try to sort pin files

[mirror/dsa-puppet.git] / modules / apache2 / manifests / init.pp

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 85c5528..5f289cb 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -7,6 +7,8 @@
 #   include apache2
 #
 class apache2 {
+       include webserver
+
        package { 'apache2':
                ensure => installed,
        }
@@ -16,17 +18,11 @@ class apache2 {
                require => Package['apache2'],
        }
 
+       apache2::module { 'reqtimeout': }
        apache2::module { 'info': }
        apache2::module { 'status': }
        apache2::module { 'headers': }
-
-       package { 'libapache2-mod-macro':
-               ensure => installed
-       }
-
-       apache2::module { 'macro':
-               require => Package['libapache2-mod-macro']
-       }
+       apache2::module { 'macro': }
 
        apache2::site { '00-default':
                site     => 'default-debian.org',
@@ -45,10 +41,6 @@ class apache2 {
                ensure => absent,
        }
 
-       apache2::config { 'ressource-limits':
-               ensure => absent,
-       }
-
        if has_role('udd') {
                $memlimit = 512 * 1024 * 1024
        } elsif has_role('dgit_git') {
@@ -95,37 +87,34 @@ class apache2 {
                content => template('apache2/puppet-config.erb'),
        }
 
-       apache2::config { 'pratchett':
-               source => 'puppet:///modules/apache2/pratchett',
+       apache2::config { 'headers':
+               source => 'puppet:///modules/apache2/headers',
        }
 
-       if $::lsbmajdistrelease > 7 {
-               file { '/etc/apache2/mods-available/mpm_worker.conf':
-                       content => template('apache2/mpm_worker.erb'),
-               }
+       apache2::config { 'disabled-service':
+               source => 'puppet:///modules/apache2/disabled-service',
        }
 
-       file { '/etc/apache2/sites-available/common-ssl.inc':
-               ensure => absent,
+       apache2::module { 'mpm_event': ensure => absent }
+       if has_role('apache_prefork') {
+               apache2::module { 'mpm_worker': ensure => absent }
+               apache2::module { 'mpm_prefork': }
+       } else {
+               apache2::module { 'mpm_prefork': ensure => absent }
+               apache2::module { 'mpm_worker': }
+       }
+       file { '/etc/apache2/mods-available/mpm_worker.conf':
+               content => template('apache2/mpm_worker.erb'),
        }
 
        file { '/etc/logrotate.d/apache2':
                source => 'puppet:///modules/apache2/apache2.logrotate',
        }
 
-       file { [ '/srv/www', '/srv/www/default.debian.org', '/srv/www/default.debian.org/htdocs', '/srv/www/default.debian.org/htdocs-disabled' ]:
-               ensure  => directory,
-               mode    => '0755',
+       file { '/var/log/apache2':
+               ensure => directory,
+               mode   => '0755',
        }
-
-       file { '/srv/www/default.debian.org/htdocs/index.html':
-               content => template('apache2/default-index.html'),
-       }
-
-       file { '/srv/www/default.debian.org/htdocs-disabled/index.html':
-               content => template('apache2/disabled-index.html'),
-       }
-
        file { '/var/log/apache2/.nobackup':
                mode    => '0644',
                content => '',
@@ -138,22 +127,28 @@ class apache2 {
        munin::check { 'ps_apache2':
                script => 'ps_',
        }
-
-       if $::hostname in [beach,buxtehude,picconi,pkgmirror-1and1,pkgmirror-csail] {
-               include apache2::dynamic
-       } else {
-               @ferm::rule { 'dsa-http':
-                       prio        => '23',
-                       description => 'Allow web access',
-                       rule        => '&SERVICE(tcp, (http https))'
-               }
+       # The munin script needs this
+       package { 'libwww-perl':
+               ensure => installed,
        }
 
-       @ferm::rule { 'dsa-http-v6':
-               domain          => '(ip6)',
-               prio            => '23',
-               description     => 'Allow web access',
-               rule            => '&SERVICE(tcp, (http https))'
+       if (! has_role('apache_not_public')) {
+               if has_role('apache_ratelimited') {
+                       include apache2::dynamic
+               } else {
+                       @ferm::rule { 'dsa-http':
+                               prio        => '23',
+                               description => 'Allow web access',
+                               rule        => '&SERVICE(tcp, (http https))'
+                       }
+
+                       @ferm::rule { 'dsa-http-v6':
+                               domain          => '(ip6)',
+                               prio            => '23',
+                               description     => 'Allow web access',
+                               rule            => '&SERVICE(tcp, (http https))'
+                       }
+               }
        }
 
        exec { 'service apache2 reload':
@@ -163,18 +158,12 @@ class apache2 {
                require =>  Package['apache2'],
        }
 
-       concat { '/etc/apache2/conf-available/puppet-ssl-key-pins.conf':
-               owner   => root,
-               group   => root,
-               mode    => '0644',
-               require =>  Package['apache2'],
-       }
-       concat::fragment { 'puppet-ssl-key-pins-header':
-               target => '/etc/apache2/conf-available/puppet-ssl-key-pins.conf',
-               content => '',
-               order  => 00,
-       }
        apache2::config { 'puppet-ssl-key-pins':
-               nocontentok => true,
+               content => template('apache2/ssl-key-pins.erb'),
+               notify  => Exec['service apache2 reload'],
+       }
+
+       apache2::config { 'local-scheduled-shutdown':
+               source  => 'puppet:///modules/apache2/local-scheduled-shutdown',
        }
 }