--- /dev/null
+---
+infra::role: base
+
+accounts::users:
+ christian.stoehr:
+ apply: true
+ sudo: false
+ group: apache
+ michael.mente:
+ apply: true
+ sudo: false
+ group: apache
+ groups:
+ - pixel
+
+infra::additional_classes:
+ - infra::profile::wordpress
+ - apache::mod::headers
+ - infra::profile::cron
+
+repo::remi_php70: true
+
+php::settings:
+ Date/date.timezone: Europe/Berlin
+ PHP/expose_php: 'Off'
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ mysqlnd: {}
+ soap: {}
+ mbstring: {}
+ xml: {}
+
+php::fpm::pools:
+ www:
+ ensure: absent
+
+apache::default_vhost: false
+
+
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO]
+ server2:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO]
+
+infra::profile::wordpress::projects:
+ sparkasseblog:
+ docroot: /var/www/sparkasseblog
+ servername: sparkasseblog01.sparkasse.local
+ serveraliases:
+ - sparkasseblog.de
+ - www.sparkasseblog.de
+ access_log_format: urchinpp
+ ssl: false
+ directories:
+ setenvif:
+ - "HTTPS on HTTPS=on"
+ rewrites:
+ - comment: 'westmuensterland-intern.sparkasseblog.de'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTP_HOST} westmuensterland-intern.sparkasseblog.de'
+ - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.123\..+'
+ - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.44\..+'
+ - '%%{ich-trickse}{HTTP:Client-IP} !62\.181\.145\..+'
+ - '%%{ich-trickse}{HTTP:Client-IP} !212\.34\.79\..+'
+ - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.1'
+ - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.2'
+ - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.3'
+ - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.4'
+ - '%%{ich-trickse}{HTTP:Client-IP} !78\.47\.209\.165'
+ rewrite_rule:
+ - '^(.*)$ - [F]'
+ - comment: 'weiterleitung www.hef.sparkasseblog.de'
+ rewrite_cond:
+ - '%{literal("%")}{HTTP_HOST} ^(www\.)?hef.sparkasseblog.de'
+ rewrite_rule:
+ - '^(.*)$ http://www.onlinemagazin-spk-hef.de [R=301,L]'
+
+infra::profile::cron::cronjobs:
+ fetch_d-trust_crl:
+ ensure: 'present'
+ user: root
+ command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
+ minute: '0'
+ hour: '5'
+ description: Die Revocationlist von D-Trust runter laden
+ fetch_commodo_crl:
+ ensure: 'present'
+ user: root
+ command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
+ minute: '0'
+ hour: '5'
+ description: Die Revocationlist von Commodo runter laden
+ convert_commodo_crl:
+ ensure: 'present'
+ user: root
+ command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
+ minute: '1'
+ hour: '5'
+ description: Convert Revocationlist von Commodo (DER -> PEM Format)
+ merge_crls:
+ ensure: 'present'
+ user: root
+ command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
+ minute: '3'
+ hour: '5'
+ description: Revocationlists zusammen führen
+ reload_webserver:
+ ensure: 'absent'
+ user: root
+ command: 'systemctl reload httpd'
+ minute: '5'
+ hour: '5'
+ description: Reload des Webserver
+++ /dev/null
----
-infra::role: base
-
-accounts::users:
- christian.stoehr:
- apply: true
- sudo: false
- group: apache
- michael.mente:
- apply: true
- sudo: false
- group: apache
- groups:
- - pixel
-
-infra::additional_classes:
- - infra::profile::wordpress
- - apache::mod::headers
- - infra::profile::cron
-
-repo::remi_php70: true
-
-php::settings:
- Date/date.timezone: Europe/Berlin
- PHP/expose_php: 'Off'
-
-php::extensions:
- gd: {}
- opcache: {}
- mysqlnd: {}
- soap: {}
- mbstring: {}
- xml: {}
-
-php::fpm::pools:
- www:
- ensure: absent
-
-apache::default_vhost: false
-
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO]
- server2:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEATnMDG44/ZnCilRCobmITdZSUkJagJL7roY49X1ZlAqV0aWGkIaJa7oJSVBB54StuIfBWmJhFHPlLEiUbpM0f/8D5B5IfHjwgdxy1fwNmt+8RIFt7mvwdOz+BK7qDH47SIY5y1X1eDrNFkpsrXLbL6DDfPEWdgPU0yujRZQmDGogNmO4hxhYbHbyx7uBAxgtEbgktsp5iPf1pegAdvrR9xdARI6I/RCb/WEjvrc4zp+bHAVcepApaW+BiqvszqYkH/EmEPQN947gqQXpGlwGLhBvlb9wcuERl0fzfXL2xYrecsQA6jHaRZ6fMexIRBOOLDb0RREfhs6aYUDk2/vQkSTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBx4KctmFfHVgZ+hgfY5Y3KgBDWskWdN0LXoA4hom6wevWO]
-
-infra::profile::wordpress::projects:
- sparkasseblog:
- docroot: /var/www/sparkasseblog
- servername: sparkasseblog01.sparkasse.local
- serveraliases:
- - sparkasseblog.de
- - www.sparkasseblog.de
- access_log_format: urchinpp
- ssl: false
- directories:
- setenvif:
- - "HTTPS on HTTPS=on"
- rewrites:
- - comment: 'westmuensterland-intern.sparkasseblog.de'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP_HOST} westmuensterland-intern.sparkasseblog.de'
- - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.123\..+'
- - '%%{ich-trickse}{HTTP:Client-IP} !195\.140\.44\..+'
- - '%%{ich-trickse}{HTTP:Client-IP} !62\.181\.145\..+'
- - '%%{ich-trickse}{HTTP:Client-IP} !212\.34\.79\..+'
- - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.1'
- - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.2'
- - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.3'
- - '%%{ich-trickse}{HTTP:Client-IP} !80\.146\.239\.4'
- - '%%{ich-trickse}{HTTP:Client-IP} !78\.47\.209\.165'
- rewrite_rule:
- - '^(.*)$ - [F]'
- - comment: 'weiterleitung www.hef.sparkasseblog.de'
- rewrite_cond:
- - '%{literal("%")}{HTTP_HOST} ^(www\.)?hef.sparkasseblog.de'
- rewrite_rule:
- - '^(.*)$ http://www.onlinemagazin-spk-hef.de [R=301,L]'
-
-infra::profile::cron::cronjobs:
- fetch_d-trust_crl:
- ensure: 'present'
- user: root
- command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von D-Trust runter laden
- fetch_commodo_crl:
- ensure: 'present'
- user: root
- command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von Commodo runter laden
- convert_commodo_crl:
- ensure: 'present'
- user: root
- command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
- minute: '1'
- hour: '5'
- description: Convert Revocationlist von Commodo (DER -> PEM Format)
- merge_crls:
- ensure: 'present'
- user: root
- command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
- minute: '3'
- hour: '5'
- description: Revocationlists zusammen führen
- reload_webserver:
- ensure: 'absent'
- user: root
- command: 'systemctl reload httpd'
- minute: '5'
- hour: '5'
- description: Reload des Webserver
projects / pixelpark / hiera.git / commitdiff