diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-11-13 00:19:06 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-11-13 00:19:06 -0500 |
commit | bf33ac997636c4b6c199cfff1e171ffaff437c91 (patch) | |
tree | 2f3d94f0ad3fddde69fec83c4d65356d60dea479 /modules/nginx | |
parent | b5fe67cdda8f05ffe814a923b1a69f7169b9db5c (diff) | |
download | puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.tar.gz puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.zip |
actually, let's make this shared again
Diffstat (limited to 'modules/nginx')
-rw-r--r-- | modules/nginx/files/dhparam.pem | 13 | ||||
-rw-r--r-- | modules/nginx/files/mime.types.paste | 57 | ||||
-rw-r--r-- | modules/nginx/files/nginx.conf | 16 | ||||
-rw-r--r-- | modules/nginx/files/ssl | 12 | ||||
-rw-r--r-- | modules/nginx/manifests/config.pp | 18 | ||||
-rw-r--r-- | modules/nginx/manifests/init.pp | 11 | ||||
-rw-r--r-- | modules/nginx/manifests/install.pp | 5 | ||||
-rw-r--r-- | modules/nginx/manifests/service.pp | 6 | ||||
-rw-r--r-- | modules/nginx/manifests/site.pp | 20 |
9 files changed, 158 insertions, 0 deletions
diff --git a/modules/nginx/files/dhparam.pem b/modules/nginx/files/dhparam.pem new file mode 100644 index 0000000..4aa2270 --- /dev/null +++ b/modules/nginx/files/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA2Ch/tJWN/Hm/Go2T9Ok542zBAJJxmrIn8ghj/etM1uVQ8viqqDy/ +2RRswFeVJE8S5tf7W7+rPWVp1NzK7Fbxn1eb0r/MdnwgCkzBK2YcbQ6skZZz7lyd +SXXac4YrdkaG60Bm2WtmHs73pptbxBTkt55yAdTyhm8fvVZewAn2a8GRgn/X9Nb6 +YcpbLa6yh0TA1YP/CckMN5yxI761IXpKXuDMMz/PjI9xK2NSXRCgknrHa71w7E9U +x86EyeA8VB2baZ2ct0KlaK5MaFPLSSCPBQYxigCvH6apH+U9pho4YSdZL3wLjtzO +mN7Z8FdhPr2P/Dk0HI4Y2LzJiAQoU2t7zMrGb4y/27zFrApUed6q1lbvJW46g+o0 +zy3fe1nwZ9Ibq0TA6FH0S+FRrSYrJEN1vqosoGJjLJteyddqLV8d6XRhrZaCJmWq +itlqbYlnbK+rlxlJyuDC6wLMTxa/zYMvYSM0Ez8KKDLh3GNMqiEbccCuS77gvPKP +hj4Gy0jslUSYSjJebot+wIQsGmAnL5CozEXdGMVahoqZWcqRRGsoVM/3vZ53uLgL +Cs027wnvkeAnX1sxV/KnrovpVPISkQvG0awCZkjroKMRq33fgymvvvcHo7pGcef+ +7S0XsFBit8LrBT1XGx3VknC8XZ6hAACY1FDMth2J4dx8kqVnd2PH1dMCAQI= +-----END DH PARAMETERS----- diff --git a/modules/nginx/files/mime.types.paste b/modules/nginx/files/mime.types.paste new file mode 100644 index 0000000..a32e153 --- /dev/null +++ b/modules/nginx/files/mime.types.paste @@ -0,0 +1,57 @@ +types { + image/gif gif; + image/jpeg jpeg jpg; + + image/png png; + image/tiff tif tiff; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-xpinstall xpi; + application/zip zip; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} +# vim:ft=nginx diff --git a/modules/nginx/files/nginx.conf b/modules/nginx/files/nginx.conf new file mode 100644 index 0000000..895330e --- /dev/null +++ b/modules/nginx/files/nginx.conf @@ -0,0 +1,16 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + gzip on; + keepalive_timeout 65; + + include /etc/nginx/sites-enabled/*; +} diff --git a/modules/nginx/files/ssl b/modules/nginx/files/ssl new file mode 100644 index 0000000..6248ac8 --- /dev/null +++ b/modules/nginx/files/ssl @@ -0,0 +1,12 @@ +ssl on; +ssl_certificate /media/persistent/certbot/live/tozt.net/fullchain.pem; +ssl_certificate_key /media/persistent/certbot/live/tozt.net/privkey.pem; +ssl_protocols TLSv1.1 TLSv1.2; +ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; +ssl_dhparam /etc/nginx/dhparam.pem; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; +ssl_stapling on; +ssl_stapling_verify on; + +# vim:ft=nginx diff --git a/modules/nginx/manifests/config.pp b/modules/nginx/manifests/config.pp new file mode 100644 index 0000000..8a95edd --- /dev/null +++ b/modules/nginx/manifests/config.pp @@ -0,0 +1,18 @@ +class nginx::config { + include haveged + + file { + "/etc/nginx/sites-available": + ensure => directory; + "/etc/nginx/sites-enabled": + ensure => directory; + "/etc/nginx/ssl": + source => 'puppet:///modules/nginx/ssl'; + "/etc/nginx/mime.types.paste": + source => 'puppet:///modules/nginx/mime.types.paste'; + "/etc/nginx/nginx.conf": + source => 'puppet:///modules/nginx/nginx.conf'; + "/etc/nginx/dhparam.pem": + source => 'puppet:///modules/nginx/dhparam.pem'; + } +} diff --git a/modules/nginx/manifests/init.pp b/modules/nginx/manifests/init.pp new file mode 100644 index 0000000..611be52 --- /dev/null +++ b/modules/nginx/manifests/init.pp @@ -0,0 +1,11 @@ +class nginx { + contain nginx::install + contain nginx::config + contain nginx::service + + Class['nginx::install'] -> Class['nginx::config'] + + Class['nginx::config'] ~> Class['nginx::service'] + Class['nginx::install'] ~> Class['nginx::service'] + Nginx::Site<| |> ~> Class['nginx::service'] +} diff --git a/modules/nginx/manifests/install.pp b/modules/nginx/manifests/install.pp new file mode 100644 index 0000000..680b0ab --- /dev/null +++ b/modules/nginx/manifests/install.pp @@ -0,0 +1,5 @@ +class nginx::install { + package { ['nginx', 'openssl']: + ensure => installed; + } +} diff --git a/modules/nginx/manifests/service.pp b/modules/nginx/manifests/service.pp new file mode 100644 index 0000000..f03364f --- /dev/null +++ b/modules/nginx/manifests/service.pp @@ -0,0 +1,6 @@ +class nginx::service { + service { 'nginx': + ensure => running, + enable => true; + } +} diff --git a/modules/nginx/manifests/site.pp b/modules/nginx/manifests/site.pp new file mode 100644 index 0000000..130a086 --- /dev/null +++ b/modules/nginx/manifests/site.pp @@ -0,0 +1,20 @@ +define nginx::site($content=undef, $source=undef, $enabled=true) { + include nginx + + file { "/etc/nginx/sites-available/$name": + source => $source, + content => $content; + } + + if $enabled { + file { "/etc/nginx/sites-enabled/$name": + ensure => link, + target => "../sites-available/$name"; + } + } + else { + file { "/etc/nginx/sites-enabled/$name": + ensure => absent; + } + } +} |