soc-ops/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp

class soc::intelmq(
  Optional[String]    $tls_cert   = undef,
  Optional[String]    $tls_chain  = undef,
  Optional[String]    $tls_key    = undef,
  String              $servername = $facts['networking']['fqdn'],
  Boolean             $use_snakeoil = false,
) {
  include sunet::systemd_reload

  # Set some global variables
  $api_user = lookup('intelmq_api_user.username', undef, undef, 'test')
  $api_pass = lookup('intelmq_api_user.password', undef, undef, 'pass')
  $db_user = lookup('intelmq_db_user.username', undef, undef, 'test')
  $db_pass = lookup('intelmq_db_user.password', undef, undef, 'pass')

  group { 'intelmq':
    ensure => present,
  }

  user { 'intelmq':
    ensure     => present,
    gid        => 'intelmq',
    groups     => 'www-data',
    home       => '/opt/intelmq',
    managehome => true,
    shell      => '/bin/bash',
  }

  file { '/etc/intelmq':
    ensure => directory,
    owner  => 'intelmq',
    group  => 'intelmq',
  }

  file { '/etc/intelmq/api':
    ensure => directory,
    owner  => 'intelmq',
    group  => 'www-data',
    mode   => '0770',
  }

  file { '/etc/intelmq/fody':
    ensure => directory,
    owner  => 'intelmq',
    group  => 'www-data',
    mode   => '0770',
  }

  package { 'apache2':
    ensure => 'latest',
  }

  package { 'libapache2-mod-wsgi-py3':
    ensure => 'latest',
  }

  file { '/opt/intelmq/install':
    ensure => directory,
    owner  => 'intelmq',
    group  => 'intelmq',
    mode   => '0755',
  }

  file {
    '/opt/intelmq/www':
      ensure => directory,
      owner  => 'intelmq',
      group  => 'intelmq',
      mode   => '0755',
      ;
    '/opt/intelmq/www/intelmq-manager':
      ensure => directory,
      owner  => 'intelmq',
      group  => 'www-data',
      mode   => '0750',
      ;
    '/opt/intelmq/www/fody':
      ensure => directory,
      owner  => 'intelmq',
      group  => 'www-data',
      mode   => '0750',
      ;
  }

  file { '/opt/intelmq/install/setup-nodesource.sh':
    ensure  => file,
    content => file('soc/intelmq/setup-nodesource.sh'),
    mode    => '0540',
  }

  exec { 'Add nodesource repo':
    command => '/opt/intelmq/install/setup-nodesource.sh',
    creates => '/etc/apt/sources.list.d/nodesource.list',
  }

  package { ['postgresql', 'python3-venv', 'python3-pip', 'python3-gpg', 'python3-psycopg2', 'redict', 'nodejs', ]:
    ensure => 'latest',
  }

  package { ['cmdtest', ]:
    ensure => 'absent',
  }

  exec { 'Install yarn from npm':
    command => 'npm install --global yarn',
    creates => '/usr/bin/yarn',
  }

  exec { 'Install IntelMQ venv':
    command => 'sudo -u intelmq /usr/bin/python3 -m venv --system-site-packages /opt/intelmq/venv',
    creates => '/opt/intelmq/venv',
  }

  exec { 'Always active venv for IntelMQ':
    command => 'echo ". venv/bin/activate" >> /opt/intelmq/.profile',
    unless  => 'grep -q activate /opt/intelmq/.profile 2> /dev/null',
  }

  file { '/opt/intelmq/install/eventdb-notifications.sql':
    ensure  => file,
    content => file('soc/intelmq/eventdb-notifications.sql'),
  }

  file { '/opt/intelmq/install/install-intelmq.sh':
    ensure  => file,
    content => file('soc/intelmq/install-intelmq.sh'),
    mode    => '0555',
  }

  exec { 'Install IntelMQ':
    command => 'sudo -u intelmq /opt/intelmq/install/install-intelmq.sh',
    creates => '/opt/intelmq/.installed'
  }

  exec { 'Run IntelMQ setup script':
    command => '/opt/intelmq/venv/bin/intelmqsetup',
    creates => '/opt/intelmq/var/lib/state.json',
    returns => ['0', '1',],
  }

  file { '/usr/bin/intelmqctl':
    ensure  => file,
    mode    => '0555',
    content => file('soc/intelmq/usr-bin-intelmqctl'),
  }

  file { '/opt/intelmq/install/setup-pgsql.sh':
    ensure  => file,
    content => template('soc/intelmq/setup-pgsql.sh'),
    mode    => '0500',
  }

  exec { 'Setup IntelMQ eventdb':
    command => '/opt/intelmq/install/setup-pgsql.sh',
    creates => '/opt/intelmq/.pgsql-installed',
  }

  file { '/etc/sudoers.d/01_intelmq-api':
    ensure  => file,
    content => file('soc/intelmq/sudoers-01-intelmq-api'),
    mode    => '0440',
  }

  service { 'apache2':
    ensure  => 'running',
    enable  => true,
    require => Package['apache2'],
  }

  exec { 'Enable Apache2 modules':
    command => 'a2enmod ssl wsgi proxy proxy_http headers rewrite',
    require => Package['libapache2-mod-wsgi-py3'],
    notify  => Service['apache2'],
  }

  file { '/etc/apache2/conf-available/wsgi-venv.conf':
    ensure  => file,
    content => file('soc/intelmq/apache/wsgi-venv.conf'),
  }

  exec { 'Enable wsgi-venv conf':
    command => 'a2enconf wsgi-venv',
    creates => '/etc/apache2/conf-enabled/wsgi-venv.conf',
    notify  => Service['apache2'],
  }

  file { '/etc/apache2/sites-available/intelmq-vhost.conf':
    ensure  => file,
    content => template('soc/intelmq/intelmq-vhost.conf.erb'),
    notify  => Service['apache2'],
  }

  file { '/etc/intelmq/api-config.json':
    ensure  => file,
    owner   => 'intelmq',
    group   => 'intelmq',
    mode    => '0444',
    content => file('soc/intelmq/api-config.json'),
  }

  file { '/etc/intelmq/fody-session.conf':
    ensure  => file,
    owner   => 'intelmq',
    group   => 'intelmq',
    mode    => '0444',
    content => file('soc/intelmq/fody-session.conf'),
  }

  exec { 'Setup intelmq-api user':
    command => "sudo -u intelmq /opt/intelmq/venv/bin/intelmq-api-adduser --user ${api_user} --password ${api_pass}",
    creates => '/etc/intelmq/api/api-session.sqlite',
  }

  file { '/etc/intelmq/api/api-session.sqlite':
    ensure  => 'present',
    replace => 'no',
    owner   => 'intelmq',
    group   => 'www-data',
    mode    => '0660'
  }

  exec { 'Setup fody-api user':
    command => "sudo -u intelmq /opt/intelmq/venv/bin/fody-adduser --user ${api_user} --password ${api_pass}",
    unless  => "sqlite3 /etc/intelmq/api/api-session.sqlite \"SELECT username FROM user WHERE username ='${api_user}'\" | grep -q ${api_user}",
  }

  file {
    '/etc/intelmq/contactdb-serve.conf':
      ensure  => file,
      owner   => 'intelmq',
      group   => 'www-data',
      mode    => '0440',
      content => template('soc/intelmq/contactdb-serve.conf.erb'),
    ;
    '/etc/intelmq/eventdb-serve.conf':
      ensure  => file,
      owner   => 'intelmq',
      group   => 'www-data',
      mode    => '0440',
      content => template('soc/intelmq/eventdb-serve.conf.erb'),
    ;
    '/etc/intelmq/tickets-serve.conf':
      ensure  => file,
      owner   => 'intelmq',
      group   => 'www-data',
      mode    => '0440',
      content => template('soc/intelmq/tickets-serve.conf.erb'),
    ;
  }

  file { '/etc/systemd/system/intelmq-api.service':
    ensure  => file,
    content => file('soc/intelmq/intelmq-api.service'),
    notify  => [Class['sunet::systemd_reload'], Service['intelmq-api.service'],],
  }

  file { '/etc/systemd/system/intelmq-api.socket':
    ensure  => file,
    content => file('soc/intelmq/intelmq-api.socket'),
    notify  => [Class['sunet::systemd_reload'], Service['intelmq-api.socket'],],
  }

  file { '/opt/intelmq/etc/runtime.yaml':
    ensure  => 'present',
    replace => 'no',
    owner   => 'intelmq',
    group   => 'www-data',
    mode    => '0660',
  }

  file { '/opt/intelmq/etc/runtime.yaml.bak':
    ensure  => 'present',
    replace => 'no',
    owner   => 'www-data',
    group   => 'www-data',
    mode    => '0660',
    content => '',
  }

  file { '/opt/intelmq/etc/manager':
    ensure => directory,
    owner  => 'www-data',
    group  => 'www-data',
    mode   => '0775',
  }

  service { 'intelmq-api.service':
    ensure     => running,
    name       => 'intelmq-api.service',
    enable     => true,
    hasrestart => true,
  }

  service { 'intelmq-api.socket':
    ensure     => running,
    name       => 'intelmq-api.socket',
    enable     => true,
    hasrestart => true,
  }

  exec { 'Disable default apache conf':
    command => 'a2dissite 000-default',
    onlyif  => 'test -f /etc/apache2/sites-enabled/000-default.conf',
    notify  => Service['apache2'],
  }

  exec { 'Enable intelmq apache conf':
    command => 'a2ensite intelmq-vhost',
    creates => '/etc/apache2/sites-enabled/intelmq-vhost.conf',
    notify  => Service['apache2'],
  }

  sunet::nftables::allow { 'allow_http':
    from => any,
    port => 80,
  }

  sunet::nftables::allow { 'allow_https':
    from => any,
    port => 443,
  }
}
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`class soc::intelmq(`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`Optional[String] $tls_cert = undef,`
			`Optional[String] $tls_chain = undef,`
			`Optional[String] $tls_key = undef,`
Bugfix. 2024-11-14 14:20:01 +01:00			`String $servername = $facts['networking']['fqdn'],`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`Boolean $use_snakeoil = false,`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`) {`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`include sunet::systemd_reload`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00
Trying to install fody. 2024-11-19 10:25:44 +01:00			`# Set some global variables`
			`$api_user = lookup('intelmq_api_user.username', undef, undef, 'test')`
			`$api_pass = lookup('intelmq_api_user.password', undef, undef, 'pass')`
			`$db_user = lookup('intelmq_db_user.username', undef, undef, 'test')`
			`$db_pass = lookup('intelmq_db_user.password', undef, undef, 'pass')`

First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`group { 'intelmq':`
			`ensure => present,`
			`}`

			`user { 'intelmq':`
Testfix 2024-11-13 16:49:11 +01:00			`ensure => present,`
			`gid => 'intelmq',`
			`groups => 'www-data',`
			`home => '/opt/intelmq',`
			`managehome => true,`
Bugfix 2024-11-14 10:24:57 +01:00			`shell => '/bin/bash',`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`}`

			`file { '/etc/intelmq':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'intelmq',`
			`}`

Fixes for intelmq-api. 2024-11-18 13:14:49 +01:00			`file { '/etc/intelmq/api':`
			`ensure => directory,`
			`owner => 'intelmq',`
Typo. 2024-11-18 13:16:19 +01:00			`group => 'www-data',`
Fixes for intelmq-api. 2024-11-18 13:14:49 +01:00			`mode => '0770',`
			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`file { '/etc/intelmq/fody':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0770',`
			`}`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00
Bugfix. 2024-11-14 12:28:48 +01:00			`package { 'apache2':`
			`ensure => 'latest',`
			`}`

			`package { 'libapache2-mod-wsgi-py3':`
Typo. 2024-11-14 12:29:32 +01:00			`ensure => 'latest',`
Bugfix. 2024-11-14 12:28:48 +01:00			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`file { '/opt/intelmq/install':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'intelmq',`
			`mode => '0755',`
			`}`

Bugfix. 2024-11-19 12:37:31 +01:00			`file {`
Bugfix. 2024-11-19 12:36:50 +01:00			`'/opt/intelmq/www':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'intelmq',`
			`mode => '0755',`
			`;`
			`'/opt/intelmq/www/intelmq-manager':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0750',`
			`;`
			`'/opt/intelmq/www/fody':`
			`ensure => directory,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0750',`
			`;`
			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`file { '/opt/intelmq/install/setup-nodesource.sh':`
Trying to install fody. 2024-11-18 16:31:44 +01:00			`ensure => file,`
			`content => file('soc/intelmq/setup-nodesource.sh'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`mode => '0540',`
Trying to install fody. 2024-11-18 16:31:44 +01:00			`}`

			`exec { 'Add nodesource repo':`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`command => '/opt/intelmq/install/setup-nodesource.sh',`
Trying to install fody. 2024-11-18 16:31:44 +01:00			`creates => '/etc/apt/sources.list.d/nodesource.list',`
			`}`

Fixes for fody. 2024-11-19 12:12:13 +01:00			`package { ['postgresql', 'python3-venv', 'python3-pip', 'python3-gpg', 'python3-psycopg2', 'redict', 'nodejs', ]:`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`ensure => 'latest',`
			`}`

Fixes for fody. 2024-11-19 12:12:13 +01:00			`package { ['cmdtest', ]:`
			`ensure => 'absent',`
			`}`

			`exec { 'Install yarn from npm':`
			`command => 'npm install --global yarn',`
			`creates => '/usr/bin/yarn',`
			`}`

More to install. 2024-11-14 12:16:26 +01:00			`exec { 'Install IntelMQ venv':`
			`command => 'sudo -u intelmq /usr/bin/python3 -m venv --system-site-packages /opt/intelmq/venv',`
			`creates => '/opt/intelmq/venv',`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`}`

Typo. 2024-11-18 13:46:41 +01:00			`exec { 'Always active venv for IntelMQ':`
Bugfix. 2024-11-18 13:47:40 +01:00			`command => 'echo ". venv/bin/activate" >> /opt/intelmq/.profile',`
Env fixes. 2024-11-18 13:45:45 +01:00			`unless => 'grep -q activate /opt/intelmq/.profile 2> /dev/null',`
			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`file { '/opt/intelmq/install/eventdb-notifications.sql':`
			`ensure => file,`
Trying to install fody. 2024-11-19 10:27:08 +01:00			`content => file('soc/intelmq/eventdb-notifications.sql'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`}`

			`file { '/opt/intelmq/install/install-intelmq.sh':`
Bugfix 2024-11-14 10:24:57 +01:00			`ensure => file,`
Trying to install fody. 2024-11-19 10:28:02 +01:00			`content => file('soc/intelmq/install-intelmq.sh'),`
Bugfix 2024-11-14 10:27:12 +01:00			`mode => '0555',`
Bugfix 2024-11-14 10:24:57 +01:00			`}`

More to install. 2024-11-14 12:16:26 +01:00			`exec { 'Install IntelMQ':`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`command => 'sudo -u intelmq /opt/intelmq/install/install-intelmq.sh',`
More to install. 2024-11-14 12:16:26 +01:00			`creates => '/opt/intelmq/.installed'`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`}`
Fixes with installation script. 2024-11-14 10:51:10 +01:00
More to install. 2024-11-14 12:16:26 +01:00			`exec { 'Run IntelMQ setup script':`
Bugfix. 2024-11-18 13:42:43 +01:00			`command => '/opt/intelmq/venv/bin/intelmqsetup',`
			`creates => '/opt/intelmq/var/lib/state.json',`
Bugfix. 2024-11-14 10:58:37 +01:00			`returns => ['0', '1',],`
Fixes with installation script. 2024-11-14 10:51:10 +01:00			`}`

Fixes for fody. 2024-11-19 12:12:13 +01:00			`file { '/usr/bin/intelmqctl':`
			`ensure => file,`
			`mode => '0555',`
			`content => file('soc/intelmq/usr-bin-intelmqctl'),`
			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`file { '/opt/intelmq/install/setup-pgsql.sh':`
Setup script for eventdb. 2024-11-18 14:32:01 +01:00			`ensure => file,`
DB-fixes. 2024-11-19 12:21:16 +01:00			`content => template('soc/intelmq/setup-pgsql.sh'),`
Setup script for eventdb. 2024-11-18 14:32:01 +01:00			`mode => '0500',`
			`}`

			`exec { 'Setup IntelMQ eventdb':`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`command => '/opt/intelmq/install/setup-pgsql.sh',`
			`creates => '/opt/intelmq/.pgsql-installed',`
Setup script for eventdb. 2024-11-18 14:32:01 +01:00			`}`

Typo. 2024-11-14 10:52:32 +01:00			`file { '/etc/sudoers.d/01_intelmq-api':`
Fixes with installation script. 2024-11-14 10:51:10 +01:00			`ensure => file,`
			`content => file('soc/intelmq/sudoers-01-intelmq-api'),`
			`mode => '0440',`
			`}`

More to install. 2024-11-14 12:16:26 +01:00			`service { 'apache2':`
			`ensure => 'running',`
			`enable => true,`
Bugfix. 2024-11-14 12:28:48 +01:00			`require => Package['apache2'],`
More to install. 2024-11-14 12:16:26 +01:00			`}`

			`exec { 'Enable Apache2 modules':`
Fixes with apache config. 2024-11-14 12:47:14 +01:00			`command => 'a2enmod ssl wsgi proxy proxy_http headers rewrite',`
Bugfix. 2024-11-14 12:28:48 +01:00			`require => Package['libapache2-mod-wsgi-py3'],`
Fixes with apache config. 2024-11-14 12:47:14 +01:00			`notify => Service['apache2'],`
More to install. 2024-11-14 12:16:26 +01:00			`}`
Fixes with apache config. 2024-11-14 12:47:14 +01:00
			`file { '/etc/apache2/conf-available/wsgi-venv.conf':`
			`ensure => file,`
			`content => file('soc/intelmq/apache/wsgi-venv.conf'),`
			`}`

			`exec { 'Enable wsgi-venv conf':`
Fixes with apache config. 2024-11-14 12:48:16 +01:00			`command => 'a2enconf wsgi-venv',`
			`creates => '/etc/apache2/conf-enabled/wsgi-venv.conf',`
Fixes with apache config. 2024-11-14 12:47:14 +01:00			`notify => Service['apache2'],`
			`}`

IntelMQ API. 2024-11-14 14:16:39 +01:00			`file { '/etc/apache2/sites-available/intelmq-vhost.conf':`
Bugfix. 2024-11-14 14:38:54 +01:00			`ensure => file,`
Bugfix. 2024-11-14 14:23:08 +01:00			`content => template('soc/intelmq/intelmq-vhost.conf.erb'),`
Bugfix. 2024-11-14 14:38:54 +01:00			`notify => Service['apache2'],`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`}`

			`file { '/etc/intelmq/api-config.json':`
			`ensure => file,`
			`owner => 'intelmq',`
			`group => 'intelmq',`
Typo. 2024-11-14 14:17:42 +01:00			`mode => '0444',`
Bugfix. 2024-11-14 14:31:30 +01:00			`content => file('soc/intelmq/api-config.json'),`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`}`

Typo. 2024-11-19 10:33:28 +01:00			`file { '/etc/intelmq/fody-session.conf':`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`ensure => file,`
			`owner => 'intelmq',`
			`group => 'intelmq',`
			`mode => '0444',`
Typo. 2024-11-19 10:33:28 +01:00			`content => file('soc/intelmq/fody-session.conf'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`}`

Trying to get API working. 2024-11-14 15:58:03 +01:00			`exec { 'Setup intelmq-api user':`
Bugfix. 2024-11-14 16:16:16 +01:00			`command => "sudo -u intelmq /opt/intelmq/venv/bin/intelmq-api-adduser --user ${api_user} --password ${api_pass}",`
Fixes for intelmq-api. 2024-11-18 13:14:49 +01:00			`creates => '/etc/intelmq/api/api-session.sqlite',`
Trying to get API working. 2024-11-14 15:58:03 +01:00			`}`

Fixes for intelmq-api. 2024-11-18 13:14:49 +01:00			`file { '/etc/intelmq/api/api-session.sqlite':`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`ensure => 'present',`
			`replace => 'no',`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0660'`
			`}`

Trying to install fody. 2024-11-19 10:25:44 +01:00			`exec { 'Setup fody-api user':`
			`command => "sudo -u intelmq /opt/intelmq/venv/bin/fody-adduser --user ${api_user} --password ${api_pass}",`
			`unless => "sqlite3 /etc/intelmq/api/api-session.sqlite \"SELECT username FROM user WHERE username ='${api_user}'\" \| grep -q ${api_user}",`
			`}`

			`file {`
			`'/etc/intelmq/contactdb-serve.conf':`
			`ensure => file,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0440',`
Typo. 2024-11-19 10:34:22 +01:00			`content => template('soc/intelmq/contactdb-serve.conf.erb'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`;`
			`'/etc/intelmq/eventdb-serve.conf':`
			`ensure => file,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0440',`
Typo. 2024-11-19 10:34:22 +01:00			`content => template('soc/intelmq/eventdb-serve.conf.erb'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`;`
			`'/etc/intelmq/tickets-serve.conf':`
			`ensure => file,`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0440',`
Typo. 2024-11-19 10:34:22 +01:00			`content => template('soc/intelmq/tickets-serve.conf.erb'),`
Trying to install fody. 2024-11-19 10:25:44 +01:00			`;`
			`}`

IntelMQ API. 2024-11-14 14:16:39 +01:00			`file { '/etc/systemd/system/intelmq-api.service':`
			`ensure => file,`
Bugfix. 2024-11-14 14:30:19 +01:00			`content => file('soc/intelmq/intelmq-api.service'),`
Bugfix. 2024-11-14 14:20:56 +01:00			`notify => [Class['sunet::systemd_reload'], Service['intelmq-api.service'],],`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`}`

			`file { '/etc/systemd/system/intelmq-api.socket':`
			`ensure => file,`
Bugfix. 2024-11-14 14:30:19 +01:00			`content => file('soc/intelmq/intelmq-api.socket'),`
Bugfix. 2024-11-14 14:20:56 +01:00			`notify => [Class['sunet::systemd_reload'], Service['intelmq-api.socket'],],`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`}`

Fixes for intelmq-api. 2024-11-18 13:29:43 +01:00			`file { '/opt/intelmq/etc/runtime.yaml':`
			`ensure => 'present',`
			`replace => 'no',`
			`owner => 'intelmq',`
			`group => 'www-data',`
			`mode => '0660',`
			`}`

			`file { '/opt/intelmq/etc/runtime.yaml.bak':`
			`ensure => 'present',`
			`replace => 'no',`
			`owner => 'www-data',`
			`group => 'www-data',`
			`mode => '0660',`
			`content => '',`
			`}`

Fixes for intelmq-api. 2024-11-18 13:34:08 +01:00			`file { '/opt/intelmq/etc/manager':`
			`ensure => directory,`
			`owner => 'www-data',`
			`group => 'www-data',`
			`mode => '0775',`
			`}`

IntelMQ API. 2024-11-14 14:16:39 +01:00			`service { 'intelmq-api.service':`
			`ensure => running,`
			`name => 'intelmq-api.service',`
Bugfix. 2024-11-14 14:24:32 +01:00			`enable => true,`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`hasrestart => true,`
			`}`

			`service { 'intelmq-api.socket':`
			`ensure => running,`
			`name => 'intelmq-api.socket',`
Bugfix. 2024-11-14 14:24:32 +01:00			`enable => true,`
IntelMQ API. 2024-11-14 14:16:39 +01:00			`hasrestart => true,`
			`}`

Bugfix. 2024-11-14 14:38:54 +01:00			`exec { 'Disable default apache conf':`
			`command => 'a2dissite 000-default',`
			`onlyif => 'test -f /etc/apache2/sites-enabled/000-default.conf',`
			`notify => Service['apache2'],`
			`}`

			`exec { 'Enable intelmq apache conf':`
			`command => 'a2ensite intelmq-vhost',`
Bugfix. 2024-11-14 14:39:55 +01:00			`creates => '/etc/apache2/sites-enabled/intelmq-vhost.conf',`
Bugfix. 2024-11-14 14:38:54 +01:00			`notify => Service['apache2'],`
			`}`
Open up http 2024-11-14 14:50:44 +01:00
Other fixes. 2024-11-14 15:00:33 +01:00			`sunet::nftables::allow { 'allow_http':`
Open up http 2024-11-14 14:50:44 +01:00			`from => any,`
			`port => 80,`
			`}`

Other fixes. 2024-11-14 15:00:33 +01:00			`sunet::nftables::allow { 'allow_https':`
Open up http 2024-11-14 14:50:44 +01:00			`from => any,`
			`port => 443,`
			`}`
First skeleton for soc::intelmq 2024-11-13 16:25:14 +01:00			`}`