jim
/
MythicSalt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add havoc_website to hedwig.

This commit is contained in:
Jim Hague 2023-05-11 13:24:29 +01:00
parent c357b5931d
commit 68806c73fb
7 changed files with 115 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/secrets/mariadb.sls.sample
View File

@ -1,2 +1,3 @@
mariadb: mariadb:
root_pw: 'password' root_pw: 'havoc'
havoc_pw: 'mNa4dkxs'

1
pillar/top.sls
View File

@ -2,6 +2,7 @@ base:
'hedwig.lunch.org.uk': 'hedwig.lunch.org.uk':
- secrets/certificates - secrets/certificates
- secrets/mariadb - secrets/mariadb
- secrets/wordpress
'scabbers.lunch.org.uk': 'scabbers.lunch.org.uk':
- secrets/dnsapi - secrets/dnsapi
- secrets/gitea - secrets/gitea

4
states/backup/hedwig_backup2l.conf
View File

@ -22,7 +22,7 @@ VOLNAME="all"
# List of directories to make backups of. # List of directories to make backups of.
# All paths MUST be absolute and start with a '/'! # All paths MUST be absolute and start with a '/'!
SRCLIST=(/etc /root /home /var/mail /usr/local) SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress)
# The following expression specifies the files not to be archived. # The following expression specifies the files not to be archived.
# See the find(1) man page for further info. It is discouraged to # See the find(1) man page for further info. It is discouraged to
@ -99,6 +99,8 @@ PRE_BACKUP ()
# all installed packages to a file. # all installed packages to a file.
#echo " writing dpkg selections to /root/dpkg-selections.log..." #echo " writing dpkg selections to /root/dpkg-selections.log..."
#dpkg --get-selections | diff - /root/dpkg-selections.log > /dev/null || dpkg --get-selections > /root/dpkg-selections.log #dpkg --get-selections | diff - /root/dpkg-selections.log > /dev/null || dpkg --get-selections > /root/dpkg-selections.log
mysqldump --all-databases > /root/mysql.sql
} }
# This user-defined bash function is executed after a backup is made # This user-defined bash function is executed after a backup is made

13
states/havoc_website/config-www.cryhavoc.org.uk.php Normal file
View File

@ -0,0 +1,13 @@
<?php
# Created by setup-mysql
define('DB_NAME', 'cryhavoc');
define('DB_USER', 'havoc');
define('DB_PASSWORD', '{{ pillar['mariadb']['havoc_pw'] }}');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
define('SECRET_KEY', '{{ pillar['wordpress']['havoc_key'] }}');
define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content-cryhavoc');
define( 'FS_METHOD', 'direct' );
define('WPLANG', 'en_GB');
?>

61
states/havoc_website/cryhavoc.org.uk.conf Normal file
View File

@ -0,0 +1,61 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.cryhavoc.org.uk
ServerAlias cryhavoc.org.uk
ErrorLog /var/log/apache2/cryhavoc-error.log
CustomLog /var/log/apache2/cryhavoc-access.log combined
RemoteIPProxyProtocol On
DocumentRoot /usr/share/wordpress
Alias /wp-content /var/lib/wordpress/wp-content-cryhavoc
<Directory /var/lib/wordpress/wp-content-cryhavoc>
Order deny,allow
Allow from all
Require all granted
</Directory>
<Directory /usr/share/wordpress>
Options FollowSymLinks
AllowOverride Limit Options FileInfo
Order allow,deny
Allow from all
Require all granted
DirectoryIndex index.php
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
SSLEngine on
SSLCertificateFile /var/local/certificates/cryhavoc.org.uk/fullchain.pem
SSLCertificateKeyFile /var/local/certificates/cryhavoc.org.uk/privkey.pem
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerName cryhavoc.org.uk
ServerAlias www.cryhavoc.org.uk
ErrorLog /var/log/apache2/cryhavoc-error.log
CustomLog /var/log/apache2/cryhavoc-access.log combined
RemoteIPProxyProtocol On
<IfModule rewrite_module>
#
# This redirects all accesses to the HTTPS version of the site.
#
RewriteEngine On
RewriteRule ^/?(.*) https://www.cryhavoc.org.uk/$1 [R=301,L]
</IfModule>
</VirtualHost>

34
states/havoc_website/init.sls Normal file
View File

@ -0,0 +1,34 @@
havoc_wordpress:
pkg.installed:
- name: wordpress
mysql_user.present:
- name: havoc
- password: '{{ salt['pillar.get']('mariadb:havoc_pw', '') }}'
mysql_database.present:
- name: cryhavoc
mysql_grants.present:
- grant: all privileges
- database: cryhavoc.*
- user: havoc
file.managed:
- name: /etc/wordpress/config-www.cryhavoc.org.uk.php
- source: salt://havoc_website/config-www.cryhavoc.org.uk.php
- template: jinja
havoc_website:
file.managed:
- require:
- sls: apache
- sls: certificates/client
- names:
- /etc/apache2/sites-available/www.cryhavoc.org.uk.conf:
- source: salt://havoc_website/cryhavoc.org.uk.conf
apache_site.enabled:
- require:
- file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf
- name: www.cryhavoc.org.uk
service.running:
- name: apache2
- reload: true
- watch:
- file: /etc/apache2/sites-available/www.cryhavoc.org.uk.conf

1
states/top.sls
View File

@ -12,6 +12,7 @@ base:
- fail2ban - fail2ban
- firewalls/hedwig - firewalls/hedwig
- lunch_website - lunch_website
- havoc_website
'scabbers.lunch.org.uk': 'scabbers.lunch.org.uk':
- debian - debian