summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r--puppet/modules/site_static/manifests/init.pp15
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb2
2 files changed, 11 insertions, 6 deletions
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 1efc510b..8df53075 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -9,6 +9,7 @@ class site_static {
$domains = $static['domains']
$formats = $static['formats']
$bootstrap = $static['bootstrap_files']
+ $tor = hiera('tor', false)
if $bootstrap['enabled'] {
$bootstrap_domain = $bootstrap['domain']
@@ -27,14 +28,11 @@ class site_static {
}
}
- class { '::apache': no_default_site => true, ssl => true }
include site_apache::module::headers
include site_apache::module::alias
include site_apache::module::expires
include site_apache::module::removeip
- include site_apache::module::rewrite
- apache::config::include{ 'ssl_common.inc': }
-
+ include site_apache::common
include site_config::ruby::dev
if (member($formats, 'rack')) {
@@ -46,7 +44,7 @@ class site_static {
}
if (member($formats, 'amber')) {
- rubygems::gem{'amber-0.3.7':
+ rubygems::gem{'amber-0.3.8':
require => Package['zlib1g-dev']
}
@@ -57,6 +55,13 @@ class site_static {
create_resources(site_static::domain, $domains)
+ if $tor {
+ $hidden_service = $tor['hidden_service']
+ if $hidden_service['active'] {
+ include site_webapp::hidden_service
+ }
+ }
+
include site_shorewall::defaults
include site_shorewall::service::http
include site_shorewall::service::https
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index 4d61cc08..2853c5c7 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -48,7 +48,7 @@
Include include.d/ssl_common.inc
<%- if @tls_only -%>
- Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+ Header always set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
<%- end -%>
Header set X-Frame-Options "deny"
Header always unset X-Powered-By