projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Create /srv/static.debian.org on static mirrors and masters (not on sources)
[mirror/dsa-puppet.git] / modules / salsa / manifests / init.pp
diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index a0db08f..dd4de62 100644 (file)
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -7,6 +7,7 @@ class salsa inherits salsa::params {
        class { '::salsa::redis': } ->
        class { '::salsa::packages': } ->
        class { '::salsa::database': } ->
+       class { '::salsa::web': } ->
        anchor { 'salsa::end': }
 
        # userdir-ldap users get their home in /home
@@ -27,6 +28,9 @@ class salsa inherits salsa::params {
                group  => $salsa::group,
                content  => @("EOF"),
                                ---
+                               # This file is maintained by puppet.
+                               # base secret that gitlab encrypts the DB with
+                               secret: "${salsa::secret}"
                                database:
                                  name: "${salsa::db_name}"
                                  role: "${salsa::db_role}"
@@ -36,9 +40,23 @@ class salsa inherits salsa::params {
                                  password: "${salsa::mail_password}"
                                | EOF
        }
-
-       ssl::service { $servicename:
-               # notify  => Exec['service apache2 reload'],
-               key => true,
+       file { "${salsa::home}/.credentials-manual.yaml":
+               mode => '0400',
+               owner  => $salsa::user,
+               group  => $salsa::group,
+               content  => @("EOF"),
+                               ---
+                               # This file was put in place by puppet, but it won't overwrite it.
+                               # Please fill in from dsa-passwords/services-salsa
+                               # mastersecret: "swordfish"
+                               | EOF
+               replace => false,
+       }
+       file { "/var/lib/systemd/linger/git":
+               ensure => present,
+       }
+       file { "/etc/ssh/userkeys/git":
+               ensure => link,
+               target => "${salsa::home}/.ssh/authorized_keys",
        }
 }
Unnamed repository; edit this file 'description' to name the repository.