define apache::site( $ensure = present, $docroot = false, $redirect = false, $redirect_match = false, $protocol = 'http', $aliases = false, $server_alias = false, $use = false, $ticket = false, $source = false, $template = 'apache/site.erb', $filename = '', $manage_docroot = true, $owner = 'root', $group = 'root', $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', $comment = '', $sshkey = absent, $sshkey_options = [], $groups = '', $shell = '/bin/false', $manage_user = true, $ssl = false, $ssl_manage_cert = false, $listen = '*', $https_redirect = false, $canonical = false, $canonical_exceptions = '', $hidden_service = false, $error_log = false, $custom_log = false, $custom_log_format = 'anon', $custom_directives = false, $allow_override = false, $hosting_domain = hiera('apache::site::domain', $::domain), $certbot = false, ) { $vhost = $filename ? { '' => "${name}", default => "$filename", } $user = $mpm_user ? { '' => regsubst($name, '\.', '_', 'G'), default => $mpm_user, } $gid = $mpm_group ? { '' => regsubst($name, '\.', '_', 'G'), default => $mpm_group, } $hidden_enabled = hiera('apache::site::hidden', false) if $hidden_service == true and $hidden_enabled == true { tor::daemon::hidden_service { "${name}": ports => [ "80 127.0.0.1:${apache::http_port}" ], data_dir => "${tor::daemon::data_dir}/hidden", require => File["${tor::daemon::data_dir}/hidden"], ensure => $ensure, } } apache::site::user { $name: ensure => $ensure, manage_user => $manage_user, user => $user, password => $password, gid => $gid, comment => $comment, ticket => $ticket, groups => $groups, sshkey => $sshkey, sshkey_options => $sshkey_options, shell => $shell, } # Legacy configuration file { [ "${apache::conf_sites}-available/$vhost", "${apache::conf_sites}-enabled/$vhost" ]: ensure => absent, } # Setup configuration apache::site::config { $name: ensure => $ensure, source => $source, vhost => $vhost, docroot => $docroot, redirect => $redirect, redirect_match => $redirect_match, protocol => $protocol, aliases => $aliases, server_alias => $server_alias, use => $use, template => $template, mpm => $mpm, user => $user, gid => $gid, ssl => $ssl, listen => $listen, https_redirect => $https_redirect, canonical => $canonical, canonical_exceptions => $canonical_exceptions, custom_directives => $custom_directives, allow_override => $allow_override, hosting_domain => $hosting_domain, certbot => $certbot, } # Enable or disable accordingly apache::site::manage { $name: ensure => $ensure, docroot => $docroot, manage_docroot => $manage_docroot, owner => $owner, group => $group, vhost => $vhost, require => Apache::Site::Config[$name], } ssl::cert { "$name": group => $gid, privmode => '0640', ensure => $ssl_manage_cert ? { true => present, default => absent, }, } if $certbot == true { certbot::manage { "${name}.${hosting_domain}": pre_hook => '/usr/sbin/service apache2 reload', require => Apache::Site::Manage[$name], aliases => $server_alias ? { false => undef, default => $server_alias, }, } } }