1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# deploy static service
class site_static {
tag 'leap_service'
include site_config::default
include site_config::x509::cert
include site_config::x509::key
include site_config::x509::ca_bundle
$static = hiera('static')
$domains = $static['domains']
$formats = $static['formats']
$bootstrap = $static['bootstrap_files']
$tor = hiera('tor', false)
file {
'/srv/static/':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0744';
'/srv/static/public':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0744';
}
if $bootstrap['enabled'] {
$bootstrap_domain = $bootstrap['domain']
$bootstrap_client = $bootstrap['client_version']
file { '/srv/static/public/provider.json':
content => $bootstrap['provider_json'],
owner => 'www-data',
group => 'www-data',
mode => '0444',
notify => Service[apache];
}
# It is important to always touch provider.json: the client needs to check x-min-client-version header,
# but this is only sent when the file has been modified (otherwise 304 is sent by apache). The problem
# is that changing min client version won't alter the content of provider.json, so we must touch it.
exec { '/bin/touch /srv/static/public/provider.json':
require => File['/srv/static/public/provider.json'];
}
}
include apache::module::headers
include apache::module::alias
include apache::module::expires
include apache::module::removeip
include apache::module::dir
include apache::module::negotiation
include site_apache::common
include site_config::ruby::dev
if (member($formats, 'rack')) {
include site_apt::preferences::passenger
class { 'passenger':
manage_munin => false,
require => Class['site_apt::preferences::passenger']
}
}
if (member($formats, 'amber')) {
rubygems::gem{'amber-0.3.8':
require => Package['zlib1g-dev']
}
package { 'zlib1g-dev':
ensure => installed
}
}
if $tor {
$hidden_service = $tor['hidden_service']
$tor_domain = "${hidden_service['address']}.onion"
if $hidden_service['active'] {
include site_static::hidden_service
}
# Currently, we only support a single hidden service address per server.
# So if there is more than one domain configured, then we need to make sure
# we don't enable the hidden service for every domain.
if size(keys($domains)) == 1 {
$always_use_hidden_service = true
} else {
$always_use_hidden_service = false
}
}
create_resources(site_static::domain, $domains)
include site_shorewall::defaults
include site_shorewall::service::http
include site_shorewall::service::https
}
|
