Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/annex_web.pp
| # Deployment of web-facing public Git-annex | # Deployment of web-facing public Git-annex | ||||
| class profile::annex_web { | class profile::annex_web { | ||||
| $annex_basepath = lookup('annex::basepath') | $annex_basepath = lookup('annex::basepath') | ||||
| $annex_vhost_name = lookup('annex::vhost::name') | $annex_vhost_name = lookup('annex::vhost::name') | ||||
| $annex_vhost_docroot = lookup('annex::vhost::docroot') | $annex_vhost_docroot = lookup('annex::vhost::docroot') | ||||
| $annex_vhost_basic_auth_file = "${annex_basepath}/http_auth" | $annex_vhost_basic_auth_file = "${annex_basepath}/http_auth" | ||||
| $annex_vhost_provenance_basic_auth_file = "${annex_basepath}/http_auth_provenance" | |||||
| $annex_vhost_basic_auth_content = lookup('annex::vhost::basic_auth_content') | $annex_vhost_basic_auth_content = lookup('annex::vhost::basic_auth_content') | ||||
ardumont: That's already been commit in the private repository. | |||||
Done Inline Actionscommitted* ardumont: committed* | |||||
| $annex_vhost_provenance_basic_auth_content = lookup('annex::vhost::provenance::basic_auth_content') | |||||
| $annex_vhost_ssl_protocol = lookup('annex::vhost::ssl_protocol') | $annex_vhost_ssl_protocol = lookup('annex::vhost::ssl_protocol') | ||||
| $annex_vhost_ssl_honorcipherorder = lookup('annex::vhost::ssl_honorcipherorder') | $annex_vhost_ssl_honorcipherorder = lookup('annex::vhost::ssl_honorcipherorder') | ||||
| $annex_vhost_ssl_cipher = lookup('annex::vhost::ssl_cipher') | $annex_vhost_ssl_cipher = lookup('annex::vhost::ssl_cipher') | ||||
| $annex_vhost_hsts_header = lookup('annex::vhost::hsts_header') | $annex_vhost_hsts_header = lookup('annex::vhost::hsts_header') | ||||
| include ::profile::ssl | include ::profile::ssl | ||||
| include ::profile::apache::common | include ::profile::apache::common | ||||
| Show All 26 Lines | directories => [{ | ||||
| 'path' => $annex_vhost_docroot, | 'path' => $annex_vhost_docroot, | ||||
| 'require' => 'all granted', | 'require' => 'all granted', | ||||
| 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], | 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], | ||||
| }, | }, | ||||
| { # hide (annex) .git directory | { # hide (annex) .git directory | ||||
| 'path' => '.*/\.git/?$', | 'path' => '.*/\.git/?$', | ||||
| 'provider' => 'directorymatch', | 'provider' => 'directorymatch', | ||||
| 'require' => 'all denied', | 'require' => 'all denied', | ||||
| }], | }, | ||||
| { # 'basic' provenance-index authentication | |||||
| 'path' => "$annex_vhost_docroot/provenance-index", | |||||
| 'auth_type' => 'basic', | |||||
| 'auth_name' => 'SWH - Password Required', | |||||
| 'auth_user_file' => $annex_vhost_provenance_basic_auth_file, | |||||
| 'auth_require' => 'valid-user', | |||||
| 'index_options' => 'FancyIndexing', | |||||
| 'readme_name' => 'readme.txt', | |||||
| }, | |||||
| ], | |||||
| require => [ | require => [ | ||||
| File[$ssl_cert], | File[$ssl_cert], | ||||
| File[$ssl_chain], | File[$ssl_chain], | ||||
| File[$ssl_key], | File[$ssl_key], | ||||
| ], | ], | ||||
| } | } | ||||
| file {"${annex_vhost_docroot}/public": | file {"${annex_vhost_docroot}/public": | ||||
| ensure => link, | ensure => link, | ||||
| target => "../annexroot/public", | target => "../annexroot/public", | ||||
| require => File[$annex_vhost_docroot], | require => File[$annex_vhost_docroot], | ||||
| } | } | ||||
| file {$annex_vhost_basic_auth_file: | file {$annex_vhost_basic_auth_file: | ||||
| ensure => present, | ensure => present, | ||||
| owner => 'root', | owner => 'root', | ||||
| group => 'www-data', | group => 'www-data', | ||||
| mode => '0640', | mode => '0640', | ||||
| content => '$annex_vhost_basic_auth_content', | content => '$annex_vhost_basic_auth_content', | ||||
Done Inline ActionsAs explained, i'm not sure about the production impacts of fixing it. ardumont: As explained, i'm not sure about the production impacts of fixing it.
I don't want to deal with… | |||||
| } | } | ||||
| file {$annex_vhost_provenance_basic_auth_file: | |||||
| ensure => present, | |||||
| owner => 'root', | |||||
| group => 'www-data', | |||||
| mode => '0640', | |||||
| content => "$annex_vhost_provenance_basic_auth_content", | |||||
| } | |||||
| $icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf' | $icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf' | ||||
| @@::icinga2::object::service {"annex http redirect on ${::fqdn}": | @@::icinga2::object::service {"annex http redirect on ${::fqdn}": | ||||
| service_name => 'annex http redirect', | service_name => 'annex http redirect', | ||||
| import => ['generic-service'], | import => ['generic-service'], | ||||
| host_name => $::fqdn, | host_name => $::fqdn, | ||||
| check_command => 'http', | check_command => 'http', | ||||
| ▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines | |||||
That's already been commit in the private repository.