Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/annex_web.pp
# Deployment of web-facing public Git-annex | # Deployment of web-facing public Git-annex | ||||
class profile::annex_web { | class profile::annex_web { | ||||
$annex_basepath = lookup('annex::basepath') | $annex_basepath = lookup('annex::basepath') | ||||
$annex_vhost_name = lookup('annex::vhost::name') | $annex_vhost_name = lookup('annex::vhost::name') | ||||
$annex_vhost_docroot = lookup('annex::vhost::docroot') | $annex_vhost_docroot = lookup('annex::vhost::docroot') | ||||
$annex_vhost_basic_auth_file = "${annex_basepath}/http_auth" | $annex_vhost_basic_auth_file = "${annex_basepath}/http_auth" | ||||
$annex_vhost_provenance_basic_auth_file = "${annex_basepath}/http_auth_provenance" | |||||
$annex_vhost_basic_auth_content = lookup('annex::vhost::basic_auth_content') | $annex_vhost_basic_auth_content = lookup('annex::vhost::basic_auth_content') | ||||
ardumont: That's already been commit in the private repository. | |||||
Done Inline Actionscommitted* ardumont: committed* | |||||
$annex_vhost_provenance_basic_auth_content = lookup('annex::vhost::provenance::basic_auth_content') | |||||
$annex_vhost_ssl_protocol = lookup('annex::vhost::ssl_protocol') | $annex_vhost_ssl_protocol = lookup('annex::vhost::ssl_protocol') | ||||
$annex_vhost_ssl_honorcipherorder = lookup('annex::vhost::ssl_honorcipherorder') | $annex_vhost_ssl_honorcipherorder = lookup('annex::vhost::ssl_honorcipherorder') | ||||
$annex_vhost_ssl_cipher = lookup('annex::vhost::ssl_cipher') | $annex_vhost_ssl_cipher = lookup('annex::vhost::ssl_cipher') | ||||
$annex_vhost_hsts_header = lookup('annex::vhost::hsts_header') | $annex_vhost_hsts_header = lookup('annex::vhost::hsts_header') | ||||
include ::profile::ssl | include ::profile::ssl | ||||
include ::profile::apache::common | include ::profile::apache::common | ||||
Show All 26 Lines | directories => [{ | ||||
'path' => $annex_vhost_docroot, | 'path' => $annex_vhost_docroot, | ||||
'require' => 'all granted', | 'require' => 'all granted', | ||||
'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], | 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], | ||||
}, | }, | ||||
{ # hide (annex) .git directory | { # hide (annex) .git directory | ||||
'path' => '.*/\.git/?$', | 'path' => '.*/\.git/?$', | ||||
'provider' => 'directorymatch', | 'provider' => 'directorymatch', | ||||
'require' => 'all denied', | 'require' => 'all denied', | ||||
}], | }, | ||||
{ # 'basic' provenance-index authentication | |||||
'path' => "$annex_vhost_docroot/provenance-index", | |||||
'auth_type' => 'basic', | |||||
'auth_name' => 'SWH - Password Required', | |||||
'auth_user_file' => $annex_vhost_provenance_basic_auth_file, | |||||
'auth_require' => 'valid-user', | |||||
'index_options' => 'FancyIndexing', | |||||
'readme_name' => 'readme.txt', | |||||
}, | |||||
], | |||||
require => [ | require => [ | ||||
File[$ssl_cert], | File[$ssl_cert], | ||||
File[$ssl_chain], | File[$ssl_chain], | ||||
File[$ssl_key], | File[$ssl_key], | ||||
], | ], | ||||
} | } | ||||
file {"${annex_vhost_docroot}/public": | file {"${annex_vhost_docroot}/public": | ||||
ensure => link, | ensure => link, | ||||
target => "../annexroot/public", | target => "../annexroot/public", | ||||
require => File[$annex_vhost_docroot], | require => File[$annex_vhost_docroot], | ||||
} | } | ||||
file {$annex_vhost_basic_auth_file: | file {$annex_vhost_basic_auth_file: | ||||
ensure => present, | ensure => present, | ||||
owner => 'root', | owner => 'root', | ||||
group => 'www-data', | group => 'www-data', | ||||
mode => '0640', | mode => '0640', | ||||
content => '$annex_vhost_basic_auth_content', | content => '$annex_vhost_basic_auth_content', | ||||
Done Inline ActionsAs explained, i'm not sure about the production impacts of fixing it. ardumont: As explained, i'm not sure about the production impacts of fixing it.
I don't want to deal with… | |||||
} | } | ||||
file {$annex_vhost_provenance_basic_auth_file: | |||||
ensure => present, | |||||
owner => 'root', | |||||
group => 'www-data', | |||||
mode => '0640', | |||||
content => "$annex_vhost_provenance_basic_auth_content", | |||||
} | |||||
$icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf' | $icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf' | ||||
@@::icinga2::object::service {"annex http redirect on ${::fqdn}": | @@::icinga2::object::service {"annex http redirect on ${::fqdn}": | ||||
service_name => 'annex http redirect', | service_name => 'annex http redirect', | ||||
import => ['generic-service'], | import => ['generic-service'], | ||||
host_name => $::fqdn, | host_name => $::fqdn, | ||||
check_command => 'http', | check_command => 'http', | ||||
▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines |
That's already been commit in the private repository.