From bca90484ee186c3159f57f14a609e1e8d63575be Mon Sep 17 00:00:00 2001 From: gustavo panizzo Date: Tue, 28 May 2019 17:54:55 +0200 Subject: [PATCH] Add the prosody module --- 3rdparty/Puppetfile | 7 +- 3rdparty/modules/prosody/.fixtures.yml | 6 + 3rdparty/modules/prosody/.gitignore | 8 + 3rdparty/modules/prosody/.pmtignore | 1 + 3rdparty/modules/prosody/.rubocop.yml | 7 + 3rdparty/modules/prosody/.travis.yml | 9 + 3rdparty/modules/prosody/Gemfile | 34 +++ 3rdparty/modules/prosody/README.md | 51 ++++ 3rdparty/modules/prosody/Rakefile | 31 +++ 3rdparty/modules/prosody/data/common.yaml | 65 +++++ 3rdparty/modules/prosody/hiera.yaml | 5 + .../prosody/manifests/community_modules.pp | 21 ++ 3rdparty/modules/prosody/manifests/config.pp | 16 ++ 3rdparty/modules/prosody/manifests/init.pp | 58 ++++ 3rdparty/modules/prosody/manifests/package.pp | 6 + 3rdparty/modules/prosody/manifests/service.pp | 22 ++ 3rdparty/modules/prosody/manifests/user.pp | 33 +++ .../modules/prosody/manifests/virtualhost.pp | 75 +++++ 3rdparty/modules/prosody/metadata.json | 26 ++ .../prosody/spec/classes/prosody_spec.rb | 48 ++++ .../prosody/spec/defines/virtualhost_spec.rb | 105 +++++++ 3rdparty/modules/prosody/spec/spec_helper.rb | 6 + .../modules/prosody/templates/prosody.cfg.erb | 258 ++++++++++++++++++ .../prosody/templates/virtualhost.cfg.erb | 56 ++++ 3rdparty/modules/prosody/tests/init.pp | 8 + .../prosody/tests/modules/prosody/manifests | 1 + .../prosody/tests/modules/prosody/templates | 1 + .../modules/prosody/types/authentication.pp | 1 + 3rdparty/modules/prosody/types/host.pp | 2 + 3rdparty/modules/prosody/types/loglevel.pp | 1 + 3rdparty/modules/prosody/types/moduletype.pp | 1 + .../modules/prosody/types/packageensure.pp | 1 + 3rdparty/modules/prosody/types/storage.pp | 1 + 33 files changed, 970 insertions(+), 1 deletion(-) create mode 100644 3rdparty/modules/prosody/.fixtures.yml create mode 100644 3rdparty/modules/prosody/.gitignore create mode 100644 3rdparty/modules/prosody/.pmtignore create mode 100644 3rdparty/modules/prosody/.rubocop.yml create mode 100644 3rdparty/modules/prosody/.travis.yml create mode 100644 3rdparty/modules/prosody/Gemfile create mode 100644 3rdparty/modules/prosody/README.md create mode 100644 3rdparty/modules/prosody/Rakefile create mode 100644 3rdparty/modules/prosody/data/common.yaml create mode 100644 3rdparty/modules/prosody/hiera.yaml create mode 100644 3rdparty/modules/prosody/manifests/community_modules.pp create mode 100644 3rdparty/modules/prosody/manifests/config.pp create mode 100644 3rdparty/modules/prosody/manifests/init.pp create mode 100644 3rdparty/modules/prosody/manifests/package.pp create mode 100644 3rdparty/modules/prosody/manifests/service.pp create mode 100644 3rdparty/modules/prosody/manifests/user.pp create mode 100644 3rdparty/modules/prosody/manifests/virtualhost.pp create mode 100644 3rdparty/modules/prosody/metadata.json create mode 100644 3rdparty/modules/prosody/spec/classes/prosody_spec.rb create mode 100644 3rdparty/modules/prosody/spec/defines/virtualhost_spec.rb create mode 100644 3rdparty/modules/prosody/spec/spec_helper.rb create mode 100644 3rdparty/modules/prosody/templates/prosody.cfg.erb create mode 100644 3rdparty/modules/prosody/templates/virtualhost.cfg.erb create mode 100644 3rdparty/modules/prosody/tests/init.pp create mode 120000 3rdparty/modules/prosody/tests/modules/prosody/manifests create mode 120000 3rdparty/modules/prosody/tests/modules/prosody/templates create mode 100644 3rdparty/modules/prosody/types/authentication.pp create mode 100644 3rdparty/modules/prosody/types/host.pp create mode 100644 3rdparty/modules/prosody/types/loglevel.pp create mode 100644 3rdparty/modules/prosody/types/moduletype.pp create mode 100644 3rdparty/modules/prosody/types/packageensure.pp create mode 100644 3rdparty/modules/prosody/types/storage.pp diff --git a/3rdparty/Puppetfile b/3rdparty/Puppetfile index e80b68972..be0916c3f 100644 --- a/3rdparty/Puppetfile +++ b/3rdparty/Puppetfile @@ -12,5 +12,10 @@ mod 'nanliu/staging', '1.0.3' mod 'puppetlabs/certregen', '0.2.0' +# Prosody +mod 'mayflower-prosody', + git: 'https://github.com/mayflower/puppet-prosody.git', + ref: '863bb4ee0cd3369ad69a211042b4c5f7d66f4444' + # OpenStack -mod 'duritong/sysctl', '0.0.11' +mod 'duritong/sysctl', '0.0.11' diff --git a/3rdparty/modules/prosody/.fixtures.yml b/3rdparty/modules/prosody/.fixtures.yml new file mode 100644 index 000000000..3fb1341ee --- /dev/null +++ b/3rdparty/modules/prosody/.fixtures.yml @@ -0,0 +1,6 @@ +--- +fixtures: + repositories: + stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" + symlinks: + prosody: "#{source_dir}" diff --git a/3rdparty/modules/prosody/.gitignore b/3rdparty/modules/prosody/.gitignore new file mode 100644 index 000000000..e8b4e12f3 --- /dev/null +++ b/3rdparty/modules/prosody/.gitignore @@ -0,0 +1,8 @@ +.idea +.rvmrc +.bundle +Gemfile.lock +pkg +vendor +coverage/* +spec/fixtures/* diff --git a/3rdparty/modules/prosody/.pmtignore b/3rdparty/modules/prosody/.pmtignore new file mode 100644 index 000000000..48b8bf907 --- /dev/null +++ b/3rdparty/modules/prosody/.pmtignore @@ -0,0 +1 @@ +vendor/ diff --git a/3rdparty/modules/prosody/.rubocop.yml b/3rdparty/modules/prosody/.rubocop.yml new file mode 100644 index 000000000..b35f11b9a --- /dev/null +++ b/3rdparty/modules/prosody/.rubocop.yml @@ -0,0 +1,7 @@ +--- +AllCops: + Exclude: + - 'spec/fixtures/**/*' +Metrics/BlockLength: {Enabled: false} +Metrics/LineLength: {Enabled: true, Max: 180} +Style/FormatStringToken: {Enabled: false} diff --git a/3rdparty/modules/prosody/.travis.yml b/3rdparty/modules/prosody/.travis.yml new file mode 100644 index 000000000..8edb593ec --- /dev/null +++ b/3rdparty/modules/prosody/.travis.yml @@ -0,0 +1,9 @@ +--- +language: ruby +script: "bundle exec rake validate lint spec" +matrix: + include: + - env: PUPPET_VERSION=5.5.10 + rvm: 2.4.1 + - env: PUPPET_VERSION=6.2.0 + rvm: 2.5.1 diff --git a/3rdparty/modules/prosody/Gemfile b/3rdparty/modules/prosody/Gemfile new file mode 100644 index 000000000..3cf2218b9 --- /dev/null +++ b/3rdparty/modules/prosody/Gemfile @@ -0,0 +1,34 @@ +source ENV['GEM_SOURCE'] || 'https://rubygems.org' + +group :development, :test do + gem 'metadata-json-lint' + gem 'puppet-blacksmith', '>= 3.1.0' + gem 'puppet-lint', '>= 2' + gem 'puppet-lint-absolute_classname-check' + gem 'puppet-lint-empty_string-check' + gem 'puppet-lint-file_ensure-check' + gem 'puppet-lint-leading_zero-check' + gem 'puppet-lint-spaceship_operator_without_tag-check' + gem 'puppet-lint-trailing_comma-check' + gem 'puppet-lint-undef_in_function-check' + gem 'puppet-lint-unquoted_string-check' + gem 'puppet-lint-variable_contains_upcase' + gem 'puppetlabs_spec_helper' + gem 'rake' + gem 'rspec' + gem 'rspec-puppet' + gem 'semantic_puppet' + gem 'simplecov' +end + +if ENV['FACTER_VERSION'] + gem 'facter', ENV['FACTER_VERSION'] +else + gem 'facter' # rubocop:disable Bundler/DuplicatedGem +end + +if ENV['PUPPET_VERSION'] + gem 'puppet', ENV['PUPPET_VERSION'] +else + gem 'puppet' # rubocop:disable Bundler/DuplicatedGem +end diff --git a/3rdparty/modules/prosody/README.md b/3rdparty/modules/prosody/README.md new file mode 100644 index 000000000..0439c1dc6 --- /dev/null +++ b/3rdparty/modules/prosody/README.md @@ -0,0 +1,51 @@ +![Prosody](http://prosody.im/prosody.png) + +[![Build Status](https://travis-ci.org/mayflower/puppet-prosody.svg?branch=master)](https://travis-ci.org/mayflower/puppet-prosody) + +Puppet module for the [Prosody](http://prosody.im/) Jabber/XMPP server. + +This module is a fork of rtyler/puppet-prosody because the upstream is dead. A +bunch of features were added and bugs were fixed. + +If you want to use Prosody in a production environment, this is the Puppet +module to use. + +## Using + +**Note:** This module has currently been tested on CentOS 7, Ubuntu and OpenBSD. + +```puppet +node myserver { + + class { 'prosody': + user => 'prosody', + group => 'prosody', + community_modules => ['mod_auth_ldap'], + authentication => 'ldap', + custom_options => { + 'ldap_base' => 'OU="accounts",DC="mydomain",DC="com"', + 'ldap_server' => 'ldapserver1:636 ldapserver2:636', + 'ldap_rootdn' => 'DN="prosody",OU="accounts",DC="mydomain",DC="com"', + 'ldap_password' => hiera(prosody-ldap-password), + 'ldap_scope' => 'subtree', + 'ldap_tls' => 'true', + }, + } + + prosody::virtualhost { + 'mydomain.com' : + ensure => present, + ssl_key => '/etc/ssl/key/mydomain.com.key', + ssl_cert => '/etc/ssl/crt/mydomain.com.crt', + } + + prosody::user { 'foo': + host => 'mydomain.com', + pass => 'itsasecret', + } +} +``` + +## Support + +Please file bugs and enhancement requests in the [GitHub issue tracker](https://github.com/mayflower/puppet-prosody/issues) diff --git a/3rdparty/modules/prosody/Rakefile b/3rdparty/modules/prosody/Rakefile new file mode 100644 index 000000000..cfc950569 --- /dev/null +++ b/3rdparty/modules/prosody/Rakefile @@ -0,0 +1,31 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' + +PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'tests/**/*.pp', 'pkg/**/*.pp', 'vendor/**/*.pp'] +PuppetLint.configuration.log_format = '%{path}:%{line}:%{KIND}: %{message}' + +desc 'Validate manifests, templates, and ruby files' +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb', 'lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ %r{/spec\/fixtures/} + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end + +# blacksmith is broken with ruby 1.8.7 +if Gem::Version.new(RUBY_VERSION) > Gem::Version.new('1.8.7') + # blacksmith isn't always present, e.g. on Travis with --without development + begin + require 'puppet_blacksmith/rake_tasks' + Blacksmith::RakeTask.new do |t| + t.tag_pattern = '%s' + end + rescue LoadError => e + warn(e) + end +end diff --git a/3rdparty/modules/prosody/data/common.yaml b/3rdparty/modules/prosody/data/common.yaml new file mode 100644 index 000000000..706e50f10 --- /dev/null +++ b/3rdparty/modules/prosody/data/common.yaml @@ -0,0 +1,65 @@ +--- +prosody::admins: [] +prosody::allow_registration: false +prosody::authentication: internal_plain +prosody::c2s_require_encryption: true +prosody::community_modules: [] +prosody::components: {} +prosody::custom_options: {} +prosody::daemonize: true +prosody::error_log: /var/log/prosody/prosody.err +prosody::group: prosody +prosody::info_log: /var/log/prosody/prosody.log +prosody::interfaces: + - '0.0.0.0' + - '::' +prosody::log_level: info +prosody::log_sinks: + - syslog +prosody::log_advanced: {} +prosody::modules: [] +prosody::modules_base: + - admin_adhoc + - dialback + - disco + - pep + - ping + - posix + - private + - roster + - saslauth + - time + - tls + - uptime + - vcard + - version +prosody::modules_disabled: [] +prosody::package_ensure: present +prosody::package_name: prosody +prosody::pidfile: /var/run/prosody/prosody.pid +prosody::s2s_insecure_domains: [] +prosody::s2s_require_encryption: true +prosody::s2s_secure_auth: true +prosody::s2s_secure_domains: [] +prosody::ssl_ciphers: 'DH+AES:ECDH+AES:+ECDH+SHA:AES:!PSK:!SRP:!DSS:!ADH:!AECDH' +prosody::ssl_curve: secp521r1 +prosody::ssl_custom_config: true +prosody::ssl_dhparam: '' +prosody::ssl_options: + - cipher_server_preference + - no_compression + - no_sslv2 + - no_sslv3 + - no_ticket + - single_dh_use + - single_ecdh_use +prosody::storage: internal +prosody::use_libevent: true +prosody::user: prosody +prosody::virtualhost_defaults: {} +prosody::virtualhosts: {} + +prosody::community_modules::ensure: present +prosody::community_modules::path: /var/lib/prosody/modules +prosody::community_modules::source: https://hg.prosody.im/prosody-modules/ +prosody::community_modules::type: hg diff --git a/3rdparty/modules/prosody/hiera.yaml b/3rdparty/modules/prosody/hiera.yaml new file mode 100644 index 000000000..e7d124623 --- /dev/null +++ b/3rdparty/modules/prosody/hiera.yaml @@ -0,0 +1,5 @@ +--- +version: 5 +hierarchy: + - name: common + path: common.yaml diff --git a/3rdparty/modules/prosody/manifests/community_modules.pp b/3rdparty/modules/prosody/manifests/community_modules.pp new file mode 100644 index 000000000..c0bc9779d --- /dev/null +++ b/3rdparty/modules/prosody/manifests/community_modules.pp @@ -0,0 +1,21 @@ +# == Class: prosody::community_modules +class prosody::community_modules( + Enum[present, latest] $ensure, + Stdlib::Absolutepath $path, + String $source, + Prosody::Moduletype $type, + Optional[String] $revision = undef, +) { + case $type { + 'hg': { $_packages = ['mercurial'] } + 'git': { $_packages = ['git'] } + default: { $_packages = [] } + } + ensure_packages($_packages) + -> vcsrepo { $path: + ensure => $ensure, + provider => $type, + source => $source, + revision => $revision, + } +} diff --git a/3rdparty/modules/prosody/manifests/config.pp b/3rdparty/modules/prosody/manifests/config.pp new file mode 100644 index 000000000..ef182a080 --- /dev/null +++ b/3rdparty/modules/prosody/manifests/config.pp @@ -0,0 +1,16 @@ +# == Class: prosody::config +class prosody::config { + file { '/etc/prosody/conf.avail': + ensure => directory, + } + + file { '/etc/prosody/conf.d': + ensure => directory, + } + + file { '/etc/prosody/prosody.cfg.lua': + content => template('prosody/prosody.cfg.erb'), + require => Class['::prosody::package'], + notify => Class['::prosody::service'], + } +} diff --git a/3rdparty/modules/prosody/manifests/init.pp b/3rdparty/modules/prosody/manifests/init.pp new file mode 100644 index 000000000..7591e966c --- /dev/null +++ b/3rdparty/modules/prosody/manifests/init.pp @@ -0,0 +1,58 @@ +# == Class: prosody +class prosody( + Array[String] $admins, + Boolean $allow_registration, + Prosody::Authentication $authentication, + Boolean $c2s_require_encryption, + Array[String] $community_modules, + Hash $components, + Hash $custom_options, + Boolean $daemonize, + Stdlib::Absolutepath $error_log, + String $group, + Stdlib::Absolutepath $info_log, + Array[Stdlib::IP::Address] $interfaces, + Prosody::Loglevel $log_level, + Array[String] $log_sinks, + Hash[Optional[Prosody::Loglevel], Data] $log_advanced, + Array[String] $modules, + Array[String] $modules_base, + Array[String] $modules_disabled, + Prosody::Packageensure $package_ensure, + String $package_name, + Stdlib::Absolutepath $pidfile, + Array[Stdlib::Fqdn] $s2s_insecure_domains, + Boolean $s2s_require_encryption, + Boolean $s2s_secure_auth, + Array[Stdlib::Fqdn] $s2s_secure_domains, + String $ssl_ciphers, + String $ssl_curve, + Boolean $ssl_custom_config, + String $ssl_dhparam, + Array[String] $ssl_options, + Prosody::Storage $storage, + Boolean $use_libevent, + String $user, + Hash $virtualhost_defaults, + Hash $virtualhosts, + Optional[Hash] $sql = undef, + Optional[Stdlib::Absolutepath] $ssl_cert = undef, + Optional[Stdlib::Absolutepath] $ssl_key = undef, + Optional[String] $ssl_protocol = undef, +) { + if ($community_modules != []) { + class { '::prosody::community_modules': + require => Class['::prosody::package'], + before => Class['::prosody::config'], + } + } + + anchor { 'prosody::begin': } + -> class { '::prosody::package': } + -> class { '::prosody::config': } + -> class { '::prosody::service': } + -> anchor { '::prosody::end': } + + # create virtualhost resources via hiera + create_resources('prosody::virtualhost', $virtualhosts, $virtualhost_defaults) +} diff --git a/3rdparty/modules/prosody/manifests/package.pp b/3rdparty/modules/prosody/manifests/package.pp new file mode 100644 index 000000000..2ac8a4af2 --- /dev/null +++ b/3rdparty/modules/prosody/manifests/package.pp @@ -0,0 +1,6 @@ +# == Class: prosody::package +class prosody::package { + package { $::prosody::package_name: + ensure => $::prosody::package_ensure, + } +} diff --git a/3rdparty/modules/prosody/manifests/service.pp b/3rdparty/modules/prosody/manifests/service.pp new file mode 100644 index 000000000..494fada0b --- /dev/null +++ b/3rdparty/modules/prosody/manifests/service.pp @@ -0,0 +1,22 @@ +# == Class: prosody::service +class prosody::service { + if $::prosody::daemonize { + case $::osfamily { + 'OpenBSD': { + service { 'prosody': + ensure => running, + enable => true, + require => Class[prosody::config], + } + } + default: { + service { 'prosody' : + ensure => running, + hasstatus => false, + restart => '/usr/bin/prosodyctl reload', + require => Class[prosody::config], + } + } + } + } +} diff --git a/3rdparty/modules/prosody/manifests/user.pp b/3rdparty/modules/prosody/manifests/user.pp new file mode 100644 index 000000000..23881f747 --- /dev/null +++ b/3rdparty/modules/prosody/manifests/user.pp @@ -0,0 +1,33 @@ +# == Define: prosody::user +define prosody::user( + String $pass, + Prosody::Host $host = 'localhost', +) { + $dir = regsubst($host, '\.', '%2e', 'G') + + ensure_resource('file', "/var/lib/prosody/${dir}", { + ensure => 'directory', + owner => 'prosody', + group => 'prosody', + }) + + ensure_resource('file', "/var/lib/prosody/${dir}/accounts", { + ensure => 'directory', + owner => 'prosody', + group => 'prosody', + require => File["/var/lib/prosody/${dir}"], + }) + + $_content = " +return { + [\"password\"] = \"${pass}\"; +}; +" + file {"/var/lib/prosody/${dir}/accounts/${name}.dat": + owner => 'prosody', + group => 'prosody', + mode => '0640', + content => $_content, + require => File["/var/lib/prosody/${dir}/accounts"], + } +} diff --git a/3rdparty/modules/prosody/manifests/virtualhost.pp b/3rdparty/modules/prosody/manifests/virtualhost.pp new file mode 100644 index 000000000..1f0e909d2 --- /dev/null +++ b/3rdparty/modules/prosody/manifests/virtualhost.pp @@ -0,0 +1,75 @@ +# == Type: prosody::virtualhost +define prosody::virtualhost( + Hash $custom_options = {}, + Enum[present, absent] $ensure = present, + Optional[Stdlib::Absolutepath] $ssl_key = undef, + Optional[Stdlib::Absolutepath] $ssl_cert = undef, + Boolean $ssl_copy = true, + Optional[String] $user = undef, + Optional[String] $group = undef, + Hash $components = {}, +) { + # Check if SSL set correctly + if (($ssl_key != undef) and ($ssl_cert == undef)) { + fail('The prosody::virtualhost type needs both ssl_key *and* ssl_cert set') + } + if (($ssl_key == undef) and ($ssl_cert != undef)) { + fail('The prosody::virtualhost type needs both ssl_key *and* ssl_cert set') + } + + if (($ssl_key != undef) and ($ssl_cert != undef) and ($ssl_copy == true)) { + # Copy the provided sources to prosody certs folder + $prosody_ssl_key = "/etc/prosody/certs/${name}.key" + $prosody_ssl_cert = "/etc/prosody/certs/${name}.crt" + + $file_user = pick_default($user, 'prosody') + $file_group = pick_default($group, 'prosody') + + file { + $prosody_ssl_key: + source => $ssl_key, + links => follow, + mode => '0640', + owner => $file_user, + group => $file_group; + $prosody_ssl_cert: + source => $ssl_cert, + links => follow, + mode => '0644', + owner => $file_user, + group => $file_group; + } + + $config_requires = [File[$prosody_ssl_key], File[$prosody_ssl_cert], Class['::prosody::package']] + } + + elsif (($ssl_key != undef) and ($ssl_cert != undef) and ($ssl_copy == false)) { + $prosody_ssl_key = $ssl_key + $prosody_ssl_cert = $ssl_cert + } + + else { + $config_requires = Class['::prosody::package'] + } + + $conf_avail_fn = "/etc/prosody/conf.avail/${name}.cfg.lua" + + file { $conf_avail_fn: + ensure => $ensure, + require => $config_requires, + content => template('prosody/virtualhost.cfg.erb'), + notify => Class['::prosody::service'], + } + + $cfg_ensure = $ensure ? { + 'present' => link, + 'absent' => absent, + } + + file { "/etc/prosody/conf.d/${name}.cfg.lua": + ensure => $cfg_ensure, + target => $conf_avail_fn, + notify => Class['::prosody::service'], + require => File[$conf_avail_fn]; + } +} diff --git a/3rdparty/modules/prosody/metadata.json b/3rdparty/modules/prosody/metadata.json new file mode 100644 index 000000000..8dbaac479 --- /dev/null +++ b/3rdparty/modules/prosody/metadata.json @@ -0,0 +1,26 @@ +{ + "name": "mayflower-prosody", + "version": "0.4.1", + "author": "Franz Pletz", + "summary": "Simple Puppet module for managing the Prosody Jabber/XMPP server", + "license": "Apache-2.0", + "source": "https://github.com/mayflower/puppet-prosody", + "issues_url": "https://github.com/mayflower/puppet-prosody/issues", + "description": "This module supports most configuration options and installing community modules", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.25.0" + }, + { + "name": "puppetlabs/vcsrepo", + "version_requirement": ">= 1.0.0 < 3.0.0" + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 5.5.10 < 7" + } + ] +} diff --git a/3rdparty/modules/prosody/spec/classes/prosody_spec.rb b/3rdparty/modules/prosody/spec/classes/prosody_spec.rb new file mode 100644 index 000000000..6cb425e06 --- /dev/null +++ b/3rdparty/modules/prosody/spec/classes/prosody_spec.rb @@ -0,0 +1,48 @@ +require 'spec_helper' + +describe 'prosody' do + let(:facts) do + { osfamily: 'SomeOS' } + end + context 'on every platform' do + it { should contain_class 'prosody::package' } + it { should contain_class 'prosody::config' } + it { should contain_class 'prosody::service' } + + it { should contain_package('prosody').with(ensure: 'present') } + end + + context 'with daemonize => true' do + let(:params) { { daemonize: true } } + it { + should contain_service('prosody').with( + ensure: 'running' + ) + } + end + + context 'with daemonize => false' do + let(:params) { { daemonize: false } } + it { + should_not contain_service('prosody').with( + ensure: 'running' + ) + } + end + + context 'with custom options' do + let(:params) { { custom_options: { 'foo' => 'bar', 'baz' => 'quux' } } } + it { + should contain_file('/etc/prosody/prosody.cfg.lua') \ + .with_content(/^foo = "bar"$/, /^baz = "quux"$/) + } + end + + context 'with deeply nested custom options' do + let(:params) { { custom_options: { 'foo' => { 'fnord' => '23', 'xyzzy' => '42' }, 'bar' => %w[cool elements], 'baz' => 'quux' } } } + it { + should contain_file('/etc/prosody/prosody.cfg.lua') \ + .with_content(/^foo = {\n fnord = "23";\n xyzzy = "42";\n}$/, /^baz = "quux"$/, /^bar = [ "cool"; "elements" ]$/) + } + end +end diff --git a/3rdparty/modules/prosody/spec/defines/virtualhost_spec.rb b/3rdparty/modules/prosody/spec/defines/virtualhost_spec.rb new file mode 100644 index 000000000..d3b31cb91 --- /dev/null +++ b/3rdparty/modules/prosody/spec/defines/virtualhost_spec.rb @@ -0,0 +1,105 @@ +require 'spec_helper' +require 'erb' + +describe 'prosody::virtualhost' do + let(:pre_condition) do + 'include ::prosody' + end + let(:facts) do + { + osfamily: 'SomeOS' + } + end + let(:title) { 'mockvirtualhost' } + + before :each do + @path_avail = "/etc/prosody/conf.avail/#{title}.cfg.lua" + @path_link = "/etc/prosody/conf.d/#{title}.cfg.lua" + end + + context 'with no parameters' do + it { + should contain_file(@path_avail).with( + ensure: 'present' + ) + } + + it { + should contain_file(@path_link).with( + ensure: 'link', + target: @path_avail, + require: "File[#{@path_avail}]" + ) + } + end + + context 'with ssl_key but no ssl_cert' do + let(:params) { { ssl_key: 'bananas' } } + it { + expect do + should contain_class('prosody') + end.to raise_error(Puppet::Error) + } + end + + context 'with ssl_cert but no ssl_key' do + let(:params) { { ssl_cert: 'bananas' } } + it { + expect do + should contain_class('prosody') + end.to raise_error(Puppet::Error) + } + end + + context 'with ssl keys and certs' do + let(:ssl_key) { '/etc/prosody/certs/rspec-puppet.com.key' } + let(:ssl_cert) { '/etc/prosody/certs/rspec-puppet.com.crt' } + let(:params) { { ssl_key: ssl_key, ssl_cert: ssl_cert } } + + before :each do + @ssl_key = ssl_key + @ssl_cert = ssl_cert + end + + it { + # This require statment is bananas + should contain_file(@path_avail).with( + ensure: 'present', + require: ['File[/etc/prosody/certs/mockvirtualhost.key]', 'File[/etc/prosody/certs/mockvirtualhost.crt]', 'Class[Prosody::Package]'] + ) + + should contain_file('/etc/prosody/certs/mockvirtualhost.key').with_source(@ssl_key) + should contain_file('/etc/prosody/certs/mockvirtualhost.crt').with_source(@ssl_cert) + } + end + + context 'ensure => absent' do + let(:params) { { ensure: 'absent' } } + it { + @ensure = 'absent' + should contain_file(@path_avail).with( + ensure: @ensure + ) + } + + it { + should contain_file(@path_link).with_ensure('absent') + } + end + + context 'with custom options' do + let(:params) { { custom_options: { 'foo' => 'bar', 'baz' => 'quux' } } } + it { + should contain_file(@path_avail) \ + .with_content(/^foo = "bar"$/, /^baz = "quux"$/) + } + end + + context 'with deeply nested custom options' do + let(:params) { { custom_options: { 'foo' => { 'fnord' => '23', 'xyzzy' => '42' }, 'bar' => %w[cool elements], 'baz' => 'quux' } } } + it { + should contain_file(@path_avail) \ + .with_content(/^foo = {\n fnord = "23";\n xyzzy = "42";\n}$/, /^baz = "quux"$/, /^bar = [ "cool"; "elements" ]$/) + } + end +end diff --git a/3rdparty/modules/prosody/spec/spec_helper.rb b/3rdparty/modules/prosody/spec/spec_helper.rb new file mode 100644 index 000000000..203737b7f --- /dev/null +++ b/3rdparty/modules/prosody/spec/spec_helper.rb @@ -0,0 +1,6 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'simplecov' + +SimpleCov.start do + add_filter '/spec/' +end diff --git a/3rdparty/modules/prosody/templates/prosody.cfg.erb b/3rdparty/modules/prosody/templates/prosody.cfg.erb new file mode 100644 index 000000000..8c7492895 --- /dev/null +++ b/3rdparty/modules/prosody/templates/prosody.cfg.erb @@ -0,0 +1,258 @@ +-- Prosody XMPP Server Configuration +-- +-- Information on configuring Prosody can be found on our +-- website at https://prosody.im/doc/configure +-- +-- Tip: You can check that the syntax of this file is correct +-- when you have finished by running this command: +-- prosodyctl check config +-- If there are any errors, it will let you know what and where +-- they are, otherwise it will keep quiet. +-- +-- Good luck, and happy Jabbering! + + +---------- Server-wide settings ---------- +-- Settings in this section apply to the whole server and are the default settings +-- for any virtual hosts + +-- This is a (by default, empty) list of accounts that are admins +-- for the server. Note that you must create the accounts separately +-- (see https://prosody.im/doc/creating_accounts for info) +-- Example: admins = { "user1@example.com", "user2@example.net" } +admins = { +<% scope.lookupvar('prosody::admins').each do |admin| -%> + "<%= admin %>", +<% end -%> +} + +<% if scope.lookupvar('prosody::user') != '' -%> +-- User to run prosody as +prosody_user = "<%= scope.lookupvar('prosody::user') %>" +<% end -%> +<% if scope.lookupvar('prosody::group') != '' -%> +-- Group to run prosody as +prosody_group = "<%= scope.lookupvar('prosody::group') %>" +<% end -%> + +-- Which interfaces (addresses) to listen on +interfaces = { +<% scope.lookupvar('prosody::interfaces').each do |interface| -%> + "<%= interface %>", +<% end -%> +} + +-- Enable use of libevent for better performance under high load +-- For more information see: https://prosody.im/doc/libevent +use_libevent = <%= scope.lookupvar('prosody::use_libevent') %>; + +-- This is the list of modules Prosody will load on startup. +-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. +-- Documentation on modules can be found at: https://prosody.im/doc/modules +modules_enabled = { + + -- Base modules +<% scope.lookupvar('prosody::modules_base').each do |mod| -%> + "<%= mod %>"; +<% end -%> + + -- Custom modules +<% scope.lookupvar('prosody::modules').each do |mod| -%> + "<%= mod %>"; +<% end -%> + +}; + +<%- community_modules = scope.lookupvar('prosody::community_modules') + if community_modules != [] -%> +-- Where to search for plugins/modules +plugin_paths = { +<%- base_path = scope.lookupvar('prosody::community_modules::path') + community_modules.each do |mod| -%> + "<%= base_path + '/mod_' + mod %>"; +<%- end -%> +}; +<%- end -%> + +<%- modules_disabled = scope.lookupvar('prosody::modules_disabled') + if modules_disabled != [] -%> +-- These modules are auto-loaded, but should you want +-- to disable them then uncomment them here: +modules_disabled = { +<% scope.lookupvar('prosody::modules_disabled').each do |mod| -%> + "<%= mod %>"; +<%- end -%> +}; +<%- end -%> + +-- Disable account creation by default, for security +-- For more information see https://prosody.im/doc/creating_accounts +allow_registration = <%= scope.lookupvar('prosody::allow_registration') %>; + +-- Debian: +-- send the server to background. +-- +daemonize = <%= scope.lookupvar('prosody::daemonize') %>; + +<% if scope.lookupvar('prosody::ssl_custom_config') -%> +-- These are the SSL/TLS-related settings. If you don't want +-- to use SSL/TLS, you may comment or remove this +ssl = { + <% unless scope.lookupvar('prosody::ssl_protocol').nil? -%> + protocol = "<%= scope.lookupvar('prosody::ssl_protocol') %>"; + <% end -%> + options = { + <%- scope.lookupvar('prosody::ssl_options').each do |option| -%> + "<%= option %>", + <%- end -%> + }; + ciphers = "<%= scope.lookupvar('prosody::ssl_ciphers') %>"; + curve = "<%= scope.lookupvar('prosody::ssl_curve') %>"; + <%- dhparam = scope.lookupvar('prosody::ssl_dhparam') + if dhparam != '' -%> + dhparam = "<%= dhparam %>"; + <%- end -%> + <%- ssl_key = scope.lookupvar('prosody::ssl_key') + if ssl_key != :undef -%> + key = "<%= ssl_key %>"; + <%- end -%> + <%- ssl_cert = scope.lookupvar('prosody::ssl_cert') + if ssl_cert != :undef -%> + certificate = "<%= ssl_cert %>"; + <%- end -%> +} +<% end -%> + +-- Force clients to use encrypted connections? This option will +-- prevent clients from authenticating unless they are using encryption. + +c2s_require_encryption = <%= scope.lookupvar('prosody::c2s_require_encryption') %> + +-- Force servers to use encrypted connections? + +s2s_require_encryption = <%= scope.lookupvar('prosody::s2s_require_encryption') %> + + +-- Force certificate authentication for server-to-server connections? +-- This provides ideal security, but requires servers you communicate +-- with to support encryption AND present valid, trusted certificates. +-- NOTE: Your version of LuaSec must support certificate verification! +-- For more information see https://prosody.im/doc/s2s#security + +s2s_secure_auth = <%= scope.lookupvar('prosody::s2s_secure_auth') %> + +-- Many servers don't support encryption or have invalid or self-signed +-- certificates. You can list domains here that will not be required to +-- authenticate using certificates. They will be authenticated using DNS. + +s2s_insecure_domains = { +<% scope.lookupvar('prosody::s2s_insecure_domains').each do |domain| -%> + "<%= domain %>", +<% end -%> +} + +-- Even if you leave s2s_secure_auth disabled, you can still require valid +-- certificates for some domains by specifying a list here. + +s2s_secure_domains = { +<% scope.lookupvar('prosody::s2s_secure_domains').each do |domain| -%> + "<%= domain %>", +<% end -%> +} + +------ Custom config options ------ + +<%- +def print_recursive(object, indentation = 0) + case object + when Array + '{ "' + object.join('"; "') + '" }' + when Hash + "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}' + when TrueClass, FalseClass + object.to_s + else + '"' + object.to_s + '"' + end +end +-%> + +<% scope.lookupvar('prosody::custom_options').sort.each do |option, value| -%> +<%= option %> = <%= print_recursive(value) %> +<% end -%> + +-- Required for init scripts and prosodyctl +pidfile = "<%= scope.lookupvar('prosody::pidfile') %>" + +-- Select the authentication backend to use. The 'internal' providers +-- use Prosody's configured data storage to store the authentication data. +-- To allow Prosody to offer secure authentication mechanisms to clients, the +-- default provider stores passwords in plaintext. If you do not trust your +-- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed +-- for information about using the hashed backend. + +authentication = "<%= scope.lookupvar('prosody::authentication') %>" + +-- Select the storage backend to use. By default Prosody uses flat files +-- in its configured data directory, but it also supports more backends +-- through modules. An "sql" backend is included by default, but requires +-- additional dependencies. See https://prosody.im/doc/storage for more info. + +<%- storage = scope.lookupvar('prosody::storage') + if storage != :undef + if storage.is_a?(String) -%> +storage = "<%= storage %>" + <%- elsif storage.is_a?(Hash) -%> +storage = { + <%- storage.sort.each do |type,location| -%> + <%= type %> = "<%= location %>"; + <%- end -%> +} + <%- end -%> +<%- end -%> + +<%- sql = scope.lookupvar('prosody::sql') +unless sql.nil? -%> +sql = { driver = "<%= sql['driver'] %>", database = "<%= sql ['database'] %>", username = "<%= sql['username'] %>", password = "<%= sql['password'] %>", host = "<%= sql['host'] %>" } +<%- end -%> + +-- Logging configuration +-- For advanced logging see https://prosody.im/doc/logging +log = { + <%= scope.lookupvar('prosody::log_level') -%> = "<%= scope.lookupvar('prosody::info_log') -%>"; -- Change 'info' to 'debug' for verbose logging + error = "<%= scope.lookupvar('prosody::error_log') -%>"; +<% scope.lookupvar('prosody::log_sinks').each do |sink| -%> + "*<%= sink %>"; +<% end -%> +<% scope.lookupvar('prosody::log_advanced').each do |level, destination| -%> + { levels = { <%= level %> }; to = <%= destination %>; }; +<% end -%> +} + +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see https://prosody.im/doc/components + +<% scope.lookupvar('prosody::components').sort.each do |name, component| %> +Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %> + <%- if component.include?('secret') -%> + component_secret = "<%= component['secret'] %>" + <%- end -%> + <%- if component.include?('options') -%> + <%- component['options'].sort.each do |k, v| -%> + <%- if ( v.is_a? Array ) -%> + <%= k %> = { "<%= v.join('", "') %>" }; + <%- else -%> + <%= k %> = <%= v %>; + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> + +------ Additional config files ------ +-- For organizational purposes you may prefer to add VirtualHost and +-- Component definitions in their own config files. This line includes +-- all config files in /etc/prosody/conf.d/ + +Include "conf.d/*.cfg.lua" diff --git a/3rdparty/modules/prosody/templates/virtualhost.cfg.erb b/3rdparty/modules/prosody/templates/virtualhost.cfg.erb new file mode 100644 index 000000000..ffb369dbf --- /dev/null +++ b/3rdparty/modules/prosody/templates/virtualhost.cfg.erb @@ -0,0 +1,56 @@ +VirtualHost "<%= @name %>" +<% if @ensure == 'present' -%> + enabled = true +<% else -%> + enabled = false +<% end -%> + +<% if (@ssl_key != 'UNSET') && (@ssl_cert != 'UNSET') -%> + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "<%= @prosody_ssl_key %>"; + certificate = "<%= @prosody_ssl_cert %>"; + } +<% end -%> + +<%- if @custom_options != {} -%> +<%- +def print_recursive(object, indentation = 0) + case object + when Array + '{ "' + object.join('"; "') + '" }' + when Hash + "{\n" + ' ' * (indentation + 2) + object.map {|k,v| + "#{k} = " + print_recursive(v, indentation + 2)}.join(";\n" + ' ' * (indentation + 2)) + ";\n" + (' ' * indentation) + '}' + when TrueClass, FalseClass + object.to_s + else + '"' + object.to_s + '"' + end +end +-%> +------ Custom config options ------ +<%- @custom_options.sort.each do |option, value| -%> +<%= option %> = <%= print_recursive(value) %> +<%- end; end -%> + +<%- if @components != {} -%> +------ Components ------ +-- You can specify components to add hosts that provide special services, +-- like multi-user conferences, and transports. +-- For more information on components, see http://prosody.im/doc/components + +<% @components.sort.each do |name, component| %> +Component "<%= name %>" <% if component.include?('type') then %>"<%= component['type'] %>"<% end %> + <%- if component.include?('secret') -%> + component_secret = "<%= component['secret'] %>" + <%- end -%> + <%- if component.include?('options') -%> + <%- component['options'].sort.each do |k, v| -%> + <%= k %> = <%= v %>; + <%- end -%> + <%- end -%> +<% end -%> +<% end -%> diff --git a/3rdparty/modules/prosody/tests/init.pp b/3rdparty/modules/prosody/tests/init.pp new file mode 100644 index 000000000..94d9b59cf --- /dev/null +++ b/3rdparty/modules/prosody/tests/init.pp @@ -0,0 +1,8 @@ +node default { + include ::prosody + + prosody::virtualhost { + 'puppetlabs.com' : + ensure => present; + } +} diff --git a/3rdparty/modules/prosody/tests/modules/prosody/manifests b/3rdparty/modules/prosody/tests/modules/prosody/manifests new file mode 120000 index 000000000..21186f015 --- /dev/null +++ b/3rdparty/modules/prosody/tests/modules/prosody/manifests @@ -0,0 +1 @@ +../../../manifests \ No newline at end of file diff --git a/3rdparty/modules/prosody/tests/modules/prosody/templates b/3rdparty/modules/prosody/tests/modules/prosody/templates new file mode 120000 index 000000000..0e4c94ff6 --- /dev/null +++ b/3rdparty/modules/prosody/tests/modules/prosody/templates @@ -0,0 +1 @@ +../../../templates \ No newline at end of file diff --git a/3rdparty/modules/prosody/types/authentication.pp b/3rdparty/modules/prosody/types/authentication.pp new file mode 100644 index 000000000..ccf59416a --- /dev/null +++ b/3rdparty/modules/prosody/types/authentication.pp @@ -0,0 +1 @@ +type Prosody::Authentication = Enum['internal_plain', 'internal_hashed', 'cyrus', 'anonymous', 'ha1'] diff --git a/3rdparty/modules/prosody/types/host.pp b/3rdparty/modules/prosody/types/host.pp new file mode 100644 index 000000000..a08e8c795 --- /dev/null +++ b/3rdparty/modules/prosody/types/host.pp @@ -0,0 +1,2 @@ +# Note: Stdlib::Host does not match "localhost" +type Prosody::Host = Variant[Pattern[/^localhost$/], Stdlib::Host] diff --git a/3rdparty/modules/prosody/types/loglevel.pp b/3rdparty/modules/prosody/types/loglevel.pp new file mode 100644 index 000000000..d6866c960 --- /dev/null +++ b/3rdparty/modules/prosody/types/loglevel.pp @@ -0,0 +1 @@ +type Prosody::Loglevel = Enum['debug', 'info', 'warn', 'error'] diff --git a/3rdparty/modules/prosody/types/moduletype.pp b/3rdparty/modules/prosody/types/moduletype.pp new file mode 100644 index 000000000..9d4e2160c --- /dev/null +++ b/3rdparty/modules/prosody/types/moduletype.pp @@ -0,0 +1 @@ +type Prosody::Moduletype = Enum['hg', 'git'] diff --git a/3rdparty/modules/prosody/types/packageensure.pp b/3rdparty/modules/prosody/types/packageensure.pp new file mode 100644 index 000000000..7c9e86b5e --- /dev/null +++ b/3rdparty/modules/prosody/types/packageensure.pp @@ -0,0 +1 @@ +type Prosody::Packageensure = Variant[Enum[present, latest], String] diff --git a/3rdparty/modules/prosody/types/storage.pp b/3rdparty/modules/prosody/types/storage.pp new file mode 100644 index 000000000..7e8d15b73 --- /dev/null +++ b/3rdparty/modules/prosody/types/storage.pp @@ -0,0 +1 @@ +type Prosody::Storage = Variant[Hash, Enum['internal', 'sql', 'memory', 'null', 'none']] -- 2.20.1