',
# hour => '*',
# monthday => '*',
# month => '*',
# weekday => '*',
# user => 'apache',
# environment => [ 'PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash' ],
# command => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
# }
# $db_name = 'homestead'
# class { 'mysql::server':
# root_password => $mysql_password,
# databases => {
# $db_name => {
# ensure => present,
# charset => 'utf8',
# },
# },
# users => {
# "${skadereg_ro_user}@%" => {
# ensure => present,
# password_hash => mysql_password($skadereg_ro_password),
# },
# },
# grants => {
# 'root@%/*.*' => {
# ensure => present,
# options => ['GRANT'],
# privileges => ['ALL'], # table => '*.*',
# user => 'root@%',
# },
# },
# override_options => {
# mysqld => {
# 'bind-address' => '0.0.0.0',
# port => 33060,
# },
# },
# }
# ['entries', 'guardian_confirmations', 'users'].each |String $table| {
# mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
# ensure => present,
# privileges => ['SELECT'],
# table => "${db_name}.${table}",
# user => "${skadereg_ro_user}@%",
# }
# }
# class { 'mysql::server::backup':
# backupuser => 'backupuser',
# backuppassword => $mysql_backup_password,
# backupdir => '/root/mysql_backups',
# backupdirmode => '700',
# backupdirowner => 'root',
# backupdirgroup => 'root',
# backuprotate => '7',
# time => ['1','0'],
# }
}