postgres-make-base-backups: re-order logic for consistency
[mirror/dsa-puppet.git] / modules / salsa / manifests / init.pp
1 #
2 class salsa inherits salsa::params {
3
4         # anchor things in correct order
5         anchor { 'salsa::begin': } ->
6         class { '::salsa::mail': } ->
7         class { '::salsa::redis': } ->
8         class { '::salsa::packages': } ->
9         class { '::salsa::database': } ->
10         class { '::salsa::web': } ->
11         anchor { 'salsa::end': }
12
13         # userdir-ldap users get their home in /home
14         file { "/home/${salsa::user}":
15                 ensure => link,
16                 target => $salsa::home,
17         }
18         file { $salsa::home:
19                 ensure => directory,
20                 mode   => '0755',
21                 owner  => $salsa::user,
22                 group  => $salsa::group,
23         }
24         file { "/home/${salsa::webhook_user}":
25                 ensure => link,
26                 target => $salsa::webhook_user_home,
27         }
28         file { $salsa::webhook_user_home:
29                 ensure => directory,
30                 mode   => '0755',
31                 owner  => $salsa::webhook_user,
32                 group  => $salsa::webhook_user,
33         }
34
35
36         file { "${salsa::home}/.credentials.yaml":
37                 mode => '0400',
38                 owner  => $salsa::user,
39                 group  => $salsa::group,
40                 content  => @("EOF"),
41                                 ---
42                                 # This file is maintained by puppet.
43                                 # base secret that gitlab encrypts the DB with
44                                 secret: "${salsa::secret}"
45                                 database:
46                                   name: "${salsa::db_name}"
47                                   role: "${salsa::db_role}"
48                                   password: "${salsa::db_password}"
49                                 mail:
50                                   username: "${salsa::mail_username}"
51                                   password: "${salsa::mail_password}"
52                                 | EOF
53         }
54         file { "${salsa::home}/.credentials-manual.yaml":
55                 mode => '0400',
56                 owner  => $salsa::user,
57                 group  => $salsa::group,
58                 content  => @("EOF"),
59                                 ---
60                                 # This file was put in place by puppet, but it won't overwrite it.
61                                 # Please fill in from dsa-passwords/services-salsa
62                                 # mastersecret: "swordfish"
63                                 | EOF
64                 replace => false,
65         }
66         file { "/var/lib/systemd/linger/${salsa::user}":
67                 ensure => present,
68         }
69         file { "/var/lib/systemd/linger/${salsa::webhook_user}":
70                 ensure => present,
71         }
72         file { "/etc/ssh/userkeys/${salsa::user}":
73                 ensure => link,
74                 target => "${salsa::home}/.ssh/authorized_keys",
75         }
76         # pages
77         file { "/etc/network/interfaces.d/pages.debian.net.conf":
78                 content  => @("EOF"),
79                                 iface eth0 inet static
80                                     address 209.87.16.45/24
81                                 iface eth0 inet6 static
82                                     address 2607:f8f0:614:1::1274:45/64
83                                     preferred-lifetime 0
84                                 | EOF
85                 notify => Exec['service networking reload'],
86         }
87         exec { 'service networking reload':
88                 refreshonly => true,
89         }
90 }