+++ /dev/null
----
-infra::role: base
-
-accounts::users:
- christian.stoehr:
- apply: true
- sudo: true
- group: apache
- michael.mente:
- apply: true
- sudo: true
- group: apache
- groups:
- - pixel
- sudo_cmds:
- - SYNC2LIVE
-
-sudo::configs:
- cmd_alias:
- priority: "05"
- content: |
- Cmnd_Alias SYNC2LIVE = /usr/local/bin/sync_to_live
-
-infra::additional_classes:
- - infra::profile::wordpress
- - infra::profile::apache_php
- - apache::mod::headers
- - infra::profile::cron
-
-repo::remi_php70: true
-
-php::settings:
- Date/date.timezone: Europe/Berlin
- PHP/expose_php: 'Off'
-
-php::extensions:
- gd: {}
- opcache: {}
- mysqlnd: {}
- soap: {}
- mbstring: {}
- xml: {}
-
-php::fpm::pools:
- www:
- ensure: absent
-
-apache::default_vhost: false
-
-
-infra::profile::apache::htdigest:
- server:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY]
- server2:
- www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADEBQNLo9VA84SyngSPaUdnI66OlUpUUGQn6LKYQPNtKAtt2Ff2l76Vrt4saukgDjr26hR6xsV8lGye/WP6PAGeereAHw0PZnAV4VG6GGqzWBEprmAJTdeT23a13R8y5aTRhvqbunPPPe0lngSbZ8RV3i+A1wMVqpZijth5LpbgSKKVdGwfaNn32QQsboB2kP/A0HP1XpyywCiA9/Apjmx9wAX+TgMaIIwTJeekRe/I/+GArMSFtIbuUDu+7Vg5qSzXu2rB8GvUs0A5ZJAL5p0+EocZOnKl1nliJwLC5Br8fqQp9rMB5DJ0kLuR5SMNmu1p3YpxrOo7SsbNqj3hAqVTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCZtQrR3wtaUfVQuAK2EodtgBB4Lv6RVYc9fe5tYSFaC8LY]
-
-infra::profile::wordpress::projects:
- sparkasseblog:
- docroot: /var/www/sparkasseblog
- servername: dev-sparkasseblog01.sparkasse.local
- serveraliases:
- - dev-www.sparkasseblog.de
- - dev-sparkasseblog01.pixelpark.net
- access_log_format: urchinpp
- ssl: false
- ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
- ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
- directories:
- - location1:
- provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- require:
- - local
- - location2:
- provider: location
- path: '/wp-admin'
- auth_type: Digest
- auth_name: server2
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- require:
- - local
- setenvif:
- - "HTTPS on HTTPS=on"
-
-infra::profile::apache::pp_vhosts:
- insideforum:
- docroot: /var/www/sparkasseblog
- docroot_owner: apache
- docroot_group: apache
- docroot_mode: '2770'
- servername: dev-insideforum.sparkasseblog.de
- access_log_format: urchinpp
- port: 81
- ssl: true
- cert_servername: 'sparkasseblog.de'
- cert_customer: 'sparkasse'
- ssl_cert: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
- ssl_key: '/etc/pki/tls/private/sparkasseblog.de-key.pem'
- ssl_chain: '/etc/pki/tls/certs/sparkasseblog.de-cert.pem'
- ssl_verify_client: optional
- ssl_crl: '/etc/pki/tls/certs/spk-cacrl.pem'
- ssl_ca: '/etc/pki/tls/certs/spk-root-ca.pem'
- ssl_verify_depth: '2'
- directories:
- - directory_root:
- provider: directory
- path: '/var/www/sparkasseblog'
- addhandlers:
- - { handler: "proxy:unix:/var/run/php5-fpm-sparkasseblog.sock|fcgi://./" , extensions: '.php' }
- options:
- - FollowSymLinks
- - MultiViews
- allow_override:
- - All
- directoryindex: 'index.php'
- - provider: location
- path: '/'
- auth_type: Digest
- auth_name: server
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- require:
- - local
- - provider: location
- path: '/wp-admin'
- auth_type: Digest
- auth_name: server2
- auth_digest_provider: file
- auth_digest_algorithm: MD5
- auth_user_file: '/etc/httpd/htdigest'
- auth_require: 'valid-user'
- require:
- - local
- setenvif:
- - "HTTPS on HTTPS=on"
-
-infra::profile::cron::cronjobs:
- fetch_d-trust_crl:
- ensure: 'present'
- user: root
- command: '/bin/wget -q --output-document=/etc/pki/tls/certs/d-trust.crl http://crl.d-trust.net/crl/d-trust_ca_2-1_2015.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von D-Trust runterladen
- fetch_commodo_crl:
- ensure: 'present'
- user: root
- command: 'wget -q --output-document=/etc/pki/tls/certs/commodo.der.crl http://crl.comodoca.com/COMODORSACertificationAuthority.crl'
- minute: '0'
- hour: '5'
- description: Die Revocationlist von Commodo runterladen
- convert_commodo_crl:
- ensure: 'present'
- user: root
- command: 'openssl crl -inform der -in /etc/pki/tls/certs/commodo.der.crl -out /etc/pki/tls/certs/commodo.crl'
- minute: '1'
- hour: '5'
- description: Convert Revocationlist von Commodo von DER ins PEM Format
- merge_crls:
- ensure: 'present'
- user: root
- command: 'cat /etc/pki/tls/certs/d-trust.crl /etc/pki/tls/certs/commodo.crl > /etc/pki/tls/certs/spk-cacrl.pem'
- minute: '3'
- hour: '5'
- description: Merge der Revocationlists
- reload_webserver:
- ensure: 'present'
- user: root
- command: 'systemctl reload httpd'
- minute: '5'
- hour: '5'
- description: Merge der Revocationlists
\ No newline at end of file
projects / pixelpark / hiera.git / commitdiff