From 4aff06cc2fecc0b59728d7fc825fb36394b847b7 Mon Sep 17 00:00:00 2001
From: Micah <micah@leap.se>
Date: Tue, 12 Jul 2016 16:45:58 -0400
Subject: git subrepo clone https://leap.se/git/puppet_apache
 puppet/modules/apache

subrepo:
  subdir:   "puppet/modules/apache"
  merged:   "415e950"
upstream:
  origin:   "https://leap.se/git/puppet_apache"
  branch:   "master"
  commit:   "415e950"
git-subrepo:
  version:  "0.3.0"
  origin:   "https://github.com/ingydotnet/git-subrepo"
  commit:   "1e79595"

Change-Id: Iba7353669969a09c0b4bbd63add67e3245b05ede
---
 .../templates/vhosts/partials/authentication.erb   |  6 +++++
 .../templates/vhosts/partials/header_default.erb   | 22 ++++++++++++++++++
 .../apache/templates/vhosts/partials/logs.erb      | 18 +++++++++++++++
 .../templates/vhosts/partials/mod_security.erb     | 27 ++++++++++++++++++++++
 .../templates/vhosts/partials/php_settings.erb     | 20 ++++++++++++++++
 .../apache/templates/vhosts/partials/ssl.erb       |  8 +++++++
 .../vhosts/partials/std_override_options.erb       |  4 ++++
 7 files changed, 105 insertions(+)
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/authentication.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/header_default.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/logs.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/mod_security.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/php_settings.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/ssl.erb
 create mode 100644 puppet/modules/apache/templates/vhosts/partials/std_override_options.erb

(limited to 'puppet/modules/apache/templates/vhosts/partials')

diff --git a/puppet/modules/apache/templates/vhosts/partials/authentication.erb b/puppet/modules/apache/templates/vhosts/partials/authentication.erb
new file mode 100644
index 00000000..ed832210
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/authentication.erb
@@ -0,0 +1,6 @@
+<% unless @htpasswd_file.to_s == 'absent' -%>
+    AuthType Basic
+    AuthName "Access fuer <%= @servername %>"
+    AuthUserFile <%= @real_htpasswd_path %>
+    require valid-user
+<% end -%>
diff --git a/puppet/modules/apache/templates/vhosts/partials/header_default.erb b/puppet/modules/apache/templates/vhosts/partials/header_default.erb
new file mode 100644
index 00000000..cd4d04ca
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/header_default.erb
@@ -0,0 +1,22 @@
+  Include include.d/defaults.inc
+<% if vhost_part == :ssl -%>
+  Include include.d/ssl_defaults.inc
+<%= scope.function_templatewlv(['apache/vhosts/partials/ssl.erb',
+                                {'configuration' => configuration}]) %>
+<% end -%>
+  ServerName <%= @servername %>
+<% unless @serveralias.empty? || (@serveralias == 'absent') -%>
+  ServerAlias <%= Array(@serveralias).sort.join(' ') %>
+<% end -%>
+<% unless @server_admin.empty? || (@server_admin == 'absent') -%>
+  ServerAdmin <%= @server_admin %>
+<% end -%>
+<% unless @documentroot == 'really_absent' -%>
+  DocumentRoot <%= @documentroot %>/
+<% end -%>
+<% if @default_charset != 'absent' -%>
+  AddDefaultCharset <%= @default_charset %>
+<% end -%>
+<% if @passing_extension != 'absent' -%>
+  DirectoryIndex index.htm index.html index.<%= @passing_extension %>
+<% end -%>
diff --git a/puppet/modules/apache/templates/vhosts/partials/logs.erb b/puppet/modules/apache/templates/vhosts/partials/logs.erb
new file mode 100644
index 00000000..4fe1b0a6
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/logs.erb
@@ -0,0 +1,18 @@
+<% case @logmode.to_s
+      when 'nologs' -%>
+  ErrorLog /dev/null
+  CustomLog /dev/null %%
+<% when 'noaccess' -%>
+  ErrorLog <%= @logdir %>/<%= @logprefix %>error_log
+  CustomLog /dev/null noip
+<% when 'semianonym' -%>
+  ErrorLog <%= @logdir %>/<%= @logprefix %>error_log
+  CustomLog <%= @logdir %>/<%= @logprefix %>access_log noip
+<% when 'anonym' -%>
+  ErrorLog /dev/null
+  CustomLog <%= @logdir %>/<%= @logprefix %>access_log noip
+<% else -%>
+  ErrorLog <%= @logdir %>/<%= @logprefix %>error_log
+  CustomLog <%= @logdir %>/<%= @logprefix %>access_log combined
+<% end -%>
+
diff --git a/puppet/modules/apache/templates/vhosts/partials/mod_security.erb b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb
new file mode 100644
index 00000000..380e78f1
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/mod_security.erb
@@ -0,0 +1,27 @@
+  <IfModule mod_security2.c>
+<% if @mod_security.to_s == 'true' -%>
+    SecRuleEngine On
+<%   if @mod_security_relevantonly.to_s == 'true' -%>
+    SecAuditEngine RelevantOnly
+<%   else -%>
+    SecAuditEngine On
+<%   end -%>
+<% else -%>
+    SecRuleEngine Off
+    SecAuditEngine Off
+<% end -%>
+    SecAuditLogType Concurrent
+    SecAuditLogStorageDir <%= @logdir %>/
+    SecAuditLog <%= @logdir %>/mod_security_audit.log
+    SecDebugLog <%= @logdir %>/mod_security_debug.log
+<% unless (disabled_rules=Array(@mod_security_rules_to_disable)).empty? -%>
+
+<%    disabled_rules.each do |rule| -%>
+    SecRuleRemoveById "<%= rule %>"
+<%   end -%>
+<% end -%>
+<% unless (s=@mod_security_additional_options).to_s == 'absent' -%>
+
+    <%= s %>
+<% end -%>
+  </IfModule>
diff --git a/puppet/modules/apache/templates/vhosts/partials/php_settings.erb b/puppet/modules/apache/templates/vhosts/partials/php_settings.erb
new file mode 100644
index 00000000..74f6ecf2
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/php_settings.erb
@@ -0,0 +1,20 @@
+<% if @run_mode != 'fcgid'
+  @php_settings.reject{|k,v| (v == :undef) || v.nil? }.keys.sort.each do |key|
+    dvalue = @php_settings[key].to_s.downcase
+    munged_value = if dvalue == 'true'
+       'on'
+      elsif dvalue == 'false'
+        'off'
+      elsif ['on','off'].include?(dvalue)
+        dvalue
+      else
+        @php_settings[key]
+      end
+
+       if ['on','off' ].include?(munged_value) -%>
+    php_admin_flag <%= key %> <%= munged_value %>
+<%     else -%>
+    php_admin_value <%= key %> <%= munged_value %>
+<%     end -%>
+<%   end -%>
+<% end -%>
diff --git a/puppet/modules/apache/templates/vhosts/partials/ssl.erb b/puppet/modules/apache/templates/vhosts/partials/ssl.erb
new file mode 100644
index 00000000..c9f39333
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/ssl.erb
@@ -0,0 +1,8 @@
+  SSLCertificateFile <%= configuration['ssl_certificate_file'] || scope.lookupvar('apache::default_ssl_certificate_file') %>
+  SSLCertificateKeyFile <%= configuration['ssl_certificate_key_file'] || scope.lookupvar('apache::default_ssl_certificate_key_file') %>
+<% if configuration['ssl_certificate_chain_file'] || scope.lookupvar('apache::default_ssl_certificate_chain_file') != 'absent' -%>
+  SSLCertificateChainFile <%= configuration['ssl_certificate_chain_file'] || scope.lookupvar('apache::default_ssl_certificate_chain_file') %>
+<% end -%>
+<% if configuration['hsts'] -%>
+  Header add Strict-Transport-Security "max-age=<%= (configuration['hsts']['age'] || 15768000) rescue 15768000 %>"
+<% end -%>
diff --git a/puppet/modules/apache/templates/vhosts/partials/std_override_options.erb b/puppet/modules/apache/templates/vhosts/partials/std_override_options.erb
new file mode 100644
index 00000000..6d8b74f8
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/partials/std_override_options.erb
@@ -0,0 +1,4 @@
+    AllowOverride <%= @allow_override %>
+<% if @options.to_s != 'absent' || @do_includes.to_s == 'true' || @run_mode == 'fcgid' -%>
+    Options <%- unless @options.to_s == 'absent' -%><%= @options %><% end -%><% if @do_includes.to_s == 'true' && !@options.include?('+Includes') -%> +Includes<% end -%><% if @run_mode == 'fcgid' && !@options.include?('+ExecCGI') -%> +ExecCGI<% end -%>
+<% end -%>
-- 
cgit v1.2.3