2 class salsa inherits salsa::params {
4 # anchor things in correct order
5 anchor { 'salsa::begin': } ->
6 class { '::salsa::mail': } ->
7 class { '::salsa::redis': } ->
8 class { '::salsa::packages': } ->
9 class { '::salsa::database': } ->
10 class { '::salsa::web': } ->
11 anchor { 'salsa::end': }
13 # userdir-ldap users get their home in /home
14 file { "/home/${salsa::user}":
16 target => $salsa::home,
21 owner => $salsa::user,
22 group => $salsa::group,
24 file { "/home/${salsa::registry_user}":
26 target => $salsa::registry_user_home,
28 file { $salsa::registry_user_home:
31 owner => $salsa::registry_user,
32 group => $salsa::registry_user,
34 file { "/home/${salsa::signup_user}":
36 target => $salsa::signup_user_home,
38 file { $salsa::signup_user_home:
41 owner => $salsa::signup_user,
42 group => $salsa::signup_user,
44 file { "/home/${salsa::webhook_user}":
46 target => $salsa::webhook_user_home,
48 file { $salsa::webhook_user_home:
51 owner => $salsa::webhook_user,
52 group => $salsa::webhook_user,
54 file { "/home/${salsa::pages_user}":
56 target => $salsa::pages_user_home,
58 file { $salsa::pages_user_home:
61 owner => $salsa::pages_user,
62 group => $salsa::pages_user,
66 file { "${salsa::home}/.credentials.yaml":
68 owner => $salsa::user,
69 group => $salsa::group,
72 # This file is maintained by puppet.
73 # base secret that gitlab encrypts the DB with
74 secret: "${salsa::secret}"
76 name: "${salsa::db_name}"
77 role: "${salsa::db_role}"
78 password: "${salsa::db_password}"
80 username: "${salsa::mail_username}"
81 password: "${salsa::mail_password}"
84 file { "${salsa::home}/.credentials-manual.yaml":
86 owner => $salsa::user,
87 group => $salsa::group,
90 # This file was put in place by puppet, but it won't overwrite it.
91 # Please fill in from dsa-passwords/services-salsa
92 # mastersecret: "swordfish"
96 file { "/var/lib/systemd/linger/${salsa::user}":
99 file { "/var/lib/systemd/linger/${salsa::registry_user}":
102 file { "/var/lib/systemd/linger/${salsa::signup_user}":
105 file { "/var/lib/systemd/linger/${salsa::webhook_user}":
108 file { "/var/lib/systemd/linger/${salsa::pages_user}":
111 file { "/etc/ssh/userkeys/${salsa::user}":
113 target => "${salsa::home}/.ssh/authorized_keys",
116 file { "/etc/network/interfaces.d/pages.debian.net.conf":
118 iface eth0 inet6 static
119 address 2607:f8f0:614:1::1274:45/64
121 pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_dad
122 iface eth0 inet static
123 address 209.87.16.45/24
125 notify => Exec['service networking reload'],
127 exec { 'service networking reload':