Commit 1500994c authored by mh's avatar mh
Browse files

linting

parent 5eee3ba6
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
# This makes it easier to enable special rights on a webserver's mailserver to # This makes it easier to enable special rights on a webserver's mailserver to
# this group. # this group.
# - default: false # - default: false
define webhosting::common( define webhosting::common (
$ensure = present, $ensure = present,
$configuration = {}, $configuration = {},
$uid = 'absent', $uid = 'absent',
...@@ -27,15 +27,14 @@ define webhosting::common( ...@@ -27,15 +27,14 @@ define webhosting::common(
$user_scripts = 'absent', $user_scripts = 'absent',
$user_scripts_options = {}, $user_scripts_options = {},
$nagios_check = 'ensure', $nagios_check = 'ensure',
Variant[String,Array[String]] Variant[String,Array[String]] $nagios_check_domain = 'absent',
$nagios_check_domain = 'absent',
$nagios_check_url = '/', $nagios_check_url = '/',
$nagios_check_code = '200', $nagios_check_code = '200',
$nagios_use = 'generic-service', $nagios_use = 'generic-service',
$git_repo = 'absent', $git_repo = 'absent',
$php_installation = false, $php_installation = false,
){ ) {
if ($run_gid == 'absent') { if $run_gid == 'absent' {
if ($gid == 'uid') { if ($gid == 'uid') {
$real_run_gid = $uid $real_run_gid = $uid
} else { } else {
...@@ -44,17 +43,17 @@ define webhosting::common( ...@@ -44,17 +43,17 @@ define webhosting::common(
} else { } else {
$real_run_gid = $run_gid $real_run_gid = $run_gid
} }
if ($uid_name == 'absent'){ if $uid_name == 'absent' {
$real_uid_name = $name $real_uid_name = $name
} else { } else {
$real_uid_name = $uid_name $real_uid_name = $uid_name
} }
if ($gid_name == 'absent'){ if $gid_name == 'absent' {
$real_gid_name = $real_uid_name $real_gid_name = $real_uid_name
} else { } else {
$real_gid_name = $gid_name $real_gid_name = $gid_name
} }
if ($run_uid_name == 'absent'){ if $run_uid_name == 'absent' {
$real_run_uid_name = "${name}_run" $real_run_uid_name = "${name}_run"
} else { } else {
$real_run_uid_name = $run_uid_name $real_run_uid_name = $run_uid_name
...@@ -70,7 +69,7 @@ define webhosting::common( ...@@ -70,7 +69,7 @@ define webhosting::common(
if 'containers' in $configuration { if 'containers' in $configuration {
if $ensure == 'present' { if $ensure == 'present' {
if !defined(File["${vhost_path}/tmp"]) { if !defined(File["${vhost_path}/tmp"]) {
file{ file {
"${vhost_path}/tmp": "${vhost_path}/tmp":
ensure => directory, ensure => directory,
owner => $real_uid_name, owner => $real_uid_name,
...@@ -89,7 +88,7 @@ define webhosting::common( ...@@ -89,7 +88,7 @@ define webhosting::common(
# '/var/www/vhosts/HOSTING/private/app': '/app:ro' # '/var/www/vhosts/HOSTING/private/app': '/app:ro'
# '/var/www/vhosts/HOSTING/data/private/data': '/private' # '/var/www/vhosts/HOSTING/data/private/data': '/private'
# '/var/www/vhosts/HOSTING/www/data': '/data' # '/var/www/vhosts/HOSTING/www/data': '/data'
file{ file {
"${vhost_path}/data/private": "${vhost_path}/data/private":
ensure => directory, ensure => directory,
owner => $real_uid_name, owner => $real_uid_name,
...@@ -118,7 +117,7 @@ define webhosting::common( ...@@ -118,7 +117,7 @@ define webhosting::common(
# we don't know the users subuid/subgid # we don't know the users subuid/subgid
# Must be set if we might want to do keep-user-id # Must be set if we might want to do keep-user-id
# https://lists.podman.io/archives/list/podman@lists.podman.io/thread/LA2J5LY6SZMNMPLDGE4DKIV2CFLGPOXC/ # https://lists.podman.io/archives/list/podman@lists.podman.io/thread/LA2J5LY6SZMNMPLDGE4DKIV2CFLGPOXC/
exec{"adjust_path_access_for_keep-user-id_${vhost_path}": exec { "adjust_path_access_for_keep-user-id_${vhost_path}":
command => "bash -c \"setfacl -m user:$(grep -E '^${real_uid_name}:' /etc/subuid | cut -d: -f 2):rx ${vhost_path}\"", command => "bash -c \"setfacl -m user:$(grep -E '^${real_uid_name}:' /etc/subuid | cut -d: -f 2):rx ${vhost_path}\"",
unless => "getfacl -p -n ${vhost_path} | grep -qE \"^user:$(grep -E '^${real_uid_name}:' /etc/subuid | cut -d: -f 2 | head -n 1):r-x\\$\"", unless => "getfacl -p -n ${vhost_path} | grep -qE \"^user:$(grep -E '^${real_uid_name}:' /etc/subuid | cut -d: -f 2 | head -n 1):r-x\\$\"",
require => [File[$vhost_path],User[$real_uid_name]]; require => [File[$vhost_path],User[$real_uid_name]];
...@@ -143,7 +142,6 @@ define webhosting::common( ...@@ -143,7 +142,6 @@ define webhosting::common(
'read-only' => true, 'read-only' => true,
} }
$configuration['containers'].each |$con_name,$vals| { $configuration['containers'].each |$con_name,$vals| {
$hosting_run_flags = pick($vals['run_flags'],{}) $hosting_run_flags = pick($vals['run_flags'],{})
$route = pick($vals['route'],{}) $route = pick($vals['route'],{})
...@@ -166,19 +164,19 @@ define webhosting::common( ...@@ -166,19 +164,19 @@ define webhosting::common(
tag => "user_${real_uid_name}", tag => "user_${real_uid_name}",
publish_socket => $publis_socket_2 + $publish_socket, publish_socket => $publis_socket_2 + $publish_socket,
} }
podman::container{ podman::container {
"${name}-${con_name}": "${name}-${con_name}":
* => $con_values, * => $con_values,
} }
} }
} }
if ($user_access == 'sftp') { if $user_access == 'sftp' {
$real_password = $password ? { $real_password = $password ? {
'trocla' => trocla("webhosting_${real_uid_name}",'sha512crypt'), 'trocla' => trocla("webhosting_${real_uid_name}",'sha512crypt'),
default => $password default => $password
} }
user::sftp_only{$real_uid_name: user::sftp_only { $real_uid_name:
ensure => $ensure, ensure => $ensure,
password_crypted => $password_crypted, password_crypted => $password_crypted,
homedir => $vhost_path, homedir => $vhost_path,
...@@ -191,13 +189,13 @@ define webhosting::common( ...@@ -191,13 +189,13 @@ define webhosting::common(
} }
if $run_mode in ['fpm','fcgid','static'] { if $run_mode in ['fpm','fcgid','static'] {
if ($user_access == 'sftp') { if $user_access == 'sftp' {
if ($ensure != 'absent') { if $ensure != 'absent' {
User::Sftp_only[$real_uid_name]{ User::Sftp_only[$real_uid_name] {
homedir_mode => '0750', homedir_mode => '0750',
} }
} }
user::groups::manage_user{ user::groups::manage_user {
"apache_in_${real_gid_name}": "apache_in_${real_gid_name}":
ensure => $ensure, ensure => $ensure,
group => $real_gid_name, group => $real_gid_name,
...@@ -205,7 +203,7 @@ define webhosting::common( ...@@ -205,7 +203,7 @@ define webhosting::common(
notify => Service['apache'], notify => Service['apache'],
} }
if $ensure == 'present' { if $ensure == 'present' {
User::Groups::Manage_user["apache_in_${real_gid_name}"]{ User::Groups::Manage_user["apache_in_${real_gid_name}"] {
require => User::Sftp_only[$real_uid_name], require => User::Sftp_only[$real_uid_name],
} }
} }
...@@ -223,7 +221,7 @@ define webhosting::common( ...@@ -223,7 +221,7 @@ define webhosting::common(
/^(Debian|Ubuntu)$/ => '/usr/sbin/nologin', /^(Debian|Ubuntu)$/ => '/usr/sbin/nologin',
default => '/sbin/nologin', default => '/sbin/nologin',
} }
user::managed{$real_run_uid_name: user::managed { $real_run_uid_name:
ensure => $ensure, ensure => $ensure,
manage_group => false, manage_group => false,
managehome => false, managehome => false,
...@@ -231,38 +229,38 @@ define webhosting::common( ...@@ -231,38 +229,38 @@ define webhosting::common(
uid => $real_run_uid, uid => $real_run_uid,
shell => $shell, shell => $shell,
} }
if ($user_access == 'sftp') { if $user_access == 'sftp' {
if ($ensure == 'absent') { if $ensure == 'absent' {
User::Managed[$real_run_uid_name]{ User::Managed[$real_run_uid_name] {
before => User::Sftp_only[$real_uid_name], before => User::Sftp_only[$real_uid_name],
} }
} else { } else {
User::Managed[$real_run_uid_name]{ User::Managed[$real_run_uid_name] {
require => User::Sftp_only[$real_uid_name], require => User::Sftp_only[$real_uid_name],
} }
} }
} }
if $wwwmail { if $wwwmail {
user::groups::manage_user{ user::groups::manage_user {
"${real_run_uid_name}_in_wwwmailers": "${real_run_uid_name}_in_wwwmailers":
ensure => $ensure, ensure => $ensure,
group => 'wwwmailers', group => 'wwwmailers',
user => $real_run_uid_name, user => $real_run_uid_name,
} }
if ($ensure == 'present') { if $ensure == 'present' {
require webhosting::wwwmailers require webhosting::wwwmailers
User::Groups::Manage_user["${real_run_uid_name}_in_wwwmailers"]{ User::Groups::Manage_user["${real_run_uid_name}_in_wwwmailers"] {
require => User::Managed[$real_run_uid_name], require => User::Managed[$real_run_uid_name],
} }
} }
} }
if ($ensure == 'present') { if $ensure == 'present' {
$rreal_run_gid = $real_run_gid ? { $rreal_run_gid = $real_run_gid ? {
'iuid' => iuid($real_uid_name,'webhosting'), 'iuid' => iuid($real_uid_name,'webhosting'),
default => $real_run_gid, default => $real_run_gid,
} }
User::Managed[$real_run_uid_name]{ User::Managed[$real_run_uid_name] {
gid => $rreal_run_gid, gid => $rreal_run_gid,
} }
} }
...@@ -288,13 +286,13 @@ define webhosting::common( ...@@ -288,13 +286,13 @@ define webhosting::common(
use => $nagios_use, use => $nagios_use,
check_code => $real_nagios_check_code, check_code => $real_nagios_check_code,
} }
nagios::service::http{ nagios::service::http {
$name: $name:
* => $default_nagios_vals, * => $default_nagios_vals,
} }
if 'additional_nagios_checks' in $configuration { if 'additional_nagios_checks' in $configuration {
$configuration['additional_nagios_checks'].each |$n,$values| { $configuration['additional_nagios_checks'].each |$n,$values| {
nagios::service::http{ nagios::service::http {
"${name}-${n}": "${name}-${n}":
* => $default_nagios_vals + $values, * => $default_nagios_vals + $values,
} }
...@@ -306,7 +304,7 @@ define webhosting::common( ...@@ -306,7 +304,7 @@ define webhosting::common(
'absent' => 'absent', 'absent' => 'absent',
default => $watch_adjust_webfiles, default => $watch_adjust_webfiles,
} }
webhosting::watch_adjust_webfiles{ webhosting::watch_adjust_webfiles {
$name: $name:
ensure => $watch_webfiles_ensure, ensure => $watch_webfiles_ensure,
path => "${vhost_path}/www/", path => "${vhost_path}/www/",
...@@ -322,13 +320,13 @@ define webhosting::common( ...@@ -322,13 +320,13 @@ define webhosting::common(
$scl_name = false $scl_name = false
} }
if $scl_name and !('scl' in $user_scripts_options['global']) { if $scl_name and !('scl' in $user_scripts_options['global']) {
$real_user_scripts_options = deep_merge({ $real_user_scripts_options = deep_merge( {
'global' => { 'scl' => $scl_name }, 'global' => { 'scl' => $scl_name },
}, $user_scripts_options) }, $user_scripts_options)
} else { } else {
$real_user_scripts_options = $user_scripts_options $real_user_scripts_options = $user_scripts_options
} }
webhosting::user_scripts::manage{$name: webhosting::user_scripts::manage { $name:
base_path => $vhost_path, base_path => $vhost_path,
scripts => $user_scripts, scripts => $user_scripts,
sftp_user => $real_uid_name, sftp_user => $real_uid_name,
...@@ -338,7 +336,7 @@ define webhosting::common( ...@@ -338,7 +336,7 @@ define webhosting::common(
} }
if 'mail_ratelimit' in $configuration { if 'mail_ratelimit' in $configuration {
exim::ratelimit::localforward::entry{ exim::ratelimit::localforward::entry {
$real_run_uid_name: $real_run_uid_name:
key => $real_run_uid, key => $real_run_uid,
ratelimit => $configuration['mail_ratelimit']; ratelimit => $configuration['mail_ratelimit'];
...@@ -346,7 +344,7 @@ define webhosting::common( ...@@ -346,7 +344,7 @@ define webhosting::common(
} }
} }
if ($git_repo != 'absent') and ($ensure != 'absent') { if ($git_repo != 'absent') and ($ensure != 'absent') {
webhosting::utils::clone{ webhosting::utils::clone {
$name: $name:
git_repo => $git_repo, git_repo => $git_repo,
documentroot => "${vhost_path}/www", documentroot => "${vhost_path}/www",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment