]> git.immae.eu Git - perso/Immae/Projets/Puppet.git/blobdiff - modules/role/manifests/cryptoportfolio.pp
projects / perso / Immae / Projets / Puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Enable https for cryptoportfolio
[perso/Immae/Projets/Puppet.git] / modules / role / manifests / cryptoportfolio.pp
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 084419edba70087b68640f0dbdf445b58c781f8a..05f2c595753d658c2b556d46322aad09ca03343e 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -1,6 +1,7 @@
 class role::cryptoportfolio {
   include "base_installation"
 
+  include "profile::tools"
   include "profile::postgresql"
   include "profile::apache"
 
@@ -17,7 +18,7 @@ class role::cryptoportfolio {
   $cf_env = "prod"
   $cf_front_app_host = "cryptoportfolio.immae.eu"
   $cf_front_app_port = ""
-  $cf_front_app_ssl = "false"
+  $cf_front_app_ssl = "true"
   $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
   $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
   $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
@@ -48,23 +49,24 @@ class role::cryptoportfolio {
     order       => "b0",
   }
 
+  letsencrypt::certonly { $cf_front_app_host: ;
+    default: * => $::profile::apache::letsencrypt_certonly_default;
+  }
+
+  class { 'apache::mod::headers': }
   apache::vhost { $cf_front_app_host:
-    port                => '80',
+    port                => '443',
     docroot             => false,
     manage_docroot      => false,
     proxy_dest          => "http://localhost:8000",
-    proxy_preserve_host => true,
-    no_proxy_uris       => [
-      "/maintenance_immae.html",
-      "/googleb6d69446ff4ca3e5.html",
-      "/.well-known/acme-challenge"
-    ],
-    no_proxy_uris_match => [
-      '^/licen[cs]es?_et_tip(ping)?$',
-      '^/licen[cs]es?_and_tip(ping)?$',
-      '^/licen[cs]es?$',
-      '^/tip(ping)?$',
-    ]
+    request_headers     => 'set X-Forwarded-Proto "https"',
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
+    require             => Letsencrypt::Certonly[$cf_front_app_host],
+    proxy_preserve_host => true;
+    default: *          => $::profile::apache::apache_vhost_default;
   }
 
   user { $cf_user:
@@ -170,6 +172,7 @@ class role::cryptoportfolio {
       group   => $cf_group,
       mode    => "0600",
       content => template("role/cryptoportfolio/static_conf.env.erb"),
+      notify  => Exec["remove build ${cf_front_app}/cmd/web/build/"],
     }
 
     exec { "web-cryptoportfolio-dependencies":
@@ -177,9 +180,16 @@ class role::cryptoportfolio {
       environment => ["HOME=${cf_home}"],
       command     => "/usr/bin/make install",
       creates     => "${cf_front_app}/cmd/web/node_modules",
+      notify      => Exec["remove build ${cf_front_app}/cmd/web/build/"],
       require     => [Package["npm"], Package["nodejs"], Package["yarn"]]
     }
 
+    exec { "remove build ${cf_front_app}/cmd/web/build/":
+      command     => "/usr/bin/rm -rf '${cf_front_app}/cmd/web/build/'",
+      refreshonly => true,
+      before      => Exec["web-cryptoportfolio-build"]
+    }
+
     exec { "web-cryptoportfolio-build":
       cwd         => "${cf_front_app}/cmd/web",
       environment => ["HOME=${cf_home}"],
My infrastructure configuration - Deprecated, replaced with Nix