+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAehSprUuT2bcqDE4AjYNKPjBXDyca2jgpQfl2q/RXHus2TMdQ6kl38qF+Z5ePFxJhMSI6VENX9SDAoRSBcpPgI8nXiXgf/AeLOJ5r2SrMFlETYgN5nYkYsEy5AOiopOpfiLYakSKJC6Vj1M+8Yz+ySdVooI03NtgAa/1jAuzvF3Ehn/D4hVOc3H56OVFJ6p/WAIGQkpPT42KrQUU1HGWLEMXgvYN1mKkbiZLDkzPvRGWkp1pBqcgfNS0d22FX6RbT2E1vm/1nFzouIerm+9XEyWCYTsOW9AVjVC73cXtI32fm/ufAdnCChQ2f941dZoA5uUwPPUQs3VDiIg2BVgi/sjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB9zJuMd8mHOR5dh8nWE7AQgBARcJQpnWD35UGtus+SMaP0]
-
-infra::profile::apache::pp_vhosts:
- dev-poi:
- docroot: /var/www/poi
- servername: dev-poi-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/poi'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAXL0k7gr7yk4dgaFwNwVD9LQrHNymnFUKknqgXUgiTvWdNTPgPtQA953Alsy8Gw5px3BiLq5TwJn/+qX9bgnX9Jbgy+z1xsYHWb6mY6pUff/eCU+S1uTay4GAq6q+68qCHsD2jZ30JQuU8h+8tnj79NWxm/yBu3Q8hfLJ7eHIDGfBoJ87smSEoVyizQPmTyxDQZ3hyncdUjZUTngNlZsRQpWWsHZODNZlmgmtg0Q9oF+1wXU5RB2AUNuPupYra6zuZQU6srRlw5DWO3faWZcnhdTZ333lMBNHJvduVnRAbbZ0+hP/wauO6a3d5oZU6mb9g/ToSW68hPph6uvqms4DTjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAANhTAIZvqPaMvap11hFgNgBAbCp1PuN2uwCZIP3D5ZRLo]
-
-infra::profile::apache::pp_vhosts:
- prd-poi:
- docroot: /var/www/poi
- servername: prd-poi01-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/poi'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+++ /dev/null
----
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASk8/3kNoClMHZHyGqyEMn4iOhPPrpEPGoR7Wdp4J7kcTB5meRWI12d/mkX5TVFP1LmqgAWEaC1anYMYALcQTSAdJNKLmRdQZiVM+nzMk6nMib4EmLUes63BKPYQH+n18l+q+CFS3E56Rj5oMw9Tg3EF3/JVr7R40LXB9EudTLJUvcFgf0ZYm+e+uODB5YuGlAg9F5hsTpUMr1H5/SftMUNGJeONKxbxVj0cxPYz+RLTGEcxZoomjDiaNjkqiiUPXjuuZ+OZtE2yPPsQll7ys6YIe+wLWuPh/YrAlLlE678GXswFLMj1jb1gZxS0aJbuvJBY9th+UCqCCgrgfOGZUNjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCqRSDJf4E7Y7ljab/MgdyigBAMce/wX9yR6dQLVjN2Y9ue]
-
-infra::profile::apache::pp_vhosts:
- tst-poi:
- docroot: /var/www/poi
- servername: tst-poi01-fbb.pixelpark.net
- cert_servername: 'wildcard.pixelpark.net'
- cert_customer: 'pixelpark'
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2775'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/poi'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: index.php index.html
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- rewrites:
- - alias:
- comment: 'Alles auf https umleiten'
- rewrite_cond:
- - '%%{ich-trickse}{HTTPS} !=on'
- rewrite_rule:
- - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+infra::role: base
+infra::additional_classes:
+ - infra::profile::postfix
+ - infra::profile::cron
+
+postfix::myorigin: "pixelpark.net"
+infra::profile::postfix::virtual_aliases_source: 'maps/virtual-nullclient-webmaster'
+infra::profile::postfix::cert_servername: 'wildcard.pixelpark.net'
+
+logstash::install_plugins: false
+
+
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAehSprUuT2bcqDE4AjYNKPjBXDyca2jgpQfl2q/RXHus2TMdQ6kl38qF+Z5ePFxJhMSI6VENX9SDAoRSBcpPgI8nXiXgf/AeLOJ5r2SrMFlETYgN5nYkYsEy5AOiopOpfiLYakSKJC6Vj1M+8Yz+ySdVooI03NtgAa/1jAuzvF3Ehn/D4hVOc3H56OVFJ6p/WAIGQkpPT42KrQUU1HGWLEMXgvYN1mKkbiZLDkzPvRGWkp1pBqcgfNS0d22FX6RbT2E1vm/1nFzouIerm+9XEyWCYTsOW9AVjVC73cXtI32fm/ufAdnCChQ2f941dZoA5uUwPPUQs3VDiIg2BVgi/sjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB9zJuMd8mHOR5dh8nWE7AQgBARcJQpnWD35UGtus+SMaP0]
+
+infra::profile::apache::pp_vhosts:
+ dev-poi:
+ docroot: /var/www/poi
+ servername: dev-poi-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/poi'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+---
+accounts::users:
+ markus.baumann:
+ apply: true
+ sudo: true
+ thomas.bussmeyer:
+ apply: true
+ sudo: true
+ harry.teuber:
+ apply: true
+ sudo: true
+ christian.schoenherr:
+ apply: true
+ sudo: true
+ santiago.nuneznegrillo:
+ apply: true
+ sudo: true
+ jenkins:
+ apply: true
+ sudo: false
+
+sudo::configs:
+ jenkins_rights:
+ priority: "06"
+ content: |
+ jenkins ALL=(apache) NOPASSWD: ALL
+
+infra::additional_classes:
+ - infra::profile::apache_php
+ - redis
+
+repo::remi_php72: true
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ soap: {}
+ mbstring: {}
+ zip: {}
+ xml: {}
+ json: {}
+ pdo: {}
+ redis: {}
+ mysql: {}
+
+php::settings:
+ PHP/memory_limit: 320M
+ PHP/post_max_size: 20M
+ PHP/register_globals: 'Off'
+ PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
+ PHP/max_execution_time: 30
+ PHP/max_input_time: 60
+ PHP/output_buffering: 65536
+ PHP/upload_max_filesize: 4M
+ PHP/max_file_uploads: 50
+ PHP/short_open_tag: 'On'
+ PHP/expose_php: 'Off'
+
+infra::profile::apache_php::fpm_pool:
+ api:
+ listen_owner: apache
+ listen_group: apache
+ pm_max_children: 20
+
+redis::bind: 0.0.0.0
+redis::manage_repo: true
+redis::timeout: 30
+redis::maxmemory: 1gb
+
+apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAXL0k7gr7yk4dgaFwNwVD9LQrHNymnFUKknqgXUgiTvWdNTPgPtQA953Alsy8Gw5px3BiLq5TwJn/+qX9bgnX9Jbgy+z1xsYHWb6mY6pUff/eCU+S1uTay4GAq6q+68qCHsD2jZ30JQuU8h+8tnj79NWxm/yBu3Q8hfLJ7eHIDGfBoJ87smSEoVyizQPmTyxDQZ3hyncdUjZUTngNlZsRQpWWsHZODNZlmgmtg0Q9oF+1wXU5RB2AUNuPupYra6zuZQU6srRlw5DWO3faWZcnhdTZ333lMBNHJvduVnRAbbZ0+hP/wauO6a3d5oZU6mb9g/ToSW68hPph6uvqms4DTjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAANhTAIZvqPaMvap11hFgNgBAbCp1PuN2uwCZIP3D5ZRLo]
+
+infra::profile::apache::pp_vhosts:
+ prd-poi:
+ docroot: /var/www/poi
+ servername: prd-poi01-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/poi'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
--- /dev/null
+accounts::users:
+ markus.baumann:
+ apply: true
+ sudo: true
+ thomas.bussmeyer:
+ apply: true
+ sudo: true
+ harry.teuber:
+ apply: true
+ sudo: true
+ christian.schoenherr:
+ apply: true
+ sudo: true
+ santiago.nuneznegrillo:
+ apply: true
+ sudo: true
+ jenkins:
+ apply: true
+ sudo: false
+
+sudo::configs:
+ jenkins_rights:
+ priority: "06"
+ content: |
+ jenkins ALL=(apache) NOPASSWD: ALL
+
+infra::additional_classes:
+ - infra::profile::apache_php
+ - redis
+
+repo::remi_php72: true
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ soap: {}
+ mbstring: {}
+ zip: {}
+ xml: {}
+ json: {}
+ pdo: {}
+ redis: {}
+ mysql: {}
+
+php::settings:
+ PHP/memory_limit: 320M
+ PHP/post_max_size: 20M
+ PHP/register_globals: 'Off'
+ PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web'
+ PHP/max_execution_time: 30
+ PHP/max_input_time: 60
+ PHP/output_buffering: 65536
+ PHP/upload_max_filesize: 4M
+ PHP/max_file_uploads: 50
+ PHP/short_open_tag: 'On'
+ PHP/expose_php: 'Off'
+
+infra::profile::apache_php::fpm_pool:
+ api:
+ listen_owner: apache
+ listen_group: apache
+ pm_max_children: 20
+
+redis::bind: 0.0.0.0
+redis::manage_repo: true
+redis::timeout: 30
+redis::maxmemory: 1gb
+
+apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH'
--- /dev/null
+---
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASk8/3kNoClMHZHyGqyEMn4iOhPPrpEPGoR7Wdp4J7kcTB5meRWI12d/mkX5TVFP1LmqgAWEaC1anYMYALcQTSAdJNKLmRdQZiVM+nzMk6nMib4EmLUes63BKPYQH+n18l+q+CFS3E56Rj5oMw9Tg3EF3/JVr7R40LXB9EudTLJUvcFgf0ZYm+e+uODB5YuGlAg9F5hsTpUMr1H5/SftMUNGJeONKxbxVj0cxPYz+RLTGEcxZoomjDiaNjkqiiUPXjuuZ+OZtE2yPPsQll7ys6YIe+wLWuPh/YrAlLlE678GXswFLMj1jb1gZxS0aJbuvJBY9th+UCqCCgrgfOGZUNjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCqRSDJf4E7Y7ljab/MgdyigBAMce/wX9yR6dQLVjN2Y9ue]
+
+infra::profile::apache::pp_vhosts:
+ tst-poi:
+ docroot: /var/www/poi
+ servername: tst-poi01-fbb.pixelpark.net
+ cert_servername: 'wildcard.pixelpark.net'
+ cert_customer: 'pixelpark'
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2775'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/poi'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: index.php index.html
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ rewrites:
+ - alias:
+ comment: 'Alles auf https umleiten'
+ rewrite_cond:
+ - '%%{ich-trickse}{HTTPS} !=on'
+ rewrite_rule:
+ - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
projects / pixelpark / hiera.git / commitdiff