Merge branch 'production' into 'production'

Merge till Production See merge request !2

Merge branch 'production' into 'production'
5a447404 · Andreas Alvarsson · ce2f9fe5 · 53ceacac · 5a447404 · 5a447404
Commit 5a447404 authored 8 years ago by Andreas Alvarsson
--- a/.gitignore
+++ b/.gitignore
+.DS_Store
\ No newline at end of file
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
+class skadereg::firewall{
+  ::server_firewall::constricto_chain{ 'skadereg': }
+  ::server_firewall::rules_file { '55-permit-skadereg.rules':
+    content => template("${module_name}/55-permit-skadereg.rules.erb"),
+    require => ::Server_firewall::Constricto_chain['skadereg'],
+  }
+}
\ No newline at end of file
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -42,51 +42,106 @@
 #
 # Copyright 2016 Andreas Alvarsson
 #
+
+
 class skadereg {
  ::users::liu_user { 'andal699':
    commonname => 'Andreas Alvarsson',
    shell      => '/bin/bash',
-    sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwLJB6f+wJqPl81NwT5NM7ughW6fdk3Jf6W0IWX2Ta7PChjnlBgpNGfec59+iuDBs3V/zFJqwUjIWNG8MshbJPShjhM5CpAf0VSsqd+MRlYtXw1Wtp3uwkbj62n9i8VlP1bKXgbnd4C4qiQ8xNJetMb45Alm3ueeyEHpmQbi4JpFvREaN7hDUfIEITPItgsZtV36Gs1nn+OHdV03wll0AddmD1SiIJPWqtO+RKS58oD3yqagthoLP7QdjB2vptaVhlg+e3SJuOFkC9AgQvzHBPh+NGJSZAe7IQXk3wENYZotEuGOKnQ3cFhMtf3TkoMLfglMtYl3oP1CxcecLkd47',
+    sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDCdb9hWgucRRTpDEH1ozBsWXfC+zTnZEO8rrnuqLlwIy23vEaUK7pJ9tQ7AzdR3+fp6yhWBNOlWC9UT70TnVClS1NfXGXHep0J0yWqNnyXcKviKpVB/p9TOVOULrRX9o3oczYxQa4Bi+eYUfk/en2V6O8tIfYtx5AdWUoofdLYNSpCyrHD1xoH7k1/c+OfW0S3fR5f12n/5u8JTHrztDnpy79CfEtwgMr1pCMjOaiM+OIDYlhNJMvlBo5C6mcDls93snctUR1Zef+sJEznb739uw91f5Yqf5FUBLxXCBi3eveJacBVRVg++ZPzyZ9VHIlBz3OPZ1WEjiM/IRJDBXD4I5MoxnM0Urv2wZBr0+G+1cS916KKraMuEfJHf2Qg4O3L3kZY2zNN5DqRmTx1BflTqe2XdPCCMQJiQi37WjE4fOGfNVsAR2VENhw/TMzc8bcagrrIzeBm3dA5e3R7nTfloPufU6IlIwI9qvCmdI2w0rE3Ve6KHtTzWszjsFtVeOzxVzYkG6GQlT1vr867Ayvx8SWE3GixHiIRByw4BEhFVJWNN/DBT88qd61StuIvWEawZ4WiTGNYfh2SVDIy9Jrcp7Nfg1knK1OtYr+wnjO9OrJtePfo0oo9xwQ3GfwCxni8YJKp40BmfWT/fpY9Pmup71adhaPxPHnELGOeVG/fGw==',
  }

-  # include ::apache
-  # class { '::apache::mod_php'
-  #   package_name => 'php55-php', # The PHP 5.5 package has a different name for mod_php
-  # }
-  # include ::certdist
+  include skadereg::firewall
+  include ::yum::centos_scl
+  include ::apache

-  # $cert = "/etc/pki/tls/certs/cert-${::fqdn}.pem"
-  # $chain = "/etc/pki/tls/certs/chain-${::fqdn}.pem"
-  # $key = "/etc/pki/tls/private/${::fqdn}.key"
+  class { '::apache::mod::php':
+    package_name => 'php55-php'
+  }
+  include ::apache::mod::rewrite

-  # apache::vhost { 'default:80':
-  #   servername      => $::fqdn,
-  #   default_vhost   => true,
-  #   port            => '80',
-  #   docroot         => '/var/www/html',
-  #   redirect_status => 'permanent',
-  #   redirect_dest   => "https://${::fqdn}/",
-  # }
-  # apache::vhost { "${::fqdn}:443":
-  #   servername            => $::fqdn,
-  #   port                  => '443',
-  #   ssl                   => true,
-  #   ssl_cert              => $cert,
-  #   ssl_chain             => $chain,
-  #   ssl_key               => $key,
-  #   headers               => ['Set Strict-Transport-Security "max-age=31536000"',],
-  #   docroot               => '/var/www',
-  #   proxy_preserve_host   => true,
-  #   allow_encoded_slashes => 'on',
-  # }
+  package { 'php55-php-pdo':
+    ensure => installed;
+    'php55-php-mbstring': ensure => installed;
+    'php55-php-common': ensure => installed;
+  }

-  include ::yum::centos_scl
+  file { '/etc/httpd/modules/libphp5.so':
+    ensure => link,
+    target => '/opt/rh/httpd24/root/usr/lib64/httpd/modules/libphp55-php5.so',
+    before => Service['httpd']
+  }
+
+  include ::certdist
+
+  $cert = "/etc/pki/tls/certs/cert-${::fqdn}.pem"
+  $chain = "/etc/pki/tls/certs/chain-${::fqdn}.pem"
+  $key = "/etc/pki/tls/private/${::fqdn}.key"

-  file { '/tmp/example':
+  apache::vhost { 'default:80':
+    servername      => $::fqdn,
+    default_vhost   => true,
+    port            => '80',
+    docroot         => '/var/www/html',
+    redirect_status => 'permanent',
+    redirect_dest   => "https://${::fqdn}/",
+  }
+
+  apache::vhost { "${::fqdn}:443":
+    servername  => $::fqdn,
+    port        => '443',
+    ssl         => true,
+    ssl_cert    => $cert,
+    ssl_chain   => $chain,
+    ssl_key     => $key,
+    headers     => ['Set Strict-Transport-Security "max-age=31536000"',],
+    docroot     => '/var/www/skadereg/public',
+    directories => [
+      {
+        path           => '/var/www/skadereg/public',
+        allow_override => [ 'ALL' ],
+        directoryindex => 'index.php',
+      }
+    ]
+  }
+
+  file { '/var/www/skadereg/':
+    ensure => directory,
+    owner => 'andal699',
+    group => 'apache',
+    mode => '0770',
+    recurse => true
+  }->
+
+  vcsrepo { '/var/www/skadereg':
+    ensure => latest,
+    before => File['/var/www/skadereg/public'],
+    provider => git,
+    source => 'ssh://git@gitlab.it.liu.se:29418/andal699/laravel.git',
+    user => 'andal699'
+  }->
+
+  file { '/var/www/skadereg/.env':
    ensure  => file,
-    content => template('skadereg/example.erb'),
-    owner   => andal699,
-    group   => andal699,
-    mode    => '0400',
+    owner   => 'andal699',
+    group   => 'apache',
+    mode    => '0660',
+    content => template("${module_name}/dotenv.erb"),
+  }
+
+  class { '::mysql::server':
+    root_password    => 'ControlAvHandboll',
+    databases        => {
+      'homestead' => {
+        ensure  => present,
+        charset => 'utf8',
+      }
+    },
+    override_options => {
+      mysqld => {
+        'bind-address' => '0.0.0.0',
+        port           => 33060,
+      }
+    }
  }
-}
+}
\ No newline at end of file
--- a/templates/55-permit-skadereg.rules.erb
+++ b/templates/55-permit-skadereg.rules.erb
+require services
+
+policy skadereg chain skadereg is
+	accept service:http
+	accept service:https
+	accept { tcp/33060 }
+end policy
+
+append rule INPUT -j skadereg
+
+# <%# Put installed file in view mode when opened with Emacs: -%>
+# <%= "Nota bene: Puppet managed file, all local changes will be reverted." %>
+# <%= "Local" %> <%= "variables:" %>
+# mode: view
+# <%= "End:" %>
--- a/templates/dotenv.erb
+++ b/templates/dotenv.erb
+APP_KEY=1eridaub9oepqakdd9n9ckmk2m33mkv2
+DB_PASSWORD=ControlAvHandboll
+
+# <%# Put installed file in view mode when opened with Emacs: -%>
+# <%= "Nota bene: Puppet managed file, all local changes will be reverted." %>
+# <%= "Local" %> <%= "variables:" %>
+# mode: view
+# <%= "End:" %>
--- a/templates/example.erb
+++ b/templates/example.erb
-Example content, rev2