Compare revisions

Nils Olof Paulsson · Nils Olof Paulsson · Nils Olof Paulsson · Saga Norén Karlsson · Saga Norén Karlsson · Saga Norén Karlsson
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,6 +3,7 @@ require:
 - rubocop-performance
 - rubocop-rspec
 AllCops:
+  NewCops: enable
  DisplayCopNames: true
  TargetRubyVersion: '2.6'
  Include:
@@ -527,6 +528,8 @@ Lint/DuplicateBranch:
  Enabled: false
 Lint/DuplicateMagicComment:
  Enabled: false
+Lint/DuplicateMatchPattern:
+  Enabled: false
 Lint/DuplicateRegexpCharacterClassElement:
  Enabled: false
 Lint/EmptyBlock:
@@ -643,6 +646,8 @@ Style/ComparableClamp:
  Enabled: false
 Style/ConcatArrayLiterals:
  Enabled: false
+Style/DataInheritance:
+  Enabled: false
 Style/DirEmpty:
  Enabled: false
 Style/DocumentDynamicEvalDefinition:
@@ -711,6 +716,8 @@ Style/RedundantHeredocDelimiterQuotes:
  Enabled: false
 Style/RedundantInitialize:
  Enabled: false
+Style/RedundantLineContinuation:
+  Enabled: false
 Style/RedundantSelfAssignmentBranch:
  Enabled: false
 Style/RedundantStringEscape:

--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -5,5 +5,6 @@
    "ms-vscode.powershell",
    "EditorConfig.EditorConfig",
    "glenbuktenica.unicode-substitutions"
+    "Shopify.ruby-lsp"
  ]
 }
--- a/Gemfile
+++ b/Gemfile
@@ -20,30 +20,29 @@ group :development do
  gem "json", '= 2.6.1',                         require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
  gem "json", '= 2.6.3',                         require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
  gem "racc", '~> 1.4.0',                        require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "deep_merge", '~> 1.0',                    require: false
  gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
  gem "facterdb", '~> 1.18',                     require: false
-  gem "metadata-json-lint", '~> 3.0',            require: false
+  gem "metadata-json-lint", '~> 4.0',            require: false
-  gem "puppetlabs_spec_helper", '~> 6.0',        require: false
+  gem "rspec-puppet-facts", '~> 3.0',            require: false
-  gem "rspec-puppet-facts", '~> 2.0',            require: false
-  gem "codecov", '~> 0.2',                       require: false
  gem "dependency_checker", '~> 1.0.0',          require: false
  gem "parallel_tests", '= 3.12.1',              require: false
  gem "pry", '~> 0.10',                          require: false
-  gem "simplecov-console", '~> 0.5',             require: false
+  gem "simplecov-console", '~> 0.9',             require: false
  gem "puppet-debugger", '~> 1.0',               require: false
-  gem "rubocop", '= 1.48.1',                     require: false
+  gem "rubocop", '~> 1.50.0',                    require: false
  gem "rubocop-performance", '= 1.16.0',         require: false
  gem "rubocop-rspec", '= 2.19.0',               require: false
-  gem "puppet-strings", '~> 4.0',                require: false
  gem "rb-readline", '= 0.5.5',                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
 end
-group :system_tests do
+group :development, :release_prep do
-  gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
-  gem "serverspec", '~> 2.41',   require: false
-end
-group :release_prep do
  gem "puppet-strings", '~> 4.0',         require: false
-  gem "puppetlabs_spec_helper", '~> 6.0', require: false
+  gem "puppetlabs_spec_helper", '~> 7.0', require: false
+end
+group :system_tests do
+  gem "puppet_litmus", '~> 1.0',   require: false, platforms: [:ruby, :x64_mingw]
+  gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "serverspec", '~> 2.41',     require: false
 end
 puppet_version = ENV['PUPPET_GEM_VERSION']

--- a/Rakefile
+++ b/Rakefile
@@ -4,85 +4,6 @@ require 'bundler'
 require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
 require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
-require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
 require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
-def changelog_user
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = nil || JSON.load(File.read('metadata.json'))['author']
-  raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator user:#{returnVal}"
-  returnVal
-end
-def changelog_project
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = nil
-  returnVal ||= begin
-    metadata_source = JSON.load(File.read('metadata.json'))['source']
-    metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
-    metadata_source_match && metadata_source_match[1]
-  end
-  raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator project:#{returnVal}"
-  returnVal
-end
-def changelog_future_release
-  return unless Rake.application.top_level_tasks.include? "changelog"
-  returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
-  raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
-  puts "GitHubChangelogGenerator future_release:#{returnVal}"
-  returnVal
-end
 PuppetLint.configuration.send('disable_relative')
-if Gem.loaded_specs.key? 'github_changelog_generator'
-  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
-    raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
-    config.user = "#{changelog_user}"
-    config.project = "#{changelog_project}"
-    config.future_release = "#{changelog_future_release}"
-    config.exclude_labels = ['maintenance']
-    config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
-    config.add_pr_wo_labels = true
-    config.issues = false
-    config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
-    config.configure_sections = {
-      "Changed" => {
-        "prefix" => "### Changed",
-        "labels" => ["backwards-incompatible"],
-      },
-      "Added" => {
-        "prefix" => "### Added",
-        "labels" => ["enhancement", "feature"],
-      },
-      "Fixed" => {
-        "prefix" => "### Fixed",
-        "labels" => ["bug", "documentation", "bugfix"],
-      },
-    }
-  end
-else
-  desc 'Generate a Changelog from GitHub'
-  task :changelog do
-    raise <<EOM
-The changelog tasks depends on recent features of the github_changelog_generator gem.
-Please manually add it to your .sync.yml for now, and run `pdk update`:
---
-Gemfile:
-  optional:
-    ':development':
-      - gem: 'github_changelog_generator'
-        version: '~> 1.15'
-        condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
-EOM
-  end
-end
--- a/manifests/firewall.pp
+++ b/manifests/firewall.pp
 # Class for skadereg firewall
 class aim_control::firewall {
-  ::server_firewall::constricto_chain { 'skadereg': }
+  firewalld_rich_rule { 'Allow 33060 from liu ipv4':
-  ::server_firewall::rules_file { '55-permit-skadereg.rules':
+    ensure  => present,
-    content => template("${module_name}/55-permit-skadereg.rules.erb"),
+    zone    => 'liu',
-    require => ::Server_firewall::Constricto_chain['skadereg'],
+    source  => { 'ipset' => 'liu-nets_v4' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    family  => 'ipv4',
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow 33060 from liu ipv6':
+    ensure  => present,
+    zone    => 'liu',
+    source  => { 'ipset' => 'liu-nets_v6' },
+    port    => { 'port' => 33060, 'protocol' => 'tcp' },
+    family  => 'ipv6',
+    action  => 'accept',
+  }
+  firewalld_rich_rule { 'Allow ssh from liu 10.243.0.0/16':
+    ensure  => present,
+    zone    => 'liu',
+    source  => '10.243.0.0/16',
+    service => 'ssh',
+    action  => 'accept',
+  }
+  firewalld_service { 'Allow https from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
  }
 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -34,6 +34,14 @@ class aim_control (
  String $skadereg_ro_user = 'skadereg_ro',
 ) {
  users::liu_user {
+    'kajjo92':
+      commonname => 'Kajsa Johansson',
+      shell      => '/bin/bash',
+      sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCx6W8aY6aX/dt+5aL5SpMbdbOOSOyFBRqwZj3P7C7LSHw1Pk26nFKedP+81KPoBqqy/EZn1n9Y6iu3qQY575CUcZ2Dzmtt/cffFSN6n2T7NBc3E+EOjSbk9jKt38zLKokOZdRJU984eTNe1VuKt7wQZJdrT8x7RJK6TxE7mYuVQd0WpZN+L38rwXLKopVJKbKmw7XL2xYWMcyGXGMoOrsaSqPMFYR+gGS0PMz3LvPrF+m6gd26eJMdkxefRh0uy2/2nt9zh12W8ErYqvpvvsF98Q3etEWxckWCmguod0FBJYg7QaPNxHyq962uv44tNfGrZuyRra778xx9l0DxNztG/wDJtM/Lc5MteRhUq5WJTGZTZQv5ih5rrgWbIO1o4dE68iLbWg4OXzersQcln8g8IuZHgkCFC+PlqURPGOOo1v4XLQ8MLvQMfphE5Z2f0oyecvZv4OQLXfKJAxfsNZmLmlC8y104ZKZMKo8OoFzNnDk46m4MPdE/0KiDeP6JyrWZdjpKg3raYFkA6atsnYQatH7XKvJ2PMmW745J+Ve2yTPBiuqOnp5Xua2TDf2iTkzZ6D0fMKqpQvp+VnYEMtZtX6PhozD55F73Ixil7i11adG6iW6tv9gpHcmv3GJ3Y4lITcZYK49AmAK3vCkkv8dzJNP+cZdSLnAtVEYrQHXVXw=='; # lint:ignore:140chars
+    'henma06':
+      commonname => 'Henrik Hedevik',
+      shell      => '/bin/bash',
+      sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCljonO5Dv4DTs5tB+ecADaDrHBIXQh80KU26puuwe6XSs6HzwreAaMaDgB9nL1TD+naqwn/s2Yl51XrwC5fZAFeUyEDXSa6G3dLaMxpMDex5a/q/EteT/x8n0XKQpxaxPUHsa9aPGF8PUaLdLx3g+sehhRiAWICDX4RIZhHut7SvwSygIizdhV46yiTJAv4WGIIOeOEUbxtwwDYVgCv+By6Wl+IbhQE+HG0TtFGlRA6K3YGgJ6mIbGLSgO3P69jSTW7NIiHt4v4UiHH6XFGpFza9yqggTLtpxkukyLafSuebGBjJ8nCMkhvkP/zcjOdgCpJ/ZUmM9dQugvZaEE7PGaGJ7q5E1nkyUvC7XPRR7jnukrABlFFHLY2otngKTRX5sgbTmLrGmka47yV9eHfmYsI9C7ZkFc/fdm0TobGJfhwmuUIolBbL9rL0Jq85lQBKsOQzdSLRxlCvPxnzLTNGTyklovWlMmLFOgXYgtcQfeV+ByUvByxqMmD1RDlPgO9hkaQMWHw4PV8ZKOZ6jw0fG5+MP9EYpyw80dvP7KNNqKFFrrRC1W+c+R7jBckOjCfykXW8ssmW4y92nlU540Q2ErtvljnACImvHz2YZejYrtE+4+uU0v2M1095TlFmNNpbvb9d0vtYogsUsLNRxPpq06R6amSCB/tWhVr3f604Draw=='; # lint:ignore:140chars
    'samla949':
      commonname => 'Samuel Larsson',
      shell      => '/bin/bash',
@@ -71,33 +79,40 @@ class aim_control (
  }
  include aim_control::firewall
-  #include apache
+  include apache
  include liurepo::remi
-  # class { 'apache::mod::php':
+  exec { 'enable remi-php74':
-  #   package_name => 'php74',
+    command  => 'dnf module enable php:remi-7.4 -y',
-  #   php_version  => '7',
+    path  => ['/bin', '/usr/bin'],
-  # }
+    unless  => 'dnf module list php:remi-7.4 | grep -q "[e]"',
-  # include apache::mod::rewrite
+    require  => Class['liurepo::remi'],
+  }
-  # package {
-  #   'php74-php-pdo':
-  #     ensure => installed;
-  #   'php74-php-mbstring':
-  #     ensure => installed;
-  #   'php74-php-mysqlnd':
-  #     ensure => installed;
-  #   'php74-php-common':
-  #     ensure => installed;
-  #   'php74-php':
-  #     ensure => installed;
-  # }
-  # file { '/etc/httpd/modules/libphp7.so':
+  class { 'apache::mod::php':
-  #   ensure => link,
+    package_name => 'php74',
-  #   target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
+    php_version  => '7',
-  #   before => Service['httpd'],
+  }
-  # }
+  include apache::mod::rewrite
+  package {
+    'php74-php-pdo':
+    ensure => installed;
+    'php74-php-mbstring':
+    ensure => installed;
+    'php74-php-mysqlnd':
+    ensure => installed;
+    'php74-php-common':
+    ensure => installed;
+    'php74-php':
+    ensure => installed;
+  }
+  file { '/etc/httpd/modules/libphp7.so':
+    ensure => link,
+    target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
+    before => Service['httpd'],
+  }
  include profiles::letsencrypt
@@ -105,113 +120,118 @@ class aim_control (
  $chain = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.chain")
  $key   = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key")
-  # apache::vhost { 'default:80':
+  file { '/var/www/skadereg/':
-  #   servername      => $facts['networking']['fqdn'],
+    ensure  => directory,
-  #   default_vhost   => true,
+    owner   => 'apache',
-  #   port            => '80',
+    group   => 'skadereg',
-  #   docroot         => '/var/www/html',
+    mode    => '0770',
-  #   redirect_status => 'permanent',
+    recurse => true,
-  #   redirect_dest   => "https://${facts['networking']['fqdn']}/",
+  }
-  # }
-  # apache::vhost { "${facts['networking']['fqdn']}:443":
+# TODO: Add setup for keys
-  #   servername    => $facts['networking']['fqdn'],
+  vcsrepo { '/var/www/skadereg':
-  #   port          => '443',
+    ensure   => latest,
-  #   ssl           => true,
+    provider => git,
-  #   ssl_cert      => $cert,
+    source   => 'git@gitlab.liu.se:aim-control/laravel.git',
-  #   ssl_chain     => $chain,
+    user     => 'apache',
-  #   ssl_key       => $key,
+    group    => 'skadereg',
-  #   headers       => ['Set Strict-Transport-Security "max-age=31536000"',],
+    require  => File['/var/www/skadereg/'],
-  #   docroot       => '/var/www/skadereg/public',
+  }
-  #   docroot_owner => 'apache',
-  #   docroot_group => 'skadereg',
-  #   directories   => [
-  #     {
-  #       path           => '/var/www/skadereg/public',
-  #       allow_override => [ 'ALL' ],
-  #       directoryindex => 'index.php',
-  #     }
-  #   ],
-  # }
-  # file { '/var/www/skadereg/':
+  apache::vhost { 'default:80':
-  #   ensure  => directory,
+    servername      => $facts['networking']['fqdn'],
-  #   owner   => 'apache',
+    default_vhost   => true,
-  #   group   => 'skadereg',
+    port            => 80,
-  #   mode    => '0770',
+    docroot         => '/var/www/html',
-  #   recurse => true,
+    redirect_status => 'permanent',
-  # }
+    redirect_dest   => "https://${facts['networking']['fqdn']}/",
+  }
-  # -> vcsrepo { '/var/www/skadereg':
+  apache::vhost { "${facts['networking']['fqdn']}:443":
-  #   ensure   => latest,
+    servername    => $facts['networking']['fqdn'],
-  #   before   => File['/var/www/skadereg/public'],
+    port          => 443,
-  #   provider => git,
+    ssl           => true,
-  #   source   => 'git@gitlab.liu.se:aim-control/laravel.git',
+    ssl_cert      => $cert,
-  #   user     => 'apache',
+    ssl_chain     => $chain,
-  #   group    => 'skadereg',
+    ssl_key       => $key,
-  # }
+    headers       => ['Set Strict-Transport-Security "max-age=31536000"'],
+    docroot       => '/var/www/skadereg/public',
+    docroot_owner => 'apache',
+    docroot_group => 'skadereg',
+    directories   => [
+      {
+        path           => '/var/www/skadereg/public',
+        allow_override => ['ALL'],
+        directoryindex => 'index.php',
+      }
+    ],
+    require  => Vcsrepo['/var/www/skadereg'],
+  }
-  # -> file { '/var/www/skadereg/.env':
+  file { '/var/www/skadereg/.env':
-  #   ensure  => file,
+    ensure  => file,
-  #   owner   => 'apache',
+    owner   => 'apache',
-  #   group   => 'skadereg',
+    group   => 'skadereg',
-  #   mode    => '0660',
+    mode    => '0660',
-  #   content => template("${module_name}/dotenv.erb"),
+    content => template("${module_name}/dotenv.erb"),
-  # }
+    require => Vcsrepo['/var/www/skadereg'],
+  }
-  # exec { 'artisan migrate':
+  exec { 'artisan migrate':
-  #   command     => 'php artisan migrate --force -n',
+    command     => 'php artisan migrate --force -n',
-  #   cwd         => '/var/www/skadereg',
+    cwd         => '/var/www/skadereg',
-  #   path        => [ '/opt/remi/php74/root/bin/' ],
+    path        => ['/opt/remi/php74/root/bin/'],
-  #   refreshonly => true,
+    refreshonly => true,
-  #   group       => 'skadereg',
+    group       => 'skadereg',
-  #   user        => 'apache',
+    user        => 'apache',
-  #   subscribe   =>  [ Vcsrepo['/var/www/skadereg'], File[ '/var/www/skadereg' ], ],
+    subscribe   => [Vcsrepo['/var/www/skadereg'], File['/var/www/skadereg'],],
-  # }
+  }
-  # cron { 'artisan schedule:run':
+  cron { 'artisan schedule:run':
-  #   minute      => '*',
+    minute      => '*',
-  #   hour        => '*',
+    hour        => '*',
-  #   monthday    => '*',
+    monthday    => '*',
-  #   month       => '*',
+    month       => '*',
-  #   weekday     => '*',
+    weekday     => '*',
-  #   user        => 'apache',
+    user        => 'apache',
-  #   environment => [ 'PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash' ],
+    environment => ['PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash'],
-  #   command     => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
+    command     => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
-  # }
+  }
-  # $db_name = 'homestead'
+  $db_name = 'homestead'
-  # class { 'mysql::server':
+  class { 'mysql::server':
-  #   root_password    => $mysql_password,
+    root_password    => $mysql_password,
-  #   databases        => {
+    override_options => {
-  #     $db_name => {
+      'mysqld' => {
-  #       ensure  => present,
+        'bind-address' => '0.0.0.0',
-  #       charset => 'utf8',
+        'port'         => 33060,
-  #     },
+        'socket'       => '/var/lib/mysql/mysql.sock',
-  #   },
+      },
-  #   users            => {
+    },
-  #     "${skadereg_ro_user}@%" => {
+    restart => true,
-  #       ensure        => present,
+  }
-  #       password_hash => mysql_password($skadereg_ro_password),
-  #     },
+  mysql::db { $db_name:
-  #   },
+    user     => $skadereg_ro_user,
-  #   grants           => {
+    password => $skadereg_ro_password,
-  #     'root@%/*.*' => {
+    host     => '%',
-  #       ensure     => present,
+    charset  => 'utf8',
-  #       options    => ['GRANT'],
+    grant    => ['SELECT'],
-  #       privileges => ['ALL'],
+  }
-  #       table      => '*.*',
-  #       user       => 'root@%',
+  mysql_user { 'root@%':
-  #     },
+    ensure        => 'present',
-  #   },
+    password_hash => mysql::password($mysql_password),
-  #   override_options => {
+  }
-  #     mysqld => {
-  #       'bind-address' => '0.0.0.0',
+  mysql_grant { 'root@%/*.*':
-  #       port           => 33060,
+    ensure     => 'present',
-  #     },
+    options    => ['GRANT'],
-  #   },
+    privileges => ['ALL'],
-  # }
+    table      => '*.*',
+    user       => 'root@%',
+  }
  # ['entries', 'guardian_confirmations', 'users'].each |String $table| {
  #   mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
@@ -222,14 +242,23 @@ class aim_control (
  #   }
  # }
-  # class { 'mysql::server::backup':
+  class { 'mysql::server::backup':
-  #   backupuser     => 'backupuser',
+    backupuser     => 'backupuser',
-  #   backuppassword => $mysql_backup_password,
+    backuppassword => $mysql_backup_password,
-  #   backupdir      => '/root/mysql_backups',
+    backupdir      => '/root/mysql_backups',
-  #   backupdirmode  => '700',
+    backupdirmode  => '700',
-  #   backupdirowner => 'root',
+    backupdirowner => 'root',
-  #   backupdirgroup => 'root',
+    backupdirgroup => 'root',
-  #   backuprotate   => '7',
+    backuprotate   => '7',
-  #   time           => ['1','0'],
+    time           => ['1','0'],
-  # }
+  }
+  # Ensure the MySQL directory is managed properly
+  file { '/var/lib/mysql':
+    ensure => 'directory',
+    owner  => 'mysql',
+    group  => 'mysql',
+    mode   => '0755',
+    require => Class['mysql::server'],  # Ensure MySQL is configured before setting permissions
+  }
 }
--- a/manifests/remirepo.pp
+++ b/manifests/remirepo.pp
+class aim_control::remirepo {
+    package { 'epel-release':
+      ensure   => installed,
+      provider => 'dnf',
+      before   => Package['remi-release'],
+    }
+    # Ensure the Remi release package is installed
+    package { 'remi-release':
+      ensure   => installed,
+      provider => 'rpm',
+      source   => 'https://rpms.remirepo.net/enterprise/remi-release-9.rpm',
+      before   => Exec['enable remi-php74'],
+    }
+    # Enable PHP 7.4 module
+    exec { 'enable remi-php74':
+      command     => 'dnf module enable php:remi-7.4 -y',
+      path        => ['/bin', '/usr/bin'],
+      refreshonly => true,
+      require     => Package['remi-release'],
+    }
+  }
--- a/manifests/update_report.txt
+++ b/manifests/update_report.txt
-/* Report generated by PDK at 2024-05-07 18:00:36 +0200 */
--- /home/nilpa76/user-repos/aim_control/metadata.json	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/metadata.json.pdknew	2024-05-07 18:00:36.727243586 +0200
-@@ -61,8 +61,8 @@
-       "version_requirement": ">= 6.21.0 < 8.0.0"
-     }
-   ],
-  "pdk-version": "2.5.0",
-+  "pdk-version": "3.0.1",
-   "template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
-  "template-ref": "heads/liu-0-g3298fb5"
-+  "template-ref": "heads/liu-0-g522eb00"
- }
--- /home/nilpa76/user-repos/aim_control/.gitignore	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/.gitignore.pdknew	2024-05-07 18:00:36.727697003 +0200
-@@ -16,7 +16,7 @@
- /log/
- /pkg/
- /spec/fixtures/manifests/
-/spec/fixtures/modules/
-+/spec/fixtures/modules/*
- /tmp/
- /vendor/
- /convert_report.txt
--- /home/nilpa76/user-repos/aim_control/.gitlab-ci.yml	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/.gitlab-ci.yml.pdknew	2024-05-07 18:00:36.727808772 +0200
-@@ -2,4 +2,8 @@
- include:
-   - project: 'puppet-infra/shared-ci-piplines'
-     file: '/puppet-module-pipeline.yaml'
-+  - local: .local-ci.yml
-+    rules:
-+      - exists:
-+          - .local-ci.yml
--- /home/nilpa76/user-repos/aim_control/.pdkignore	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/.pdkignore.pdknew	2024-05-07 18:00:36.728378355 +0200
-@@ -16,7 +16,7 @@
- /log/
- /pkg/
- /spec/fixtures/manifests/
-/spec/fixtures/modules/
-+/spec/fixtures/modules/*
- /tmp/
- /vendor/
- /convert_report.txt
-@@ -29,20 +29,17 @@
- *~
- \#*\#
- .\#*
-/appveyor.yml
-/.editorconfig
- /.fixtures.yml
- /Gemfile
- /.gitattributes
-+/.github/
- /.gitignore
-/.gitlab-ci.yml
- /.pdkignore
- /.puppet-lint.rc
- /Rakefile
- /rakelib/
- /.rspec
-/.rubocop.yml
-/.travis.yml
-+/..yml
- /.yardopts
- /spec/
- /.vscode/
--- /home/nilpa76/user-repos/aim_control/.rubocop.yml	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/.rubocop.yml.pdknew	2024-05-07 18:00:36.760334245 +0200
-@@ -4,7 +4,7 @@
- - rubocop-rspec
- AllCops:
-   DisplayCopNames: true
-  TargetRubyVersion: '2.5'
-+  TargetRubyVersion: '2.6'
-   Include:
-   - "**/*.rb"
-   Exclude:
-@@ -111,8 +111,14 @@
-   Enabled: true
- Style/StringMethods:
-   Enabled: true
-+Bundler/GemFilename:
-+  Enabled: false
- Bundler/InsecureProtocolSource:
-   Enabled: false
-+Capybara/CurrentPathExpectation:
-+  Enabled: false
-+Capybara/VisibilityMatcher:
-+  Enabled: false
- Gemspec/DuplicatedAssignment:
-   Enabled: false
- Gemspec/OrderedDependencies:
-@@ -287,11 +293,9 @@
-   Enabled: false
- RSpec/Be:
-   Enabled: false
-RSpec/Capybara/CurrentPathExpectation:
-  Enabled: false
- RSpec/Capybara/FeatureMethods:
-   Enabled: false
-RSpec/Capybara/VisibilityMatcher:
-+RSpec/ContainExactly:
-   Enabled: false
- RSpec/ContextMethod:
-   Enabled: false
-@@ -331,6 +335,8 @@
-   Enabled: false
- RSpec/LetBeforeExamples:
-   Enabled: false
-+RSpec/MatchArray:
-+  Enabled: false
- RSpec/MissingExampleGroupArgument:
-   Enabled: false
- RSpec/MultipleExpectations:
-@@ -373,8 +379,6 @@
-   Enabled: false
- Style/AccessorGrouping:
-   Enabled: false
-Style/AsciiComments:
-  Enabled: false
- Style/BisectedAttrAccessor:
-   Enabled: false
- Style/CaseLikeIf:
-@@ -485,35 +489,235 @@
-   Enabled: false
- Style/UnpackFirst:
-   Enabled: false
-+Capybara/MatchStyle:
-+  Enabled: false
-+Capybara/NegationMatcher:
-+  Enabled: false
-+Capybara/SpecificActions:
-+  Enabled: false
-+Capybara/SpecificFinders:
-+  Enabled: false
-+Capybara/SpecificMatcher:
-+  Enabled: false
-+Gemspec/DeprecatedAttributeAssignment:
-+  Enabled: false
-+Gemspec/DevelopmentDependencies:
-+  Enabled: false
-+Gemspec/RequireMFA:
-+  Enabled: false
-+Layout/LineContinuationLeadingSpace:
-+  Enabled: false
-+Layout/LineContinuationSpacing:
-+  Enabled: false
-+Layout/LineEndStringConcatenationIndentation:
-+  Enabled: false
-+Layout/SpaceBeforeBrackets:
-+  Enabled: false
-+Lint/AmbiguousAssignment:
-+  Enabled: false
-+Lint/AmbiguousOperatorPrecedence:
-+  Enabled: false
-+Lint/AmbiguousRange:
-+  Enabled: false
-+Lint/ConstantOverwrittenInRescue:
-+  Enabled: false
-+Lint/DeprecatedConstants:
-+  Enabled: false
- Lint/DuplicateBranch:
-   Enabled: false
-+Lint/DuplicateMagicComment:
-+  Enabled: false
- Lint/DuplicateRegexpCharacterClassElement:
-   Enabled: false
- Lint/EmptyBlock:
-   Enabled: false
- Lint/EmptyClass:
-   Enabled: false
-+Lint/EmptyInPattern:
-+  Enabled: false
-+Lint/IncompatibleIoSelectWithFiberScheduler:
-+  Enabled: false
-+Lint/LambdaWithoutLiteralBlock:
-+  Enabled: false
- Lint/NoReturnInBeginEndBlocks:
-   Enabled: false
-+Lint/NonAtomicFileOperation:
-+  Enabled: false
-+Lint/NumberedParameterAssignment:
-+  Enabled: false
-+Lint/OrAssignmentToConstant:
-+  Enabled: false
-+Lint/RedundantDirGlobSort:
-+  Enabled: false
-+Lint/RefinementImportMethods:
-+  Enabled: false
-+Lint/RequireRangeParentheses:
-+  Enabled: false
-+Lint/RequireRelativeSelfPath:
-+  Enabled: false
-+Lint/SymbolConversion:
-+  Enabled: false
- Lint/ToEnumArguments:
-   Enabled: false
-+Lint/TripleQuotes:
-+  Enabled: false
- Lint/UnexpectedBlockArity:
-   Enabled: false
- Lint/UnmodifiedReduceAccumulator:
-   Enabled: false
-+Lint/UselessRescue:
-+  Enabled: false
-+Lint/UselessRuby2Keywords:
-+  Enabled: false
-+Metrics/CollectionLiteralLength:
-+  Enabled: false
-+Naming/BlockForwarding:
-+  Enabled: false
- Performance/CollectionLiteralInLoop:
-   Enabled: false
-+Performance/ConcurrentMonotonicTime:
-+  Enabled: false
-+Performance/MapCompact:
-+  Enabled: false
-+Performance/RedundantEqualityComparisonBlock:
-+  Enabled: false
-+Performance/RedundantSplitRegexpArgument:
-+  Enabled: false
-+Performance/StringIdentifierArgument:
-+  Enabled: false
-+RSpec/BeEq:
-+  Enabled: false
-+RSpec/BeNil:
-+  Enabled: false
-+RSpec/ChangeByZero:
-+  Enabled: false
-+RSpec/ClassCheck:
-+  Enabled: false
-+RSpec/DuplicatedMetadata:
-+  Enabled: false
-+RSpec/ExcessiveDocstringSpacing:
-+  Enabled: false
-+RSpec/FactoryBot/ConsistentParenthesesStyle:
-+  Enabled: false
-+RSpec/FactoryBot/FactoryNameStyle:
-+  Enabled: false
-+RSpec/FactoryBot/SyntaxMethods:
-+  Enabled: false
-+RSpec/IdenticalEqualityAssertion:
-+  Enabled: false
-+RSpec/NoExpectationExample:
-+  Enabled: false
-+RSpec/PendingWithoutReason:
-+  Enabled: false
-+RSpec/Rails/AvoidSetupHook:
-+  Enabled: false
-+RSpec/Rails/HaveHttpStatus:
-+  Enabled: false
-+RSpec/Rails/InferredSpecType:
-+  Enabled: false
-+RSpec/Rails/MinitestAssertions:
-+  Enabled: false
-+RSpec/Rails/TravelAround:
-+  Enabled: false
-+RSpec/RedundantAround:
-+  Enabled: false
-+RSpec/SkipBlockInsideExample:
-+  Enabled: false
-+RSpec/SortMetadata:
-+  Enabled: false
-+RSpec/SubjectDeclaration:
-+  Enabled: false
-+RSpec/VerifiedDoubleReference:
-+  Enabled: false
-+Security/CompoundHash:
-+  Enabled: false
-+Security/IoMethods:
-+  Enabled: false
- Style/ArgumentsForwarding:
-   Enabled: false
-+Style/ArrayIntersect:
-+  Enabled: false
- Style/CollectionCompact:
-   Enabled: false
-+Style/ComparableClamp:
-+  Enabled: false
-+Style/ConcatArrayLiterals:
-+  Enabled: false
-+Style/DirEmpty:
-+  Enabled: false
- Style/DocumentDynamicEvalDefinition:
-   Enabled: false
-+Style/EmptyHeredoc:
-+  Enabled: false
-+Style/EndlessMethod:
-+  Enabled: false
-+Style/EnvHome:
-+  Enabled: false
-+Style/FetchEnvVar:
-+  Enabled: false
-+Style/FileEmpty:
-+  Enabled: false
-+Style/FileRead:
-+  Enabled: false
-+Style/FileWrite:
-+  Enabled: false
-+Style/HashConversion:
-+  Enabled: false
-+Style/HashExcept:
-+  Enabled: false
-+Style/IfWithBooleanLiteralBranches:
-+  Enabled: false
-+Style/InPatternThen:
-+  Enabled: false
-+Style/MagicCommentFormat:
-+  Enabled: false
-+Style/MapCompactWithConditionalBlock:
-+  Enabled: false
-+Style/MapToHash:
-+  Enabled: false
-+Style/MapToSet:
-+  Enabled: false
-+Style/MinMaxComparison:
-+  Enabled: false
-+Style/MultilineInPatternThen:
-+  Enabled: false
- Style/NegatedIfElseCondition:
-   Enabled: false
-+Style/NestedFileDirname:
-+  Enabled: false
- Style/NilLambda:
-   Enabled: false
-+Style/NumberedParameters:
-+  Enabled: false
-+Style/NumberedParametersLimit:
-+  Enabled: false
-+Style/ObjectThen:
-+  Enabled: false
-+Style/OpenStructUse:
-+  Enabled: false
-+Style/OperatorMethodCall:
-+  Enabled: false
-+Style/QuotedSymbols:
-+  Enabled: false
- Style/RedundantArgument:
-+  Enabled: false
-+Style/RedundantConstantBase:
-+  Enabled: false
-+Style/RedundantDoubleSplatHashBraces:
-+  Enabled: false
-+Style/RedundantEach:
-+  Enabled: false
-+Style/RedundantHeredocDelimiterQuotes:
-+  Enabled: false
-+Style/RedundantInitialize:
-+  Enabled: false
-+Style/RedundantSelfAssignmentBranch:
-+  Enabled: false
-+Style/RedundantStringEscape:
-+  Enabled: false
-+Style/SelectByRegexp:
-+  Enabled: false
-+Style/StringChars:
-   Enabled: false
- Style/SwapValues:
-   Enabled: false
--- /home/nilpa76/user-repos/aim_control/Gemfile	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/Gemfile.pdknew	2024-05-07 18:00:36.761486068 +0200
-@@ -13,29 +13,37 @@
-   end
- end
-ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
-minor_version = ruby_version_segments[0..1].join('.')
-
- group :development do
-  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.3.0',                                         require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
-  gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "voxpupuli-puppet-lint-plugins", '>= 3.0',                 require: false
-  gem "puppet-lint-absolute_classname-check", '>= 3.0.1',        require: false
-  gem "puppet-lint-absolute_template_path", '>= 1.0.1',          require: false
-  gem "puppet-lint-empty_trailing_lines", '>= 0.0.1',            require: false
-  gem "puppet-lint-file_ensure-check", '>= 1.0.0',               require: false
-  gem "puppet-lint-strict_indent-check", '>= 2.0.8',             require: false
-  gem "puppet-lint-trailing_comma-check", '>= 0.4.3',            require: false
-  gem "puppet-lint-unquoted_string-check", '>= 2.1.0',           require: false
-+  gem "json", '= 2.1.0',                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "json", '= 2.3.0',                         require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "json", '= 2.5.1',                         require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "json", '= 2.6.1',                         require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "json", '= 2.6.3',                         require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "racc", '~> 1.4.0',                        require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-+  gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
-+  gem "facterdb", '~> 1.18',                     require: false
-+  gem "metadata-json-lint", '~> 3.0',            require: false
-+  gem "puppetlabs_spec_helper", '~> 6.0',        require: false
-+  gem "rspec-puppet-facts", '~> 2.0',            require: false
-+  gem "codecov", '~> 0.2',                       require: false
-+  gem "dependency_checker", '~> 1.0.0',          require: false
-+  gem "parallel_tests", '= 3.12.1',              require: false
-+  gem "pry", '~> 0.10',                          require: false
-+  gem "simplecov-console", '~> 0.5',             require: false
-+  gem "puppet-debugger", '~> 1.0',               require: false
-+  gem "rubocop", '= 1.48.1',                     require: false
-+  gem "rubocop-performance", '= 1.16.0',         require: false
-+  gem "rubocop-rspec", '= 2.19.0',               require: false
-+  gem "puppet-strings", '~> 4.0',                require: false
-+  gem "rb-readline", '= 0.5.5',                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
- end
- group :system_tests do
-  gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-win-system-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-+  gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
-+  gem "serverspec", '~> 2.41',   require: false
-+end
-+group :release_prep do
-+  gem "puppet-strings", '~> 4.0',         require: false
-+  gem "puppetlabs_spec_helper", '~> 6.0', require: false
- end
- puppet_version = ENV['PUPPET_GEM_VERSION']
--- /home/nilpa76/user-repos/aim_control/Rakefile	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/Rakefile.pdknew	2024-05-07 18:00:36.762031548 +0200
-@@ -1,12 +1,11 @@
- # frozen_string_literal: true
- require 'bundler'
-require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
-+require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
- require 'puppetlabs_spec_helper/rake_tasks'
- require 'puppet-syntax/tasks/puppet-syntax'
-require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
-require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
-require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
-+require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
-+require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
- def changelog_user
-   return unless Rake.application.top_level_tasks.include? "changelog"
-@@ -44,7 +43,7 @@
- PuppetLint.configuration.send('disable_relative')
-if Bundler.rubygems.find_name('github_changelog_generator').any?
-+if Gem.loaded_specs.key? 'github_changelog_generator'
-   GitHubChangelogGenerator::RakeTask.new :changelog do |config|
-     raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
-     config.user = "#{changelog_user}"
--- /home/nilpa76/user-repos/aim_control/spec/default_facts.yml	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/spec/default_facts.yml.pdknew	2024-05-07 18:00:36.762194646 +0200
-@@ -2,8 +2,9 @@
- #
- # Facts specified here will override the values provided by rspec-puppet-facts.
- ---
-ipaddress: "172.16.254.254"
-ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
-+networking:
-+  ip: "172.16.254.254"
-+  ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
-+  mac: "AA:AA:AA:AA:AA:AA"
- is_pe: false
-macaddress: "AA:AA:AA:AA:AA:AA"
--- /home/nilpa76/user-repos/aim_control/spec/spec_helper.rb	2024-05-07 17:52:04.429712285 +0200
-+++ /home/nilpa76/user-repos/aim_control/spec/spec_helper.rb.pdknew	2024-05-07 18:00:36.762465329 +0200
-@@ -28,8 +28,8 @@
-   next unless File.exist?(f) && File.readable?(f) && File.size?(f)
-   begin
-    default_facts.merge!(YAML.safe_load(File.read(f), [], [], true))
-  rescue => e
-+    default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
-+  rescue StandardError => e
-     RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
-   end
- end
--- a/metadata.json
+++ b/metadata.json
@@ -61,7 +61,7 @@
      "version_requirement": ">= 6.21.0 < 8.0.0"
    }
  ],
-  "pdk-version": "3.0.1",
+  "pdk-version": "3.2.0",
  "template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
-  "template-ref": "heads/liu-0-g522eb00"
+  "template-ref": "heads/liu-0-g4d4e981"
 }
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -28,7 +28,8 @@ default_fact_files.each do |f|
  next unless File.exist?(f) && File.readable?(f) && File.size?(f)
  begin
-    default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+    require 'deep_merge'
+    default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
  rescue StandardError => e
    RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
  end
@@ -36,7 +37,7 @@ end
 # read default_facts and merge them over what is provided by facterdb
 default_facts.each do |fact, value|
-  add_custom_fact fact, value
+  add_custom_fact fact, value, merge_facts: true
 end
 RSpec.configure do |c|

--- a/templates/55-permit-skadereg.rules.erb
+++ b/templates/55-permit-skadereg.rules.erb
-require services
-policy skadereg chain skadereg is
-	accept service:http
-	accept service:https
-end policy
-append rule INPUT -j skadereg
-append rule INPUT -s class:liu-nets -p tcp --dport 33060:33060 -j ACCEPT
-# <%# Put installed file in view mode when opened with Emacs: -%>
-# <%= "Nota bene: Puppet managed file, all local changes will be reverted." %>
-# <%= "Local" %> <%= "variables:" %>
-# mode: view
-# <%= "End:" %>
No results found