diff --git a/manifests/init.pp b/manifests/init.pp index 61565ac..926e702 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -33,6 +33,7 @@ class cgit( $ssl_key_file_contents = undef, # If left undefined puppet will not create file. $staticfiles = '/var/www/cgit/static', $vhost_name = $::fqdn, + $create_site = true, ) { validate_hash($prefork_settings) validate_hash($mpm_settings) @@ -52,44 +53,20 @@ class cgit( 'ThreadsPerChild' => 25, 'MaxRequestsPerChild' => 0 } - $default_cgitrc_settings = { - 'cache-size' => 1000, - 'cache-dynamic-ttl' => 1, - 'cache-repo-ttl' => 1, - 'cache-root-ttl' => 1, - 'clone-prefix' => "git://${::fqdn} https://${::fqdn}", - 'enable-index-owner' => 0, - 'enable-index-links' => 1, - 'enable-http-clone' => 0, - 'max-stats' => 'quarter', - 'side-by-side-diffs' => 1, - 'mimetype.gif' => 'image/gif', - 'mimetype.html' => 'text/html', - 'mimetype.jpg' => 'image/jpeg', - 'mimetype.jpeg' => 'image/jpeg', - 'mimetype.pdf' => 'application/pdf', - 'mimetype.png' => 'image/png', - 'mimetype.svg' => 'image/svg+xml', - 'source-filter' => '/usr/libexec/cgit/filters/syntax-highlighting.sh', - 'max-repo-count' => 600, - 'include' => '/etc/cgitrepos' - } + # merge settings with defaults + $final_mpm_settings = merge($default_mpm_settings, $mpm_settings) + $final_prefork_settings = merge($default_prefork_settings, $prefork_settings) + if $behind_proxy == true { $http_port = 8080 $https_port = 4443 $daemon_port = 29418 - } - else { + } else { $http_port = 80 $https_port = 443 $daemon_port = 9418 } - # merge settings with defaults - $final_mpm_settings = merge($default_mpm_settings, $mpm_settings) - $final_prefork_settings = merge($default_prefork_settings, $prefork_settings) - $final_cgitrc_settings = merge($default_cgitrc_settings, $cgitrc_settings) - include ::httpd package { [ @@ -124,35 +101,6 @@ class cgit( require => User['cgit'], } - $local_git_dir = '/var/lib/git' - - file { $local_git_dir: - ensure => directory, - owner => 'cgit', - group => 'cgit', - mode => '0644', - require => User['cgit'], - } - - file { "${local_git_dir}/p": - ensure => link, - target => $local_git_dir, - require => File[$local_git_dir], - } - - ::httpd::vhost { $vhost_name: - port => $https_port, - serveraliases => $serveraliases, - docroot => 'MEANINGLESS ARGUMENT', - priority => '50', - template => 'cgit/git.vhost.erb', - ssl => true, - require => [ - File[$staticfiles], - Package['cgit'], - ], - } - file { '/etc/httpd/conf/httpd.conf': ensure => present, owner => 'root', @@ -187,22 +135,6 @@ class cgit( } } - file { $cgitdir: - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - require => Package['httpd'] - } - - file { $staticfiles: - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - require => File[$cgitdir], - } - if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') { $git_daemon_service_name = 'git-daemon.socket' file { '/usr/lib/systemd/system/git-daemon.socket': @@ -250,43 +182,24 @@ class cgit( } } - if $ssl_cert_file_contents != undef { - file { $ssl_cert_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_cert_file_contents, - before => Httpd::Vhost[$vhost_name], + if create_site { + cgit::site { 'default': + behind_proxy => $behind_proxy, + cgit_timeout => $cgit_timeout, + cgitdir => $cgitdir, + cgitrc_settings => $cgitrc_settings, + manage_cgitrc => $manage_cgitrc, + selinux_mode => $selinux_mode, + serveradmin => $serveradmin, + serveraliases => $serveraliases, + ssl_cert_file => $ssl_cert_file, + ssl_cert_file_contents => $ssl_cert_file_contents, + ssl_chain_file => $ssl_chain_file, + ssl_chain_file_contents => $ssl_chain_file_contents, + ssl_key_file => $ssl_key_file, + ssl_key_file_contents => $ssl_key_file_contents, + staticfiles => $staticfiles, + cgit_vhost_name => $vhost_name, } } - - if $ssl_key_file_contents != undef { - file { $ssl_key_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_key_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } - - if $ssl_chain_file_contents != undef { - file { $ssl_chain_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_chain_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } - if $manage_cgitrc { - file { '/etc/cgitrc': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('cgit/cgitrc.erb') - } - } - } diff --git a/manifests/selinux.pp b/manifests/selinux.pp index 03e62bb..f46150e 100644 --- a/manifests/selinux.pp +++ b/manifests/selinux.pp @@ -15,13 +15,6 @@ # Class: cgit::selinux # class cgit::selinux { - exec { 'restorecon -R -v /var/lib/git': - path => '/sbin', - require => File['/var/lib/git'], - subscribe => File['/var/lib/git'], - refreshonly => true, - } - selboolean { 'httpd_enable_cgi': persistent => true, value => on diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 0000000..d6022c6 --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,159 @@ +# Copyright 2013 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +define cgit::site( + $behind_proxy = false, + $cgit_timeout = false, + $cgitdir = '/var/www/cgit', + $cgitrc_path = '/etc/cgitrc', + $cgitrc_settings = {}, + $manage_cgitrc = false, + $selinux_mode = 'enforcing', + $serveradmin = "webmaster@${::fqdn}", + $serveraliases = undef, + $ssl_cert_file = undef, + $ssl_cert_file_contents = undef, # If left undefined puppet will not create file. + $ssl_chain_file = undef, + $ssl_chain_file_contents = undef, # If left undefined puppet will not create file. + $ssl_key_file = undef, + $ssl_key_file_contents = undef, # If left undefined puppet will not create file. + $staticfiles = '/var/www/cgit/static', + $local_git_dir = '/var/lib/git', + $cgit_vhost_name = $::fqdn, +) { + $default_cgitrc_settings = { + 'cache-size' => 1000, + 'cache-dynamic-ttl' => 1, + 'cache-repo-ttl' => 1, + 'cache-root-ttl' => 1, + 'clone-prefix' => "git://${::fqdn} https://${::fqdn}", + 'enable-index-owner' => 0, + 'enable-index-links' => 1, + 'enable-http-clone' => 0, + 'max-stats' => 'quarter', + 'side-by-side-diffs' => 1, + 'mimetype.gif' => 'image/gif', + 'mimetype.html' => 'text/html', + 'mimetype.jpg' => 'image/jpeg', + 'mimetype.jpeg' => 'image/jpeg', + 'mimetype.pdf' => 'application/pdf', + 'mimetype.png' => 'image/png', + 'mimetype.svg' => 'image/svg+xml', + 'source-filter' => '/usr/libexec/cgit/filters/syntax-highlighting.sh', + 'max-repo-count' => 600, + 'include' => '/etc/cgitrepos' + } + if $behind_proxy == true { + $http_port = 8080 + $https_port = 4443 + $daemon_port = 29418 + } else { + $http_port = 80 + $https_port = 443 + $daemon_port = 9418 + } + + # merge settings with defaults + $final_cgitrc_settings = merge($default_cgitrc_settings, $cgitrc_settings) + + file { $local_git_dir: + ensure => directory, + owner => 'cgit', + group => 'cgit', + mode => '0644', + require => User['cgit'], + } + + file { "${local_git_dir}/p": + ensure => link, + target => $local_git_dir, + require => File[$local_git_dir], + } + + exec { "restorecon -R -v ${local_git_dir}": + path => '/sbin', + require => File[$local_git_dir], + subscribe => File[$local_git_dir], + refreshonly => true, + } + + ::httpd::vhost { $cgit_vhost_name: + port => $https_port, + serveraliases => $serveraliases, + docroot => 'MEANINGLESS ARGUMENT', + priority => '50', + template => 'cgit/git.vhost.erb', + ssl => true, + require => [ + File[$staticfiles], + Package['cgit'], + ], + } + + file { $cgitdir: + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => Package['httpd'] + } + + file { $staticfiles: + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File[$cgitdir], + } + + + if $ssl_cert_file_contents != undef { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Httpd::Vhost[$cgit_vhost_name], + } + } + + if $ssl_key_file_contents != undef { + file { $ssl_key_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_key_file_contents, + before => Httpd::Vhost[$cgit_vhost_name], + } + } + + if $ssl_chain_file_contents != undef { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Httpd::Vhost[$cgit_vhost_name], + } + } + if $manage_cgitrc { + file { $cgitrc_path: + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('cgit/cgitrc.erb') + } + } +} diff --git a/templates/git.vhost.erb b/templates/git.vhost.erb index f3de5e6..fb4e3b6 100644 --- a/templates/git.vhost.erb +++ b/templates/git.vhost.erb @@ -1,6 +1,6 @@ -> - ServerName <%= scope.lookupvar("cgit::vhost_name") %> - ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %> +> + ServerName <%= @cgit_vhost_name %> + ServerAdmin <%= @serveradmin %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> @@ -10,22 +10,23 @@ Alias /cgit-data /usr/share/cgit ScriptAlias /cgit /var/www/cgi-bin/cgit - Alias /static <%= scope.lookupvar("cgit::staticfiles") %> + Alias /static <%= @staticfiles %> RewriteEngine On RewriteRule ^/$ /cgit [R] - SetEnv GIT_PROJECT_ROOT /var/lib/git/ + SetEnv GIT_PROJECT_ROOT <%= @local_git_dir %> SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_NOTES_DISPLAY_REF refs/notes/* + SetEnv CGIT_CONFIG <%= @cgitrc_path %> - AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1 - AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1 + AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= @local_git_dir %>/$1 + AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= @local_git_dir %>/$1 ScriptAlias / /usr/libexec/git-core/git-http-backend/ ErrorLog /var/log/httpd/git-error.log - <% if scope.lookupvar("cgit::cgit_timeout").is_a? Integer %> - Timeout <%= scope.lookupvar("cgit::cgit_timeout") %> + <% if @cgit_timeout.is_a? Integer %> + Timeout @cgit::cgit_timeout %> <% end %> LogLevel warn @@ -33,9 +34,9 @@ CustomLog /var/log/httpd/git-access.log combined -> - ServerName <%= scope.lookupvar("cgit::vhost_name") %> - ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %> +> + ServerName <%= @cgit_vhost_name %> + ServerAdmin <%= @serveradmin %> <% if @serveraliases.is_a? Array -%> <% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> @@ -45,16 +46,17 @@ Alias /cgit-data /usr/share/cgit ScriptAlias /cgit /var/www/cgi-bin/cgit - Alias /static <%= scope.lookupvar("cgit::staticfiles") %> + Alias /static <%= @staticfiles %> RewriteEngine On RewriteRule ^/$ /cgit [R] - SetEnv GIT_PROJECT_ROOT /var/lib/git/ + SetEnv GIT_PROJECT_ROOT <%= @local_git_dir %> SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_NOTES_DISPLAY_REF refs/notes/* + SetEnv CGIT_CONFIG <%= @cgitrc_path %> - AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1 - AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1 + AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= @local_git_dir %>/$1 + AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= @local_git_dir %>/$1 ScriptAlias / /usr/libexec/git-core/git-http-backend/ ErrorLog /var/log/httpd/git-error.log @@ -66,12 +68,12 @@ SSLEngine on SSLProtocol All -SSLv2 -SSLv3 - SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %> - SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %> + SSLCertificateFile <%= @ssl_cert_file %> + SSLCertificateKeyFile <%= @ssl_key_file %> <%# The original default was '' -%> <%# scope.lookupvar returns nil for an undefined variable in puppet 4 -%> <%# scope.lookupvar returns :undef for an undefined variable in puppet 3 -%> -<% unless ['', nil, :undef].include?(scope.lookupvar("cgit::ssl_chain_file")) %> - SSLCertificateChainFile <%= scope.lookupvar("cgit::ssl_chain_file") %> +<% unless ['', nil, :undef].include?@ssl_chain_file %> + SSLCertificateChainFile <%= @ssl_chain_file %> <% end %>