Skip to content

Instantly share code, notes, and snippets.

@chihoko

chihoko/gist:32cc7b897c7c43ebf642 Secret

Created May 29, 2015 10:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chihoko/32cc7b897c7c43ebf642 to your computer and use it in GitHub Desktop.
Save chihoko/32cc7b897c7c43ebf642 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.rb
# == Class: profiles::base
#
# Base profile
#
class profiles::base {
## Hiera lookups
$selinux_mode = hiera('profiles::base::selinux_mode')
$ntp_servers = hiera('profiles::base::ntp_servers')
$dns_resolvers = hiera('profiles::base::dns_resolvers')
$timezone = hiera('profiles::base::timezone')
$sudo_manage_sudoersd = hiera('profiles::base::sudo::manage_sudoersd')
$sudo_sudoers = hiera_hash('profiles::base::sudo::sudoers')
$accounts = hiera_hash('profiles::base::accounts')
$crontabs = hiera('profiles::base::crontabs', undef)
$network_interfaces = hiera_hash('profiles::base::network_interfaces',undef)
$packages = hiera_array('profiles::base::packages')
$puppet_server = hiera('profiles::base::puppet_server')
$puppet_run_style = hiera('profiles::base::puppet_run_style')
$puppet_configtimeout = hiera('profiles::base::puppet_configtimeout')
$zabbix_server = hiera('profiles::base::zabbix_server')
$zabbix_client_version = hiera('profiles::base::zabbix_client_version')
$zabbix_client_manage_resources = hiera('profiles::base::zabbix_client_manage_resources')
$zabbix_client_manage_repo = hiera('profiles::base::zabbix_client_manage_repo')
$zabbix_client_manage_firewall = hiera('profiles::base::zabbix_client_manage_firewall')
$zabbix_client_host_group = hiera('profiles::base::zabbix_client_host_group')
$zabbix_client_host_templates = hiera('profiles::base::zabbix_client_host_templates')
$zabbix_client_userparameters = hiera_hash('profiles::base::zabbix_client_userparameters',{})
$rsyslog_log_remote = hiera('profiles::base::rsyslog_log_remote')
$rsyslog_log_local = hiera('profiles::base::rsyslog_log_local')
$rsyslog_auth_local = hiera('profiles::base::rsyslog_auth_local')
$fail2ban_mailto = hiera('profiles::base::fail2ban_mailto')
$yum_cron_yum_parameter = hiera('profiles::base::yum_cron_yum_parameter')
$yum_cron_check_only = hiera('profiles::base::yum_cron_check_only')
$yum_cron_mailto = hiera('profiles::base::yum_cron_mailto')
$yum_cron_service_ensure = hiera('profiles::base::yum_cron_service_ensure')
$sshd_storeconfigs_enabled = hiera('profiles::base::sshd_storeconfigs_enabled')
$sshd_port = hiera('profiles::base::sshd_port')
$sshd_protocol = hiera('profiles::base::sshd_protocol')
$sshd_syslogfacility = hiera('profiles::base::sshd_syslogfacility')
$sshd_loglevel = hiera('profiles::base::sshd_loglevel')
$sshd_permit_root_login = hiera('profiles::base::sshd_permit_root_login')
$sshd_allowgroups = hiera('profiles::base::sshd_allowgroups')
$sshd_passwordauthentication = hiera('profiles::base::sshd_passwordauthentication')
$sshd_challengeresponseauthentication = hiera('profiles::base::sshd_challengeresponseauthentication')
$sshd_gssapiauthentication = hiera('profiles::base::sshd_gssapiauthentication')
$sshd_gssapicleanupcredentials = hiera('profiles::base::sshd_gssapicleanupcredentials')
$sshd_tcpkeepalive = hiera('profiles::base::sshd_tcpkeepalive')
$sshd_allowagentforwarding = hiera('profiles::base::sshd_allowagentforwarding')
$sshd_banner = hiera('profiles::base::sshd_banner')
$sshd_x11forwarding = hiera('profiles::base::sshd_x11forwarding')
$sshd_subsystem = hiera('profiles::base::sshd_subsystem')
$sshd_usepam = hiera('profiles::base::sshd_usepam')
$shorewall_startup_enabled = hiera('profiles::base::shorewall_startup_enabled')
$shorewall_interfaces = hiera_hash('profiles::base::shorewall_interfaces')
$shorewall_zones = hiera_hash('profiles::base::shorewall_zones')
$shorewall_policy = hiera_hash('profiles::base::shorewall_policy')
$shorewall_rules = hiera_hash('profiles::base::shorewall_rules')
$shorewall_tunnels = hiera_hash('profiles::base::shorewall_tunnels',{})
$shorewall_hosts = hiera_hash('profiles::base::shorewall_hosts',{})
$shorewall_rulesections = hiera_hash('profiles::base::shorewall_rulesections',{})
$shorewall_masq = hiera_hash('profiles::base::shorewall_masq',{})
$shorewall_proxyarp = hiera_hash('profiles::base::shorewall_proxyarp',{})
$shorewall_nat = hiera_hash('profiles::base::shorewall_nat',{})
$shorewall_blacklist = hiera_hash('profiles::base::shorewall_blacklist',{})
$shorewall_rfc1918 = hiera_hash('profiles::base::shorewall_rfc1918',{})
$shorewall_routestopped = hiera_hash('profiles::base::shorewall_routestopped',{})
$shorewall_params = hiera_hash('profiles::base::shorewall_params',{})
$shorewall_tcdevices = hiera_hash('profiles::base::shorewall_tcdevices',{})
$shorewall_tcrules = hiera_hash('profiles::base::shorewall_tcrules',{})
$shorewall_tcclasses = hiera_hash('profiles::base::shorewall_tcclasses',{})
$shorewall_rtrules = hiera_hash('profiles::base::shorewall_rtrules',{})
## Class declarations
class { '::profiles::base::repos':
stage => 'pre',
}
# Create user accounts
create_resources('account', $accounts)
if $crontabs {
create_resources(cron, $crontabs)
}
class { '::ssh::server':
storeconfigs_enabled => $sshd_storeconfigs_enabled,
options => {
'Port' => $sshd_port,
'Protocol' => $sshd_protocol,
'SyslogFacility' => $sshd_syslogfacility,
'LogLevel' => $sshd_loglevel,
'PermitRootLogin' => $sshd_permit_root_login,
'AllowGroups' => $sshd_allowgroups,
'PasswordAuthentication' => $sshd_passwordauthentication,
'ChallengeResponseAuthentication' => $sshd_challengeresponseauthentication,
'GSSAPIAuthentication' => $sshd_gssapiauthentication,
'GSSAPICleanupCredentials' => $sshd_gssapicleanupcredentials,
'TCPKeepAlive' => $sshd_tcpkeepalive,
'AllowAgentForwarding' => $sshd_allowagentforwarding,
'banner' => $sshd_banner,
'X11Forwarding' => $sshd_x11forwarding,
'Subsystem' => $sshd_subsystem,
'UsePAM' => $sshd_usepam,
},
}
class { '::shorewall':
interfaces => $shorewall_interfaces,
zones => $shorewall_zones,
tunnels => $shorewall_tunnels,
policy => $shorewall_policy,
hosts => $shorewall_hosts,
rules => $shorewall_rules,
rulesections => $shorewall_rulesections,
masq => $shorewall_masq,
proxyarp => $shorewall_proxyarp,
nat => $shorewall_nat,
blacklist => $shorewall_blacklist,
rfc1918 => $shorewall_rfc1918,
routestopped => $shorewall_routestopped,
params => $shorewall_params,
tcdevices => $shorewall_tcdevices,
tcrules => $shorewall_tcrules,
tcclasses => $shorewall_tcclasses,
rtrules => $shorewall_rtrules,
}
## Manage SSH before Shorewall to prevent lockout
Class['::ssh::server'] -> Class['::shorewall']
# Enable shorewall to startup
augeas { 'enable_shorewall_startup':
changes => "set /files/etc/shorewall/shorewall.conf/STARTUP_ENABLED $shorewall_startup_enabled",
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
notify => Service[shorewall],
require => Class['::shorewall'],
}
# set BLACKLIST to ALL to ensure rules added by fail2ban to ban an IP address will affect ALL (not only new) connections.
augeas { 'enable_shorewall_blacklist':
changes => "set /files/etc/shorewall/shorewall.conf/BLACKLIST ALL",
lens => 'Shellvars.lns',
incl => '/etc/shorewall/shorewall.conf',
notify => Service[shorewall],
require => Class['::shorewall'],
}
service{ ['iptables','ip6tables']:
enable => false,
require => Class['::shorewall'],
}
# Export shorewall rule to be collected on puppetmaster
@@shorewall::rule { "allow puppet from ${::fqdn}":
source => "net:${::ipaddress}",
destination => '$FW',
proto => 'tcp',
destinationport => '8140',
order => 500,
tag => 'allow_puppet',
action => 'ACCEPT';
}
# Export shorewall rule to be collected on Zabbix server
@@shorewall::rule { "allow zabbix from ${::fqdn}":
source => "net:${::ipaddress}",
destination => '$FW',
proto => 'tcp',
destinationport => '10050',
order => 510,
tag => 'allow_zabbix',
action => 'ACCEPT';
}
class { '::selinux':
mode => $selinux_mode,
}
file { '/etc/issue.net':
ensure => present,
mode => '0644',
owner => 'root',
group => 'root',
before => Class['ssh::server'],
source => 'puppet:///modules/nab/sshd/issue.net',
}
# Do not manage Networking on virtualbox
unless $::virtual == 'virtualbox' {
class { '::network':
interfaces_hash => $network_interfaces,
}
}
package { $packages:
ensure => present;
}
class { '::ntp':
servers => $ntp_servers,
}
class { '::resolv_conf':
nameservers => $dns_resolvers,
}
class { '::timezone':
timezone => $timezone,
}
class { 'fail2ban':
mailto => $fail2ban_mailto,
}
class { '::rsyslog::client':
log_remote => $rsyslog_log_remote,
log_local => $rsyslog_log_local,
log_auth_local => $rsyslog_auth_local,
}
class { '::yum_cron':
yum_parameter => $yum_cron_yum_parameter,
check_only => $yum_cron_check_only,
mailto => $yum_cron_mailto,
service_ensure => $yum_cron_service_ensure,
}
class { '::sudo':
manage_sudoersd => $sudo_manage_sudoersd,
sudoers => $sudo_sudoers,
}
class { '::puppet::agent':
puppet_server => $puppet_server,
puppet_run_style => $puppet_run_style,
configtimeout => $puppet_configtimeout,
}
class { '::zabbix::agent':
zabbix_version => $zabbix_client_version,
server => $zabbix_server,
manage_resources => $zabbix_client_manage_resources,
manage_repo => $zabbix_client_manage_repo,
manage_firewall => $zabbix_client_manage_firewall,
zbx_group => $zabbix_client_host_group,
zbx_templates => $zabbix_client_host_templates,
}
# Create directory for Zabbix external scripts
file { '/etc/zabbix/externalscripts':
ensure => directory,
owner => zabbix,
group => zabbix,
mode => '0755',
require => Class['::zabbix::agent'],
}
create_resources('::zabbix::userparameters', $zabbix_client_userparameters)
file { '/var/backups/':
ensure => directory,
owner => root,
group => root,
mode => '0755'
}
}
# == Class: profiles::dovecot
#
# Dovecot IMAP profile
#
class profiles::dovecot {
## Hiera lookups
$dovecot_plugins = hiera('profiles::dovecot::plugins')
$dovecot_protocols = hiera('profiles::dovecot::protocols')
$dovecot_verbose_proctitle = hiera('profiles::dovecot::verbose_proctitle')
$dovecot_auth_include = hiera('profiles::dovecot::auth_include')
$dovecot_disable_plaintext_auth = hiera('profiles::dovecot::disable_plaintext_auth')
$dovecot_auth_mechanisms = hiera('profiles::dovecot::auth_mechanisms')
$dovecot_mail_location = hiera('profiles::dovecot::mail_location')
$dovecot_auth_listener_userdb_mode = hiera('profiles::dovecot::auth_listener_userdb_mode')
$dovecot_auth_listener_userdb_group = hiera('profiles::dovecot::auth_listener_userdb_group')
$dovecot_auth_listener_postfix = hiera('profiles::dovecot::auth_listener_postfix')
$dovecot_ssl = hiera('profiles::dovecot::ssl')
$dovecot_ssl_cert = hiera('profiles::dovecot::ssl_cert')
$dovecot_ssl_key = hiera('profiles::dovecot::ssl_key')
$dovecot_postmaster_address = hiera('profiles::dovecot::postmaster_address')
$dovecot_hostname = hiera('profiles::dovecot::hostname')
$dovecot_lda_mail_plugins = hiera('profiles::dovecot::lda_mail_plugins')
$dovecot_auth_sql_userdb_static = hiera('profiles::dovecot::auth_sql_userdb_static')
$dovecot_log_timestamp = hiera('profiles::dovecot::log_timestamp')
$dovecot_dbname = hiera('profiles::dovecot::dbname')
$dovecot_dbuser = hiera('profiles::dovecot::dbuser')
$dovecot_dbpassword = hiera('profiles::dovecot::dbpassword')
$dovecot_dbhost = hiera('profiles::dovecot::dbhost')
$dovecot_dbgrants = hiera('profiles::dovecot::dbgrants')
$dovecot_lmtp_socket_path = hiera('profiles::dovecot::lmtp_socket_path')
$dovecot_lmtp_socket_user = hiera('profiles::dovecot::lmtp_socket_user')
$dovecot_lmtp_socket_group = hiera('profiles::dovecot::lmtp_socket_group')
$dovecot_lmtp_socket_mode = hiera('profiles::dovecot::lmtp_socket_mode')
$dovecot_lmtp_mail_plugins = hiera('profiles::dovecot::lmtp_mail_plugins')
class { '::dovecot':
plugins => $dovecot_plugins,
protocols => $dovecot_protocols,
verbose_proctitle => $dovecot_verbose_proctitle,
auth_include => $dovecot_auth_include,
disable_plaintext_auth => $dovecot_disable_plaintext_auth,
auth_mechanisms => $dovecot_auth_mechanisms,
mail_location => $dovecot_mail_location,
auth_listener_userdb_mode => $dovecot_auth_listener_userdb_mode,
auth_listener_userdb_group => $dovecot_auth_listener_userdb_group,
auth_listener_postfix => $dovecot_auth_listener_postfix,
ssl => $dovecot_ssl,
ssl_cert => $dovecot_ssl_cert,
ssl_key => $dovecot_ssl_key,
postmaster_address => $dovecot_postmaster_address,
hostname => $dovecot_hostname,
lda_mail_plugins => $dovecot_lda_mail_plugins,
auth_sql_userdb_static => $dovecot_auth_sql_userdb_static,
log_timestamp => $dovecot_log_timestamp,
lmtp_socket_path => $dovecot_lmtp_socket_path,
lmtp_socket_user => $dovecot_lmtp_socket_user,
lmtp_socket_group => $dovecot_lmtp_socket_group,
lmtp_socket_mode => $dovecot_lmtp_socket_mode,
lmtp_mail_plugins => dovecot_lmtp_mail_plugins,
}
dovecot::file { 'dovecot-sql.conf.ext':
source => 'puppet:///modules/nab/dovecot/dovecot-sql.conf.ext',
}
# Add custom namspace
dovecot::file { 'conf.d/95-custom.conf':
source => 'puppet:///modules/nab/dovecot/95-custom.conf',
}
mysql::db { $dovecot_dbname:
user => $dovecot_dbuser,
password => $dovecot_dbpassword,
host => $dovecot_dbhost,
grant => $dovecot_dbgrants,
}
file {['/var/mail/vhosts/','/var/mail/vhosts/nab.net']:
ensure => directory,
owner => 'vmail',
group => 'vmail',
require => User['vmail']
}
user {'vmail':
ensure => present,
uid => '5000',
groups => 'vmail',
shell => '/bin/bash',
home => '/home/vmail',
require => Group['vmail']
}
group {'vmail':
ensure => present,
}
shorewall::rule { "allow secure IMAP":
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => '993',
order => '200',
action => 'ACCEPT';
}
shorewall::rule { "allow secure POP3":
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => '995',
order => '200',
action => 'ACCEPT';
}
}
# == Class: profiles::confluence
#
# Atlassian Confluence profile
#
class profiles::confluence {
## Hiera lookups
$confluence_version = hiera('profiles::confluence::version')
$confluence_installdir = hiera('profiles::confluence::installdir')
$confluence_homedir = hiera('profiles::confluence::homedir')
$confluence_javahome = hiera('profiles::confluence::javahome')
$confluence_manage_service = hiera('profiles::confluence::manage_service')
$confluence_user = hiera('profiles::confluence::user')
$confluence_group = hiera('profiles::confluence::group')
$confluence_dbuser = hiera('profiles::confluence::dbuser')
$confluence_dbpassword = hiera('profiles::confluence::dbpassword')
$confluence_dbname = hiera('profiles::confluence::dbname')
$confluence_dbhost = hiera('profiles::confluence::dbhost')
$confluence_jvm_xms = hiera('profiles::confluence::jvm_xms')
$confluence_jvm_xmx = hiera('profiles::confluence::jvm_xmx')
$confluence_java_opts = hiera('profiles::confluence::java_opts')
$confluence_format = hiera('profiles::confluence::format')
$confluence_downloadURL = hiera('profiles::confluence::downloadURL')
$confluence_tomcat_proxy = hiera_hash('profiles::confluence::tomcat_proxy')
include profiles::jdk_oracle
## Create database for confluence
include profiles::postgres
postgresql::server::db { $confluence_dbname:
user => $confluence_dbuser,
password => postgresql_password($confluence_dbuser, $confluence_dbpassword),
encoding => 'UTF8',
}
::selinux::module { 'NAB_dryad_httpd':
ensure => 'present',
source => 'puppet:///modules/nab/selinux/NAB_dryad_httpd.te',
}
include apache
## Setup Apache reverse proxy to Confluence app server
apache::vhost { 'docs.tamazaki.com-443':
port => '443',
docroot => '/opt/confluence/',
ssl => true,
ssl_cert => '/etc/pki/tls/certs/tamazaki.com.crt',
ssl_chain => '/etc/pki/tls/certs/tamazaki.com.bundle',
ssl_key => '/etc/pki/tls/private/tamazaki.com.key',
ssl_proxyengine => true,
proxy_preserve_host => true,
proxy_pass => [
{ 'path' => '/', 'url' => 'http://localhost:8090/' },
],
}
# Redirect HTTP to HTTPS
apache::vhost { 'docs.tamazaki.com-80':
port => '80',
docroot => '/opt/confluence/',
rewrites => [
{
comment => 'redirect to https',
rewrite_cond => ['%{HTTPS} off'],
rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'],
},
],
}
shorewall::rule { "allow https":
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => '443',
order => '200',
action => 'ACCEPT';
}
file { ['/var/atlassian/','/var/atlassian/application-data/']:
ensure => directory,
before => Class['::confluence'],
}
file { '/opt/atlassian':
ensure => directory,
before => Class['::confluence'],
}
class { '::confluence':
version => $confluence_version,
installdir => $confluence_installdir,
homedir => $confluence_homedir,
javahome => $confluence_javahome,
manage_service => $confluence_manage_service,
user => $confluence_user,
group => $confluence_group,
jvm_xms => $confluence_jvm_xms,
jvm_xmx => $confluence_jvm_xmx,
java_opts => $confluence_java_opts,
format => $confluence_format,
downloadURL => $confluence_downloadURL,
tomcat_proxy => $confluence_tomcat_proxy,
}
}
# == Class: profiles::mysqlserver
#
# MySQL server profile
#
class profiles::mysqlserver {
## Hiera lookups
$mysql_root_pass = hiera('profiles::mysqlserver::root_pass')
$mysql_override_options = hiera_hash('profiles::mysqlserver::override_options')
$mysql_users = hiera_hash('profiles::mysqlserver::users',{})
$mysql_grants = hiera_hash('profiles::mysqlserver::grants',{})
$mysql_databases = hiera_hash('profiles::mysqlserver::databases',{})
$mysql_backup_ensure = hiera('profiles::mysqlserver::backup_ensure')
$mysql_backupuser = hiera('profiles::mysqlserver::backupuser')
$mysql_backuppassword = hiera('profiles::mysqlserver::backuppassword')
$mysql_backupdir = hiera('profiles::mysqlserver::backupdir')
$mysql_backupdirmode = hiera('profiles::mysqlserver::backupdirmode')
$mysql_backupdirowner = hiera('profiles::mysqlserver::backupdirowner')
$mysql_backupdirgroup = hiera('profiles::mysqlserver::backupdirgroup')
$mysql_backup_time = hiera('profiles::mysqlserver::backup_time')
$mysql_backupdatabases = hiera_array('profiles::mysqlserver::backupdatabases')
class { '::mysql::server':
root_password => $mysql_root_pass,
override_options => $mysql_override_options,
users => $mysql_users,
grants => $mysql_grants,
databases => $mysql_databases,
}
# Create databases
#create_resources('::mysql::db', $mysql_databases)
# Delete default MySQL accounts
include mysql::server::account_security
# Backup databases
class { '::backup::mysql':
ensure => $mysql_backup_ensure,
backupuser => $mysql_backupuser,
backuppassword => $mysql_backuppassword,
backupdir => $mysql_backupdir,
backupdirmode => $mysql_backupdirmode,
backupdirowner => $mysql_backupdirowner,
backupdirgroup => $mysql_backupdirgroup,
time => $mysql_backup_time,
backupdatabases => $mysql_backupdatabases,
}
}
# == Class: profiles::piwik
#
# Nginx profile
#
class profiles::piwik {
## Hiera lookups
$nginx_mail = hiera('profiles::piwik::nginx::mail')
$nginx_worker_processes = hiera('profiles::piwik::nginx::worker_processes')
$nginx_server_tokens = hiera('profiles::piwik::nginx::server_tokens')
$nginx_nginx_error_log = hiera('profiles::piwik::nginx::nginx_error_log')
$nginx_http_access_log = hiera('profiles::piwik::nginx::http_access_log')
$nginx_proxy_cache_path = hiera('profiles::piwik::nginx::proxy_cache_path')
$nginx_proxy_cache_levels = hiera('profiles::piwik::nginx::proxy_cache_levels')
$nginx_proxy_cache_keys_zone = hiera('profiles::piwik::nginx::proxy_cache_keys_zone')
$nginx_proxy_cache_max_size = hiera('profiles::piwik::nginx::proxy_cache_max_size')
$nginx_vhosts = hiera('profiles::piwik::nginx::vhosts')
$nginx_locations = hiera('profiles::piwik::nginx::locations')
$php_ensure = hiera('profiles::piwik::php::php_ensure')
$php_manage_repos = hiera('profiles::piwik::php::php_manage_repos')
$php_fpm = hiera('profiles::piwik::php::php_fpm')
$php_dev = hiera('profiles::piwik::php::php_dev')
$php_composer = hiera('profiles::piwik::php::php_composer')
$php_pear = hiera('profiles::piwik::php::php_pear')
$php_phpunit = hiera('profiles::piwik::php::php_phpunit')
$php_extensions = hiera_hash('profiles::piwik::php::php_extensions')
$php_fpm_settings = hiera_hash('profiles::piwik::php::php_fpm_settings')
$remi_enabled = hiera('profiles::piwik::remi::remi_enabled')
$remi_extras = hiera('profiles::piwik::remi::remi_extras')
$remi_php55_repo = hiera('profiles::piwik::remi::remi_php55_repo')
$piwik_dbname = hiera('profiles::piwik::mysql::piwik_dbname')
$piwik_dbuser = hiera('profiles::piwik::mysql::piwik_dbuser')
$piwik_dbpassword = hiera('profiles::piwik::mysql::piwik_dbpassword')
$piwik_dbhost = hiera('profiles::piwik::mysql::piwik_dbhost')
$piwik_dbgrants = hiera('profiles::piwik::mysql::piwik_dbgrants')
include profiles::mysqlserver
mysql::db { $piwik_dbname:
user => $piwik_dbuser,
password => $piwik_dbpassword,
host => $piwik_dbhost,
grant => $piwik_dbgrants,
}
mysql_grant { "$piwik_dbuser@localhost/*.*":
ensure => 'present',
options => ['GRANT'],
privileges => ['FILE'],
table => '*.*',
user => "$piwik_dbuser@localhost",
}
class { '::nginx::config':
mail => $nginx_mail,
worker_processes => $nginx_worker_processes,
server_tokens => $nginx_server_tokens,
nginx_error_log => $nginx_nginx_error_log,
http_access_log => $nginx_http_access_log,
proxy_cache_path => $nginx_proxy_cache_path,
proxy_cache_levels => $nginx_proxy_cache_levels,
proxy_cache_keys_zone => $nginx_proxy_cache_keys_zone,
proxy_cache_max_size => $nginx_proxy_cache_max_size,
}
include nginx
file {['/srv','/srv/www']:
ensure => directory
}
file { '/srv/www/piwik' :
ensure => directory,
group => 'apache',
owner => 'apache',
recurse => true,
}
create_resources('::nginx::resource::vhost', $nginx_vhosts)
create_resources('::nginx::resource::location', $nginx_locations)
Class['::remi'] -> Class['::php']
class { '::remi':
enabled => $remi_enabled,
extras => $remi_extras,
php55 => $remi_php55_repo,
}
class { '::php':
ensure => $php_ensure,
manage_repos => $php_manage_repos,
fpm => $php_fpm,
dev => $php_dev,
composer => $php_composer,
pear => $php_pear,
phpunit => $php_phpunit,
extensions => $php_extensions,
settings => $php_fpm_settings,
}
shorewall::rule { "allow https":
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => '443',
order => '200',
action => 'ACCEPT';
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment