5 files changed, 182 insertions, 0 deletions

diff --git a/puppet/modules/site_static/README b/puppet/modules/site_static/README
new file mode 100644
index 00000000..bc719782
--- /dev/null
+++ b/puppet/modules/site_static/README
@@ -0,0 +1,3 @@
+Deploy one or more static websites to a node.
+
+For now, it only supports `amber` based static sites. Should support plain html and jekyll in the future.
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
new file mode 100644
index 00000000..8af2230f
--- /dev/null
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -0,0 +1,28 @@
+define site_static::domain (
+  $locations,
+  $ca_cert,
+  $key,
+  $cert,
+  $tls_only) {
+
+  $domain = $name
+  $base_dir = '/srv/static'
+
+  create_resources(site_static::location, $locations)
+
+  x509::cert { $domain: content => $cert }
+  x509::key  { $domain: content => $key }
+  x509::ca   { "${domain}_ca": content => $ca_cert }
+
+  class { '::apache': no_default_site => true, ssl => true }
+  include site_apache::module::headers
+  include site_apache::module::alias
+  include site_apache::module::expires
+  include site_apache::module::removeip
+  include site_apache::module::rewrite
+
+  apache::vhost::file { $domain:
+    content => template('site_static/apache.conf.erb')
+  }
+
+}
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
new file mode 100644
index 00000000..91a4a7a9
--- /dev/null
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -0,0 +1,17 @@
+class site_static {
+  tag 'leap_service'
+  $static        = hiera('static')
+  $domains       = $static['domains']
+  $formats       = $static['formats']
+
+  if (member($formats, 'amber')) {
+    include site_config::ruby::dev
+    rubygems::gem{'amber': }
+  }
+
+  create_resources(site_static::domain, $domains)
+
+  include site_shorewall::defaults
+  include site_shorewall::service::http
+  include site_shorewall::service::https
+}
\ No newline at end of file
diff --git a/puppet/modules/site_static/manifests/location.pp b/puppet/modules/site_static/manifests/location.pp
new file mode 100644
index 00000000..1ba6807e
--- /dev/null
+++ b/puppet/modules/site_static/manifests/location.pp
@@ -0,0 +1,25 @@
+define site_static::location($path, $format, $source) {
+
+  $file_path = "/srv/static/${name}"
+
+  if ($format == 'amber') {
+    exec {"amber_build_${name}":
+      cwd     => $file_path,
+      command => 'amber rebuild',
+      user    => 'www-data',
+      timeout => 600,
+      subscribe => Vcsrepo[$file_path]
+    }
+  }
+
+  vcsrepo { $file_path:
+    ensure   => present,
+    force    => true,
+    revision => $source['revision'],
+    provider => $source['type'],
+    source   => $source['repo'],
+    owner    => 'www-data',
+    group    => 'www-data'
+  }
+
+}
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
new file mode 100644
index 00000000..76534911
--- /dev/null
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -0,0 +1,109 @@
+<%-
+  ##
+  ## An apache config for static websites.
+  ##
+  def location_directory(name, location)
+    if location['format'] == 'amber'
+      File.join(@base_dir, name, 'public')
+    else
+      File.join(@base_dir, name)
+    end
+  end
+  document_root = '/var/www'
+  @locations.each do |name, location|
+    if location['path'] == '/'
+      document_root = location_directory(name, location)
+    end
+  end
+-%>
+
+<VirtualHost *:80>
+  ServerName <%= @domain %>
+  ServerAlias www.<%= @domain %>
+  RewriteEngine On
+  RewriteRule ^.*$ https://<%= @domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName <%= @domain %>
+  ServerAlias www.<%= @domain %>
+
+  #RewriteLog "/var/log/apache2/rewrite.log"
+  #RewriteLogLevel 3
+
+  SSLEngine on
+  SSLProtocol -all +SSLv3 +TLSv1
+  SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+  SSLHonorCipherOrder on
+
+  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+  Header set X-Frame-Options "deny"
+
+  SSLCertificateKeyFile    /etc/x509/keys/<%= @domain %>.key
+  SSLCertificateFile       /etc/x509/certs/<%= @domain %>.crt
+  SSLCertificateChainFile  /etc/ssl/certs/<%= @domain %>_ca.pem
+
+  RequestHeader set X_FORWARDED_PROTO 'https'
+
+  DocumentRoot <%= document_root %>
+
+<%- @locations.each do |name, location| -%>
+  ##
+  ## <%= name %>
+  ##
+  <%- if location['path'] == '/' -%>
+  # Location /
+  <%- else -%>
+  Alias <%= location['path'] %> <%= location_directory(name, location) %>
+  <Location <%= location['path'] %>>
+  <%- end -%>
+    # remove trailing slashes
+    RewriteEngine On
+    RewriteRule ^(.+)/$ /$1 [R=301,L]
+
+    # e.g. /de/blah => /blah/index.de.html
+    RewriteCond %{DOCUMENT_ROOT}/$2/index.$1.html -f
+    RewriteRule ^/([a-z]{2})/(.*) /$2/index.$1.html [L]
+
+    # e.g. /de/foo/bar => /foo/bar.de.html
+    RewriteCond %{DOCUMENT_ROOT}/$2.$1.html -f
+    RewriteRule ^/([a-z]{2})/(.*) /$2.$1.html [L]
+
+    # e.g. /de => /index.de.html
+    RewriteCond %{DOCUMENT_ROOT}/index.$1.html -f
+    RewriteRule ^/([a-z]{2})$ /index.$1.html [L]
+
+    # e.g. /de/img.png => /img.png
+    RewriteCond %{DOCUMENT_ROOT}/$2 -f
+    RewriteRule ^/([a-z]{2})/(.*) /$2 [L]
+
+    # Simulate "DirectorySlash On"
+    # e.g. /foo/bar => /foo/bar/ (so that MultiViews will negotiate correct locale file)
+    RewriteCond %{DOCUMENT_ROOT}/$1 -d
+    RewriteRule ^/(.*[^/])$ /$1/ [PT]
+  <%- if location['path'] == '/' -%>
+  # end Location /
+  <%- else -%>
+  </Location>
+  <%- end -%>
+  <Directory <%= location_directory(name, location) %>>
+    ##
+    ## PERMISSIONS
+    ##
+    AllowOverride None
+    Order deny,allow
+    Allow from all
+
+    ##
+    ## LOCALE SUPPORT (e.g. index.en.html)
+    ##
+    LanguagePriority en
+    ForceLanguagePriority Prefer Fallback
+    DirectoryIndex index
+    DirectorySlash Off
+    Options +MultiViews
+  </Directory>
+
+<%- end -%>
+
+</VirtualHost>