Add havoc_website to hedwig.

This commit is contained in:
Jim Hague 2023-05-11 13:24:29 +01:00
parent 2e40466040
commit 59d8ebe3ad
7 changed files with 115 additions and 2 deletions

View File

@ -1,2 +1,3 @@
mariadb:
root_pw: 'password'
root_pw: 'havoc'
havoc_pw: 'mNa4dkxs'

View File

@ -2,6 +2,7 @@ base:
'hedwig.lunch.org.uk':
- secrets/certificates
- secrets/mariadb
- secrets/wordpress
'scabbers.lunch.org.uk':
- secrets/dnsapi
- secrets/gitea

View File

@ -22,7 +22,7 @@ VOLNAME="all"
# List of directories to make backups of.
# All paths MUST be absolute and start with a '/'!
SRCLIST=(/etc /root /home /var/mail /usr/local)
SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress)
# The following expression specifies the files not to be archived.
# See the find(1) man page for further info. It is discouraged to
@ -99,6 +99,8 @@ PRE_BACKUP ()
# all installed packages to a file.
#echo " writing dpkg selections to /root/dpkg-selections.log..."
#dpkg --get-selections | diff - /root/dpkg-selections.log > /dev/null || dpkg --get-selections > /root/dpkg-selections.log
mysqldump --all-databases > /root/mysql.sql
}
# This user-defined bash function is executed after a backup is made

View File

@ -0,0 +1,13 @@
<?php
# Created by setup-mysql
define('DB_NAME', 'cryhavoc');
define('DB_USER', 'havoc');
define('DB_PASSWORD', '{{ pillar['mariadb']['havoc_pw'] }}');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
define('SECRET_KEY', '{{ pillar['wordpress']['havoc_key'] }}');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content-cryhavoc');
define( 'FS_METHOD', 'direct' );
define('WPLANG', 'en_GB');
?>

View File

@ -0,0 +1,61 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.cryhavoc.org.uk
ServerAlias cryhavoc.org.uk
ErrorLog /var/log/apache2/cryhavoc-error.log
CustomLog /var/log/apache2/cryhavoc-access.log combined
RemoteIPProxyProtocol On
DocumentRoot /usr/share/wordpress
Alias /wp-content /var/lib/wordpress/wp-content-cryhavoc
<Directory /var/lib/wordpress/wp-content-cryhavoc>
Order deny,allow
Allow from all
Require all granted
</Directory>
<Directory /usr/share/wordpress>
Options FollowSymLinks
AllowOverride Limit Options FileInfo
Order allow,deny
Allow from all
Require all granted
DirectoryIndex index.php
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
SSLEngine on
SSLCertificateFile /var/local/certificates/cryhavoc.org.uk/fullchain.pem
SSLCertificateKeyFile /var/local/certificates/cryhavoc.org.uk/privkey.pem
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerName cryhavoc.org.uk
ServerAlias www.cryhavoc.org.uk
ErrorLog /var/log/apache2/cryhavoc-error.log
CustomLog /var/log/apache2/cryhavoc-access.log combined
RemoteIPProxyProtocol On
<IfModule rewrite_module>
#
# This redirects all accesses to the HTTPS version of the site.
#
RewriteEngine On
RewriteRule ^/?(.*) https://www.cryhavoc.org.uk/$1 [R=301,L]
</IfModule>
</VirtualHost>

View File

@ -0,0 +1,34 @@
havoc_wordpress:
pkg.installed:
- name: wordpress
mysql_user.present:
- name: havoc
- password: '{{ salt['pillar.get']('mariadb:havoc_pw', '') }}'
mysql_database.present:
- name: cryhavoc
mysql_grants.present:
- grant: all privileges
- database: cryhavoc.*
- user: havoc
file.managed:
- name: /etc/wordpress/config-www.cryhavoc.org.uk.php
- source: salt://havoc_website/config-www.cryhavoc.org.uk.php
- template: jinja
havoc_website:
file.managed:
- require:
- sls: apache
- sls: certificates/client
- names:
- /etc/apache2/sites-available/www.cryhavoc.org.uk.conf:
- source: salt://havoc_website/cryhavoc.org.uk.conf
apache_site.enabled:
- require:
- file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
- name: www.cryhavoc.org.uk
service.running:
- name: apache2
- reload: true
- watch:
- file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf

View File

@ -12,6 +12,7 @@ base:
- fail2ban
- firewalls/hedwig
- lunch_website
- havoc_website
'scabbers.lunch.org.uk':
- debian