modules/salsa/manifests/init.pp

   1 #
   2 class salsa inherits salsa::params {
   3
   4         # anchor things in correct order
   5         anchor { 'salsa::begin': } ->
   6         class { '::salsa::mail': } ->
   7         class { '::salsa::redis': } ->
   8         class { '::salsa::packages': } ->
   9         class { '::salsa::database': } ->
  10         class { '::salsa::web': } ->
  11         anchor { 'salsa::end': }
  12
  13         # userdir-ldap users get their home in /home
  14         file { "/home/${salsa::user}":
  15                 ensure => link,
  16                 target => $salsa::home,
  17         }
  18         file { $salsa::home:
  19                 ensure => directory,
  20                 mode   => '0755',
  21                 owner  => $salsa::user,
  22                 group  => $salsa::group,
  23         }
  24         file { "/home/${salsa::registry_user}":
  25                 ensure => link,
  26                 target => $salsa::registry_user_home,
  27         }
  28         file { $salsa::registry_user_home:
  29                 ensure => directory,
  30                 mode   => '0755',
  31                 owner  => $salsa::registry_user,
  32                 group  => $salsa::registry_user,
  33         }
  34         file { "/home/${salsa::signup_user}":
  35                 ensure => link,
  36                 target => $salsa::signup_user_home,
  37         }
  38         file { $salsa::signup_user_home:
  39                 ensure => directory,
  40                 mode   => '0755',
  41                 owner  => $salsa::signup_user,
  42                 group  => $salsa::signup_user,
  43         }
  44         file { "/home/${salsa::webhook_user}":
  45                 ensure => link,
  46                 target => $salsa::webhook_user_home,
  47         }
  48         file { $salsa::webhook_user_home:
  49                 ensure => directory,
  50                 mode   => '0755',
  51                 owner  => $salsa::webhook_user,
  52                 group  => $salsa::webhook_user,
  53         }
  54         file { "/home/${salsa::pages_user}":
  55                 ensure => link,
  56                 target => $salsa::pages_user_home,
  57         }
  58         file { $salsa::pages_user_home:
  59                 ensure => directory,
  60                 mode   => '0755',
  61                 owner  => $salsa::pages_user,
  62                 group  => $salsa::pages_user,
  63         }
  64
  65
  66         file { "${salsa::home}/.credentials.yaml":
  67                 mode => '0400',
  68                 owner  => $salsa::user,
  69                 group  => $salsa::group,
  70                 content  => @("EOF"),
  71                                 ---
  72                                 # This file is maintained by puppet.
  73                                 # base secret that gitlab encrypts the DB with
  74                                 secret: "${salsa::secret}"
  75                                 database:
  76                                   name: "${salsa::db_name}"
  77                                   role: "${salsa::db_role}"
  78                                   password: "${salsa::db_password}"
  79                                 mail:
  80                                   username: "${salsa::mail_username}"
  81                                   password: "${salsa::mail_password}"
  82                                 | EOF
  83         }
  84         file { "${salsa::home}/.credentials-manual.yaml":
  85                 mode => '0400',
  86                 owner  => $salsa::user,
  87                 group  => $salsa::group,
  88                 content  => @("EOF"),
  89                                 ---
  90                                 # This file was put in place by puppet, but it won't overwrite it.
  91                                 # Please fill in from dsa-passwords/services-salsa
  92                                 # mastersecret: "swordfish"
  93                                 | EOF
  94                 replace => false,
  95         }
  96         file { "/var/lib/systemd/linger/${salsa::user}":
  97                 ensure => present,
  98         }
  99         file { "/var/lib/systemd/linger/${salsa::registry_user}":
 100                 ensure => present,
 101         }
 102         file { "/var/lib/systemd/linger/${salsa::signup_user}":
 103                 ensure => present,
 104         }
 105         file { "/var/lib/systemd/linger/${salsa::webhook_user}":
 106                 ensure => present,
 107         }
 108         file { "/var/lib/systemd/linger/${salsa::pages_user}":
 109                 ensure => present,
 110         }
 111         file { "/etc/ssh/userkeys/${salsa::user}":
 112                 ensure => link,
 113                 target => "${salsa::home}/.ssh/authorized_keys",
 114         }
 115         # pages
 116         file { "/etc/network/interfaces.d/pages.debian.net.conf":
 117                 content  => @("EOF"),
 118                                 iface eth0 inet static
 119                                     address 209.87.16.45/24
 120                                 iface eth0 inet6 static
 121                                     address 2607:f8f0:614:1::1274:45/64
 122                                     preferred-lifetime 0
 123                                 | EOF
 124                 notify => Exec['service networking reload'],
 125         }
 126         exec { 'service networking reload':
 127                 refreshonly => true,
 128         }
 129 }