Skip to content
Snippets Groups Projects

Devel

Merged Devel
devel into test
Merged Nils Olof Paulsson requested to merge devel into test
Viewing commit 13894679
Prev
Show latest version
1 file
+ 1
1
Compare changes
  • Side-by-side
  • Inline
manifests/init.pp
+ 163
134
@@ -34,6 +34,14 @@ class aim_control (
String $skadereg_ro_user = 'skadereg_ro',
) {
users::liu_user {
'kajjo92':
commonname => 'Kajsa Johansson',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCx6W8aY6aX/dt+5aL5SpMbdbOOSOyFBRqwZj3P7C7LSHw1Pk26nFKedP+81KPoBqqy/EZn1n9Y6iu3qQY575CUcZ2Dzmtt/cffFSN6n2T7NBc3E+EOjSbk9jKt38zLKokOZdRJU984eTNe1VuKt7wQZJdrT8x7RJK6TxE7mYuVQd0WpZN+L38rwXLKopVJKbKmw7XL2xYWMcyGXGMoOrsaSqPMFYR+gGS0PMz3LvPrF+m6gd26eJMdkxefRh0uy2/2nt9zh12W8ErYqvpvvsF98Q3etEWxckWCmguod0FBJYg7QaPNxHyq962uv44tNfGrZuyRra778xx9l0DxNztG/wDJtM/Lc5MteRhUq5WJTGZTZQv5ih5rrgWbIO1o4dE68iLbWg4OXzersQcln8g8IuZHgkCFC+PlqURPGOOo1v4XLQ8MLvQMfphE5Z2f0oyecvZv4OQLXfKJAxfsNZmLmlC8y104ZKZMKo8OoFzNnDk46m4MPdE/0KiDeP6JyrWZdjpKg3raYFkA6atsnYQatH7XKvJ2PMmW745J+Ve2yTPBiuqOnp5Xua2TDf2iTkzZ6D0fMKqpQvp+VnYEMtZtX6PhozD55F73Ixil7i11adG6iW6tv9gpHcmv3GJ3Y4lITcZYK49AmAK3vCkkv8dzJNP+cZdSLnAtVEYrQHXVXw=='; # lint:ignore:140chars
'henma06':
commonname => 'Henrik Hedevik',
shell => '/bin/bash',
sshkey => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCljonO5Dv4DTs5tB+ecADaDrHBIXQh80KU26puuwe6XSs6HzwreAaMaDgB9nL1TD+naqwn/s2Yl51XrwC5fZAFeUyEDXSa6G3dLaMxpMDex5a/q/EteT/x8n0XKQpxaxPUHsa9aPGF8PUaLdLx3g+sehhRiAWICDX4RIZhHut7SvwSygIizdhV46yiTJAv4WGIIOeOEUbxtwwDYVgCv+By6Wl+IbhQE+HG0TtFGlRA6K3YGgJ6mIbGLSgO3P69jSTW7NIiHt4v4UiHH6XFGpFza9yqggTLtpxkukyLafSuebGBjJ8nCMkhvkP/zcjOdgCpJ/ZUmM9dQugvZaEE7PGaGJ7q5E1nkyUvC7XPRR7jnukrABlFFHLY2otngKTRX5sgbTmLrGmka47yV9eHfmYsI9C7ZkFc/fdm0TobGJfhwmuUIolBbL9rL0Jq85lQBKsOQzdSLRxlCvPxnzLTNGTyklovWlMmLFOgXYgtcQfeV+ByUvByxqMmD1RDlPgO9hkaQMWHw4PV8ZKOZ6jw0fG5+MP9EYpyw80dvP7KNNqKFFrrRC1W+c+R7jBckOjCfykXW8ssmW4y92nlU540Q2ErtvljnACImvHz2YZejYrtE+4+uU0v2M1095TlFmNNpbvb9d0vtYogsUsLNRxPpq06R6amSCB/tWhVr3f604Draw=='; # lint:ignore:140chars
'samla949':
commonname => 'Samuel Larsson',
shell => '/bin/bash',
@@ -71,33 +79,40 @@ class aim_control (
}
include aim_control::firewall
#include apache
include apache
include liurepo::remi
# class { 'apache::mod::php':
# package_name => 'php74',
# php_version => '7',
# }
# include apache::mod::rewrite
# package {
# 'php74-php-pdo':
# ensure => installed;
# 'php74-php-mbstring':
# ensure => installed;
# 'php74-php-mysqlnd':
# ensure => installed;
# 'php74-php-common':
# ensure => installed;
# 'php74-php':
# ensure => installed;
# }
exec { 'enable remi-php74':
command => 'dnf module enable php:remi-7.4 -y',
path => ['/bin', '/usr/bin'],
unless => 'dnf module list php:remi-7.4 | grep -q "[e]"',
require => Class['liurepo::remi'],
}
# file { '/etc/httpd/modules/libphp7.so':
# ensure => link,
# target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
# before => Service['httpd'],
# }
class { 'apache::mod::php':
package_name => 'php74',
php_version => '7',
}
include apache::mod::rewrite
package {
'php74-php-pdo':
ensure => installed;
'php74-php-mbstring':
ensure => installed;
'php74-php-mysqlnd':
ensure => installed;
'php74-php-common':
ensure => installed;
'php74-php':
ensure => installed;
}
file { '/etc/httpd/modules/libphp7.so':
ensure => link,
target => '/opt/remi/php74/root/usr/lib64/httpd/modules/libphp7.so',
before => Service['httpd'],
}
include profiles::letsencrypt
@@ -105,113 +120,118 @@ class aim_control (
$chain = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.chain")
$key = fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key")
# apache::vhost { 'default:80':
# servername => $facts['networking']['fqdn'],
# default_vhost => true,
# port => '80',
# docroot => '/var/www/html',
# redirect_status => 'permanent',
# redirect_dest => "https://${facts['networking']['fqdn']}/",
# }
file { '/var/www/skadereg/':
ensure => directory,
owner => 'apache',
group => 'skadereg',
mode => '0770',
recurse => true,
}
# apache::vhost { "${facts['networking']['fqdn']}:443":
# servername => $facts['networking']['fqdn'],
# port => '443',
# ssl => true,
# ssl_cert => $cert,
# ssl_chain => $chain,
# ssl_key => $key,
# headers => ['Set Strict-Transport-Security "max-age=31536000"',],
# docroot => '/var/www/skadereg/public',
# docroot_owner => 'apache',
# docroot_group => 'skadereg',
# directories => [
# {
# path => '/var/www/skadereg/public',
# allow_override => [ 'ALL' ],
# directoryindex => 'index.php',
# }
# ],
# }
# TODO: Add setup for keys
vcsrepo { '/var/www/skadereg':
ensure => latest,
provider => git,
source => 'git@gitlab.liu.se:aim-control/laravel.git',
user => 'apache',
group => 'skadereg',
require => File['/var/www/skadereg/'],
}
# file { '/var/www/skadereg/':
# ensure => directory,
# owner => 'apache',
# group => 'skadereg',
# mode => '0770',
# recurse => true,
# }
apache::vhost { 'default:80':
servername => $facts['networking']['fqdn'],
default_vhost => true,
port => 80,
docroot => '/var/www/html',
redirect_status => 'permanent',
redirect_dest => "https://${facts['networking']['fqdn']}/",
}
# -> vcsrepo { '/var/www/skadereg':
# ensure => latest,
# before => File['/var/www/skadereg/public'],
# provider => git,
# source => 'git@gitlab.liu.se:aim-control/laravel.git',
# user => 'apache',
# group => 'skadereg',
# }
apache::vhost { "${facts['networking']['fqdn']}:443":
servername => $facts['networking']['fqdn'],
port => 443,
ssl => true,
ssl_cert => $cert,
ssl_chain => $chain,
ssl_key => $key,
headers => ['Set Strict-Transport-Security "max-age=31536000"'],
docroot => '/var/www/skadereg/public',
docroot_owner => 'apache',
docroot_group => 'skadereg',
directories => [
{
path => '/var/www/skadereg/public',
allow_override => ['ALL'],
directoryindex => 'index.php',
}
],
require => Vcsrepo['/var/www/skadereg'],
}
# -> file { '/var/www/skadereg/.env':
# ensure => file,
# owner => 'apache',
# group => 'skadereg',
# mode => '0660',
# content => template("${module_name}/dotenv.erb"),
# }
file { '/var/www/skadereg/.env':
ensure => file,
owner => 'apache',
group => 'skadereg',
mode => '0660',
content => template("${module_name}/dotenv.erb"),
require => Vcsrepo['/var/www/skadereg'],
}
# exec { 'artisan migrate':
# command => 'php artisan migrate --force -n',
# cwd => '/var/www/skadereg',
# path => [ '/opt/remi/php74/root/bin/' ],
# refreshonly => true,
# group => 'skadereg',
# user => 'apache',
# subscribe => [ Vcsrepo['/var/www/skadereg'], File[ '/var/www/skadereg' ], ],
# }
exec { 'artisan migrate':
command => 'php artisan migrate --force -n',
cwd => '/var/www/skadereg',
path => ['/opt/remi/php74/root/bin/'],
refreshonly => true,
group => 'skadereg',
user => 'apache',
subscribe => [Vcsrepo['/var/www/skadereg'], File['/var/www/skadereg'],],
}
# cron { 'artisan schedule:run':
# minute => '*',
# hour => '*',
# monthday => '*',
# month => '*',
# weekday => '*',
# user => 'apache',
# environment => [ 'PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash' ],
# command => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
# }
cron { 'artisan schedule:run':
minute => '*',
hour => '*',
monthday => '*',
month => '*',
weekday => '*',
user => 'apache',
environment => ['PATH=/opt/remi/php74/root/bin:/usr/bin:/bin', 'SHELL=/bin/bash'],
command => 'php /var/www/skadereg/artisan schedule:run &> /dev/null',
}
# $db_name = 'homestead'
# class { 'mysql::server':
# root_password => $mysql_password,
# databases => {
# $db_name => {
# ensure => present,
# charset => 'utf8',
# },
# },
# users => {
# "${skadereg_ro_user}@%" => {
# ensure => present,
# password_hash => mysql_password($skadereg_ro_password),
# },
# },
# grants => {
# 'root@%/*.*' => {
# ensure => present,
# options => ['GRANT'],
# privileges => ['ALL'],
# table => '*.*',
# user => 'root@%',
# },
# },
# override_options => {
# mysqld => {
# 'bind-address' => '0.0.0.0',
# port => 33060,
# },
# },
# }
$db_name = 'homestead'
class { 'mysql::server':
root_password => $mysql_password,
override_options => {
'mysqld' => {
'bind-address' => '0.0.0.0',
'port' => 33060,
'socket' => '/var/lib/mysql/mysql.sock',
},
},
restart => true,
}
mysql::db { $db_name:
user => $skadereg_ro_user,
password => $skadereg_ro_password,
host => '%',
charset => 'utf8',
grant => ['SELECT'],
}
mysql_user { 'root@%':
ensure => 'present',
password_hash => mysql::password($mysql_password),
}
mysql_grant { 'root@%/*.*':
ensure => 'present',
options => ['GRANT'],
privileges => ['ALL'],
table => '*.*',
user => 'root@%',
}
# ['entries', 'guardian_confirmations', 'users'].each |String $table| {
# mysql_grant { "${skadereg_ro_user}@%/${db_name}.${table}":
@@ -222,14 +242,23 @@ class aim_control (
# }
# }
# class { 'mysql::server::backup':
# backupuser => 'backupuser',
# backuppassword => $mysql_backup_password,
# backupdir => '/root/mysql_backups',
# backupdirmode => '700',
# backupdirowner => 'root',
# backupdirgroup => 'root',
# backuprotate => '7',
# time => ['1','0'],
# }
class { 'mysql::server::backup':
backupuser => 'backupuser',
backuppassword => $mysql_backup_password,
backupdir => '/root/mysql_backups',
backupdirmode => '700',
backupdirowner => 'root',
backupdirgroup => 'root',
backuprotate => '7',
time => ['1','0'],
}
# Ensure the MySQL directory is managed properly
file { '/var/lib/mysql':
ensure => 'directory',
owner => 'mysql',
group => 'mysql',
mode => '0755',
require => Class['mysql::server'], # Ensure MySQL is configured before setting permissions
}
}