e39b5ce777
Allow for specifying ServerAlias entries in the apache vhost for the cgit puppet module. (vhost template section lifted from the puppetlabs-apache v0.0.4 vhost-default template). Change-Id: If7c297247b9556458154e4d01a1e0165a25a14b5
209 lines
5.1 KiB
Puppet
209 lines
5.1 KiB
Puppet
# Copyright 2013 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# Class: cgit
|
|
#
|
|
class cgit(
|
|
$vhost_name = $::fqdn,
|
|
$serveradmin = "webmaster@${::fqdn}",
|
|
$serveraliases = '',
|
|
$cgitdir = '/var/www/cgit',
|
|
$staticfiles = '/var/www/cgit/static',
|
|
$ssl_cert_file = '',
|
|
$ssl_key_file = '',
|
|
$ssl_chain_file = '',
|
|
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_key_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
|
|
$behind_proxy = false,
|
|
) {
|
|
|
|
include apache
|
|
|
|
package { [
|
|
'cgit',
|
|
'git-daemon',
|
|
'highlight',
|
|
]:
|
|
ensure => present,
|
|
}
|
|
|
|
user { 'cgit':
|
|
ensure => present,
|
|
home => '/home/cgit',
|
|
shell => '/bin/bash',
|
|
gid => 'cgit',
|
|
managehome => true,
|
|
require => Group['cgit'],
|
|
}
|
|
|
|
group { 'cgit':
|
|
ensure => present,
|
|
}
|
|
|
|
file {'/home/cgit':
|
|
ensure => directory,
|
|
owner => 'cgit',
|
|
group => 'cgit',
|
|
mode => '0755',
|
|
require => User['cgit'],
|
|
}
|
|
|
|
file { '/var/lib/git':
|
|
ensure => directory,
|
|
owner => 'cgit',
|
|
group => 'cgit',
|
|
mode => '0644',
|
|
require => User['cgit'],
|
|
}
|
|
|
|
exec { 'restorecon -R -v /var/lib/git':
|
|
path => '/sbin',
|
|
require => File['/var/lib/git'],
|
|
subscribe => File['/var/lib/git'],
|
|
refreshonly => true,
|
|
}
|
|
|
|
selboolean { 'httpd_enable_cgi':
|
|
persistent => true,
|
|
value => on
|
|
}
|
|
|
|
package { 'policycoreutils-python':
|
|
ensure => present,
|
|
}
|
|
|
|
if $behind_proxy == true {
|
|
$http_port = 8080
|
|
$https_port = 4443
|
|
$daemon_port = 29418
|
|
}
|
|
else {
|
|
$http_port = 80
|
|
$https_port = 443
|
|
$daemon_port = 9418
|
|
}
|
|
|
|
exec { 'cgit_allow_http_port':
|
|
# If we cannot add the rule modify the existing rule.
|
|
onlyif => "bash -c \'! semanage port -a -t http_port_t -p tcp ${http_port}\'",
|
|
command => "semanage port -m -t http_port_t -p tcp ${http_port}",
|
|
path => '/bin:/usr/sbin',
|
|
before => Service['httpd'],
|
|
require => Package['policycoreutils-python'],
|
|
subscribe => File['/etc/httpd/conf/httpd.conf'],
|
|
refreshonly => true,
|
|
}
|
|
|
|
exec { 'cgit_allow_https_port':
|
|
# If we cannot add the rule modify the existing rule.
|
|
onlyif => "bash -c \'! semanage port -a -t http_port_t -p tcp ${https_port}\'",
|
|
command => "semanage port -m -t http_port_t -p tcp ${https_port}",
|
|
path => '/bin:/usr/sbin',
|
|
require => Package['policycoreutils-python'],
|
|
subscribe => File['/etc/httpd/conf.d/ssl.conf'],
|
|
refreshonly => true,
|
|
}
|
|
|
|
apache::vhost { $vhost_name:
|
|
port => $https_port,
|
|
serveraliases => $serveraliases,
|
|
docroot => 'MEANINGLESS ARGUMENT',
|
|
priority => '50',
|
|
template => 'cgit/git.vhost.erb',
|
|
ssl => true,
|
|
require => [
|
|
File[$staticfiles],
|
|
Package['cgit'],
|
|
],
|
|
}
|
|
|
|
file { '/etc/httpd/conf/httpd.conf':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('cgit/httpd.conf.erb'),
|
|
require => Package['httpd'],
|
|
}
|
|
|
|
file { '/etc/httpd/conf.d/ssl.conf':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('cgit/ssl.conf.erb'),
|
|
require => Package['mod_ssl'],
|
|
}
|
|
|
|
file { $cgitdir:
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
file { $staticfiles:
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
require => File[$cgitdir],
|
|
}
|
|
|
|
file { '/etc/init.d/git-daemon':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
content => template('cgit/git-daemon.init.erb'),
|
|
}
|
|
|
|
service { 'git-daemon':
|
|
ensure => running,
|
|
enable => true,
|
|
subscribe => File['/etc/init.d/git-daemon'],
|
|
}
|
|
|
|
if $ssl_cert_file_contents != '' {
|
|
file { $ssl_cert_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_cert_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_key_file_contents != '' {
|
|
file { $ssl_key_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_key_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_chain_file_contents != '' {
|
|
file { $ssl_chain_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_chain_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
}
|