Add havoc_website to hedwig.

2023-05-11 13:24:29 +01:00 · 2023-05-11 13:24:29 +01:00 · 68806c73fb
parent c357b5931d
commit 68806c73fb
7 changed files with 115 additions and 2 deletions
--- a/pillar/secrets/mariadb.sls.sample
+++ b/pillar/secrets/mariadb.sls.sample
@ -1,2 +1,3 @@
 mariadb:
-  root_pw: 'password'
+  root_pw: 'havoc'
+  havoc_pw: 'mNa4dkxs'
--- a/pillar/top.sls
+++ b/pillar/top.sls
@ -2,6 +2,7 @@ base:
  'hedwig.lunch.org.uk':
    - secrets/certificates
    - secrets/mariadb
+    - secrets/wordpress
  'scabbers.lunch.org.uk':
    - secrets/dnsapi
    - secrets/gitea
--- a/states/backup/hedwig_backup2l.conf
+++ b/states/backup/hedwig_backup2l.conf
@ -22,7 +22,7 @@ VOLNAME="all"

 # List of directories to make backups of.
 # All paths MUST be absolute and start with a '/'!
-SRCLIST=(/etc /root /home /var/mail /usr/local)
+SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress)

 # The following expression specifies the files not to be archived.
 # See the find(1) man page for further info. It is discouraged to
@ -99,6 +99,8 @@ PRE_BACKUP ()
    # all installed packages to a file.
    #echo "  writing dpkg selections to /root/dpkg-selections.log..."
    #dpkg --get-selections | diff - /root/dpkg-selections.log > /dev/null || dpkg --get-selections > /root/dpkg-selections.log
+
+    mysqldump --all-databases > /root/mysql.sql
 }

 # This user-defined bash function is executed after a backup is made
--- a/states/havoc_website/config-www.cryhavoc.org.uk.php
+++ b/states/havoc_website/config-www.cryhavoc.org.uk.php
@ -0,0 +1,13 @@
+<?php
+# Created by setup-mysql 
+define('DB_NAME', 'cryhavoc');
+define('DB_USER', 'havoc');
+define('DB_PASSWORD', '{{ pillar['mariadb']['havoc_pw'] }}');
+define('DB_HOST', 'localhost');
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+define('SECRET_KEY', '{{ pillar['wordpress']['havoc_key'] }}');
+define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content-cryhavoc');
+define( 'FS_METHOD', 'direct' );
+define('WPLANG', 'en_GB');
+?>
--- a/states/havoc_website/cryhavoc.org.uk.conf
+++ b/states/havoc_website/cryhavoc.org.uk.conf
@ -0,0 +1,61 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName www.cryhavoc.org.uk
+        ServerAlias cryhavoc.org.uk
+
+        ErrorLog /var/log/apache2/cryhavoc-error.log
+        CustomLog /var/log/apache2/cryhavoc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        DocumentRoot /usr/share/wordpress
+
+        Alias /wp-content /var/lib/wordpress/wp-content-cryhavoc
+
+        <Directory /var/lib/wordpress/wp-content-cryhavoc>
+                Order deny,allow
+                Allow from all
+                Require all granted
+        </Directory>
+
+        <Directory /usr/share/wordpress>
+            Options FollowSymLinks
+            AllowOverride Limit Options FileInfo
+            Order allow,deny
+            Allow from all
+            Require all granted
+            DirectoryIndex index.php
+
+            RewriteEngine On
+            RewriteBase /
+            RewriteRule ^index\.php$ - [L]
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteRule . /index.php [L]
+        </Directory>
+
+	SSLEngine on
+	SSLCertificateFile /var/local/certificates/cryhavoc.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/cryhavoc.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName cryhavoc.org.uk
+        ServerAlias www.cryhavoc.org.uk
+
+        ErrorLog /var/log/apache2/cryhavoc-error.log
+        CustomLog /var/log/apache2/cryhavoc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+                RewriteRule ^/?(.*) https://www.cryhavoc.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>
--- a/states/havoc_website/init.sls
+++ b/states/havoc_website/init.sls
@ -0,0 +1,34 @@
+havoc_wordpress:
+  pkg.installed:
+    - name: wordpress
+  mysql_user.present:
+    - name: havoc
+    - password: '{{ salt['pillar.get']('mariadb:havoc_pw', '') }}'
+  mysql_database.present:
+    - name: cryhavoc
+  mysql_grants.present:
+    - grant: all privileges
+    - database: cryhavoc.*
+    - user: havoc
+  file.managed:
+    - name: /etc/wordpress/config-www.cryhavoc.org.uk.php
+    - source: salt://havoc_website/config-www.cryhavoc.org.uk.php
+    - template: jinja
+
+havoc_website:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates/client
+    - names:
+      - /etc/apache2/sites-available/www.cryhavoc.org.uk.conf:
+        - source: salt://havoc_website/cryhavoc.org.uk.conf
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
+    - name: www.cryhavoc.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
--- a/states/top.sls
+++ b/states/top.sls
@ -12,6 +12,7 @@ base:
    - fail2ban
    - firewalls/hedwig
    - lunch_website
+    - havoc_website

  'scabbers.lunch.org.uk':
    - debian