--- /dev/null
+---
+infra::role: base
+infra::additional_classes:
+ - infra::profile::postfix
+ - infra::profile::cron
+
+postfix::myorigin: "pixelpark.net"
+infra::profile::postfix::virtual_aliases_source: 'maps/virtual-nullclient-webmaster'
+infra::profile::postfix::cert_servername: 'wildcard.pixelpark.net'
+
+logstash::install_plugins: false
+
+
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAD45UnyOCrkMuhpmN6YSYW9daRLr1TCVjVtG+GH4tWHAL3iMXMrNpHaDYvn2Cb9rYXzPPDjGVCVQm7gRi4cmIrBdtID/YzUlOncI9fDNg2SFNLVPs86Md9C4CC7f7N+LjUV24VliWW6d61QJbWGx6aTPof/7WKIlVaHzOzB5P8fkeWInHw6j6VK/zZURHwf+b4Om/g3/d3A5X0OQZVKiTuT/4x3Oz1/+6ZZnnVZ818UQbvD+INeze15ZUo0CFmzTN40A3HIIqdAE9AZo+e8zjHBvEwDsR5Lfabl1yTKFlAIsO7MzPn4vbbLxDYzGuNMMN9+Nv3HwjwkV7RkXHHJ+ImDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBINtZ2isNBjy+ZiYnz+UgvgBDXuoRhvkKpGgcwk6/2RSBf]
+
+infra::profile::apache::pp_vhosts:
+ dev-api:
+ docroot: /var/www/api
+ servername: dev-api-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/api'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+accounts::users:
+ markus.baumann:
+ apply: true
+ sudo: true
+ thomas.bussmeyer:
+ apply: true
+ sudo: true
+ harry.teuber:
+ apply: true
+ sudo: true
+ christian.schoenherr:
+ apply: true
+ sudo: true
+ santiago.nuneznegrillo:
+ apply: true
+ sudo: true
+ jenkins:
+ apply: true
+ sudo: false
+
+sudo::configs:
+ jenkins_rights:
+ priority: "06"
+ content: |
+ jenkins ALL=(apache) NOPASSWD: ALL
+
+infra::additional_classes:
+ - infra::profile::apache_php
+ - redis
+
+repo::remi_php72: true
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ soap: {}
+ mbstring: {}
+ zip: {}
+ xml: {}
+ json: {}
+ pdo: {}
+ redis: {}
+ mysql: {}
+
+php::settings:
+ PHP/memory_limit: 320M
+ PHP/post_max_size: 20M
+ PHP/register_globals: 'Off'
+ PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
+ PHP/max_execution_time: 30
+ PHP/max_input_time: 60
+ PHP/output_buffering: 65536
+ PHP/upload_max_filesize: 4M
+ PHP/max_file_uploads: 50
+ PHP/short_open_tag: 'On'
+ PHP/expose_php: 'Off'
+
+infra::profile::apache_php::fpm_pool:
+ api:
+ listen_owner: apache
+ listen_group: apache
+ pm_max_children: 20
+
+redis::bind: 0.0.0.0
+redis::manage_repo: true
+redis::timeout: 30
+redis::maxmemory: 1gb
+
+apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEhHNp9O1ZwXrvSI+ztK8hRVUmB5WSN3wD3Eq5KonQFDhNMPwTXKLGsKZAj6zntROnyzmzoij3beddff2KHi7qFgXkyaa6N/T/l0vBfVwfwKVO0lFEeETwrW49EBF0PKNmgWRDtVIRF50t4K8/e+Fx6q96xHULeWtflz4oats8vm5K5QE0HG1o4VnTNe8JMFF/h6GBbhAq36limSCzW5L2ahfgx3XZGIA0nP+PpuPUEtz3RvG4glfoO+4EHsBvWaRmz9iCMnax/dD3wviJL9ByNYew+crvc1wjF0uKS1pjg1zCsC5MR4JUbuATe3c5Iuun4Xdq2sMFsU4LNlWvGMOEDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBArNUcgz84mMRYddUDDjpKagBAbUFmU+qdqlDedjVBzTreB]
+
+infra::profile::apache::pp_vhosts:
+ prd-api:
+ docroot: /var/www/api
+ servername: prd-api01-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/api'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQrgsaiDoD3HEZf+LtYpa5HXTfV+5o21cAzv65Jdu3c09B+i5NdB6RE083SC0lmXS8d4hnNqLu98fp7QClRf58r54U965yrIYaJi7MiIZD9LtVxcJoN65aAIsdQyTxm7wKTGLIpQIg3nHkkCu2eQrq0iDwjdayBM/ZuVYrwx75OqwicJAisa6vSmj4uS7AXqXSdXL8zBMVtU9k4ppfNCNjCTgGwYbiDS69oad2VkibEvkV3v9JP1+b6DpaiZQ87Xs+qxKyL4aI+hd3pCtRxofF4HpKHf5ky4hhXX7/ZabHnqLm29RIc0NlGNxEK7T1l/oflb5NbFsYWDzP0AfdmJfFzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDwVO4+8Lfjy/pXvsoEV6yHgBDLvStwubq8PI9++0wc4Unx]
+
+infra::profile::apache::pp_vhosts:
+ prd-api:
+ docroot: /var/www/api
+ servername: prd-api02-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/api'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+accounts::users:
+ jenkins:
+ apply: true
+ sudo: false
+
+sudo::configs:
+ jenkins_rights:
+ priority: "06"
+ content: |
+ jenkins ALL=(apache) NOPASSWD: ALL
+
+infra::additional_classes:
+ - infra::profile::apache_php
+
+repo::remi_php72: true
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ soap: {}
+ mbstring: {}
+ zip: {}
+ xml: {}
+ json: {}
+ pdo: {}
+ redis: {}
+ mysql: {}
+
+php::settings:
+ PHP/memory_limit: 320M
+ PHP/post_max_size: 20M
+ PHP/register_globals: 'Off'
+ PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
+ PHP/max_execution_time: 30
+ PHP/max_input_time: 60
+ PHP/output_buffering: 65536
+ PHP/upload_max_filesize: 4M
+ PHP/max_file_uploads: 50
+ PHP/short_open_tag: 'On'
+ PHP/expose_php: 'Off'
+
+infra::profile::apache_php::fpm_pool:
+ api:
+ listen_owner: apache
+ listen_group: apache
+ pm_max_children: 20
+
+apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
--- /dev/null
+accounts::users:
+ markus.baumann:
+ apply: true
+ sudo: true
+ thomas.bussmeyer:
+ apply: true
+ sudo: true
+ harry.teuber:
+ apply: true
+ sudo: true
+ christian.schoenherr:
+ apply: true
+ sudo: true
+ santiago.nuneznegrillo:
+ apply: true
+ sudo: true
+ jenkins:
+ apply: true
+ sudo: false
+
+sudo::configs:
+ jenkins_rights:
+ priority: "06"
+ content: |
+ jenkins ALL=(apache) NOPASSWD: ALL
+
+infra::additional_classes:
+ - infra::profile::apache_php
+ - redis
+
+repo::remi_php72: true
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ soap: {}
+ mbstring: {}
+ zip: {}
+ xml: {}
+ json: {}
+ pdo: {}
+ redis: {}
+ mysql: {}
+
+php::settings:
+ PHP/memory_limit: 320M
+ PHP/post_max_size: 20M
+ PHP/register_globals: 'Off'
+ PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
+ PHP/max_execution_time: 30
+ PHP/max_input_time: 60
+ PHP/output_buffering: 65536
+ PHP/upload_max_filesize: 4M
+ PHP/max_file_uploads: 50
+ PHP/short_open_tag: 'On'
+ PHP/expose_php: 'Off'
+
+infra::profile::apache_php::fpm_pool:
+ api:
+ listen_owner: apache
+ listen_group: apache
+ pm_max_children: 20
+
+redis::bind: 0.0.0.0
+redis::manage_repo: true
+redis::timeout: 30
+redis::maxmemory: 1gb
+
+apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAi7B5vSvLZSBDcOlVym8Mn0yOKPvW6EG9cNIihJTLNYTTuT4zNIKrrYqfacgpjwqsWuu18dNfneh8wZRaf9/QccZ+HIYTV7a/0tKJLcGhE+5Ltm1OJ+CBrB/mVoz1YVWS6OTQoK0gsTMLYlH5psvdpuWVkwudV1b56WCa/TL5iJqy3V+A5hbQjlQVcG2A6HHz1vyPh6gxAg6we6bc43Nmxw8cPDG+Am5H+i97b+/BVagd2pTNJu1341p7WhXcnKiRzKfHUj2YoxB2hxm1Jr9gyZoJOJP0h4o5oP1D9hUkdUiwu8TF0KPY6K7FjWN/EXX3EYqAOjm8CXJCjqmch0ajDTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbSXchRvjLyzx3FxAqhXSVgBDnaVLim4RWrpZgLQJhA0ea]
+
+infra::profile::apache::pp_vhosts:
+ tst-api:
+ docroot: /var/www/api
+ servername: tst-api01-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/api'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEApLwtQtA38osTY/7lUdvIQofSDJzSVVGCiE7m3++ZB+AnZPB0ygy4fKWig+ESSVD1fny4BFnl2WK1/E5BbFxOYkOFYNIQwEeXBTfukf4EFx8CJ4EfRGoWi2G8u/hDVS2mG6VCV7G71yg5JbDpo5riR/tLlJV6pEbgPITIRQE8DJ+a6gYy1Zs+QiWHoZpmh7ZrXR8XQMEoYOMtGig1EIHEb8t1vT5QQQiCT0JqwLzG9gdwHNf8+W42A1xNfPcZlHX5aFhUwDo+AQkn1Z5/C8Z2t44f/Sbd79D8T6UdIv+Ji98i47V1zFlbSe9DntU6yBa+pIPG+MHVPGuqoGBDOSxJFTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBYFlJNLjZNOjB+ZJfS6OLTgBBfrWwrqWzTXq2m+8Up6oj1]
+
+infra::profile::apache::pp_vhosts:
+ tst-api:
+ docroot: /var/www/api
+ servername: tst-api02-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/api'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-infra::role: base
-infra::additional_classes:
- - infra::profile::postfix
- - infra::profile::cron
-
-postfix::myorigin: "pixelpark.net"
-infra::profile::postfix::virtual_aliases_source: 'maps/virtual-nullclient-webmaster'
-infra::profile::postfix::cert_servername: 'wildcard.pixelpark.net'
-
-logstash::install_plugins: false
-
-
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAD45UnyOCrkMuhpmN6YSYW9daRLr1TCVjVtG+GH4tWHAL3iMXMrNpHaDYvn2Cb9rYXzPPDjGVCVQm7gRi4cmIrBdtID/YzUlOncI9fDNg2SFNLVPs86Md9C4CC7f7N+LjUV24VliWW6d61QJbWGx6aTPof/7WKIlVaHzOzB5P8fkeWInHw6j6VK/zZURHwf+b4Om/g3/d3A5X0OQZVKiTuT/4x3Oz1/+6ZZnnVZ818UQbvD+INeze15ZUo0CFmzTN40A3HIIqdAE9AZo+e8zjHBvEwDsR5Lfabl1yTKFlAIsO7MzPn4vbbLxDYzGuNMMN9+Nv3HwjwkV7RkXHHJ+ImDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBINtZ2isNBjy+ZiYnz+UgvgBDXuoRhvkKpGgcwk6/2RSBf]
-
-infra::profile::apache::pp_vhosts:
- dev-api:
- docroot: /var/www/api
- servername: dev-api-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/api'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-accounts::users:
- markus.baumann:
- apply: true
- sudo: true
- thomas.bussmeyer:
- apply: true
- sudo: true
- harry.teuber:
- apply: true
- sudo: true
- christian.schoenherr:
- apply: true
- sudo: true
- santiago.nuneznegrillo:
- apply: true
- sudo: true
- jenkins:
- apply: true
- sudo: false
-
-sudo::configs:
- jenkins_rights:
- priority: "06"
- content: |
- jenkins ALL=(apache) NOPASSWD: ALL
-
-infra::additional_classes:
- - infra::profile::apache_php
- - redis
-
-repo::remi_php72: true
-
-php::extensions:
- gd: {}
- opcache: {}
- soap: {}
- mbstring: {}
- zip: {}
- xml: {}
- json: {}
- pdo: {}
- redis: {}
- mysql: {}
-
-php::settings:
- PHP/memory_limit: 320M
- PHP/post_max_size: 20M
- PHP/register_globals: 'Off'
- PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
- PHP/max_execution_time: 30
- PHP/max_input_time: 60
- PHP/output_buffering: 65536
- PHP/upload_max_filesize: 4M
- PHP/max_file_uploads: 50
- PHP/short_open_tag: 'On'
- PHP/expose_php: 'Off'
-
-infra::profile::apache_php::fpm_pool:
- api:
- listen_owner: apache
- listen_group: apache
- pm_max_children: 20
-
-redis::bind: 0.0.0.0
-redis::manage_repo: true
-redis::timeout: 30
-redis::maxmemory: 1gb
-
-apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEhHNp9O1ZwXrvSI+ztK8hRVUmB5WSN3wD3Eq5KonQFDhNMPwTXKLGsKZAj6zntROnyzmzoij3beddff2KHi7qFgXkyaa6N/T/l0vBfVwfwKVO0lFEeETwrW49EBF0PKNmgWRDtVIRF50t4K8/e+Fx6q96xHULeWtflz4oats8vm5K5QE0HG1o4VnTNe8JMFF/h6GBbhAq36limSCzW5L2ahfgx3XZGIA0nP+PpuPUEtz3RvG4glfoO+4EHsBvWaRmz9iCMnax/dD3wviJL9ByNYew+crvc1wjF0uKS1pjg1zCsC5MR4JUbuATe3c5Iuun4Xdq2sMFsU4LNlWvGMOEDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBArNUcgz84mMRYddUDDjpKagBAbUFmU+qdqlDedjVBzTreB]
-
-infra::profile::apache::pp_vhosts:
- prd-api:
- docroot: /var/www/api
- servername: prd-api01-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/api'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQrgsaiDoD3HEZf+LtYpa5HXTfV+5o21cAzv65Jdu3c09B+i5NdB6RE083SC0lmXS8d4hnNqLu98fp7QClRf58r54U965yrIYaJi7MiIZD9LtVxcJoN65aAIsdQyTxm7wKTGLIpQIg3nHkkCu2eQrq0iDwjdayBM/ZuVYrwx75OqwicJAisa6vSmj4uS7AXqXSdXL8zBMVtU9k4ppfNCNjCTgGwYbiDS69oad2VkibEvkV3v9JP1+b6DpaiZQ87Xs+qxKyL4aI+hd3pCtRxofF4HpKHf5ky4hhXX7/ZabHnqLm29RIc0NlGNxEK7T1l/oflb5NbFsYWDzP0AfdmJfFzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDwVO4+8Lfjy/pXvsoEV6yHgBDLvStwubq8PI9++0wc4Unx]
-
-infra::profile::apache::pp_vhosts:
- prd-api:
- docroot: /var/www/api
- servername: prd-api02-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/api'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-accounts::users:
- jenkins:
- apply: true
- sudo: false
-
-sudo::configs:
- jenkins_rights:
- priority: "06"
- content: |
- jenkins ALL=(apache) NOPASSWD: ALL
-
-infra::additional_classes:
- - infra::profile::apache_php
-
-repo::remi_php72: true
-
-php::extensions:
- gd: {}
- opcache: {}
- soap: {}
- mbstring: {}
- zip: {}
- xml: {}
- json: {}
- pdo: {}
- redis: {}
- mysql: {}
-
-php::settings:
- PHP/memory_limit: 320M
- PHP/post_max_size: 20M
- PHP/register_globals: 'Off'
- PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
- PHP/max_execution_time: 30
- PHP/max_input_time: 60
- PHP/output_buffering: 65536
- PHP/upload_max_filesize: 4M
- PHP/max_file_uploads: 50
- PHP/short_open_tag: 'On'
- PHP/expose_php: 'Off'
-
-infra::profile::apache_php::fpm_pool:
- api:
- listen_owner: apache
- listen_group: apache
- pm_max_children: 20
-
-apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
+++ /dev/null
-accounts::users:
- markus.baumann:
- apply: true
- sudo: true
- thomas.bussmeyer:
- apply: true
- sudo: true
- harry.teuber:
- apply: true
- sudo: true
- christian.schoenherr:
- apply: true
- sudo: true
- santiago.nuneznegrillo:
- apply: true
- sudo: true
- jenkins:
- apply: true
- sudo: false
-
-sudo::configs:
- jenkins_rights:
- priority: "06"
- content: |
- jenkins ALL=(apache) NOPASSWD: ALL
-
-infra::additional_classes:
- - infra::profile::apache_php
- - redis
-
-repo::remi_php72: true
-
-php::extensions:
- gd: {}
- opcache: {}
- soap: {}
- mbstring: {}
- zip: {}
- xml: {}
- json: {}
- pdo: {}
- redis: {}
- mysql: {}
-
-php::settings:
- PHP/memory_limit: 320M
- PHP/post_max_size: 20M
- PHP/register_globals: 'Off'
- PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
- PHP/max_execution_time: 30
- PHP/max_input_time: 60
- PHP/output_buffering: 65536
- PHP/upload_max_filesize: 4M
- PHP/max_file_uploads: 50
- PHP/short_open_tag: 'On'
- PHP/expose_php: 'Off'
-
-infra::profile::apache_php::fpm_pool:
- api:
- listen_owner: apache
- listen_group: apache
- pm_max_children: 20
-
-redis::bind: 0.0.0.0
-redis::manage_repo: true
-redis::timeout: 30
-redis::maxmemory: 1gb
-
-apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAi7B5vSvLZSBDcOlVym8Mn0yOKPvW6EG9cNIihJTLNYTTuT4zNIKrrYqfacgpjwqsWuu18dNfneh8wZRaf9/QccZ+HIYTV7a/0tKJLcGhE+5Ltm1OJ+CBrB/mVoz1YVWS6OTQoK0gsTMLYlH5psvdpuWVkwudV1b56WCa/TL5iJqy3V+A5hbQjlQVcG2A6HHz1vyPh6gxAg6we6bc43Nmxw8cPDG+Am5H+i97b+/BVagd2pTNJu1341p7WhXcnKiRzKfHUj2YoxB2hxm1Jr9gyZoJOJP0h4o5oP1D9hUkdUiwu8TF0KPY6K7FjWN/EXX3EYqAOjm8CXJCjqmch0ajDTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbSXchRvjLyzx3FxAqhXSVgBDnaVLim4RWrpZgLQJhA0ea]
-
-infra::profile::apache::pp_vhosts:
- tst-api:
- docroot: /var/www/api
- servername: tst-api01-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/api'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEApLwtQtA38osTY/7lUdvIQofSDJzSVVGCiE7m3++ZB+AnZPB0ygy4fKWig+ESSVD1fny4BFnl2WK1/E5BbFxOYkOFYNIQwEeXBTfukf4EFx8CJ4EfRGoWi2G8u/hDVS2mG6VCV7G71yg5JbDpo5riR/tLlJV6pEbgPITIRQE8DJ+a6gYy1Zs+QiWHoZpmh7ZrXR8XQMEoYOMtGig1EIHEb8t1vT5QQQiCT0JqwLzG9gdwHNf8+W42A1xNfPcZlHX5aFhUwDo+AQkn1Z5/C8Z2t44f/Sbd79D8T6UdIv+Ji98i47V1zFlbSe9DntU6yBa+pIPG+MHVPGuqoGBDOSxJFTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBYFlJNLjZNOjB+ZJfS6OLTgBBfrWwrqWzTXq2m+8Up6oj1]
-
-infra::profile::apache::pp_vhosts:
- tst-api:
- docroot: /var/www/api
- servername: tst-api02-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/api'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
projects / pixelpark / hiera.git / commitdiff