summaryrefslogtreecommitdiff
path: root/hieradata/nodes/webstatic.yaml
blob: 497cab45b6b7ede9e9413c9c176025ac4739907c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
---
classes:
  - roles::webstatic
profiles::base::admins:
  - jandd
  - law
profiles::debarchive::notification_email_address: jandd@cacert.org
profiles::debarchive::release_signing_key: >
    ENC[PKCS7,MIIIzQYJKoZIhvcNAQcDoIIIvjCCCLoCAQAxggEhMIIBHQIBADAFMAACAQEw
    DQYJKoZIhvcNAQEBBQAEggEAtJiS4GluyFbbkmxFKmH+2CWZRD1wotHn8HAc
    7wXckaUSIaUvHY9aor6lxFgjD8vnE5ROmiBTtCsJ0Rmx0oJMO7XDTTKfauwZ
    sTNIi/xPq4YX3fGAKZQ0HpDZQRsgFuh+6acW3B59KAWZlcJCQqnSO/OUdCNz
    yHSdFF1hMM7fTHYfMXkvp91oOkxkSHhAtiC2AbB82AaSikt7rNv/03rL6Hv7
    8vzfjo14m0UGMGGo5Yn8N38Yn24WQTJOGhgBeUm1GpLylaqUDNWN8kRVWrqF
    0/O+FTjtGQjeQVkR73u2Iy9n+cvX3blYZKl1ItRRWgFjf/pP6uV4P7d8IrSG
    1myvMzCCB44GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJeo9l7ZAFDCx2IS
    K4F1IoqAggdgIZWj1bAB165e6eZ0MDx60xsurDWPOFqMlVNmVhrM7O5+n/pB
    IGBJ+ylUsi97gaWrIAAyzYqnfbqN8pjwNA55gqw6jx2H8AsRuMUDU76JBUtu
    WvxiMgYOmf4V0tt6i5uLxDIEzkfIf4Mh4sSVoZW/wR2A0n5L4YcbJTHRW9D0
    idNVfV2hKFxqX9QpbwoJk4IlW68hidk9mpKKO81bA6rO+IF0OoYg1vTBu26M
    ZdFChv9Ypm10jR2vqhbbb15btOyi5pa/wcis8GYBEvANnQgUfGS//YHK9ttd
    1x3JQ6YL87Ye5iXUzOoohHIZ+QHalfyMHPotOy8fsnQyxZd3pkA6utLMItr6
    3ehPtsT71a17nC30TJFKgopGigccvk24K5kZozZdG2qyy7yycn1JHp53TirK
    kdLDfAbwPnhV2+gUycz+51eGvBE3ZdafV+20Wx6hUd6S+F3zef/aeD9D7u9c
    soIDj1Lun7f7CBE0qgbvlg0vUHFlpGvtTFK2eoJVAid3odefj9x06yoi23RU
    Y8MddhqxvZGtZituqPvfpDqOY3cTu4WJc/VznKcEkOlWU4R4gqw6NWrt1J6l
    1/PqJCqLlvkebbd9R8jZGuy6PgKCsg4oDRjcKpsxbydO9NJwMgUd6UQI4HeZ
    vbcpbBOwGcXizE+myTjUbS3UbtZAMGWiBPDa+pkNSet4R8MdkcFnaS0vwa8N
    Uot7eqpDUpKvgeJz/Vk0WhUfPkyiaT3idy1i0GDFZD9eV9v3tpyp9xBQMK42
    VZEep2p0mXopUk61xY9tpuZQvw53//Bqq3YXfZghhXlgdeLIcxpp7af5lBAU
    iavhoMs5fZwEsSxfkUXVT4w7A4b02X9FeDdQ1TY3orI1yTLKzmx/FgozztTy
    CYh1/o6K9r1Mo1INWpngy/kLCaZtySppzTzaDBIoCbDWJjWE5FzMlslaBVqk
    PjTemUHuyXsWoRFnik0JW4AMuRYqcsf8KsrI/lDiGgNDR9BxNRrmHplclhvA
    8zAccSQLH53NKh4ma5WPVmbl++6gB6OSeHlwttQDaNBuujoMADF8MWiJNXjj
    qfqpKHxlEQEqG/CrTJoWJ+EROl5daH6+TVXTXGzUSIsqOir91Jo4Sd4fJYsh
    CpjHy+jyQZiXuYWWOWXV7suBw399Twozm4sKBcefumXMkgiJnSnibGtSV7ia
    Ob84hEoQH+Hg/md6rJYefIZYyCOi8IyEV8n4mUr4/DOD0s+BmPxPOgYCDhc8
    o8IyiUajFCR64gVWou8xnR4OG0ged+1zaU75pq04U5kPARg/WfFWHYWo9Ljq
    v81+VsWSPEb3ILsX3ZCLT/axkSE3VYEAOaRoT1mE8cc4ENjVRzd50y4I2V4A
    rALARll+gSSdE/cXqFI4DrkwkobCATYlYNpvBACASkpQVzJontdmJ5sIjEPE
    LVbAhOHIL4mNNI24zLABOzwS6RGi0sJjfZIjnc7qsb5cxU2PtwkLleHbbcgM
    tVcmX3EFg+rMg9wGYLT+l4K91pjWmBRN8lssEYNoOcrPu5gvvQDBpWHc3Y+b
    Oa5x5bT1IjSKgkCWpducMq3u6zvHQnlS5hDgPTfCZPYmQdM5FVCOcJ0TYoZ8
    +taq1nV2vsX25dtUzxkUcYkRlnXOZx80j53tkJwqFPr2GrN+6I9brL3KYIwp
    itRzGROLovhX6tSsawPI0bLwAG/5c2OoPPbs6jSP0K+JSTxmalLw4TDUKAl+
    QfZNzMEH98lw6HGq7aG9njtggw6G4odBrY1ud0KN7/GlF2kjAUyJVJEMiIfj
    0Lq968XdYiNDOwpre8mn5xqJCtt0sZjy9zWZ9xoyUYDoIeAOCrdS9VgaOilP
    IG9w/uszbRBWXxiSU76oTgKHAJMFZttWAkBHX5NEcCGksKUbS1Frh76/Kj2G
    kSL6tDJRsAqEPibtrKCWU9DNGNjwOndlLZveSqNWTK4yWVrLozff0qdV+ZBn
    VvKW280MpQNFMwhnuxj+WA9tcwg4ajUWFP/8WhpQMc+5aDuvQSTvWUo5YXgk
    I/5Gcb7Y05CodZ1eJEtyh8r+Z01LmBW1l6a15PeUIBPLs1xg6mqdSenFnB/D
    q2UnFnd/aoeh49VLpEWRhdK9Yl3Jyz+0tHNDnD0uQ/Zlox49KYx3YQv4gpMq
    CcC1tw9Lfcc/UY23yhG3MJ5dRJIeP+FWBTfqeN+lq+dnu7ua/4CKVzjiaeU4
    ygAo2m4Myono4lSpN4VgyUfGzrMpOXOyOa40mgBBgrxDNmAgyIk2obU7h26U
    ZcZKSgk/W97dSORGPYQcLNZBiRCV+hHV3I8IGdGcz+MZugluNH28znhpUnp0
    aTkO/6mPnojAA/5ERXrdBEyTuOR662BfVMAkIVCfVPe5W6P34popQQwNRRjL
    7qKVOpRKA15H3QDHEsh/SOc59L9tvzCa637rBGJMBfvf8QyrUwOVnVebgFSm
    r9bg7DReCgweHUukIbHzVPy3UE/lyqnAZWeIPJ4+jmTqrATq/EOs9iQQetyR
    VP8xiy7PwA==]
profiles::debarchive::release_signing_keygrip: 223894064EE26851A245DE9208C5C0ABF772F7A7
profiles::debarchive::release_signing_keyid: "CAcert Debian Archive Signing Key 2019"
profiles::debarchive::uploaders:
  - jandd
profiles::icinga2_agent::pki_ticket: >
    ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
    DQYJKoZIhvcNAQEBBQAEggEApecW/rPl4fMSAHNJSzDl5RX8y0JJSVqPj+S6
    g7vxVMMnAOFR+Ex7BvRCNZ5/HISEuijPxPZlvDpaKYA3V8Z0/aHq8KKzOy56
    wA9JSyIXzHv1hQmwLB2R5J2SZnKiAza9g0tJ9nM3q3YwfkofSUrYzPKHUZfm
    LzjRCVFYDttlP2M9LedAb3+UE2UAkN0tZ2s/LplxnhBpXH89pqcPBzTmAQqe
    bXR2kskXDku/f41+nY8Yv3vEyLGd/uiQR6oer/cPIj7RUI26PTdd+3LlTb0f
    W8sqbf8IAo2EpneRL0Pg1kYYd1IV/0I9K8K+93xTsqR52yQdtgo6sUxsWczB
    zWIAoTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCz2/HN15HQ/xCGQExX
    Ozd9gDCOqJLm9jtlSoCpwDwzowwiCgRj+k1s444lp1RkvgWKCrfO3QkOF3aR
    MY7nsz39ve8=]
profiles::static_websites::apache_vhosts:
  'webstatic.cacert.org':
    port: 80
    access_log: true
    access_log_format: "combined"
    error_log: true
    log_level: "warn"
    redirect_source:
      - "/"
    redirect_dest:
      - "https://www.cacert.org/"
    docroot: false
    manage_docroot: false
  'funding.cacert.org':
    port: 80
    access_log: true
    access_log_format: "combined"
    error_log: true
    log_level: "warn"
    docroot: "/var/www/funding.cacert.org"
    docroot_owner: "git"
    docroot_mode: "0755"
    directoryindex:
      - "index.html"
    directories:
      -
        path: "/var/www/funding.cacert.org"
        options:
          - "-Includes"
          - "-Indexes"
          - "-FollowSymLinks"
          - "-MultiViews"
        require: "all granted"
    headers:
      - 'set X-Frame-Options "sameorigin"'
      - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
      - 'set X-XSS-Protection "1; mode=block"'
      - 'set Cache-Control "no-cache, no-store, must-revalidate"'
      - 'set Pragma "no-cache"'
      - 'set Expires "-1"'
      - 'set X-Permitted-Cross-Domain-Policies "master-only"'
      - "set Content-Security-Policy \"default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; connect-src 'self';\""
  'codedocs.cacert.org':
    port: 80
    access_log: true
    access_log_format: "combined"
    error_log: true
    log_level: "warn"
    docroot: "/var/www/codedocs.cacert.org/html"
    docroot_owner: "jenkins-infradocs"
    docroot_group: "upload"
    docroot_mode: "0755"
    directoryindex:
      - "index.html"
    directories:
      -
        path: "/var/www/codedocs.cacert.org/html"
        options:
          - "-Includes"
          - "-Indexes"
          - "-FollowSymLinks"
          - "-MultiViews"
        require: "all granted"
    headers:
      - 'set X-Frame-Options "sameorigin"'
      - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
      - 'set X-XSS-Protection "1; mode=block"'
      - 'set Cache-Control "no-cache, no-store, must-revalidate"'
      - 'set Pragma "no-cache"'
      - 'set Expires "-1"'
      - 'set X-Permitted-Cross-Domain-Policies "master-only"'
  'community.cacert.org':
    port: 80
    access_log: true
    access_log_format: "combined"
    error_log: true
    log_level: "warn"
    docroot: "/var/www/community.cacert.org"
    docroot_owner: "git"
    docroot_mode: "0755"
    directoryindex:
      - "index.html"
    directories:
      -
        path: "/var/www/community.cacert.org"
        options:
          - "-Includes"
          - "-Indexes"
          - "-FollowSymLinks"
          - "-MultiViews"
        require: "all granted"
    headers:
      - 'set X-Frame-Options "sameorigin"'
      - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
      - 'set X-XSS-Protection "1; mode=block"'
      - 'set Cache-Control "no-cache, no-store, must-revalidate"'
      - 'set Pragma "no-cache"'
      - 'set Expires "-1"'
      - 'set X-Permitted-Cross-Domain-Policies "master-only"'
      - "set Content-Security-Policy \"default-src 'none'; font-src 'self'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self';\""
  'infradocs.cacert.org':
    port: 80
    access_log: true
    access_log_format: "combined"
    error_log: true
    log_level: "warn"
    docroot: "/var/www/infradocs.cacert.org/html"
    docroot_owner: "jenkins-infradocs"
    docroot_group: "upload"
    docroot_mode: "0755"
    directoryindex:
      - "index.html"
    directories:
      -
        path: "/var/www/infradocs.cacert.org/html"
        options:
          - "-Includes"
          - "-Indexes"
          - "-FollowSymLinks"
          - "-MultiViews"
        require: "all granted"
    headers:
      - 'set X-Frame-Options "sameorigin"'
      - 'set Strict-Transport-Security "max-age=31536000; includeSubDomains"'
      - 'set X-XSS-Protection "1; mode=block"'
      - 'set Cache-Control "no-cache, no-store, must-revalidate"'
      - 'set Pragma "no-cache"'
      - 'set Expires "-1"'
      - 'set X-Permitted-Cross-Domain-Policies "master-only"'