+++ /dev/null
----
-mysql::client::package_name: "mysql-community-client" # required forproper MySQL installation
-mysql::server::package_name: "mysql-community-server" # required forproper MySQL installation
-mysql::server::service_name: "mysqld"
-mysql::server::config_file: "/etc/my.cnf"
-mysql::server::users:
- 'replication@%':
- password_hash: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQqb00kdh1x/DxMgkawRvI1jSHD3lG2HZgn6DPPH831pSJ9lnm1SnqlxCxU526CyCVE6Q9cNZgsaPatu6FWdOUl1WA26Yutbh2UOhU47olweRLAOv83dtiuADQLgqgp8MMcuIC2X9DVSjFA/tL2ucvdyZp5oUqYQrS9CKyDsmr185N+WjFXwhZOH3foI8PrVXe5xJMmUhWf8gFCVQee9kvmXQfd4ezyZ4OPOWt1yASaPS8xpPDK+zmu/QizydsK2Rs6xSzGpPyccU80Dw3bomjd4lM98gct58kVe0Eoqg3wOwsb662Flovh9EUULX0OnEIkV5Vi0KYDnO0yfZhVhdmTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBQVMrKiYncTWVRLcBbteVLgDAhIH+adP9NcucM5xOEUvOKrCOHeT6q4hSqWc0XxrU59nsRd9Wwk5+O2DmfMcOKpOg=]
-mysql::server::grants:
- 'replication@%/*.*':
- options: 'GRANT'
- privileges: 'REPLICATION SLAVE'
- table: '*.*'
- user: 'replication@%'
-
-mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEALXSUFrj+9Yn41vRBaqpFmKj/Ojh1QBDIx2WG1nnOtJewSCUuLrbUCfCcrRWchmcYFEj0tIUGDlBeGaAD6cxYeFiQCK9WpeA5hd+FV/gXSSLah4Q2wz6ZOXXLdIT270sEMKGJONL/VYUkSrdT1h+y8KIwULbRvAYSBdXL0FUoIrVBxRt1thr+y/4K/E3xySrX0FsKjNpln0icC5Zt4TRE1fxrChOA7LKhVZBp05Iw7WH5t6txpOOZbH6cItsvGUnt3aXbSSiFu+060pEk7w5m82U/437iL40SJ615dK+i52Oh+LUinX5yV6T8c47mQlsJ/k6wvGY3rX523aFg1XliYzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDYtJJFNWMMYRepy/tOaNXfgCB9KykOY5UfcO9W7RJIyIVDMzzIKbQBK3Tr86RkUMmAQw==]
-mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAqsIvptOejYWCbmnvN32J+mJCPEQBTI0b1wsgv72AWuANa9QpzMiH3d0odQgVAhtu55WS0VHcwA/OMhDmWT+dUJE9QkDJFVpZ+n9o1fX8A0atoTVHcjV+ki2zwGroX8mBZ1Y/VmtjjJB32MCixhE/uhS/OvO1TD/h0spmXXsSLPLK30ulAgN+DGHlyEYx69zGEoF+WU+rVrciFpBoITUIcYKmnQBrQtqi01gJB1mNqIsIyRESnp8ff8LIs54xhw5K9aU4qiNP/z/kmAUZJCq5Ja8YO5nf5e1euWaj0m4Il2k8/dK+Pvw0R/I8joyYKqir9+kwpvFKkGWODMzwzrII3TBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAQamIzsiqRLZgEEefoXwNgCD83OhZVENssIJdHTAtRlPH9sIxdRIYb19K6x4J3xqnpQ==]
-infra::profile::mysql_server::databases:
- sparchecker:
- user: sparchecker
- password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAlFBo9m24b1s+5POY1NpLub6ANKSbMTf01R1sZe9DnTwVdmkTEyj7r0P81uGWWY5WKujZReDAPRdX/iuB4GKLoljLWKN+IWQTEyQAjFjXNVL6RtgvJo0sC39lmyGgXIB6IIe9Xtd6SaTqRe3vUzMng/7CnKOEk9tYXgXsTbijl/uYMszw4YUgplvpwAzyv+Lv7CxlffZH/7Ou4Bk0OAc0q+0LEaFexGOBIcLZEIQpxZXhfBC0yIIWz5+8tjS9EEH/2jqQsDBQ/kRw96/XATFWt6RUKqZv1HcfV+6sC2UEYO9tGO/ddYkxkLWkhGj6ULGwp+x+ptAoDkjekvyysUcIPTBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAbiUd/8GpurGb6nIzhnlddgCC/4uhG6TQLtJp0pMb1kCRjJVtAKWvAEJ1EngZSS+lQDA==]
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAgaTs4v4M186pjYjcjEILHFMVdtz4n5FcysRYDbQQC27Ktcb3XEy7+lDAgnCuh5A2+uQgO5UxdUJQ+DTwvBiV7/3e4ZYSpfcOCmLqYz7GVCM3YottvVDDlG9q4w8QG/Zzakx8qFrrr7QC3VppG+X7Dm7e+Lb5lIk33MQ8Az5OOb9V6wnlObjhN7D1vkaMJP/LzTSdjfuMe0MSUCx+kT6Ckillq06gpW8J/4edrXYxrkmrYKOoUR1kSlXc48o1vClPw29qV3OIoOQAaLUFPKD7QtbGaCMWgQno3dRDyxkrhVuvrRl6SG9ozuEpnpbDe1TvH78rt3J6/RH1Kl3ahvWlozA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCttcrRUdZhsD+WuxTDqCdygBBqwtCddXMlVvPshhYJQZjB]
-
-infra::profile::apache::pp_vhosts:
- sparchecker:
- docroot: /var/www/spar-checker/sparchecker-frontend
- servername: spar-checker.stage.sparkassen-finanzportal.de
- serveraliases:
- - stage-spar-checker-de.pixelpark.net
- - stage-web01-spar-checker-de.pixelpark.net
- - stage-web02-spar-checker-de.pixelpark.net
- - www.spar-checker.stage.sparkassen-finanzportal.de
- ssl: false
- docroot_owner: deploy.spk
- docroot_group: apache
- docroot_mode: '0750'
- access_log_format: lb_combined
- headers:
- - 'always set X-XSS-Protection "1; mode=block"'
- - 'always set X-Frame-Options "SAMEORIGIN"'
- - 'always set X-Content-Type-Options "nosniff"'
- - 'always set Strict-Transport-Security: "max-age=15768001"'
- - 'always set Referrer-Policy "origin"'
- - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
-
- aliases:
- - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
- - { alias: /sfp , path: /var/www/spar-checker/sparchecker-backend/public/sfp }
- setenv:
- - 'APPLICATION_ENV production'
- setenvif:
- - 'HTTPS on X-Forwarded-Proto=https'
- - 'HTTPS on HTTPS=on'
- - 'X-Forwarded-For 80.146.239.2 admin_ip_range'
- - 'X-Forwarded-For 109.86.229.215 admin_ip_range'
- - 'X-Forwarded-For 130.180.83.190 admin_ip_range'
- - 'X-Forwarded-For 195.69.134.114 admin_ip_range'
- - 'X-Forwarded-For 62.181.145.202 admin_ip_range'
- - 'X-Forwarded-For 195.140.123 admin_ip_range'
- - 'X-Forwarded-For 195.140.44 admin_ip_range'
- - 'X-Forwarded-For 62.181.145 admin_ip_range'
- - 'X-Forwarded-For 62.181.146 admin_ip_range'
- - 'X-Forwarded-For 192.168.15.1[6789] self_ip_range'
-
- error_documents:
- - { error_code: 401 , document: "/401.html" }
- - { error_code: 403 , document: "/403.html" }
- - { error_code: 404 , document: "/404.html" }
- - { error_code: 500 , document: "/500.html" }
- directories:
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-frontend/'
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.html'
- custom_fragment: |
- AddType text/plain .tmpl
- ExpiresActive On
- ExpiresDefault A0
- <FilesMatch "\.(html|tmpl|js)$">
- ExpiresDefault A0
- Header set Cache-Control "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform"
- Header set Pragma "no-cache"
- </FilesMatch>
-
- rewrites:
- - comment: 'frontend root rewrite'
- rewrite_cond:
- - '%%{ich-trickse}{REQUEST_URI} ^/$'
- rewrite_rule:
- - '.* /index.html [END]'
- - comment: 'frontend rewrites'
- rewrite_rule:
- - '^code/(modernizr-custom|spar-checker-min|selection)-v[0-9]{1,4}\.(js|css|json)$ /code/$1.$2 [END]'
- - '^code/(modernizr-custom.js|spar-checker-min.css|spar-checker-min.js|selection.json)$ - [L]'
- - '^media/(.*)-v[0-9]{1,4}\.(svg|jpg|png|gif)$ /media/$1.$2 [END]'
- - '^media/(.*)\.(svg|jpg|png|gif)$ - [L]'
- - '^code/(.*)-v[0-9]{1,4}\.(tmpl|eot|svg|ttf|woff|woff2)$ /code/$1.$2 [END]'
- - '^code/.*\.(tmpl|eot|svg|ttf|woff|woff2)$ - [L]'
- - '^((401|403|404|500)\.html)$ - [L]'
- - '^(favicon-[0-9]{2}.ico)$ - [L]'
- - '^(favicon-[0-9]{2}x[0-9]{2}.png)$ - [L]'
- - '^(favicon.ico)$ - [L]'
- - '^(sitemap.xml)$ - [L]'
- - '^(robots.txt)$ - [L]'
- - '^(manifest.json)$ - [L]'
- - '^(browserconfig.xml)$ - [L]'
- - '^(android-chrome-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(apple-touch-icon-precompose.png)$ - [L]'
- - '^(apple-touch-icon.png)$ - [L]'
- - '^(mstile-[0-9]{2,3}x[0-9]{2,3}.png)$ - [L]'
- - '^(opera_160.png)$ - [L]'
- - '.* /404.html [R=404,L]'
-
- - provider: location
- path: '/'
- limit_except:
- - { methods: "GET HEAD POST" , require: "all denied" }
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: any
- requires:
- - 'valid-user'
- - 'env self_ip_range'
- - 'env admin_ip_range'
- - provider: location
- path: '/sfp'
- auth_type: Digest
- auth_name: 'server'
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- require:
- enforce: all
- requires:
- - 'valid-user'
- - 'env admin_ip_range'
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/sfp/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'sfp rewrites'
- rewrite_rule:
- - 'code/.*(css|js|eot|index.php|svg|ttf|woff|woff2)$ - [L]'
- - '.* /sfp/index.php [END]'
-
- - provider: directory
- path: '/var/www/spar-checker/sparchecker-backend/public/api/'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparchecker.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- allow_override:
- - None
- directoryindex: 'index.php'
- rewrites:
- - comment: 'api rewrites'
- rewrite_rule:
- - '^v1/[/[:alnum:]]{2,30}$ /api/index.php [END]'
- - '.* /404.html [R=404,L]'
-
- - provider: filesmatch
- path: '\.(ttf|otf|eot|woff|woff2)$'
- headers:
- - 'always set Access-Control-Allow-Origin "*"'
-
- rewrites:
- - comment: 'http to https'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP:HTTPS} !=on'
- rewrite_rule:
- - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
- - comment: 'Alle Aliase auf Servername'
- rewrite_cond:
- - '%%{ich-trickse}{HTTP_HOST} !^stage-spar-checker-de.pixelpark.net$ [NC]'
- rewrite_rule:
- - '^(.*)$ https://stage-spar-checker-de.pixelpark.net$1 [R=301,L]'
-
-infra::profile::cron::cronjobs:
- clear_tokens:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php tokens-clear >>$LOG 2>&1'
- minute: '*/30'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/clear.token.log'
- description: clear tokens
- ping_api:
- ensure: 'present'
- user: apache
- command: 'echo >> $LOG; date >> $LOG; php /var/www/spar-checker/sparchecker-backend/cli.php api-pinger >>$LOG 2>&1'
- minute: '*/5'
- hour: '*'
- environment:
- - 'APPLICATION_ENV=production'
- - 'LOG=/var/www/log/cron/ping.api.log'
- description: ping api
- # 8x5-it@sparkassen-finanzportal.de
- send_logs_via_email:
- ensure: 'present'
- user: root
- command: '/var/www/cgi-bin/send_logs_via_email.sh'
- minute: '0'
- hour: '8'
- description: send webserver logs via email
projects / pixelpark / hiera.git / commitdiff