+++ /dev/null
----
-infra::role: base
-
-accounts::users:
- christian.stoehr:
- apply: true
- sudo: false
- group: apache
- michael.mente:
- apply: true
- sudo: false
- group: apache
- groups:
- - pixel
-
-infra::additional_classes:
- - infra::profile::apache_php
- - apache::mod::headers
- - infra::profile::cron
-
-repo::remi_php70: true
-
-php::settings:
- Date/date.timezone: Europe/Berlin
- PHP/expose_php: 'Off'
-
-php::extensions:
- gd: {}
- opcache: {}
- mysqlnd: {}
- soap: {}
- mbstring: {}
- xml: {}
-
-php::fpm::pools:
- www:
- ensure: absent
-
-apache::default_vhost: false
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAOAfvcHPvBpkcMPdOnFf3mCuNP2NSOaie6ltGK9OZD7g0vS67uokvXxuX5ZakhY2fGTzJJARH8cksGaNQ9ZK2vKU937FARf4CJR0Gtn/feeHNmwYmOyxPEkLxZszJboeawQn8Ssu546AZH8kuo/tDPFJCa098KWzwVOZKWXs2wNzOU/nEFzh07l0V3f6BMn3lXKEaCDbAxuhoHBUPxlyz7coA/NJuPKfTzd1CXVULp1gLVChgtml7dlLusEe7gwGa8hCewz5VdoZhaZ4E8mlRx8VPjyZ8tI+yabp9C74rG5hbt9fKUEBMMKPCWRR4f6am6RL8qJ/UuNHdNgqlVq/wZTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBQgXZc/UUULMNMlBg/RiMmgBD2eTqeVSbiISsm8/bOEyba]
-
-infra::profile::apache::pp_vhosts:
-# infra::profile::wordpress::projects:
- sparkasseblog:
- docroot: /var/www/sparkasseblog
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- servername: insideforum.sparkasseblog.de
- serveraliases:
- - insideforum-spk-de.pixelpark.net
- ssl: true
- cert_servername: 'sparkasseblog.de'
- cert_customer: 'sparkasse'
- ssl_cert: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
- ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
- ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
- ssl_verify_client: optional
- ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem'
- ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
- ssl_verify_depth: '2'
- directories:
- - provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- require:
- - local
- - provider: location
- path: '/protected'
- require:
- - local
- custom_fragment: |
- # Webclient Cert required
- SSLVerifyClient require
-
- setenvif:
- - "HTTPS on HTTPS=on"
-
-infra::profile::cron::cronjobs:
- fetch_d-trust_crl:
- ensure: 'present'
- user: root
- command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von D-Trust runterladen
- fetch_commodo_crl:
- ensure: 'present'
- user: root
- command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von Commodo runterladen
- convert_commodo_crl:
- ensure: 'present'
- user: root
- command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
- minute: '1'
- hour: '5'
- description: Convert Revocationlist von Commodo von DER ins PEM Format
- merge_crls:
- ensure: 'present'
- user: root
- command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
- minute: '3'
- hour: '5'
- description: Merge der Revocationlists
- reload_webserver:
- ensure: 'present'
- user: root
- command: 'systemctl reload httpd'
- minute: '5'
- hour: '5'
- description: Merge der Revocationlists