X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/2c854e9952890a119750a187479eb2701107705f..e0948bc62196ce7b4c580835c211c995fed19d95:/cookbooks/wordpress/definitions/wordpress_site.rb diff --git a/cookbooks/wordpress/definitions/wordpress_site.rb b/cookbooks/wordpress/definitions/wordpress_site.rb index b418f9615..1a3fa2423 100644 --- a/cookbooks/wordpress/definitions/wordpress_site.rb +++ b/cookbooks/wordpress/definitions/wordpress_site.rb @@ -19,6 +19,7 @@ define :wordpress_site, :action => [ :create, :enable ] do name = params[:name] + ssl_enabled = params[:ssl_enabled] || false aliases = Array(params[:aliases]) urls = Array(params[:urls]) directory = params[:directory] || "/srv/#{name}" @@ -64,35 +65,41 @@ define :wordpress_site, :action => [ :create, :enable ] do notifies :reload, "service[apache2]" end + wp_config = edit_file "#{directory}/wp-config-sample.php" do |line| + line.gsub!(/database_name_here/, database_name) + line.gsub!(/username_here/, database_user) + line.gsub!(/password_here/, database_password) + line.gsub!(/wp_/, database_prefix) + + line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_key]}'") + line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_key]}'") + line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_key]}'") + line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_key]}'") + line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_salt]}'") + line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_salt]}'") + line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_salt]}'") + line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_salt]}'") + + if line =~ /define\('WP_DEBUG'/ + line += "\n" + line += "/**\n" + line += " * Don't allow file editing.\n" + line += " */\n" + line += "define('DISALLOW_FILE_EDIT', true);\n" + if ssl_enabled + line += "define('FORCE_SSL_LOGIN', true);\n" + line += "define('FORCE_SSL_ADMIN', true);\n" + end + end + + line + end + file "#{directory}/wp-config.php" do owner node[:wordpress][:user] group node[:wordpress][:group] mode 0644 - content_from_file "#{directory}/wp-config-sample.php" do |line| - line.gsub!(/database_name_here/, database_name) - line.gsub!(/username_here/, database_user) - line.gsub!(/password_here/, database_password) - line.gsub!(/wp_/, database_prefix) - - line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_key]}'") - line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_key]}'") - line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_key]}'") - line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_key]}'") - line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:auth_salt]}'") - line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:secure_auth_salt]}'") - line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:logged_in_salt]}'") - line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][name][:nonce_salt]}'") - - if line =~ /define\('WP_DEBUG'/ - line += "\n" - line += "/**\n" - line += " * Don't allow file editing.\n" - line += " */\n" - line += "define('DISALLOW_FILE_EDIT', true);\n" - end - - line - end + content wp_config notifies :reload, "service[apache2]" end @@ -126,7 +133,7 @@ define :wordpress_site, :action => [ :create, :enable ] do cookbook "wordpress" template "apache.erb" directory directory - variables :aliases => aliases, :urls => urls + variables :aliases => aliases, :urls => urls, :ssl_enabled => ssl_enabled notifies :reload, "service[apache2]" end @@ -135,4 +142,24 @@ define :wordpress_site, :action => [ :create, :enable ] do url "http://#{name}/wp-admin/upgrade.php?step=1" subscribes :get, "subversion[#{directory}]" end + + wordpress_plugin "wp-fail2ban" do + site name + end + + script "#{directory}/wp-content/plugins/wp-fail2ban" do + action :nothing + interpreter "php" + cwd directory + user "wordpress" + code <<-EOS + + EOS + subscribes :run, "subversion[#{directory}/wp-content/plugins/wp-fail2ban]" + end end