From d2bd829b540f36d72cf284dea78c26a2220e627c Mon Sep 17 00:00:00 2001 From: Andre Schmelzer Date: Wed, 21 Feb 2018 12:18:56 +0100 Subject: [PATCH] renamed dev-sparkasseblog --- .../dev-sparkasseblog01.pixelpark.net.yaml | 184 ++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 customer/spk-blog/dev-sparkasseblog01.pixelpark.net.yaml diff --git a/customer/spk-blog/dev-sparkasseblog01.pixelpark.net.yaml b/customer/spk-blog/dev-sparkasseblog01.pixelpark.net.yaml new file mode 100644 index 00000000..a4f214fe --- /dev/null +++ b/customer/spk-blog/dev-sparkasseblog01.pixelpark.net.yaml @@ -0,0 +1,184 @@ +--- +infra::role: base + +accounts::users: + christian.stoehr: + apply: true + sudo: true + group: apache + michael.mente: + apply: true + sudo: true + group: apache + groups: + - pixel + sudo_cmds: + - SYNC2LIVE + +sudo::configs: + cmd_alias: + priority: "05" + content: | + Cmnd_Alias SYNC2LIVE = /usr/local/bin/sync_to_live + +infra::additional_classes: + - infra::profile::wordpress + - infra::profile::apache_php + - apache::mod::headers + - infra::profile::cron + +repo::remi_php70: true + +php::settings: + Date/date.timezone: Europe/Berlin + PHP/expose_php: 'Off' + +php::extensions: + gd: {} + opcache: {} + mysqlnd: {} + soap: {} + mbstring: {} + xml: {} + +php::fpm::pools: + www: + ensure: absent + +apache::default_vhost: false + + +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY] + server2: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY] + +infra::profile::wordpress::projects: + sparkasseblog: + docroot: /var/www/sparkasseblog + servername: dev-sparkasseblog01.sparkasse.local + serveraliases: + - dev-www.sparkasseblog.de + - dev-sparkasseblog01.pixelpark.net + access_log_format: urchinpp + ssl: false + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + directories: + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + - location2: + provider: location + path: '/wp-admin' + auth_type: Digest + auth_name: server2 + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + setenvif: + - "HTTPS on HTTPS=on" + +infra::profile::apache::pp_vhosts: + insideforum: + docroot: /var/www/sparkasseblog + docroot_owner: apache + docroot_group: apache + docroot_mode: '2770' + servername: dev-insideforum.sparkasseblog.de + access_log_format: urchinpp + port: 81 + ssl: true + cert_servername: 'sparkasseblog.de' + cert_customer: 'sparkasse' + ssl_cert: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem' + ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem' + ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem' + ssl_verify_client: optional + ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem' + ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem' + ssl_verify_depth: '2' + directories: + - directory_root: + provider: directory + path: '/var/www/sparkasseblog' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-sparkasseblog.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - All + directoryindex: 'index.php' + - provider: location + path: '/' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + - provider: location + path: '/wp-admin' + auth_type: Digest + auth_name: server2 + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + setenvif: + - "HTTPS on HTTPS=on" + +infra::profile::cron::cronjobs: + fetch_d-trust_crl: + ensure: 'present' + user: root + command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl' + minute: '0' + hour: '5' + description: Die Revocationlist von D-Trust runterladen + fetch_commodo_crl: + ensure: 'present' + user: root + command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl' + minute: '0' + hour: '5' + description: Die Revocationlist von Commodo runterladen + convert_commodo_crl: + ensure: 'present' + user: root + command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl' + minute: '1' + hour: '5' + description: Convert Revocationlist von Commodo von DER ins PEM Format + merge_crls: + ensure: 'present' + user: root + command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem' + minute: '3' + hour: '5' + description: Merge der Revocationlists + reload_webserver: + ensure: 'present' + user: root + command: 'systemctl reload httpd' + minute: '5' + hour: '5' + description: Merge der Revocationlists \ No newline at end of file -- 2.39.5