this should virtually work

[dsa-puppet.git] / modules / apache2 / manifests / init.pp

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index bccbd916c53cb9cde36fa6c2b11e44508001a694..cd2a4e40add703b7b7b5c0957fe19c558970357e 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -6,10 +6,16 @@ class apache2 {
                "logrotate": ensure => installed;
        }
 
-        case $php {
+        case $php5 {
                 "true": { package {
                                "php5-suhosin": ensure => installed;
                        }
+                          file { "/etc/php5/conf.d/suhosin.ini":
+                                       source  => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+                                                    "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+                                       require => Package["apache2", "php5-suhosin"],
+                                        notify  => Exec["force-reload-apache2"];
+                       }
                }
        }
 
@@ -66,16 +72,6 @@ class apache2 {
                 "000-default": ensure => absent;
         }
 
-        case $php5suhosin {
-                "true": { file { "/etc/php5/conf.d/suhosin.ini":
-                                       source  => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
-                                                    "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
-                                       require => Package["apache2", "php5-suhosin"],
-                                        notify  => Exec["force-reload-apache2"];
-                               }
-                 }
-        }
-
        file {
                "/etc/apache2/conf.d/ressource-limits":
                        content => template("apache2/ressource-limits.erb"),
@@ -133,4 +129,9 @@ class apache2 {
                command => "/etc/init.d/apache2 force-reload",
                refreshonly => true,
        }
+        @ferm::rule { "dsa-apache":
+                domain          => "(ip ip6)",
+                description     => "Allow web access",
+                rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+        }
 }