"logrotate": ensure => installed;
}
+ case $php5 {
+ "true": { package {
+ "php5-suhosin": ensure => installed;
+ }
+ file { "/etc/php5/conf.d/suhosin.ini":
+ source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+ "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+ require => Package["apache2", "php5-suhosin"],
+ notify => Exec["force-reload-apache2"];
+ }
+ }
+ }
+
+
define activate_apache_site($ensure=present, $site=$name) {
case $site {
"": { $base = $name }
"000-default": ensure => absent;
}
- case $php5suhosin {
- "true": { file { "/etc/php5/conf.d/suhosin.ini":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
- "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
- require => Package["apache2", "php5-suhosin"],
- notify => Exec["force-reload-apache2"];
- }
- }
- }
-
file {
"/etc/apache2/conf.d/ressource-limits":
content => template("apache2/ressource-limits.erb"),
command => "/etc/init.d/apache2 force-reload",
refreshonly => true,
}
+ @ferm::rule { "dsa-apache":
+ domain => "(ip ip6)",
+ description => "Allow web access",
+ rule => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+ }
}