summaryrefslogtreecommitdiff
path: root/manifests/site.pp
blob: 6afa67a201b761de25849e473a8af4157cade891 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
define apache::site(
  $ensure                 = present,
  $docroot                = false,
  $redirect               = false,
  $redirect_match         = false,
  $protocol               = 'http',
  $aliases                = false,
  $server_alias           = false,
  $use                    = false,
  $ticket                 = false,
  $source                 = false,
  $template               = 'apache/site.erb',
  $filename               = '',
  $manage_docroot         = true,
  $owner                  = 'root',
  $group                  = 'root',
  $mpm                    = true,
  $mpm_user               = '',
  $mpm_group              = '',
  $password               = '*',
  $comment                = '',
  $sshkey                 = absent,
  $sshkey_type            = absent,
  $sshkey_options         = [],
  $groups                 = '',
  $shell                  = '/bin/false',
  $manage_user            = true,
  $ssl                    = false,
  $ssl_manage_cert        = false,
  $listen                 = '*',
  $port                   = $apache::http_port,
  $https_redirect         = false,
  $canonical              = false,
  $canonical_exceptions   = '',
  $custom_log_format      = 'anon',
  $hidden_service         = false,
  $hidden_service_version = 3,
  $hidden_service_ports   = [ "80 127.0.0.1:${apache::http_port}" ],
  $error_log              = false,
  $custom_log             = false,
  $custom_directives      = false,
  $allow_override         = false,
  $hosting_domain         = lookup('apache::site::domain', undef, undef, $::domain),
  $certbot                = false,
) {
  $vhost = $filename ? {
    ''      => "${name}",
    default => "$filename",
  }

  $user = $mpm_user ? {
    ''      => regsubst($name, '\.', '_', 'G'),
    default => $mpm_user,
  }

  $gid = $mpm_group ? {
    ''      => regsubst($name, '\.', '_', 'G'),
    default => $mpm_group,
  }

  $hidden_enabled = lookup('apache::site::hidden', undef, undef, false)
  if $hidden_service == true and $hidden_enabled == true {
    tor::daemon::hidden_service { "${name}":
      version  => $hidden_service_version,
      ports    => $hidden_service_ports,
      data_dir => "${tor::daemon::data_dir}/hidden",
      require  => File["${tor::daemon::data_dir}/hidden"],
      ensure   => $ensure,
    }
  }

  apache::site::user { $name:
    ensure         => $ensure,
    manage_user    => $manage_user,
    user           => $user,
    password       => $password,
    gid            => $gid,
    comment        => $comment,
    ticket         => $ticket,
    groups         => $groups,
    sshkey         => $sshkey,
    sshkey_type    => $sshkey_type,
    sshkey_options => $sshkey_options,
    shell          => $shell,
  }

  # Legacy configuration
  file { [ "${apache::conf_sites}-available/$vhost",
           "${apache::conf_sites}-enabled/$vhost" ]:
    ensure => absent,
  }

  # Setup configuration
  apache::site::config { $name:
    ensure               => $ensure,
    source               => $source,
    vhost                => $vhost,
    docroot              => $docroot,
    redirect             => $redirect,
    redirect_match       => $redirect_match,
    protocol             => $protocol,
    aliases              => $aliases,
    server_alias         => $server_alias,
    use                  => $use,
    template             => $template,
    mpm                  => $mpm,
    user                 => $user,
    gid                  => $gid,
    ssl                  => $ssl,
    listen               => $listen,
    port                 => $port,
    https_redirect       => $https_redirect,
    canonical            => $canonical,
    canonical_exceptions => $canonical_exceptions,
    error_log            => $error_log,
    custom_log           => $custom_log,
    custom_log_format    => $custom_log_format,
    custom_directives    => $custom_directives,
    allow_override       => $allow_override,
    hosting_domain       => $hosting_domain,
    certbot              => $certbot,
  }

  # Enable or disable accordingly
  apache::site::manage { $name:
    ensure         => $ensure,
    docroot        => $docroot,
    manage_docroot => $manage_docroot,
    owner          => $owner,
    group          => $group,
    vhost          => $vhost,
    require        => Apache::Site::Config[$name],
  }

  ssl::cert { "$name":
    group    => $gid,
    privmode => '0640',
    ensure   => $ssl_manage_cert ? {
      true    => present,
      default => absent,
    },
  }

  if $certbot == true {
    certbot::manage { "${name}.${hosting_domain}":
      pre_hook => '/usr/sbin/service apache2 reload',
      require  => Apache::Site::Manage[$name],
      aliases  => $server_alias ? {
        false   => undef,
        default => $server_alias,
      },
    }
  }
}