]>
Commit | Line | Data |
---|---|---|
57ae81ea IB |
1 | class role::cryptoportfolio { |
2 | include "base_installation" | |
3 | ||
8af3ea1e | 4 | include "profile::tools" |
57ae81ea | 5 | include "profile::postgresql" |
2bb35074 | 6 | include "profile::apache" |
57ae81ea IB |
7 | |
8 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | |
9 | ||
159df176 IB |
10 | $cf_pg_user = "cryptoportfolio" |
11 | $cf_pg_db = "cryptoportfolio" | |
12 | $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") | |
13 | $cf_pg_host = "localhost:5432" | |
14 | ||
15 | $cf_user = "cryptoportfolio" | |
16 | $cf_group = "cryptoportfolio" | |
17 | $cf_home = "/opt/cryptoportfolio" | |
18 | $cf_env = "prod" | |
19 | $cf_front_app_host = "cryptoportfolio.immae.eu" | |
20 | $cf_front_app_port = "" | |
21 | $cf_front_app_ssl = "false" | |
22 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | |
23 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" | |
24 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" | |
25 | $cf_front_app_api_conf = "${cf_home}/conf.toml" | |
26 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") | |
27 | ||
28 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" | |
29 | ||
30 | postgresql::server::db { $cf_pg_db: | |
31 | user => $cf_pg_user, | |
32 | password => postgresql_password($cf_pg_user, $cf_pg_password) | |
57ae81ea IB |
33 | } |
34 | ||
6a919776 IB |
35 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': |
36 | type => 'host', | |
159df176 IB |
37 | database => $cf_pg_db, |
38 | user => $cf_pg_user, | |
6a919776 IB |
39 | address => '127.0.0.1/32', |
40 | auth_method => 'md5', | |
41 | order => "b0", | |
42 | } | |
43 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | |
44 | type => 'host', | |
159df176 IB |
45 | database => $cf_pg_db, |
46 | user => $cf_pg_user, | |
6a919776 IB |
47 | address => '::1/128', |
48 | auth_method => 'md5', | |
49 | order => "b0", | |
50 | } | |
0a4ec379 | 51 | |
2bb35074 IB |
52 | apache::vhost { $cf_front_app_host: |
53 | port => '80', | |
54 | docroot => false, | |
55 | manage_docroot => false, | |
56 | proxy_dest => "http://localhost:8000", | |
57 | proxy_preserve_host => true, | |
58 | no_proxy_uris => [ | |
59 | "/maintenance_immae.html", | |
60 | "/googleb6d69446ff4ca3e5.html", | |
61 | "/.well-known/acme-challenge" | |
62 | ], | |
63 | no_proxy_uris_match => [ | |
64 | '^/licen[cs]es?_et_tip(ping)?$', | |
65 | '^/licen[cs]es?_and_tip(ping)?$', | |
66 | '^/licen[cs]es?$', | |
67 | '^/tip(ping)?$', | |
68 | ] | |
0a4ec379 | 69 | } |
f67c5285 | 70 | |
159df176 IB |
71 | user { $cf_user: |
72 | name => $cf_user, | |
76a321e1 IB |
73 | ensure => "present", |
74 | managehome => true, | |
159df176 | 75 | home => $cf_home, |
76a321e1 IB |
76 | system => true, |
77 | password => '!!', | |
78 | } | |
79 | ||
80 | $front_version = lookup("cryptoportfolio::front_version") |$key| { {} } | |
81 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } | |
82 | ||
83 | unless empty($front_version) { | |
159df176 | 84 | ensure_packages(["go", "npm", "nodejs", "yarn"]) |
76a321e1 | 85 | |
159df176 IB |
86 | file { [ |
87 | "${cf_home}/go/", | |
88 | "${cf_home}/go/src", | |
89 | "${cf_home}/go/src/immae.eu", | |
90 | "${cf_home}/go/src/immae.eu/Immae", | |
91 | "${cf_home}/go/src/immae.eu/Immae/Projets", | |
92 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", | |
93 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", | |
94 | $cf_front_app]: | |
95 | ensure => "directory", | |
76a321e1 | 96 | mode => "0700", |
159df176 IB |
97 | owner => $cf_user, |
98 | group => $cf_group, | |
99 | require => User[$cf_user], | |
76a321e1 IB |
100 | } |
101 | ||
159df176 IB |
102 | archive { "${cf_home}/${front_version}.tar.gz": |
103 | path => "${cf_home}/${front_version}.tar.gz", | |
76a321e1 | 104 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", |
76a321e1 IB |
105 | checksum_type => "sha256", |
106 | checksum => $front_sha256, | |
107 | cleanup => false, | |
108 | extract => true, | |
159df176 IB |
109 | user => "cryptoportfolio", |
110 | extract_path => $cf_front_app, | |
111 | require => [User[$cf_user], File[$cf_front_app]], | |
76a321e1 IB |
112 | } |
113 | ||
159df176 | 114 | file { "${cf_home}/front": |
76a321e1 | 115 | ensure => "link", |
159df176 IB |
116 | target => $cf_front_app, |
117 | require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"] | |
118 | } | |
119 | ||
120 | exec { "go-get-dep": | |
121 | user => $cf_user, | |
122 | environment => ["HOME=${cf_home}"], | |
123 | creates => "${cf_home}/go/bin/dep", | |
124 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | |
125 | require => User[$cf_user], | |
126 | } | |
127 | ||
128 | exec { "go-cryptoportfolio-dependencies": | |
129 | cwd => $cf_front_app, | |
130 | user => $cf_user, | |
131 | environment => ["HOME=${cf_home}"], | |
132 | creates => "${cf_front_app}/vendor", | |
133 | command => "${cf_home}/go/bin/dep ensure", | |
134 | require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]], | |
135 | } | |
136 | ||
137 | exec { "go-cryptoportfolio-app": | |
138 | cwd => $cf_front_app_api_workdir, | |
139 | user => $cf_user, | |
140 | environment => ["HOME=${cf_home}"], | |
141 | creates => $cf_front_app_api_bin, | |
142 | command => "/usr/bin/make build", | |
143 | require => Exec["go-cryptoportfolio-dependencies"], | |
144 | } | |
145 | ||
146 | file { "/etc/systemd/system/cryptoportfolio-app.service": | |
147 | mode => "0644", | |
148 | owner => "root", | |
149 | group => "root", | |
150 | content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"), | |
151 | } ~> exec { 'systemctl deamon-reload': | |
152 | command => '/usr/bin/systemctl daemon-reload', | |
153 | refreshonly => true | |
154 | } | |
155 | ||
156 | service { 'cryptoportfolio-app': | |
157 | enable => true, | |
158 | ensure => "running", | |
159 | require => [File["/etc/systemd/system/cryptoportfolio-app.service"]], | |
160 | } | |
161 | ||
162 | file { $cf_front_app_api_conf: | |
163 | owner => $cf_user, | |
164 | group => $cf_group, | |
165 | mode => "0600", | |
166 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | |
167 | } | |
168 | ||
169 | file { $cf_front_app_static_conf: | |
170 | owner => $cf_user, | |
171 | group => $cf_group, | |
172 | mode => "0600", | |
173 | content => template("role/cryptoportfolio/static_conf.env.erb"), | |
174 | } | |
175 | ||
176 | exec { "web-cryptoportfolio-dependencies": | |
177 | cwd => "${cf_front_app}/cmd/web", | |
178 | environment => ["HOME=${cf_home}"], | |
179 | command => "/usr/bin/make install", | |
180 | creates => "${cf_front_app}/cmd/web/node_modules", | |
181 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | |
182 | } | |
183 | ||
184 | exec { "web-cryptoportfolio-build": | |
185 | cwd => "${cf_front_app}/cmd/web", | |
186 | environment => ["HOME=${cf_home}"], | |
187 | command => "/usr/bin/make static ENV=${cf_env}", | |
188 | creates => "${cf_front_app}/cmd/web/build/static", | |
189 | require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]] | |
76a321e1 IB |
190 | } |
191 | } | |
192 | ||
57ae81ea | 193 | } |