Commit 4c127d67 authored by mh's avatar mh
Browse files

linting

parent 7d20b7a0
# the basics for the user_scripts
class webhosting::user_scripts(
class webhosting::user_scripts (
$default_contact_domain = false,
$notifications_sender = "root@${facts['fqdn']}",
$notifications_sender = "root@${facts['networking']['fqdn']}",
) {
require ::incron
require incron
# common stuff
file{
[ '/opt/webhosting_user_scripts',
file {
['/opt/webhosting_user_scripts',
'/opt/webhosting_user_scripts/common',
]:
ensure => directory,
......@@ -27,8 +27,8 @@ class webhosting::user_scripts(
}
# deploy scripts
['adjust_permissions','update_mode',
'update_wordpress','ssh_authorized_keys'].each |String $script_name| {
file{
'update_wordpress','ssh_authorized_keys'].each |String $script_name| {
file {
"/opt/webhosting_user_scripts/${script_name}":
ensure => directory,
owner => root,
......@@ -40,10 +40,9 @@ class webhosting::user_scripts(
group => 0,
mode => '0500';
}
}
logrotate::rule{
logrotate::rule {
'webhosting-scripts':
path => '/var/www/vhosts/*/logs/users-script-*.log',
rotate => 7,
......@@ -56,27 +55,27 @@ class webhosting::user_scripts(
# script dependencies
# update mode script
include ::posix_acl::requirements
include posix_acl::requirements
# wordpress updates
require ::wordpress::base
require ::tmpwatch
require ::rubygems::mail
require wordpress::base
require tmpwatch
require rubygems::mail
file{
file {
'/usr/local/sbin/auto_update_wordess':
source => 'puppet:///modules/webhosting/update_scripts/auto_update_wordess.rb',
require => File['/opt/webhosting_user_scripts/update_wordpress/update_wordpress.rb'],
owner => root,
group => 0,
mode => '0500';
} -> file{
} -> file {
'/etc/cron.daily/auto_update_wordess':
content => "#!/bin/bash\n/usr/local/sbin/auto_update_wordess ${notifications_sender}> /var/log/auto_update_wordess.log\n",
owner => root,
group => 0,
mode => '0500';
} -> logrotate::rule{
} -> logrotate::rule {
'auto-update-wordpress':
path => '/var/log/auto_update_wordess.log',
rotate => 7,
......@@ -86,20 +85,22 @@ class webhosting::user_scripts(
missingok => true,
}
# manage ssh keys
if $facts['selinux'] {
selinux::fcontext{'/var/www/ssh_authorized_keys(/.*)?':
setype => 'ssh_home_t',
before => File['/var/www/ssh_authorized_keys'],
if $facts['os']['selinux']['enabled'] {
selinux::fcontext {
'/var/www/ssh_authorized_keys(/.*)?':
setype => 'ssh_home_t',
before => File['/var/www/ssh_authorized_keys'],
}
}
file{'/var/www/ssh_authorized_keys':
ensure => directory,
owner => root,
group => 0,
mode => '0444',
purge => true,
force => true,
recurse => true,
seltype => 'ssh_home_t',
file {
'/var/www/ssh_authorized_keys':
ensure => directory,
owner => root,
group => 0,
mode => '0444',
purge => true,
force => true,
recurse => true,
seltype => 'ssh_home_t',
}
}
# manage webhosting scripts for a certain webhosting
define webhosting::user_scripts::manage(
define webhosting::user_scripts::manage (
$sftp_user,
$run_user,
$web_group,
......@@ -8,7 +8,7 @@ define webhosting::user_scripts::manage(
$options = {},
$user_scripts_help = 'https://wiki.immerda.ch/index.php/WebhostingUserScripts',
$user_scripts_admin_address = 'admin@immerda.ch'
){
) {
if $scripts != 'absent' {
$scripts_path = $base_path ? {
'absent' => "/var/www/vhosts/${name}/scripts",
......@@ -29,8 +29,8 @@ define webhosting::user_scripts::manage(
}
$user_scripts_options = deep_merge($default_options,$options)
require ::webhosting::user_scripts
file{
require webhosting::user_scripts
file {
"user_scripts_${name}":
ensure => directory,
path => $scripts_path,
......@@ -54,11 +54,12 @@ define webhosting::user_scripts::manage(
$hosting_contact = false
}
file{ "${scripts_path}/vhost.options":
content => template('webhosting/user_scripts/vhost.options.erb'),
owner => root,
group => $web_group,
mode => '0440';
file {
"${scripts_path}/vhost.options":
content => template('webhosting/user_scripts/vhost.options.erb'),
owner => root,
group => $web_group,
mode => '0440';
}
$scripts_to_deploy = { 'adjust_permissions' => 'dirs',
......@@ -68,7 +69,7 @@ define webhosting::user_scripts::manage(
}
$scripts_to_deploy.each |String $script_name, Variant[String, Boolean] $config_ext| {
if ($script_name in $scripts) or ($scripts == 'ALL') {
file{
file {
"${scripts_path}/${script_name}":
ensure => directory,
owner => $sftp_user,
......@@ -83,7 +84,7 @@ define webhosting::user_scripts::manage(
require => File["${scripts_path}/${script_name}"];
}
if $config_ext {
file{
file {
"${scripts_path}/${script_name}/${script_name}.${config_ext}":
content => template("webhosting/user_scripts/${script_name}/${script_name}.${config_ext}.erb"),
owner => $sftp_user,
......@@ -91,7 +92,7 @@ define webhosting::user_scripts::manage(
mode => '0600';
}
if ($script_name == 'ssh_authorized_keys') {
file{"/var/www/ssh_authorized_keys/${sftp_user}":
file { "/var/www/ssh_authorized_keys/${sftp_user}":
content => template('webhosting/user_scripts/ssh_authorized_keys/ssh_authorized_keys.keys.erb'),
owner => $sftp_user,
group => 0,
......@@ -99,12 +100,12 @@ define webhosting::user_scripts::manage(
seltype => 'ssh_home_t';
}
if !$user_scripts_options['enforce_ssh_authorized_keys'] {
File["/var/www/ssh_authorized_keys/${sftp_user}","${scripts_path}/${script_name}/${script_name}.${config_ext}"]{
File["/var/www/ssh_authorized_keys/${sftp_user}","${scripts_path}/${script_name}/${script_name}.${config_ext}"] {
replace => false,
}
}
} else {
File["${scripts_path}/${script_name}/${script_name}.${config_ext}"]{
File["${scripts_path}/${script_name}/${script_name}.${config_ext}"] {
replace => false,
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment