--- /dev/null
+---
+infra::role: base
+
+accounts::users:
+ christian.stoehr:
+ apply: true
+ sudo: true
+ group: apache
+ michael.mente:
+ apply: true
+ sudo: true
+ group: apache
+ groups:
+ - pixel
+ sudo_cmds:
+ - SYNC2LIVE
+
+sudo::configs:
+ cmd_alias:
+ priority: "05"
+ content: |
+ Cmnd_Alias SYNC2LIVE = /usr/local/bin/sync_to_live
+
+infra::additional_classes:
+ - infra::profile::wordpress
+ - infra::profile::apache_php
+ - apache::mod::headers
+ - infra::profile::cron
+
+repo::remi_php70: true
+
+php::settings:
+ Date/date.timezone: Europe/Berlin
+ PHP/expose_php: 'Off'
+
+php::extensions:
+ gd: {}
+ opcache: {}
+ mysqlnd: {}
+ soap: {}
+ mbstring: {}
+ xml: {}
+
+php::fpm::pools:
+ www:
+ ensure: absent
+
+apache::default_vhost: false
+
+
+infra::profile::apache::htdigest:
+ server:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY]
+ server2:
+ www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY]
+
+infra::profile::wordpress::projects:
+ sparkasseblog:
+ docroot: /var/www/sparkasseblog
+ servername: dev-sparkasseblog01.sparkasse.local
+ serveraliases:
+ - dev-www.sparkasseblog.de
+ - dev-sparkasseblog01.pixelpark.net
+ access_log_format: urchinpp
+ ssl: false
+ ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+ ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+ directories:
+ - location1:
+ provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ require:
+ - local
+ - location2:
+ provider: location
+ path: '/wp-admin'
+ auth_type: Digest
+ auth_name: server2
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ require:
+ - local
+ setenvif:
+ - "HTTPS on HTTPS=on"
+
+infra::profile::apache::pp_vhosts:
+ insideforum:
+ docroot: /var/www/sparkasseblog
+ docroot_owner: apache
+ docroot_group: apache
+ docroot_mode: '2770'
+ servername: dev-insideforum.sparkasseblog.de
+ access_log_format: urchinpp
+ port: 81
+ ssl: true
+ cert_servername: 'sparkasseblog.de'
+ cert_customer: 'sparkasse'
+ ssl_cert: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
+ ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
+ ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
+ ssl_verify_client: optional
+ ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem'
+ ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
+ ssl_verify_depth: '2'
+ directories:
+ - directory_root:
+ provider: directory
+ path: '/var/www/sparkasseblog'
+ addhandlers:
+ - { handler: "proxy:unix:/var/run/php5-fpm-sparkasseblog.sock|fcgi://./" , extensions: '.php' }
+ options:
+ - FollowSymLinks
+ - MultiViews
+ allow_override:
+ - All
+ directoryindex: 'index.php'
+ - provider: location
+ path: '/'
+ auth_type: Digest
+ auth_name: server
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ require:
+ - local
+ - provider: location
+ path: '/wp-admin'
+ auth_type: Digest
+ auth_name: server2
+ auth_digest_provider: file
+ auth_digest_algorithm: MD5
+ auth_user_file: '/etc/httpd/htdigest'
+ auth_require: 'valid-user'
+ require:
+ - local
+ setenvif:
+ - "HTTPS on HTTPS=on"
+
+infra::profile::cron::cronjobs:
+ fetch_d-trust_crl:
+ ensure: 'present'
+ user: root
+ command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
+ minute: '0'
+ hour: '5'
+ description: Die Revocationlist von D-Trust runterladen
+ fetch_commodo_crl:
+ ensure: 'present'
+ user: root
+ command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
+ minute: '0'
+ hour: '5'
+ description: Die Revocationlist von Commodo runterladen
+ convert_commodo_crl:
+ ensure: 'present'
+ user: root
+ command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
+ minute: '1'
+ hour: '5'
+ description: Convert Revocationlist von Commodo von DER ins PEM Format
+ merge_crls:
+ ensure: 'present'
+ user: root
+ command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
+ minute: '3'
+ hour: '5'
+ description: Merge der Revocationlists
+ reload_webserver:
+ ensure: 'present'
+ user: root
+ command: 'systemctl reload httpd'
+ minute: '5'
+ hour: '5'
+ description: Merge der Revocationlists
\ No newline at end of file
projects / pixelpark / hiera.git / commitdiff