summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-02 18:19:45 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-02 18:19:45 +0200
commit9a49de9ffe7305e202f469a4153ea3b17643c6f6 (patch)
treec04ae685068f4f24e79a11b6bf0ddcc6d8885c40
parentad2d04ff2dd9bd23e488ed5d901c5181c5da8c08 (diff)
downloadcacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.tar.gz
cacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.tar.xz
cacert-puppet-9a49de9ffe7305e202f469a4153ea3b17643c6f6.zip
Setup Apache httpd on webstatic
-rw-r--r--Puppetfile1
-rw-r--r--hieradata/nodes/webstatic.yaml100
-rw-r--r--sitemodules/profiles/manifests/apache_common.pp29
-rw-r--r--sitemodules/profiles/manifests/static_websites.pp36
-rw-r--r--sitemodules/roles/manifests/webstatic.pp1
5 files changed, 167 insertions, 0 deletions
diff --git a/Puppetfile b/Puppetfile
index a1c594b..ce9073b 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -1,5 +1,6 @@
mod 'icinga/icinga2', :latest
mod 'icinga/icingaweb2', :latest
+mod 'puppetlabs/apache', :latest
mod 'puppetlabs/apt', :latest
mod 'puppetlabs/concat', :latest
mod 'puppetlabs/mailalias_core', :latest
diff --git a/hieradata/nodes/webstatic.yaml b/hieradata/nodes/webstatic.yaml
index c489195..21bf5fe 100644
--- a/hieradata/nodes/webstatic.yaml
+++ b/hieradata/nodes/webstatic.yaml
@@ -72,3 +72,103 @@ profiles::icinga2_agent::pki_ticket: >
zWIAoTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCz2/HN15HQ/xCGQExX
Ozd9gDCOqJLm9jtlSoCpwDwzowwiCgRj+k1s444lp1RkvgWKCrfO3QkOF3aR
MY7nsz39ve8=]
+profiles::static_websites::apache_vhosts:
+ 'webstatic.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ redirect_source:
+ - "/"
+ redirect_dest:
+ - "https://www.cacert.org/"
+ docroot: false
+ manage_docroot: false
+ 'funding.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/funding.cacert.org"
+ docroot_owner: "git"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/funding.cacert.org"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ - "set Content-Security-Policy \"default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; connect-src 'self';\""
+ 'codedocs.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/codedocs.cacert.org/html"
+ docroot_owner: "jenkins-infradocs"
+ docroot_group: "upload"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/codedocs.cacert.org/html"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
+ 'infradocs.cacert.org':
+ port: 80
+ access_log: true
+ access_log_format: "combined"
+ error_log: true
+ log_level: "warn"
+ docroot: "/var/www/infradocs.cacert.org/html"
+ docroot_owner: "jenkins-infradocs"
+ docroot_group: "upload"
+ docroot_mode: "0755"
+ directoryindex:
+ - "index.html"
+ directories:
+ -
+ path: "/var/www/infradocs.cacert.org/html"
+ options:
+ - "-Includes"
+ - "-Indexes"
+ - "-FollowSymLinks"
+ - "-MultiViews"
+ require: "all granted"
+ headers:
+ - 'set X-Frame-Options "sameorigin"'
+ - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
+ - 'set X-XSS-Protection "1; mode=block"'
+ - 'set Cache-Control "no-cache, no-store, must-revalidate"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires "-1"'
+ - 'set X-Permitted-Cross-Domain-Policies "master-only"'
diff --git a/sitemodules/profiles/manifests/apache_common.pp b/sitemodules/profiles/manifests/apache_common.pp
new file mode 100644
index 0000000..4a94f80
--- /dev/null
+++ b/sitemodules/profiles/manifests/apache_common.pp
@@ -0,0 +1,29 @@
+# Class: profiles::static_websites
+# ================================
+#
+# This class takes care of basic Apache http setup. It is meant to be
+# included by other profiles.
+#
+# Examples
+# --------
+#
+# @example
+# class profiles::myprofile {
+# include profiles::icinga2_agent
+# }
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2019 Jan Dittberner
+class profiles::apache_common (
+) {
+ class { 'apache':
+ default_vhost => false,
+ }
+}
diff --git a/sitemodules/profiles/manifests/static_websites.pp b/sitemodules/profiles/manifests/static_websites.pp
new file mode 100644
index 0000000..0ef308b
--- /dev/null
+++ b/sitemodules/profiles/manifests/static_websites.pp
@@ -0,0 +1,36 @@
+# Class: profiles::static_websites
+# ================================
+#
+# This class takes care of VirtualHost setup for static websites.
+#
+# Parameters
+# ----------
+#
+# @param apache_vhosts Apache VirtualHost definitions that will be fed into
+# apache::vhost resources from the puppetlabs/apache
+# module
+#
+# Examples
+# --------
+#
+# @example
+# class roles::myhost {
+# include profiles::icinga2_agent
+# }
+#
+# Authors
+# -------
+#
+# Jan Dittberner <jandd@cacert.org>
+#
+# Copyright
+# ---------
+#
+# Copyright 2019 Jan Dittberner
+class profiles::static_websites (
+ Hash[String, Data] $apache_vhosts = {},
+) {
+ include profiles::apache_common
+
+ create_resources(apache::vhost, $apache_vhosts)
+}
diff --git a/sitemodules/roles/manifests/webstatic.pp b/sitemodules/roles/manifests/webstatic.pp
index 59bef2e..f93c73d 100644
--- a/sitemodules/roles/manifests/webstatic.pp
+++ b/sitemodules/roles/manifests/webstatic.pp
@@ -25,5 +25,6 @@ class roles::webstatic {
include profiles::rsyslog
include profiles::purge_nrpe_agent
include profiles::icinga2_agent
+ include profiles::static_websites
include profiles::debarchive
}