From af6d97f67641658085f4098b7177b82c552a911d Mon Sep 17 00:00:00 2001
From: Jim Hague <jim.hague@acm.org>
Date: Fri, 23 Aug 2024 14:12:56 +0100
Subject: [PATCH] Enable dmarc.lunch.org.uk website.

---
 states/dmarc_reports/dmarc.lunch.org.uk.conf | 45 ++++++++++++++++++++
 states/dmarc_reports/init.sls                | 19 +++++++++
 states/gpodder/init.sls                      |  1 +
 states/top.sls                               |  1 +
 4 files changed, 66 insertions(+)
 create mode 100644 states/dmarc_reports/dmarc.lunch.org.uk.conf

diff --git a/states/dmarc_reports/dmarc.lunch.org.uk.conf b/states/dmarc_reports/dmarc.lunch.org.uk.conf
new file mode 100644
index 0000000..63a5f8b
--- /dev/null
+++ b/states/dmarc_reports/dmarc.lunch.org.uk.conf
@@ -0,0 +1,45 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName dmarc.lunch.org.uk
+
+        ErrorLog /var/log/apache2/dmarc-error.log
+        CustomLog /var/log/apache2/dmarc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+	DocumentRoot /srv/dmarcts-report-viewer
+
+        <Directory /srv/dmarcts-report-viewer>
+            Options FollowSymLinks
+            AllowOverride All
+            Order allow,deny
+            Allow from all
+            Require all granted
+            DirectoryIndex dmarcts-report-viewer.php
+        </Directory>
+
+	SSLEngine on
+	SSLCertificateFile /var/local/certificates/dmarc.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/dmarc.lunch.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName dmarc.lunch.org.uk
+
+        ErrorLog /var/log/apache2/dmarc-error.log
+        CustomLog /var/log/apache2/dmarc-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+
+                RewriteRule ^/?(.*) https://dmarc.lunch.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>
diff --git a/states/dmarc_reports/init.sls b/states/dmarc_reports/init.sls
index 8ab2654..86bcec3 100644
--- a/states/dmarc_reports/init.sls
+++ b/states/dmarc_reports/init.sls
@@ -56,3 +56,22 @@ dmarcts-report-viewer-config:
     - name: /srv/dmarcts-report-viewer/dmarcts-report-viewer-config.php
     - source: salt://dmarc_reports/dmarcts-report-viewer-config.php
     - template: jinja
+
+dmarc-report-viewer-web:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates
+      - sls: php_fpm
+    - names:
+      - /etc/apache2/sites-available/dmarc.lunch.org.uk.conf:
+        - source: salt://dmarc_reports/dmarc.lunch.org.uk.conf
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/dmarc.lunch.org.uk.conf
+    - name: dmarc.lunch.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/dmarc.lunch.org.uk.conf
diff --git a/states/gpodder/init.sls b/states/gpodder/init.sls
index f7d13d3..cc3d25c 100644
--- a/states/gpodder/init.sls
+++ b/states/gpodder/init.sls
@@ -16,6 +16,7 @@ gpodder_web:
     - require:
       - sls: apache
       - sls: certificates/client
+      - sls: php-fpm
     - names:
       - /etc/apache2/sites-available/gpodder.lunch.org.uk.conf:
         - source: salt://gpodder/gpodder.lunch.org.uk.conf
diff --git a/states/top.sls b/states/top.sls
index d1e8b88..c68598c 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -23,6 +23,7 @@ base:
     - swapfile
     - certificates
     - apache
+    - php_fpm
     - backup
     - backup/scabbers
     - dottes_website