From: Frank Brehm Date: Wed, 28 Feb 2018 10:01:51 +0000 (+0100) Subject: Renaming customer/spk-blog/sparkasseblog01.sparkasse.local.yaml -> customer/spk-blog... X-Git-Tag: v0.1.0~1540 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=6b99d544376d8cfcc15c8024b1a3c5a41d9e0406;p=pixelpark%2Fhiera.git Renaming customer/spk-blog/sparkasseblog01.sparkasse.local.yaml -> customer/spk-blog/sparkasseblog01.pixelpark.net.yaml --- diff --git a/customer/spk-blog/sparkasseblog01.pixelpark.net.yaml b/customer/spk-blog/sparkasseblog01.pixelpark.net.yaml new file mode 100644 index 00000000..40218f96 --- /dev/null +++ b/customer/spk-blog/sparkasseblog01.pixelpark.net.yaml @@ -0,0 +1,116 @@ +--- +infra::role: base + +accounts::users: + christian.stoehr: + apply: true + sudo: false + group: apache + michael.mente: + apply: true + sudo: false + group: apache + groups: + - pixel + +infra::additional_classes: + - infra::profile::wordpress + - apache::mod::headers + - infra::profile::cron + +repo::remi_php70: true + +php::settings: + Date/date.timezone: Europe/Berlin + PHP/expose_php: 'Off' + +php::extensions: + gd: {} + opcache: {} + mysqlnd: {} + soap: {} + mbstring: {} + xml: {} + +php::fpm::pools: + www: + ensure: absent + +apache::default_vhost: false + + +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO] + server2: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO] + +infra::profile::wordpress::projects: + sparkasseblog: + docroot: /var/www/sparkasseblog + servername: sparkasseblog01.sparkasse.local + serveraliases: + - sparkasseblog.de + - www.sparkasseblog.de + access_log_format: urchinpp + ssl: false + directories: + setenvif: + - "HTTPS on HTTPS=on" + rewrites: + - comment: 'westmuensterland-intern.sparkasseblog.de' + rewrite_cond: + - '%%{ich-trickse}{HTTP_HOST} westmuensterland-intern.sparkasseblog.de' + - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.123\..+' + - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.44\..+' + - '%%{ich-trickse}{HTTP:Client-IP} !62\.181\.145\..+' + - '%%{ich-trickse}{HTTP:Client-IP} !212\.34\.79\..+' + - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.1' + - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.2' + - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.3' + - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.4' + - '%%{ich-trickse}{HTTP:Client-IP} !78\.47\.209\.165' + rewrite_rule: + - '^(.*)$ - [F]' + - comment: 'weiterleitung www.hef.sparkasseblog.de' + rewrite_cond: + - '%{literal("%")}{HTTP_HOST} ^(www\.)?hef.sparkasseblog.de' + rewrite_rule: + - '^(.*)$ http://www.onlinemagazin-spk-hef.de [R=301,L]' + +infra::profile::cron::cronjobs: + fetch_d-trust_crl: + ensure: 'present' + user: root + command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl' + minute: '0' + hour: '5' + description: Die Revocationlist von D-Trust runter laden + fetch_commodo_crl: + ensure: 'present' + user: root + command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl' + minute: '0' + hour: '5' + description: Die Revocationlist von Commodo runter laden + convert_commodo_crl: + ensure: 'present' + user: root + command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl' + minute: '1' + hour: '5' + description: Convert Revocationlist von Commodo (DER -> PEM Format) + merge_crls: + ensure: 'present' + user: root + command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem' + minute: '3' + hour: '5' + description: Revocationlists zusammen führen + reload_webserver: + ensure: 'absent' + user: root + command: 'systemctl reload httpd' + minute: '5' + hour: '5' + description: Reload des Webserver diff --git a/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml b/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml deleted file mode 100644 index 40218f96..00000000 --- a/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml +++ /dev/null @@ -1,116 +0,0 @@ ---- -infra::role: base - -accounts::users: - christian.stoehr: - apply: true - sudo: false - group: apache - michael.mente: - apply: true - sudo: false - group: apache - groups: - - pixel - -infra::additional_classes: - - infra::profile::wordpress - - apache::mod::headers - - infra::profile::cron - -repo::remi_php70: true - -php::settings: - Date/date.timezone: Europe/Berlin - PHP/expose_php: 'Off' - -php::extensions: - gd: {} - opcache: {} - mysqlnd: {} - soap: {} - mbstring: {} - xml: {} - -php::fpm::pools: - www: - ensure: absent - -apache::default_vhost: false - - -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO] - server2: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO] - -infra::profile::wordpress::projects: - sparkasseblog: - docroot: /var/www/sparkasseblog - servername: sparkasseblog01.sparkasse.local - serveraliases: - - sparkasseblog.de - - www.sparkasseblog.de - access_log_format: urchinpp - ssl: false - directories: - setenvif: - - "HTTPS on HTTPS=on" - rewrites: - - comment: 'westmuensterland-intern.sparkasseblog.de' - rewrite_cond: - - '%%{ich-trickse}{HTTP_HOST} westmuensterland-intern.sparkasseblog.de' - - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.123\..+' - - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.44\..+' - - '%%{ich-trickse}{HTTP:Client-IP} !62\.181\.145\..+' - - '%%{ich-trickse}{HTTP:Client-IP} !212\.34\.79\..+' - - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.1' - - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.2' - - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.3' - - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.4' - - '%%{ich-trickse}{HTTP:Client-IP} !78\.47\.209\.165' - rewrite_rule: - - '^(.*)$ - [F]' - - comment: 'weiterleitung www.hef.sparkasseblog.de' - rewrite_cond: - - '%{literal("%")}{HTTP_HOST} ^(www\.)?hef.sparkasseblog.de' - rewrite_rule: - - '^(.*)$ http://www.onlinemagazin-spk-hef.de [R=301,L]' - -infra::profile::cron::cronjobs: - fetch_d-trust_crl: - ensure: 'present' - user: root - command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl' - minute: '0' - hour: '5' - description: Die Revocationlist von D-Trust runter laden - fetch_commodo_crl: - ensure: 'present' - user: root - command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl' - minute: '0' - hour: '5' - description: Die Revocationlist von Commodo runter laden - convert_commodo_crl: - ensure: 'present' - user: root - command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl' - minute: '1' - hour: '5' - description: Convert Revocationlist von Commodo (DER -> PEM Format) - merge_crls: - ensure: 'present' - user: root - command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem' - minute: '3' - hour: '5' - description: Revocationlists zusammen führen - reload_webserver: - ensure: 'absent' - user: root - command: 'systemctl reload httpd' - minute: '5' - hour: '5' - description: Reload des Webserver