modules/role/manifests/cryptoportfolio.pp

   1 class role::cryptoportfolio {
   2   include "base_installation"
   3
   4   include "profile::tools"
   5   include "profile::postgresql"
   6   include "profile::apache"
   7
   8   $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
   9
  10   $cf_pg_user = "cryptoportfolio"
  11   $cf_pg_db = "cryptoportfolio"
  12   $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
  13   $cf_pg_host = "localhost:5432"
  14
  15   $cf_user = "cryptoportfolio"
  16   $cf_group = "cryptoportfolio"
  17   $cf_home = "/opt/cryptoportfolio"
  18   $cf_env = "prod"
  19   $cf_front_app_host = "cryptoportfolio.immae.eu"
  20   $cf_front_app_port = ""
  21   $cf_front_app_ssl = "false"
  22   $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
  23   $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
  24   $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
  25   $cf_front_app_api_conf = "${cf_home}/conf.toml"
  26   $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
  27
  28   $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
  29
  30   postgresql::server::db { $cf_pg_db:
  31     user     =>  $cf_pg_user,
  32     password =>  postgresql_password($cf_pg_user, $cf_pg_password)
  33   }
  34
  35   postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
  36     type        => 'host',
  37     database    => $cf_pg_db,
  38     user        => $cf_pg_user,
  39     address     => '127.0.0.1/32',
  40     auth_method => 'md5',
  41     order       => "b0",
  42   }
  43   postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
  44     type        => 'host',
  45     database    => $cf_pg_db,
  46     user        => $cf_pg_user,
  47     address     => '::1/128',
  48     auth_method => 'md5',
  49     order       => "b0",
  50   }
  51
  52   apache::vhost { $cf_front_app_host:
  53     port                => '80',
  54     docroot             => false,
  55     manage_docroot      => false,
  56     proxy_dest          => "http://localhost:8000",
  57     proxy_preserve_host => true,
  58     no_proxy_uris       => [
  59       "/maintenance_immae.html",
  60       "/googleb6d69446ff4ca3e5.html",
  61       "/.well-known/acme-challenge"
  62     ],
  63     no_proxy_uris_match => [
  64       '^/licen[cs]es?_et_tip(ping)?$',
  65       '^/licen[cs]es?_and_tip(ping)?$',
  66       '^/licen[cs]es?$',
  67       '^/tip(ping)?$',
  68     ]
  69   }
  70
  71   user { $cf_user:
  72     name       => $cf_user,
  73     ensure     => "present",
  74     managehome => true,
  75     home       => $cf_home,
  76     system     => true,
  77     password   => '!!',
  78   }
  79
  80   $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
  81   $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
  82
  83   unless empty($front_version) {
  84     ensure_packages(["go", "npm", "nodejs", "yarn"])
  85
  86     file { [
  87         "${cf_home}/go/",
  88         "${cf_home}/go/src",
  89         "${cf_home}/go/src/immae.eu",
  90         "${cf_home}/go/src/immae.eu/Immae",
  91         "${cf_home}/go/src/immae.eu/Immae/Projets",
  92         "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
  93         "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
  94         $cf_front_app]:
  95       ensure  => "directory",
  96       mode    => "0700",
  97       owner   => $cf_user,
  98       group   => $cf_group,
  99       require => User[$cf_user],
 100     }
 101
 102     archive { "${cf_home}/${front_version}.tar.gz":
 103       path          => "${cf_home}/${front_version}.tar.gz",
 104       source        => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
 105       checksum_type => "sha256",
 106       checksum      => $front_sha256,
 107       cleanup       => false,
 108       extract       => true,
 109       user          => "cryptoportfolio",
 110       extract_path  => $cf_front_app,
 111       require       => [User[$cf_user], File[$cf_front_app]],
 112     }
 113
 114     file { "${cf_home}/front":
 115       ensure  => "link",
 116       target  => $cf_front_app,
 117       require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"]
 118     }
 119
 120     exec { "go-get-dep":
 121       user        => $cf_user,
 122       environment => ["HOME=${cf_home}"],
 123       creates     => "${cf_home}/go/bin/dep",
 124       command     => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
 125       require     => User[$cf_user],
 126     }
 127
 128     exec { "go-cryptoportfolio-dependencies":
 129       cwd         => $cf_front_app,
 130       user        => $cf_user,
 131       environment => ["HOME=${cf_home}"],
 132       creates     => "${cf_front_app}/vendor",
 133       command     => "${cf_home}/go/bin/dep ensure",
 134       require     => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]],
 135     }
 136
 137     exec { "go-cryptoportfolio-app":
 138       cwd         => $cf_front_app_api_workdir,
 139       user        => $cf_user,
 140       environment => ["HOME=${cf_home}"],
 141       creates     => $cf_front_app_api_bin,
 142       command     => "/usr/bin/make build",
 143       require     => Exec["go-cryptoportfolio-dependencies"],
 144     }
 145
 146     file { "/etc/systemd/system/cryptoportfolio-app.service":
 147       mode    => "0644",
 148       owner   => "root",
 149       group   => "root",
 150       content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"),
 151     } ~> exec { 'systemctl deamon-reload':
 152       command     => '/usr/bin/systemctl daemon-reload',
 153       refreshonly => true
 154     }
 155
 156     service { 'cryptoportfolio-app':
 157       enable  => true,
 158       ensure  => "running",
 159       require => [File["/etc/systemd/system/cryptoportfolio-app.service"]],
 160     }
 161
 162     file { $cf_front_app_api_conf:
 163       owner   => $cf_user,
 164       group   => $cf_group,
 165       mode    => "0600",
 166       content => template("role/cryptoportfolio/api_conf.toml.erb"),
 167     }
 168
 169     file { $cf_front_app_static_conf:
 170       owner   => $cf_user,
 171       group   => $cf_group,
 172       mode    => "0600",
 173       content => template("role/cryptoportfolio/static_conf.env.erb"),
 174     }
 175
 176     exec { "web-cryptoportfolio-dependencies":
 177       cwd         => "${cf_front_app}/cmd/web",
 178       environment => ["HOME=${cf_home}"],
 179       command     => "/usr/bin/make install",
 180       creates     => "${cf_front_app}/cmd/web/node_modules",
 181       require     => [Package["npm"], Package["nodejs"], Package["yarn"]]
 182     }
 183
 184     exec { "web-cryptoportfolio-build":
 185       cwd         => "${cf_front_app}/cmd/web",
 186       environment => ["HOME=${cf_home}"],
 187       command     => "/usr/bin/make static ENV=${cf_env}",
 188       creates     => "${cf_front_app}/cmd/web/build/static",
 189       require     => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]]
 190     }
 191   }
 192
 193 }