Added ipam.adyxax.org policies

8 files changed, 119 insertions, 1 deletions

diff --git a/services/applications.cf b/services/applications.cf
index c380374..b33b344 100644
--- a/services/applications.cf
+++ b/services/applications.cf
@@ -4,6 +4,7 @@ body file control
         "services/applications/bareos_fd.cf",
         "services/applications/check_mk.cf",
         "services/applications/fcgiwrap.cf",
+        "services/applications/ipam.cf",
         "services/applications/nagios.cf",
         "services/applications/nginx.cf",
         "services/applications/php56.cf",
diff --git a/services/applications/ipam.cf b/services/applications/ipam.cf
new file mode 100644
index 0000000..067cb29
--- /dev/null
+++ b/services/applications/ipam.cf
@@ -0,0 +1,41 @@
+bundle agent ipam
+{
+    vars:
+        ipam::
+            "config[host]" string => "mysql01";
+            "config[user]" string => "phpipam";
+            "config[pass]" string => "Hee0Hai8lie2gaaBia8xaisieSiengie";
+            "config[name]" string => "phpipam";
+            "config[port]" string => "3306";
+            "index" slist => getindices("ipam.config");
+            "packages" slist => {
+                "pear",
+                "php56-filter",
+                "php56-gettext",
+                "php56-gd",
+                "php56-gmp",
+                "php56-json",
+                "php56-mbstring",
+                "php56-openssl",
+                "php56-pdo_mysql",
+                "php56-session",
+                "php56-simplexml",
+                "php56-sockets",
+            };
+    methods:
+        ipam::
+            "ipam"  usebundle => install_package("$(this.bundle)", "$(ipam.packages)");
+            "ipam"  usebundle => fcgiwrap("nobody", "www", "770");
+            "ipam"  usebundle => php56();
+            "ipam"  usebundle => nginx("$(sys.inputdir)/templates/nginx/ipam_nginx.conf", "nginx.conf");
+    files:
+        ipam::
+            "/var/www/phpipam/config.php"
+                create => "true",
+                perms => system_owned("444"),
+                edit_line => regex_replace("\$db\['$(index)'\]\s+=\s+\"(?!$(config[$(index)]))[^\"]+\";", "$db['$(index)'] = \"$(config[$(index)])\";"),
+                classes => if_repaired("ipam_ipam_config_php_repaired");
+    reports:
+        any::
+            "$(this.bundle): /var/www/phpipam/config.php repaired" ifvarclass => "ipam_ipam_config_php_repaired";
+}
diff --git a/services/applications/php56.cf b/services/applications/php56.cf
index 5f96d25..e62a389 100644
--- a/services/applications/php56.cf
+++ b/services/applications/php56.cf
@@ -16,6 +16,10 @@ bundle agent php56
                 perms => system_owned("444"),
                 edit_template => "$(sys.inputdir)/templates/php/freebsd-php56-php-fpm.conf",
                 classes => if_repaired("php56_php_fpm_conf_file_repaired");
+            "/var/run/php-fpm/."
+                create => "true",
+                perms => system_owned("444"),
+                classes => if_repaired("php56_php_run_dir_repaired");
     classes:
         freebsd::
             "php_fpm_service_running" expression => returnszero("/usr/sbin/service php-fpm status", "noshell");
@@ -28,6 +32,7 @@ bundle agent php56
         any::
             "$(this.bundle): /usr/local/etc/php.ini repaired" ifvarclass => "php56_php_ini_file_repaired";
             "$(this.bundle): /usr/local/etc/php-fpm.conf repaired" ifvarclass => "php56_php_fpm_conf_file_repaired";
+            "$(this.bundle): /var/run/php-fpm/ directory repaired" ifvarclass => "php56_php_run_dir_repaired";
             "$(this.bundle): sshd service repaired" ifvarclass => "php_fpm_service_repaired";
             "$(this.bundle): sshd service restarted" ifvarclass => "php_fpm_service_restarted";
 }
diff --git a/services/main.cf b/services/main.cf
index d5e52bb..c948457 100644
--- a/services/main.cf
+++ b/services/main.cf
@@ -34,6 +34,8 @@ bundle agent classify
             };
             "mail_servers" or => { "legend" };
     methods:
+        ipam::
+            "ipam"  usebundle => ipam;
         nagios::
             "nagios"  usebundle => nagios;
 }
diff --git a/templates/common/hosts b/templates/common/hosts
index de9217c..0f5225b 100644
--- a/templates/common/hosts
+++ b/templates/common/hosts
@@ -14,7 +14,7 @@ ff02::2 ip6-allrouters
 10.1.0.101  weechat_relay.jail  weechat_relay
 
 10.1.0.200  tiddlywiki.jail     tiddlywiki
-10.1.0.201  phpipam.lxd         phpipam
+10.1.0.201  ipam.jail           ipam
 10.1.0.202  check_mk.lxd        check_mk
 10.1.0.203  miniflux.lxd        miniflux
 10.1.0.204  hub.lxd             hub
diff --git a/templates/nagios/conf.d/hostgroups.cfg b/templates/nagios/conf.d/hostgroups.cfg
index 636bc5a..b592eb7 100644
--- a/templates/nagios/conf.d/hostgroups.cfg
+++ b/templates/nagios/conf.d/hostgroups.cfg
@@ -9,5 +9,6 @@ define hostgroup {
     alias           FreeBSD Jails
     members         console.adyxax.org, \
                     git.adyxax.org, \
+                    ipam.adyxax.org, \
                     nagios.adyxax.org
 }
diff --git a/templates/nagios/conf.d/ipam.adyxax.org.cfg b/templates/nagios/conf.d/ipam.adyxax.org.cfg
new file mode 100644
index 0000000..9391ac6
--- /dev/null
+++ b/templates/nagios/conf.d/ipam.adyxax.org.cfg
@@ -0,0 +1,6 @@
+define host {
+    use        freebsd-server
+    host_name  ipam.adyxax.org
+    address    ipam.jail
+    parents    cobsd.adyxax.org
+}
diff --git a/templates/nginx/ipam_nginx.conf b/templates/nginx/ipam_nginx.conf
new file mode 100644
index 0000000..fe703ef
--- /dev/null
+++ b/templates/nginx/ipam_nginx.conf
@@ -0,0 +1,62 @@
+worker_processes  1;
+
+# This default error log path is compiled-in to make sure configuration parsing
+# errors are logged somewhere, especially during unattended boot when stderr
+# isn't normally logged anywhere. This path will be touched on every nginx
+# start regardless of error log location configured here. See
+# https://trac.nginx.org/nginx/ticket/147 for more info.
+#
+#error_log  /var/log/nginx/error.log;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+    gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        root   /var/www/phpipam/;
+
+        location ~ ^/(favicon.ico|robots.txt)$ {
+            access_log off;
+            expires max;
+        }
+        location ~ ^/(api/controllers|api/README|app|db|functions|install|misc|upgrade|INSTALL.txt|README|UPDATE)$ {
+            deny all;
+            access_log off;
+            log_not_found off;
+        }
+        location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; }
+
+        location / {
+            index  index.php;
+            try_files $uri $uri/ index.php;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/local/www/nginx-dist;
+        }
+        location ~ \.php$ {
+            fastcgi_pass  unix:/var/run/php-fpm/php-fpm.sock;
+            fastcgi_index  index.php;
+            fastcgi_split_path_info  ^(.+\.php)(/.+)$;
+            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include  fastcgi_params;
+            fastcgi_pass_header  Authorization;
+        }
+    }
+}
+