this should virtually work

[dsa-puppet.git] / modules / apache2 / manifests / init.pp

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index dc8c66c8d2fa6d27f6a95f72198a8d80aaa983a9..cd2a4e40add703b7b7b5c0957fe19c558970357e 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -6,6 +6,20 @@ class apache2 {
                "logrotate": ensure => installed;
        }
 
+        case $php5 {
+                "true": { package {
+                               "php5-suhosin": ensure => installed;
+                       }
+                          file { "/etc/php5/conf.d/suhosin.ini":
+                                       source  => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+                                                    "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+                                       require => Package["apache2", "php5-suhosin"],
+                                        notify  => Exec["force-reload-apache2"];
+                       }
+               }
+       }
+
+
         define activate_apache_site($ensure=present, $site=$name) {
                 case $site {
                         "": { $base = $name }
@@ -115,4 +129,9 @@ class apache2 {
                command => "/etc/init.d/apache2 force-reload",
                refreshonly => true,
        }
+        @ferm::rule { "dsa-apache":
+                domain          => "(ip ip6)",
+                description     => "Allow web access",
+                rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+        }
 }