]> git.immae.eu Git - perso/Immae/Projets/Puppet.git/blob - modules/role/manifests/cryptoportfolio.pp
projects / perso / Immae / Projets / Puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Install and configure api and assets
[perso/Immae/Projets/Puppet.git] / modules / role / manifests / cryptoportfolio.pp
1 class role::cryptoportfolio {
2 include "base_installation"
3
4 include "profile::postgresql"
5
6 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
7
8 $cf_pg_user = "cryptoportfolio"
9 $cf_pg_db = "cryptoportfolio"
10 $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
11 $cf_pg_host = "localhost:5432"
12
13 $cf_user = "cryptoportfolio"
14 $cf_group = "cryptoportfolio"
15 $cf_home = "/opt/cryptoportfolio"
16 $cf_env = "prod"
17 $cf_front_app_host = "cryptoportfolio.immae.eu"
18 $cf_front_app_port = ""
19 $cf_front_app_ssl = "false"
20 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
21 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
22 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
23 $cf_front_app_api_conf = "${cf_home}/conf.toml"
24 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
25
26 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
27
28 postgresql::server::db { $cf_pg_db:
29 user => $cf_pg_user,
30 password => postgresql_password($cf_pg_user, $cf_pg_password)
31 }
32
33 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
34 type => 'host',
35 database => $cf_pg_db,
36 user => $cf_pg_user,
37 address => '127.0.0.1/32',
38 auth_method => 'md5',
39 order => "b0",
40 }
41 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
42 type => 'host',
43 database => $cf_pg_db,
44 user => $cf_pg_user,
45 address => '::1/128',
46 auth_method => 'md5',
47 order => "b0",
48 }
49
50 class { 'nginx': }
51
52 nginx::resource::server { $cf_front_app_host:
53 listen_port => 80,
54 proxy => 'http://localhost:8000',
55 }
56
57 user { $cf_user:
58 name => $cf_user,
59 ensure => "present",
60 managehome => true,
61 home => $cf_home,
62 system => true,
63 password => '!!',
64 }
65
66 $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
67 $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
68
69 unless empty($front_version) {
70 ensure_packages(["go", "npm", "nodejs", "yarn"])
71
72 file { [
73 "${cf_home}/go/",
74 "${cf_home}/go/src",
75 "${cf_home}/go/src/immae.eu",
76 "${cf_home}/go/src/immae.eu/Immae",
77 "${cf_home}/go/src/immae.eu/Immae/Projets",
78 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
79 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
80 $cf_front_app]:
81 ensure => "directory",
82 mode => "0700",
83 owner => $cf_user,
84 group => $cf_group,
85 require => User[$cf_user],
86 }
87
88 archive { "${cf_home}/${front_version}.tar.gz":
89 path => "${cf_home}/${front_version}.tar.gz",
90 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
91 checksum_type => "sha256",
92 checksum => $front_sha256,
93 cleanup => false,
94 extract => true,
95 user => "cryptoportfolio",
96 extract_path => $cf_front_app,
97 require => [User[$cf_user], File[$cf_front_app]],
98 }
99
100 file { "${cf_home}/front":
101 ensure => "link",
102 target => $cf_front_app,
103 require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"]
104 }
105
106 exec { "go-get-dep":
107 user => $cf_user,
108 environment => ["HOME=${cf_home}"],
109 creates => "${cf_home}/go/bin/dep",
110 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
111 require => User[$cf_user],
112 }
113
114 exec { "go-cryptoportfolio-dependencies":
115 cwd => $cf_front_app,
116 user => $cf_user,
117 environment => ["HOME=${cf_home}"],
118 creates => "${cf_front_app}/vendor",
119 command => "${cf_home}/go/bin/dep ensure",
120 require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]],
121 }
122
123 exec { "go-cryptoportfolio-app":
124 cwd => $cf_front_app_api_workdir,
125 user => $cf_user,
126 environment => ["HOME=${cf_home}"],
127 creates => $cf_front_app_api_bin,
128 command => "/usr/bin/make build",
129 require => Exec["go-cryptoportfolio-dependencies"],
130 }
131
132 file { "/etc/systemd/system/cryptoportfolio-app.service":
133 mode => "0644",
134 owner => "root",
135 group => "root",
136 content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"),
137 } ~> exec { 'systemctl deamon-reload':
138 command => '/usr/bin/systemctl daemon-reload',
139 refreshonly => true
140 }
141
142 service { 'cryptoportfolio-app':
143 enable => true,
144 ensure => "running",
145 require => [File["/etc/systemd/system/cryptoportfolio-app.service"]],
146 }
147
148 file { $cf_front_app_api_conf:
149 owner => $cf_user,
150 group => $cf_group,
151 mode => "0600",
152 content => template("role/cryptoportfolio/api_conf.toml.erb"),
153 }
154
155 file { $cf_front_app_static_conf:
156 owner => $cf_user,
157 group => $cf_group,
158 mode => "0600",
159 content => template("role/cryptoportfolio/static_conf.env.erb"),
160 }
161
162 exec { "web-cryptoportfolio-dependencies":
163 cwd => "${cf_front_app}/cmd/web",
164 environment => ["HOME=${cf_home}"],
165 command => "/usr/bin/make install",
166 creates => "${cf_front_app}/cmd/web/node_modules",
167 require => [Package["npm"], Package["nodejs"], Package["yarn"]]
168 }
169
170 exec { "web-cryptoportfolio-build":
171 cwd => "${cf_front_app}/cmd/web",
172 environment => ["HOME=${cf_home}"],
173 command => "/usr/bin/make static ENV=${cf_env}",
174 creates => "${cf_front_app}/cmd/web/build/static",
175 require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]]
176 }
177 }
178
179 }
My infrastructure configuration - Deprecated, replaced with Nix