From 6da55c73f989eb3ebb295dc731e9311d4a7df574 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 7 Apr 2009 22:56:22 +0200
Subject: [PATCH] Add apache2 module

---
 .../files/common/etc/apache2/conf.d/security  | 55 +++++++++++++++++++
 .../sites-available/default-debian.org        | 21 +++++++
 modules/apache2/manifests/init.pp             | 25 +++++++++
 templates/default-index.html                  | 20 +++++++
 4 files changed, 121 insertions(+)
 create mode 100644 modules/apache2/files/common/etc/apache2/conf.d/security
 create mode 100644 modules/apache2/files/common/etc/apache2/sites-available/default-debian.org
 create mode 100644 modules/apache2/manifests/init.pp
 create mode 100644 templates/default-index.html

diff --git a/modules/apache2/files/common/etc/apache2/conf.d/security b/modules/apache2/files/common/etc/apache2/conf.d/security
new file mode 100644
index 00000000..ca5c1b74
--- /dev/null
+++ b/modules/apache2/files/common/etc/apache2/conf.d/security
@@ -0,0 +1,55 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages. It will be made the default for the release after lenny.
+#
+#<Directory />
+#	AllowOverride None
+#	Order Deny,Allow
+#	Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+#ServerTokens Minimal
+ServerTokens ProductOnly
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+#
+#TraceEnable Off
+TraceEnable On
+
diff --git a/modules/apache2/files/common/etc/apache2/sites-available/default-debian.org b/modules/apache2/files/common/etc/apache2/sites-available/default-debian.org
new file mode 100644
index 00000000..dca460b4
--- /dev/null
+++ b/modules/apache2/files/common/etc/apache2/sites-available/default-debian.org
@@ -0,0 +1,21 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<VirtualHost *:80>
+	ServerAdmin debian-admin@debian.org
+
+	ErrorLog /var/log/apache2/error.log
+	CustomLog /var/log/apache2/access.log combined
+
+	DocumentRoot /srv/www/default.debian.org/htdocs
+
+	HostnameLookups Off
+	UseCanonicalName Off
+	ServerSignature On
+	<IfModule mod_userdir.c>
+		UserDir disabled
+	</IfModule>
+</VirtualHost>
+# vim:set syn=apache:
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
new file mode 100644
index 00000000..2a7366d8
--- /dev/null
+++ b/modules/apache2/manifests/init.pp
@@ -0,0 +1,25 @@
+class apache2 {
+	file {
+		"/etc/apache2/conf.d/security":
+			source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
+			             "puppet:///apache2/common/etc/apache2/conf.d/security" ],
+			require => Package["apache2"],
+			notify  => Exec["apache2 reload"];
+
+		"/etc/apache2/sites-available/default-debian.org":
+			source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/default-debian.org",
+			             "puppet:///apache2/common/etc/apache2/sites-available/default-debian.org" ],
+			require => Package["apache2"],
+			notify  => Exec["apache2 reload"];
+		"/srv/www/default.debian.org/htdocs":
+			mode    => 755,
+			ensure  => directory;
+		"/srv/www/default.debian.org/htdocs/index.html":
+			content => template("default-index.html");
+	}
+
+	exec { "apache2 reload":
+		path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+		refreshonly => true,
+	}
+}
diff --git a/templates/default-index.html b/templates/default-index.html
new file mode 100644
index 00000000..3586c019
--- /dev/null
+++ b/templates/default-index.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+   <TITLE>Welcome to <%= hostname %>!</TITLE>
+</HEAD>
+<BODY>
+
+<H1>Welcome to <%= hostname %>!</H1>
+
+This is <%= hostname %>, a system run by and for the <a href="http://www.debian.org/">Debian Project</a>.
+She does stuff.  What kind of stuff you might learn on
+<a href="http://db.debian.org/machines.cgi?host=<%= hostname %>">db.debian.org</a>
+
+
+<P>
+<HR NOSHADE />
+<FONT size="-1">DSA</FONT>
+
+</BODY>
+</HTML>
-- 
2.39.2