diff options
Diffstat (limited to 'modules/phpbb')
| -rw-r--r-- | modules/phpbb/files/phpbb_apply_config.pl | 28 | ||||
| -rw-r--r-- | modules/phpbb/files/robots.txt | 7 | ||||
| -rw-r--r-- | modules/phpbb/manifests/base.pp | 57 | ||||
| -rw-r--r-- | modules/phpbb/manifests/config.pp | 12 | ||||
| -rw-r--r-- | modules/phpbb/manifests/databases.pp | 3 | ||||
| -rw-r--r-- | modules/phpbb/manifests/init.pp | 1 | ||||
| -rw-r--r-- | modules/phpbb/manifests/instance.pp | 80 | ||||
| -rw-r--r-- | modules/phpbb/manifests/locale_db.pp | 12 | ||||
| -rw-r--r-- | modules/phpbb/manifests/redirection_instance.pp | 7 | ||||
| -rw-r--r-- | modules/phpbb/templates/config.php | 17 | ||||
| -rw-r--r-- | modules/phpbb/templates/forums_redirect.conf | 2 | ||||
| -rw-r--r-- | modules/phpbb/templates/forums_vhost.conf | 62 |
12 files changed, 288 insertions, 0 deletions
diff --git a/modules/phpbb/files/phpbb_apply_config.pl b/modules/phpbb/files/phpbb_apply_config.pl new file mode 100644 index 00000000..a58df24e --- /dev/null +++ b/modules/phpbb/files/phpbb_apply_config.pl @@ -0,0 +1,28 @@ +#!/usr/bin/perl +use strict; +use warnings; +use Env qw(VALUE); +use DBI; + +my $key = $ARGV[0]; + +# DBI will use default value coming from env +# see puppet manifests +my $dbh = DBI->connect("dbi:Pg:","","", { + AutoCommit => 0, + RaiseError => 1, +}); + +my $table = "phpbb_config"; + +# FIXME add rollback if there is a problem +# https://docstore.mik.ua/orelly/linux/dbi/ch06_03.htm +my $update = $dbh->prepare("UPDATE $table SET config_value = ?, is_dynamic = ? WHERE config_name = ?"); +my $insert = $dbh->prepare("INSERT INTO $table ( config_value, is_dynamic, config_name ) VALUES ( ? , ? , ? )"); + +my $res = $update->execute($VALUE, 1, $key) or die "cannot do update $?"; +if ($res == 0 ) { + $insert->execute($VALUE, 1, $key) or die "cannot do insert $?"; +} +$dbh->commit(); +$dbh->disconnect(); diff --git a/modules/phpbb/files/robots.txt b/modules/phpbb/files/robots.txt new file mode 100644 index 00000000..1c335a73 --- /dev/null +++ b/modules/phpbb/files/robots.txt @@ -0,0 +1,7 @@ +User-agent: * +Disallow: /*/faq.php? +Disallow: /*/memberlist.php? +Disallow: /*/posting.php? +Disallow: /*/search.php? +Disallow: /*/ucp.php? +Crawl-delay: 30 diff --git a/modules/phpbb/manifests/base.pp b/modules/phpbb/manifests/base.pp new file mode 100644 index 00000000..9f676cb4 --- /dev/null +++ b/modules/phpbb/manifests/base.pp @@ -0,0 +1,57 @@ +class phpbb::base { + $db = 'phpbb' + $user = 'phpbb' + $forums_dir = '/var/www/forums/' + + include apache::mod::php + + package {['php-gd', + 'php-xml', + 'php-zlib', + 'php-ftp', + 'php-magickwand', + 'php-pgsql', + 'php-ldap']: } + + package { 'perl-DBD-Pg': } + + file { '/usr/local/bin/phpbb_apply_config.pl': + mode => '0755', + source => 'puppet:///modules/phpbb/phpbb_apply_config.pl', + } + + $pgsql_password = extlookup('phpbb_pgsql','x') + postgresql::remote_user { $user: + password => $pgsql_password, + } + + file { $forums_dir: + ensure => directory, + } + + $robotsfile = "$forums_dir/robots.txt" + file { $robotsfile: + ensure => present, + mode => '0644', + owner => root, + group => root, + source => 'puppet:///modules/phpbb/robots.txt', + } + + # TODO check that everything is locked down + apache::vhost::base { "forums.${::domain}": + content => template('phpbb/forums_vhost.conf'), + } + + apache::vhost::base { "ssl_forums.${::domain}": + use_ssl => true, + vhost => "forums.${::domain}", + content => template('phpbb/forums_vhost.conf'), + } + + file { '/etc/httpd/conf/vhosts.d/forums.d/': + ensure => directory, + } +} + + diff --git a/modules/phpbb/manifests/config.pp b/modules/phpbb/manifests/config.pp new file mode 100644 index 00000000..553b0f74 --- /dev/null +++ b/modules/phpbb/manifests/config.pp @@ -0,0 +1,12 @@ +define phpbb::config($key, $value, $database) { + exec { "phpbb_apply ${name}": + command => "/usr/local/bin/phpbb_apply_config.pl ${key}", + user => 'root', + environment => ["PGDATABASE=${database}", + "PGUSER=${phpbb::base::user}", + "PGPASSWORD=${phpbb::base::pgsql_password}", + "PGHOST=pgsql.${::domain}", + "VALUE=${value}"], + require => File['/usr/local/bin/phpbb_apply_config.pl'], + } +} diff --git a/modules/phpbb/manifests/databases.pp b/modules/phpbb/manifests/databases.pp new file mode 100644 index 00000000..dc255f75 --- /dev/null +++ b/modules/phpbb/manifests/databases.pp @@ -0,0 +1,3 @@ +define phpbb::databases() { + Phpbb::Locale_db <<| |>> +} diff --git a/modules/phpbb/manifests/init.pp b/modules/phpbb/manifests/init.pp new file mode 100644 index 00000000..ccfa0ca2 --- /dev/null +++ b/modules/phpbb/manifests/init.pp @@ -0,0 +1 @@ +class phpbb { } diff --git a/modules/phpbb/manifests/instance.pp b/modules/phpbb/manifests/instance.pp new file mode 100644 index 00000000..e300d9e0 --- /dev/null +++ b/modules/phpbb/manifests/instance.pp @@ -0,0 +1,80 @@ +define phpbb::instance() { + include phpbb::base + + $lang = $name + $database = "${phpbb::base::db}_${lang}" + + $user = $phpbb::base::user + $pgsql_password = $phpbb::base::pgsql_password + $forums_dir = $phpbb::base::forums_dir + + include git::client + exec { "git_clone ${lang}": + command =>"git clone git://git.${::domain}/web/forums/ ${lang}", + cwd => $forums_dir, + creates => "${forums_dir}/${lang}", + require => File[$forums_dir], + notify => Exec["rm_install ${lang}"], + } + + # remove this or the forum will not work ( 'board disabled' ) + # maybe it would be better to move this elsewhere, I + # am not sure ( and in any case, that's still in git ) + exec { "rm_install ${lang}": + command => "rm -Rf ${forums_dir}/${lang}/phpBB/install", + onlyif => "test -d ${forums_dir}/${lang}/phpBB/install", + } + + # list found by reading ./install/install_install.php + # end of check_server_requirements ( 2 loops ) + + $writable_dirs = ['cache', + 'images/avatars/upload', + 'files', + 'store' ] + + $dir_names = regsubst($writable_dirs,'^',"${forums_dir}/${lang}/phpBB/") + + file { $dir_names: + ensure => directory, + owner => 'apache', + require => Exec["git_clone ${lang}"], + } + + file { "${forums_dir}/${lang}/phpBB/config.php": + content => template('phpbb/config.php'), + } + + @@phpbb::locale_db { $database: + user => $user, + } + + Phpbb::Config { + database => $database, + } + + $ldap_password = extlookup( 'phpbb_ldap','x') + + phpbb::config { + "ldap_user/${lang}": + key => 'ldap_user', value => "cn=phpbb-${::hostname},ou=System Accounts,${::dc_suffix}"; + "ldap_server/${lang}": + key => 'ldap_server', value => "ldaps://ldap.${::domain} ldaps://ldap-slave-1.${::domain}"; + "ldap_password/${lang}": + key => 'ldap_password', value => $ldap_password; + "ldap_base_dn/${lang}": + key => 'ldap_base_dn', value => "ou=People,${::dc_suffix}"; + "auth_method/${lang}": + key => 'auth_method', value => 'ldap'; + "ldap_mail/${lang}": + key => 'ldap_mail', value => 'mail'; + "ldap_uid/${lang}": + key => 'ldap_uid', value => 'uid'; + "cookie_domain/${lang}": + key => 'cookie_domain', value => "forums.${::domain}"; + "server_name/${lang}": + key => 'server_name', value => "forums.${::domain}"; + "default_lang/${lang}": + key => 'default_lang', value => $lang; + } +} diff --git a/modules/phpbb/manifests/locale_db.pp b/modules/phpbb/manifests/locale_db.pp new file mode 100644 index 00000000..70116962 --- /dev/null +++ b/modules/phpbb/manifests/locale_db.pp @@ -0,0 +1,12 @@ +# FIXME: In puppet >3.0 word 'tag' is reserved, so it have to be renamed +define phpbb::locale_db($tag = 'default', + $user = $phpbb::base::user) { + postgresql::database { $name: + description => "${lang} db for phpbb forum", + user => $user, + tag => $tag, +# this break due to the way it is remotely declared +# this should only be a issue in case of bootstrapping again +# require => Postgresql::User[$user] + } +} diff --git a/modules/phpbb/manifests/redirection_instance.pp b/modules/phpbb/manifests/redirection_instance.pp new file mode 100644 index 00000000..332eac53 --- /dev/null +++ b/modules/phpbb/manifests/redirection_instance.pp @@ -0,0 +1,7 @@ +define phpbb::redirection_instance($url) { + $lang = $name + file { "/etc/httpd/conf/vhosts.d/forums.d/redirect_${name}.conf": + content => template('phpbb/forums_redirect.conf'), + notify => Exec['apachectl configtest'], + } +} diff --git a/modules/phpbb/templates/config.php b/modules/phpbb/templates/config.php new file mode 100644 index 00000000..5d878235 --- /dev/null +++ b/modules/phpbb/templates/config.php @@ -0,0 +1,17 @@ +<?php +// phpBB 3.0.x auto-generated configuration file +// // Do not change anything in this file! +$dbms = 'postgres'; +$dbhost = 'pg.<%= domain %>'; +$dbport = ''; +$dbname = '<%= database %>'; +$dbuser = '<%= user %>'; +$dbpasswd = '<%= pgsql_password %>'; +$table_prefix = 'phpbb_'; +$acm_type = 'apc'; +$load_extensions = ''; + +@define('PHPBB_INSTALLED', true); +// @define('DEBUG', true); +// @define('DEBUG_EXTRA', true); +?> diff --git a/modules/phpbb/templates/forums_redirect.conf b/modules/phpbb/templates/forums_redirect.conf new file mode 100644 index 00000000..24747b4c --- /dev/null +++ b/modules/phpbb/templates/forums_redirect.conf @@ -0,0 +1,2 @@ +Redirect /<%= lang %> <%= url %> +Redirect /<%= lang %>/ <%= url %> diff --git a/modules/phpbb/templates/forums_vhost.conf b/modules/phpbb/templates/forums_vhost.conf new file mode 100644 index 00000000..440dad1f --- /dev/null +++ b/modules/phpbb/templates/forums_vhost.conf @@ -0,0 +1,62 @@ + # TODO redirect based on language settings + # and the presence of the forum + + # for locale redirection + Include conf/vhosts.d/forums.d/*.conf + + # Prevent including forum site in tier iframe + Header set X-Frame-Options DENY + + + # using Redirect create a loop, so we use mod_rewrite here + RewriteEngine On + RewriteRule ^/$ /en/ [R] + RewriteRule ^/(..)$ /$1/ [R] + + Alias /robots.txt <%= forums_dir %>/robots.txt + + AliasMatch ^/(..)/(.*) <%= forums_dir %>/$1/phpBB/$2 + + <Directory ~ "<%= forums_dir %>/.*/phpBB/"> + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Allow,Deny + Allow from all + </IfModule> + </Directory> + +<%- +forbidden = ['install', + 'cache', + 'includes', + 'phpbb_seo/includes', + 'store', + 'images/avatars/upload', + 'files', + 'umil/error_files', + 'gym_sitemaps/acp', + 'gym_sitemaps/sources', + 'gym_sitemaps/cache', + 'gym_sitemaps/includes', + 'gym_sitemaps/display', + 'gym_sitemaps/modules', +] +for f in forbidden +-%> + <Directory <%= forums_dir %>/.*/phpBB/<%= f %>/ > + <IfModule mod_authz_core.c> + # Apache 2.4 + Require all denied + </IfModule> + <IfModule !mod_authz_core.c> + # Apache 2.2 + Order Deny,Allow + Deny from all + </IfModule> + </Directory> + +<%- end -%> |