From 0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 13:23:17 +0100 Subject: Start to cleanup the files --- modules/profile/manifests/apache.pp | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'modules/profile/manifests') diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp @@ -67,13 +67,12 @@ class profile::apache { install_method => "package", package_name => "certbot", package_command => "certbot", - # FIXME - email => 'sites+letsencrypt@mail.immae.eu', + email => lookup('letsencrypt::email'), } - $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } + $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) unless empty($real_hostname) { - if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { + if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { letsencrypt::certonly { $real_hostname: before => Apache::Vhost["default_ssl"]; default: * => $::profile::apache::letsencrypt_certonly_default; @@ -110,6 +109,14 @@ class profile::apache { } } + lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { + if ($host != $real_hostname) { # Done above already + letsencrypt::certonly { $host: ; + default: * => $letsencrypt_certonly_default; + } + } + } + apache::vhost { "redirect_no_ssl": port => '80', error_log => false, -- cgit v1.2.3 From a045b9dc12f71c286d4afcb196705f430b6731f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 14:31:07 +0100 Subject: Cleanup xmr_stak profile --- modules/profile/manifests/postgresql.pp | 2 +- modules/profile/manifests/xmr_stak.pp | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/profile/manifests') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 1024c66..9d875c9 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp @@ -1,5 +1,5 @@ class profile::postgresql { - $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } + $password_seed = lookup("base_installation::puppet_pass_seed") class { '::postgresql::globals': encoding => 'UTF-8', diff --git a/modules/profile/manifests/xmr_stak.pp b/modules/profile/manifests/xmr_stak.pp index e5582eb..c8bbcdd 100644 --- a/modules/profile/manifests/xmr_stak.pp +++ b/modules/profile/manifests/xmr_stak.pp @@ -1,4 +1,8 @@ -class profile::xmr_stak { +class profile::xmr_stak ( + String $mining_pool, + String $wallet, + Optional[String] $password = "x", +) { ensure_resource('exec', 'systemctl daemon-reload', { command => '/usr/bin/systemctl daemon-reload', refreshonly => true @@ -26,10 +30,7 @@ class profile::xmr_stak { notify => Exec["systemctl daemon-reload"] } - $mining_pool = lookup("xmr_stak::mining_pool") |$key| { {} } - $wallet = lookup("xmr_stak::wallet") |$key| { {} } - $password = lookup("xmr_stak::password") |$key| { "x" } - $instance = regsubst($facts["ec2_metadata"]["hostname"], '\.', "_", "G") + $instance = regsubst(lookup("base_installation::ldap_cn"), '\.', "_", "G") file { "/var/lib/xmr_stak/xmr-stak.conf": mode => "0644", -- cgit v1.2.3 From a386ce060c4c49d772bd4d03d6586012a266317e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 15:00:26 +0100 Subject: Reorder pg_hba rules --- modules/profile/manifests/postgresql.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'modules/profile/manifests') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 9d875c9..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp @@ -32,7 +32,7 @@ class profile::postgresql { database => 'all', user => $pg_user, auth_method => 'ident', - order => "a1", + order => "00-01", } postgresql::server::pg_hba_rule { 'localhost access as postgres user': description => 'Allow localhost access to postgres user', @@ -41,7 +41,7 @@ class profile::postgresql { user => $pg_user, address => "127.0.0.1/32", auth_method => 'md5', - order => "a2", + order => "00-02", } postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': description => 'Allow localhost access to postgres user', @@ -50,7 +50,7 @@ class profile::postgresql { user => $pg_user, address => "::1/128", auth_method => 'md5', - order => "a3", + order => "00-03", } postgresql::server::pg_hba_rule { 'deny access to postgresql user': description => 'Deny remote access to postgres user', @@ -59,7 +59,7 @@ class profile::postgresql { user => $pg_user, address => "0.0.0.0/0", auth_method => 'reject', - order => "a4", + order => "00-04", } postgresql::server::pg_hba_rule { 'local access': @@ -68,7 +68,7 @@ class profile::postgresql { database => 'all', user => 'all', auth_method => 'md5', - order => "b1", + order => "10-01", } postgresql::server::pg_hba_rule { 'local access with same name': @@ -77,7 +77,7 @@ class profile::postgresql { database => 'all', user => 'all', auth_method => 'ident', - order => "b2", + order => "10-02", } } -- cgit v1.2.3