spk-blog added web-client-certs and cronjobs

diff --git a/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml b/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml
index b832c136e549761f21c3679ad662a269ba028515..20288077a38fb996acbd1d82bc134117fbc31a8f 100644 (file)
--- a/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml
+++ b/customer/spk-blog/sparkasseblog01.sparkasse.local.yaml
@@ -16,6 +16,7 @@ accounts::users:
 infra::additional_classes:
   - infra::profile::wordpress
   - apache::mod::headers
+  - infra::profile::cron
 
 repo::remi_php70: true
 
@@ -53,33 +54,7 @@ infra::profile::wordpress::projects:
       - www.sparkasseblog.de
     access_log_format: urchinpp
     ssl: false
-#    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
-#    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
-#    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
     directories:
-#      - location1:
-#        provider: location
-#        path: '/'
-#        auth_type: Digest
-#        auth_name: server
-#        auth_digest_provider: file
-#        auth_digest_algorithm: MD5
-#        auth_user_file: '/etc/httpd/htdigest'
-#        auth_require: 'valid-user'
-#        require:
-#          - local
-# auf Kundenwunsch /wp-admin disabled
-#      - location2:
-#        provider: location
-#        path: '/wp-admin'
-#        auth_type: Digest
-#        auth_name: server2
-#        auth_digest_provider: file
-#        auth_digest_algorithm: MD5
-#        auth_user_file: '/etc/httpd/htdigest'
-#        auth_require: 'valid-user'
-#        require:
-#          - local
     setenvif:
       - "HTTPS on HTTPS=on"
     rewrites:
@@ -102,3 +77,40 @@ infra::profile::wordpress::projects:
           - '%{literal("%")}{HTTP_HOST} ^(www\.)?hef.sparkasseblog.de'
         rewrite_rule:
           - '^(.*)$ http://www.onlinemagazin-spk-hef.de [R=301,L]'
+
+infra::profile::cron::cronjobs:
+  fetch_d-trust_crl:
+    ensure: 'present'
+    user: root
+    command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
+    minute: '0'
+    hour: '5'
+    description: Die Revocationlist von D-Trust runterladen
+  fetch_commodo_crl:
+    ensure: 'present'
+    user: root
+    command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
+    minute: '0'
+    hour: '5'
+    description: Die Revocationlist von Commodo runterladen
+  convert_commodo_crl:
+    ensure: 'present'
+    user: root
+    command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
+    minute: '1'
+    hour: '5'
+    description: Convert Revocationlist von Commodo von DER ins PEM Format
+  merge_crls:
+    ensure: 'present'
+    user: root
+    command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
+    minute: '3'
+    hour: '5'
+    description: Merge der Revocationlists
+  reload_webserver:
+    ensure: 'present'
+    user: root
+    command: 'systemctl reload httpd'
+    minute: '5'
+    hour: '5'
+    description: Merge der Revocationlists