X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fapache2%2Fmanifests%2Finit.pp;h=a7715586fd69c27400a983a0e4dcff0d90e6d213;hb=709438a136ff74644565a7c81ceefb922ca6b519;hp=a0af075b0ef88d2bbfbd09dff293962fd1432936;hpb=f9c4671764a79754a256a7d89989f46f686fe4cd;p=dsa-puppet.git

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index a0af075b..a7715586 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -1,51 +1,96 @@
 class apache2 {
-	package {
-		apache2: ensure => installed;
-		logrotate: ensure => installed;
-	}
-
-	file {
-		"/etc/apache2/conf.d/ressource-limits":
-			source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/ressource-limits",
-			             "puppet:///apache2/common/etc/apache2/conf.d/ressource-limits" ],
-			require => Package["apache2"],
-			notify  => Exec["apache2 reload"];
-		"/etc/apache2/conf.d/security":
-			source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
-			             "puppet:///apache2/common/etc/apache2/conf.d/security" ],
-			require => Package["apache2"],
-			notify  => Exec["apache2 reload"];
-
-		"/etc/apache2/sites-available/default-debian.org":
-			source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/default-debian.org",
-			             "puppet:///apache2/common/etc/apache2/sites-available/default-debian.org" ],
-			require => Package["apache2"],
-			notify  => Exec["apache2 reload"];
-
-		"/etc/logrotate.d/apache2":
-			source  => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2",
-			             "puppet:///apache2/common/etc/logrotate.d/apache2" ];
-
-		"/srv/www":
-			mode    => 755,
-			ensure  => directory;
-		"/srv/www/default.debian.org":
-			mode    => 755,
-			ensure  => directory;
-		"/srv/www/default.debian.org/htdocs":
-			mode    => 755,
-			ensure  => directory;
-		"/srv/www/default.debian.org/htdocs/index.html":
-			content => template("apache2/default-index.html");
-
-		# sometimes this is a symlink
-		#"/var/log/apache2":
-		#	mode    => 755,
-		#	ensure  => directory;
-	}
-
-	exec { "apache2 reload":
-		path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-		refreshonly => true,
+
+	package { 'apache2':
+		ensure => installed,
+	}
+
+	service { 'apache2':
+		ensure  => running,
+		require => Package['apache2'],
+	}
+
+	apache2::module { 'info': }
+	apache2::module { 'status': }
+
+	apache2::site { '00-default':
+		site     => 'default-debian.org',
+		content  => template('apache2/default-debian.org.erb'),
+	}
+
+	apache2::site { '000-default':
+		ensure => absent,
+	}
+
+	apache2::config { 'ressource-limits':
+		content => template('apache2/ressource-limits.erb'),
+	}
+
+	apache2::config { 'security':
+		source => 'puppet:///modules/apache2/security',
+	}
+
+	apache2::config { 'local-serverinfo':
+		source => 'puppet:///modules/apache2/local-serverinfo',
+	}
+
+	apache2::config { 'server-status':
+		source => 'puppet:///modules/apache2/server-status',
+	}
+
+	file { '/etc/apache2/sites-available/common-ssl.inc':
+		source => 'puppet:///modules/apache2/common-ssl.inc',
+		require => Package['apache2'],
+		notify  => Service['apache2'],
+	}
+
+	file { '/etc/logrotate.d/apache2':
+		source => 'puppet:///modules/apache2/apache2.logrotate',
+	}
+
+	file { [ '/srv/www', '/srv/www/default.debian.org', '/srv/www/default.debian.org/htdocs' ]:
+		ensure  => directory,
+		mode    => '0755',
+	}
+
+	file { '/srv/www/default.debian.org/htdocs/index.html':
+		content => template('apache2/default-index.html'),
+	}
+
+	munin::check { 'apache_accesses': }
+	munin::check { 'apache_processes': }
+	munin::check { 'apache_volume': }
+	munin::check { 'apache_servers': }
+	munin::check { 'ps_apache2':
+		script => 'ps_',
+	}
+
+	if $php5 {
+		package { 'php5-suhosin':
+			ensure  => installed,
+			require => Package['apache2'],
+		}
+
+		file { '/etc/php5/conf.d/suhosin.ini':
+			source  => 'puppet:///modules/apache2/suhosin.ini',
+			require => Package['php5-suhosin'],
+			notify  => Service['apache2'],
+		}
+	}
+
+	if $::hostname in [busoni,holter,lindberg,master,powell,beach,buxtehude,widor] {
+		include apache2::dynamic
+	} else {
+		@ferm::rule { 'dsa-http':
+			prio        => '23',
+			description => 'Allow web access',
+			rule        => '&SERVICE(tcp, (http https))'
+		}
+	}
+
+	@ferm::rule { 'dsa-http-v6':
+		domain          => '(ip6)',
+		prio            => '23',
+		description     => 'Allow web access',
+		rule            => '&SERVICE(tcp, (http https))'
 	}
 }