modules/salsa/manifests/init.pp

   1 #
   2 class salsa inherits salsa::params {
   3
   4         # anchor things in correct order
   5         anchor { 'salsa::begin': } ->
   6         class { '::salsa::mail': } ->
   7         class { '::salsa::redis': } ->
   8         class { '::salsa::packages': } ->
   9         class { '::salsa::database': } ->
  10         class { '::salsa::web': } ->
  11         anchor { 'salsa::end': }
  12
  13         # userdir-ldap users get their home in /home
  14         file { "/home/${salsa::user}":
  15                 ensure => link,
  16                 target => $salsa::home,
  17         }
  18         file { $salsa::home:
  19                 ensure => directory,
  20                 mode   => '0755',
  21                 owner  => $salsa::user,
  22                 group  => $salsa::group,
  23         }
  24         file { "/home/${salsa::webhook_user}":
  25                 ensure => link,
  26                 target => $salsa::webhook_user_home,
  27         }
  28         file { $salsa::webhook_user_home:
  29                 ensure => directory,
  30                 mode   => '0755',
  31                 owner  => $salsa::webhook_user,
  32                 group  => $salsa::webhook_user,
  33         }
  34
  35
  36         file { "${salsa::home}/.credentials.yaml":
  37                 mode => '0400',
  38                 owner  => $salsa::user,
  39                 group  => $salsa::group,
  40                 content  => @("EOF"),
  41                                 ---
  42                                 # This file is maintained by puppet.
  43                                 # base secret that gitlab encrypts the DB with
  44                                 secret: "${salsa::secret}"
  45                                 database:
  46                                   name: "${salsa::db_name}"
  47                                   role: "${salsa::db_role}"
  48                                   password: "${salsa::db_password}"
  49                                 mail:
  50                                   username: "${salsa::mail_username}"
  51                                   password: "${salsa::mail_password}"
  52                                 | EOF
  53         }
  54         file { "${salsa::home}/.credentials-manual.yaml":
  55                 mode => '0400',
  56                 owner  => $salsa::user,
  57                 group  => $salsa::group,
  58                 content  => @("EOF"),
  59                                 ---
  60                                 # This file was put in place by puppet, but it won't overwrite it.
  61                                 # Please fill in from dsa-passwords/services-salsa
  62                                 # mastersecret: "swordfish"
  63                                 | EOF
  64                 replace => false,
  65         }
  66         file { "/var/lib/systemd/linger/${salsa::user}":
  67                 ensure => present,
  68         }
  69         file { "/var/lib/systemd/linger/${salsa::webhook_user}":
  70                 ensure => present,
  71         }
  72         file { "/etc/ssh/userkeys/${salsa::user}":
  73                 ensure => link,
  74                 target => "${salsa::home}/.ssh/authorized_keys",
  75         }
  76         # pages
  77         file { "/etc/network/interfaces.d/pages.debian.net.conf":
  78                 content  => @("EOF"),
  79                                 iface eth0 inet static
  80                                     address 209.87.16.45/24
  81                                 iface eth0 inet6 static
  82                                     address 2607:f8f0:614:1::1274:45/64
  83                                     preferred-lifetime 0
  84                                 | EOF
  85                 notify => Exec['service networking reload'],
  86         }
  87         exec { 'service networking reload':
  88                 refreshonly => true,
  89         }
  90 }