modules/salsa/manifests/init.pp

   1 #
   2 class salsa inherits salsa::params {
   3
   4         # anchor things in correct order
   5         anchor { 'salsa::begin': } ->
   6         class { '::salsa::mail': } ->
   7         class { '::salsa::redis': } ->
   8         class { '::salsa::packages': } ->
   9         class { '::salsa::database': } ->
  10         class { '::salsa::web': } ->
  11         anchor { 'salsa::end': }
  12
  13         # userdir-ldap users get their home in /home
  14         file { "/home/${salsa::user}":
  15                 ensure => link,
  16                 target => $salsa::home,
  17         }
  18         file { $salsa::home:
  19                 ensure => directory,
  20                 mode   => '0755',
  21                 owner  => $salsa::user,
  22                 group  => $salsa::group,
  23         }
  24
  25         file { "${salsa::home}/.credentials.yaml":
  26                 mode => '0400',
  27                 owner  => $salsa::user,
  28                 group  => $salsa::group,
  29                 content  => @("EOF"),
  30                                 ---
  31                                 # This file is maintained by puppet.
  32                                 # base secret that gitlab encrypts the DB with
  33                                 secret: "${salsa::secret}"
  34                                 database:
  35                                   name: "${salsa::db_name}"
  36                                   role: "${salsa::db_role}"
  37                                   password: "${salsa::db_password}"
  38                                 mail:
  39                                   username: "${salsa::mail_username}"
  40                                   password: "${salsa::mail_password}"
  41                                 | EOF
  42         }
  43         file { "${salsa::home}/.credentials-manual.yaml":
  44                 mode => '0400',
  45                 owner  => $salsa::user,
  46                 group  => $salsa::group,
  47                 content  => @("EOF"),
  48                                 ---
  49                                 # This file was put in place by puppet, but it won't overwrite it.
  50                                 # Please fill in from dsa-passwords/services-salsa
  51                                 # mastersecret: "swordfish"
  52                                 | EOF
  53                 replace => false,
  54         }
  55         file { "/var/lib/systemd/linger/git":
  56                 ensure => present,
  57         }
  58         file { "/etc/ssh/userkeys/git":
  59                 ensure => link,
  60                 target => "${salsa::home}/.ssh/authorized_keys",
  61         }
  62         # pages
  63         file { "/etc/network/interfaces.d/pages-debian-net.conf":
  64                 content  => @("EOF"),
  65                                 iface eth0 inet static
  66                                     address 209.87.16.45/24
  67                                 iface eth0 inet6 static
  68                                     address 2607:f8f0:614:1::1274:45/64
  69                                 | EOF
  70         }
  71 }