1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
define apache::site(
$ensure = present,
$docroot = false,
$redirect = false,
$redirect_match = false,
$protocol = 'http',
$aliases = false,
$server_alias = false,
$use = false,
$ticket = false,
$source = false,
$template = 'apache/site.erb',
$filename = '',
$manage_docroot = true,
$owner = 'root',
$group = 'root',
$mpm = true,
$mpm_user = '',
$mpm_group = '',
$password = '*',
$comment = '',
$sshkey = absent,
$sshkey_options = [],
$groups = '',
$shell = '/bin/false',
$manage_user = true,
$ssl = false,
$ssl_manage_cert = false,
$listen = '*',
$https_redirect = false,
$canonical = false,
$canonical_exceptions = '',
$hidden_service = false,
$custom_directives = false,
$allow_override = false,
$hosting_domain = hiera('apache::site::domain', $::domain),
$certbot = false,
) {
$vhost = $filename ? {
'' => "${name}",
default => "$filename",
}
$user = $mpm_user ? {
'' => regsubst($name, '\.', '_', 'G'),
default => $mpm_user,
}
$gid = $mpm_group ? {
'' => regsubst($name, '\.', '_', 'G'),
default => $mpm_group,
}
$hidden_enabled = hiera('apache::site::hidden', false)
if $hidden_service == true and $hidden_enabled == true {
tor::daemon::hidden_service { "${name}":
ports => [ "80 127.0.0.1:${apache::http_port}" ],
data_dir => "${tor::daemon::data_dir}/hidden",
require => File["${tor::daemon::data_dir}/hidden"],
ensure => $ensure,
}
}
apache::site::user { $name:
ensure => $ensure,
mpm => $mpm,
manage_user => $manage_user,
user => $user,
password => $password,
gid => $gid,
comment => $comment,
ticket => $ticket,
groups => $groups,
sshkey => $sshkey,
sshkey_options => $sshkey_options,
shell => $shell,
}
# Legacy configuration
file { [ "${apache::conf_sites}-available/$vhost",
"${apache::conf_sites}-enabled/$vhost" ]:
ensure => absent,
}
# Setup configuration
apache::site::config { $name:
ensure => $ensure,
source => $source,
vhost => $vhost,
docroot => $docroot,
redirect => $redirect,
redirect_match => $redirect_match,
protocol => $protocol,
aliases => $aliases,
server_alias => $server_alias,
use => $use,
template => $template,
mpm => $mpm,
user => $user,
gid => $gid,
ssl => $ssl,
listen => $listen,
https_redirect => $https_redirect,
canonical => $canonical,
canonical_exceptions => $canonical_exceptions,
custom_directives => $custom_directives,
allow_override => $allow_override,
hosting_domain => $hosting_domain,
certbot => $certbot,
}
# Enable or disable accordingly
apache::site::manage { $name:
ensure => $ensure,
docroot => $docroot,
manage_docroot => $manage_docroot,
owner => $owner,
group => $group,
vhost => $vhost,
require => Apache::Site::Config[$name],
}
ssl::cert { "$name":
group => $gid,
privmode => '0640',
ensure => $ssl_manage_cert ? {
true => present,
default => absent,
},
}
if $certbot == true {
certbot::manage { $name:
pre_hook => '/usr/sbin/service apache2 reload',
require => Apache::Site::Manage[$name],
}
}
}
|
