Start to cleanup the files

diff --git a/environments/global/common.yaml b/environments/global/common.yaml
index 5b21dca75061bd0b0d3561dc50414e32178d563a..05d12ad77b2ce18b86a265a65e560d08906d706a 100644 (file)
--- a/environments/global/common.yaml
+++ b/environments/global/common.yaml
@@ -6,6 +6,8 @@ lookup_options:
     merge: deep
   base_installation::system_users:
     merge: unique
+  letsencrypt::hosts:
+    merge: unique
 
 classes:
   stdlib: ~
@@ -35,3 +37,5 @@ base_installation::system_users:
         key_type: "ssh-rsa"
 xmr_stak::mining_pool: "pool.minexmr.com:7777"
 xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
+letsencrypt::email: "sites+letsencrypt@mail.immae.eu"
+letsencrypt::try_for_real_hostname: true

diff --git a/environments/global/roles/cryptoportfolio.yaml b/environments/global/roles/cryptoportfolio.yaml
index 3d36e711b79b02706062000fcad8dd35e12d5934..f875c1b8a0a1f736e8a5fd01ba9a79521ba7412e 100644 (file)
--- a/environments/global/roles/cryptoportfolio.yaml
+++ b/environments/global/roles/cryptoportfolio.yaml
@@ -1,4 +1,19 @@
 ---
 classes:
   role::cryptoportfolio: ~
-cryptoportfolio::slack_webhook: "%{ldapvar.self.vars.cf_slack_webhook.0}"
+letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"
+role::cryptoportfolio::user: "cryptoportfolio"
+role::cryptoportfolio::group: "cryptoportfolio"
+role::cryptoportfolio::home: "/home/cryptoportfolio"
+role::cryptoportfolio::env: "prod"
+role::cryptoportfolio::webhook_url: "%{ldapvar.self.vars.cf_slack_webhook.0}"
+role::cryptoportfolio::pg_db: "cryptoportfolio"
+role::cryptoportfolio::pg_user: "cryptoportfolio"
+role::cryptoportfolio::pg_user_replication: "cryptoportfolio_replication"
+role::cryptoportfolio::web_host: "%{lookup('base_installation::system_hostname')}"
+role::cryptoportfolio::web_port: ""
+role::cryptoportfolio::web_ssl: true
+base_installation::system_users:
+  - username: "%{lookup('role::cryptoportfolio::user')}"
+    system: true
+    password: "!!"

diff --git a/environments/global/types/s1-2.yaml b/environments/global/types/s1-2.yaml
index 496b7418eb5cf9cd06334358c28251aff12eb07f..a7ba753399c03cff653d135f6df21c62993d339b 100644 (file)
--- a/environments/global/types/s1-2.yaml
+++ b/environments/global/types/s1-2.yaml
@@ -6,4 +6,4 @@ classes:
 base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
 base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
-ssl::try_letsencrypt_for_real_hostname: true
+letsencrypt::try_for_real_hostname: true

diff --git a/environments/global/types/vps-ovhssd-1.yaml b/environments/global/types/vps-ovhssd-1.yaml
index 73f7a45cce65666566827b1ae608800c154d323d..68534dc2dfdcfbf6e06413903ee21b5e7ffc5db6 100644 (file)
--- a/environments/global/types/vps-ovhssd-1.yaml
+++ b/environments/global/types/vps-ovhssd-1.yaml
@@ -7,4 +7,4 @@ base_installation::system_hostname: "%{ldapvar.self.vars.host.0}"
 base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net"
 base_installation::grub_device: "/dev/sdb"
 base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt"
-ssl::try_letsencrypt_for_real_hostname: false
+letsencrypt::try_for_real_hostname: false

diff --git a/environments/integration/roles/cryptoportfolio.yaml b/environments/integration/roles/cryptoportfolio.yaml
index 9825bce0214f536b24f83f27f2fdca7d7ba6ab9e..6b8eb929e8c229b3c3a370d2697a5c647c151c94 100644 (file)
--- a/environments/integration/roles/cryptoportfolio.yaml
+++ b/environments/integration/roles/cryptoportfolio.yaml
@@ -1,5 +1,3 @@
 ---
-cryptoportfolio::front_version: v0.0.2-3-g6200f9a
-cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
-cryptoportfolio::bot_version: v0.5-8-g34eb08f
-cryptoportfolio::bot_sha256: f5b99c4a1cc4db0228f757705a5a909aa301e42787bc5842f8ba442fec0d3fd1
+role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a
+role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f

diff --git a/environments/production/roles/cryptoportfolio.yaml b/environments/production/roles/cryptoportfolio.yaml
index c9328e1de282ff76702deb2e75218d7ac5e0fdb4..566c7f2c57255c6c939ed4423584184ac3a15325 100644 (file)
--- a/environments/production/roles/cryptoportfolio.yaml
+++ b/environments/production/roles/cryptoportfolio.yaml
@@ -1,5 +1,5 @@
 ---
-cryptoportfolio::front_version: v0.0.2-3-g6200f9a
-cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
-cryptoportfolio::bot_version: v0.5.1
-cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54
+role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a
+role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f
+role::cryptoportfolio::bot_version: v0.5.1
+role::cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54

diff --git a/manifests/site.pp b/manifests/site.pp
index f922d2b665f0c0782f0c25510b43b4a5afd00a5f..3d40ad29b31a0c3a861a91135d041f1cb9e57383 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,5 +1,5 @@
 node default {
-  lookup('classes', Hash, 'deep').each |$class_name, $class_hash| {
+  lookup('classes').each |$class_name, $class_hash| {
     if empty($class_hash) {
       include $class_name
     } else {

diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp
index b3ce49207a67007266df1ba5ca1b1883c76015ff..6f7732dfed2b83c63cdbd62cd13233c5af2d87ff 100644 (file)
--- a/modules/base_installation/manifests/puppet.pp
+++ b/modules/base_installation/manifests/puppet.pp
@@ -67,7 +67,7 @@ class base_installation::puppet (
       require => File[$base_installation::puppet_conf_path],
     }
 
-    $ips = lookup("ips") |$key| { {} }
+    $ips = lookup("ips", { 'default_value' => undef })
     file { "$base_installation::puppet_conf_path/host_ldap.info":
       content => template("base_installation/puppet/host_ldap.info.erb"),
       require => File[$base_installation::puppet_conf_path],

diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp
index c641f4b26105496e6deadf4f57f6c13cd71893f3..d7b4d61a48d86a1edcce1b602197947ee319e7eb 100644 (file)
--- a/modules/base_installation/manifests/services.pp
+++ b/modules/base_installation/manifests/services.pp
@@ -38,7 +38,7 @@ class base_installation::services inherits base_installation {
      group   => "root"
   }
 
-  $ip6 = lookup("ips.v6") |$key| { {} }
+  $ip6 = lookup("ips.v6", { 'default_value' => undef })
   file { '/etc/systemd/network/en-dhcp.network':
     ensure  => "present",
     path    => "/etc/systemd/network/en-dhcp.network",

diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index 766c0f054210bdbfa34f0cd7d916a2e18465728a..f893c51e379f78e13e69fa1d0f5b5e01ecdc2e67 100644 (file)
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -26,22 +26,26 @@ class base_installation::users (
       ensure         => "present",
       groups         => $user[groups],
       managehome     => true,
+      system         => !!$user[system],
       home           => "/home/${user[username]}",
-      notify         => Exec["remove_password"],
+      notify         => Exec["remove_password:${user[username]}:${user[userid]}"],
       purge_ssh_keys => true
     }
 
-    exec { "remove_password":
+    exec { "remove_password:${user[username]}:${user[userid]}":
       command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+      onlyif      => "/usr/bin/test -z '${user[password]}'",
       refreshonly => true
     }
 
-    $user[keys].each |$key| {
-      ssh_authorized_key { "${user[username]}@${key[host]}":
-        name => "${user[username]}@${key[host]}",
-        user => $user[username],
-        type => $key[key_type],
-        key  => $key[key],
+    if has_key($user, "keys") {
+      $user[keys].each |$key| {
+        ssh_authorized_key { "${user[username]}@${key[host]}":
+          name => "${user[username]}@${key[host]}",
+          user => $user[username],
+          type => $key[key_type],
+          key  => $key[key],
+        }
       }
     }
   }

diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 8db58da99beb5aed81e044791bf7393213ba5682..382633bb3f8c60d802356b43ce973d019066db91 100644 (file)
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -67,13 +67,12 @@ class profile::apache {
     install_method  => "package",
     package_name    => "certbot",
     package_command => "certbot",
-    # FIXME
-    email           => 'sites+letsencrypt@mail.immae.eu',
+    email           => lookup('letsencrypt::email'),
   }
 
-  $real_hostname = lookup("base_installation::real_hostname") |$key| { {} }
+  $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
   unless empty($real_hostname) {
-    if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) {
+    if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
       letsencrypt::certonly { $real_hostname:
         before => Apache::Vhost["default_ssl"];
         default: * => $::profile::apache::letsencrypt_certonly_default;
@@ -110,6 +109,14 @@ class profile::apache {
     }
   }
 
+  lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
+    if ($host != $real_hostname) { # Done above already
+      letsencrypt::certonly { $host: ;
+        default: * => $letsencrypt_certonly_default;
+      }
+    }
+  }
+
   apache::vhost { "redirect_no_ssl":
     port          => '80',
     error_log     => false,

diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index bec247ee0ff6a19771f39506a63d59259a5ab7a6..8b4a63b649b0dd46968446f2bc358e54f90582ce 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -1,4 +1,22 @@
-class role::cryptoportfolio {
+class role::cryptoportfolio (
+  String            $user,
+  String            $group,
+  String            $home,
+  Optional[String]  $env                 = "prod",
+  Optional[String]  $webhook_url         = undef,
+  String            $pg_user,
+  String            $pg_user_replication,
+  String            $pg_db,
+  Optional[String]  $pg_hostname          = "localhost",
+  Optional[String]  $pg_port              = "5432",
+  Optional[String]  $web_host             = undef,
+  Optional[String]  $web_port             = "",
+  Optional[Boolean] $web_ssl              = true,
+  Optional[String]  $front_version        = undef,
+  Optional[String]  $front_sha256         = undef,
+  Optional[String]  $bot_version          = undef,
+  Optional[String]  $bot_sha256           = undef,
+) {
   ensure_resource('exec', 'systemctl daemon-reload', {
     command     => '/usr/bin/systemctl daemon-reload',
     refreshonly =>  true
@@ -11,37 +29,23 @@ class role::cryptoportfolio {
   include "profile::apache"
   include "profile::xmr_stak"
 
-  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
-
-  $cf_pg_user = "cryptoportfolio"
-  $cf_pg_user_replication = "cryptoportfolio_replication"
-  $cf_pg_db = "cryptoportfolio"
-  $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
-  $cf_pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication")
-  $cf_pg_hostname = "localhost"
-  $cf_pg_port = "5432"
-  $cf_pg_host = "${cf_pg_hostname}:${cf_pg_port}"
-
-  $cf_user = "cryptoportfolio"
-  $cf_group = "cryptoportfolio"
-  $cf_home = "/opt/cryptoportfolio"
-  $cf_env = "prod"
-  $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
-  $cf_front_app_port = ""
-  $cf_front_app_ssl = "true"
-  $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+
+  $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
+  $pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication")
+  $pg_host = "${pg_hostname}:${pg_port}"
+
+  $cf_front_app = "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
   $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
   $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
-  $cf_front_app_api_conf = "${cf_home}/conf.toml"
+  $cf_front_app_api_conf = "${home}/conf.toml"
   $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
 
   $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
 
-  $cf_bot_app = "${cf_home}/bot"
-  $cf_bot_app_conf = "${cf_home}/bot_config.ini"
-  $cf_bot_app_reports = "${cf_home}/bot_reports"
-
-  $cf_webhook_url = lookup("cryptoportfolio::slack_webhook") |$key| { "" }
+  $cf_bot_app = "${home}/bot"
+  $cf_bot_app_conf = "${home}/bot_config.ini"
+  $cf_bot_app_reports = "${home}/bot_reports"
 
   file { "/var/lib/postgres/data/certs":
     ensure  => directory,
@@ -52,21 +56,21 @@ class role::cryptoportfolio {
   }
 
   file { "/var/lib/postgres/data/certs/cert.pem":
-    source  => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+    source  => "file:///etc/letsencrypt/live/$web_host/cert.pem",
     mode    => "0600",
     links   => "follow",
     owner   => $::profile::postgresql::pg_user,
     group   => $::profile::postgresql::pg_user,
-    require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
+    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
   }
 
   file { "/var/lib/postgres/data/certs/privkey.pem":
-    source  => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+    source  => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
     mode    => "0600",
     links   => "follow",
     owner   => $::profile::postgresql::pg_user,
     group   => $::profile::postgresql::pg_user,
-    require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
+    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
   }
 
   postgresql::server::config_entry { "wal_level":
@@ -75,52 +79,52 @@ class role::cryptoportfolio {
 
   postgresql::server::config_entry { "ssl":
     value   => "on",
-    require => Letsencrypt::Certonly[$cf_front_app_host],
+    require => Letsencrypt::Certonly[$web_host],
   }
 
   postgresql::server::config_entry { "ssl_cert_file":
     value   => "/var/lib/postgres/data/certs/cert.pem",
-    require => Letsencrypt::Certonly[$cf_front_app_host],
+    require => Letsencrypt::Certonly[$web_host],
   }
 
   postgresql::server::config_entry { "ssl_key_file":
     value   => "/var/lib/postgres/data/certs/privkey.pem",
-    require => Letsencrypt::Certonly[$cf_front_app_host],
+    require => Letsencrypt::Certonly[$web_host],
   }
 
-  postgresql::server::db { $cf_pg_db:
-    user     =>  $cf_pg_user,
-    password =>  postgresql_password($cf_pg_user, $cf_pg_password),
+  postgresql::server::db { $pg_db:
+    user     =>  $pg_user,
+    password =>  postgresql_password($pg_user, $pg_password),
   }
   ->
-  postgresql_psql { "CREATE PUBLICATION ${cf_pg_db}_publication FOR ALL TABLES":
-    db     => $cf_pg_db,
-    unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${cf_pg_db}_publication'",
+  postgresql_psql { "CREATE PUBLICATION ${pg_db}_publication FOR ALL TABLES":
+    db     => $pg_db,
+    unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'",
   }
   ->
-  postgresql::server::role { $cf_pg_user_replication:
-    db            => $cf_pg_db,
+  postgresql::server::role { $pg_user_replication:
+    db            => $pg_db,
     replication   => true,
-    password_hash => postgresql_password($cf_pg_user_replication, $cf_pg_replication_password),
+    password_hash => postgresql_password($pg_user_replication, $pg_replication_password),
   }
   ->
-  postgresql::server::database_grant { $cf_pg_user_replication:
-    db        => $cf_pg_db,
+  postgresql::server::database_grant { $pg_user_replication:
+    db        => $pg_db,
     privilege => "CONNECT",
-    role      => $cf_pg_user_replication,
+    role      => $pg_user_replication,
   }
   ->
-  postgresql::server::grant { "all tables in schema:public:$cf_pg_user_replication":
-    db          => $cf_pg_db,
-    role        => $cf_pg_user_replication,
+  postgresql::server::grant { "all tables in schema:public:$pg_user_replication":
+    db          => $pg_db,
+    role        => $pg_user_replication,
     privilege   => "SELECT",
     object_type => "ALL TABLES IN SCHEMA",
     object_name => "public",
   }
   ->
-  postgresql::server::grant { "all sequences in schema:public:$cf_pg_user_replication":
-    db          => $cf_pg_db,
-    role        => $cf_pg_user_replication,
+  postgresql::server::grant { "all sequences in schema:public:$pg_user_replication":
+    db          => $pg_db,
+    role        => $pg_user_replication,
     privilege   => "SELECT",
     object_type => "ALL SEQUENCES IN SCHEMA",
     object_name => "public",
@@ -128,16 +132,16 @@ class role::cryptoportfolio {
 
   postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
     type        => 'host',
-    database    => $cf_pg_db,
-    user        => $cf_pg_user,
+    database    => $pg_db,
+    user        => $pg_user,
     address     => '127.0.0.1/32',
     auth_method => 'md5',
     order       => "b0",
   }
   postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
     type        => 'host',
-    database    => $cf_pg_db,
-    user        => $cf_pg_user,
+    database    => $pg_db,
+    user        => $pg_user,
     address     => '::1/128',
     auth_method => 'md5',
     order       => "b0",
@@ -145,83 +149,64 @@ class role::cryptoportfolio {
 
   postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
     type        => 'hostssl',
-    database    => $cf_pg_db,
-    user        => $cf_pg_user_replication,
+    database    => $pg_db,
+    user        => $pg_user_replication,
     address     => 'immae.eu',
     auth_method => 'md5',
     order       => "b0",
   }
 
-  letsencrypt::certonly { $cf_front_app_host: ;
-    default: * => $::profile::apache::letsencrypt_certonly_default;
-  }
-
   class { 'apache::mod::headers': }
-  apache::vhost { $cf_front_app_host:
+  apache::vhost { $web_host:
     port                => '443',
     docroot             => false,
     manage_docroot      => false,
     proxy_dest          => "http://localhost:8000",
     request_headers     => 'set X-Forwarded-Proto "https"',
     ssl                 => true,
-    ssl_cert            => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
-    ssl_key             => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
-    ssl_chain           => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
-    require             => Letsencrypt::Certonly[$cf_front_app_host],
+    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
+    require             => Letsencrypt::Certonly[$web_host],
     proxy_preserve_host => true;
     default: *          => $::profile::apache::apache_vhost_default;
   }
 
-  user { $cf_user:
-    name       => $cf_user,
-    ensure     => "present",
-    managehome => true,
-    home       => $cf_home,
-    system     => true,
-    password   => '!!',
-  }
-
   file { "/usr/local/bin/slack-notify":
     mode   => "0755",
     source => "puppet:///modules/role/cryptoportfolio/slack-notify.py",
   }
 
-  $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
-  $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
-
-  $bot_version = lookup("cryptoportfolio::bot_version") |$key| { {} }
-  $bot_sha256 = lookup("cryptoportfolio::bot_sha256") |$key| { {} }
-
   unless empty($bot_version) {
     ensure_packages(["python", "python-pip"])
 
     file { $cf_bot_app:
       ensure  => "directory",
       mode    => "0700",
-      owner   => $cf_user,
-      group   => $cf_group,
-      require => User[$cf_user],
+      owner   => $user,
+      group   => $group,
+      require => User["$user:"],
     }
 
-    archive { "${cf_home}/trader_${bot_version}.tar.gz":
-      path          => "${cf_home}/trader_${bot_version}.tar.gz",
+    archive { "${home}/trader_${bot_version}.tar.gz":
+      path          => "${home}/trader_${bot_version}.tar.gz",
       source        => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz",
       checksum_type => "sha256",
       checksum      => $bot_sha256,
       cleanup       => false,
       extract       => true,
-      user          => $cf_user,
+      user          => $user,
       username      => $facts["ec2_metadata"]["hostname"],
       password      => generate_password(24, $password_seed, "ldap"),
       extract_path  => $cf_bot_app,
-      require       => [User[$cf_user], File[$cf_bot_app]],
+      require       => [User["$user:"], File[$cf_bot_app]],
     } ~>
     exec { "py-cryptoportfolio-dependencies":
       cwd         => $cf_bot_app,
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
+      user        => $user,
+      environment => ["HOME=${home}"],
       command     => "/usr/bin/make install",
-      require     => User[$cf_user],
+      require     => User["$user:"],
       refreshonly => true,
       before      => [
         File[$cf_bot_app_conf],
@@ -231,53 +216,53 @@ class role::cryptoportfolio {
     }
 
     file { $cf_bot_app_conf:
-      owner   => $cf_user,
-      group   => $cf_group,
+      owner   => $user,
+      group   => $group,
       mode    => "0600",
       content => template("role/cryptoportfolio/bot_config.ini.erb"),
       require => [
-        User[$cf_user],
-        Archive["${cf_home}/trader_${bot_version}.tar.gz"],
+        User["$user:"],
+        Archive["${home}/trader_${bot_version}.tar.gz"],
       ],
     }
 
     cron { "py-cryptoportfolio-before":
       ensure      => present,
       command     => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before",
-      user        => "cryptoportfolio",
+      user        => $user,
       weekday     => 7, # Sunday
       hour        => 22,
       minute      => 30,
-      environment => ["HOME=${cf_home}","PATH=/usr/bin/"],
+      environment => ["HOME=${home}","PATH=/usr/bin/"],
       require     => [
         File[$cf_bot_app_conf],
-        Archive["${cf_home}/trader_${bot_version}.tar.gz"]
+        Archive["${home}/trader_${bot_version}.tar.gz"]
       ],
     }
 
     cron { "py-cryptoportfolio-after":
       ensure      => present,
       command     => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after",
-      user        => "cryptoportfolio",
+      user        => $user,
       weekday     => 1, # Monday
       hour        => 1,
       minute      => 0,
-      environment => ["HOME=${cf_home}","PATH=/usr/bin/"],
+      environment => ["HOME=${home}","PATH=/usr/bin/"],
       require     => [
         File[$cf_bot_app_conf],
-        Archive["${cf_home}/trader_${bot_version}.tar.gz"]
+        Archive["${home}/trader_${bot_version}.tar.gz"]
       ],
     }
 
-    unless empty($cf_webhook_url) {
+    unless empty($webhook_url) {
       exec { "bot-slack-notify":
         refreshonly => true,
         environment => [
           "P_PROJECT=Trader",
-          "P_WEBHOOK=${cf_webhook_url}",
+          "P_WEBHOOK=${webhook_url}",
           "P_VERSION=${bot_version}",
-          "P_HOST=${cf_front_app_host}",
-          "P_HTTPS=${cf_front_app_ssl}",
+          "P_HOST=${web_host}",
+          "P_HTTPS=${web_ssl}",
         ],
         command     => "/usr/local/bin/slack-notify",
         require     => File["/usr/local/bin/slack-notify"],
@@ -291,22 +276,22 @@ class role::cryptoportfolio {
     ensure_packages(["go", "npm", "nodejs", "yarn"])
 
     file { [
-        "${cf_home}/go/",
-        "${cf_home}/go/src",
-        "${cf_home}/go/src/immae.eu",
-        "${cf_home}/go/src/immae.eu/Immae",
-        "${cf_home}/go/src/immae.eu/Immae/Projets",
-        "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
-        "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
+        "${home}/go/",
+        "${home}/go/src",
+        "${home}/go/src/immae.eu",
+        "${home}/go/src/immae.eu/Immae",
+        "${home}/go/src/immae.eu/Immae/Projets",
+        "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
+        "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
         $cf_front_app]:
       ensure  => "directory",
       mode    => "0700",
-      owner   => $cf_user,
-      group   => $cf_group,
-      require => User[$cf_user],
+      owner   => $user,
+      group   => $group,
+      require => User["$user:"],
     }
 
-    file { "${cf_home}/front":
+    file { "${home}/front":
       ensure  => "link",
       target  => $cf_front_app,
       before => File[$cf_front_app],
@@ -326,28 +311,28 @@ class role::cryptoportfolio {
       subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
       require   => [
         File["/etc/systemd/system/cryptoportfolio-app.service"],
-        Postgresql::Server::Db[$cf_pg_db]
+        Postgresql::Server::Db[$pg_db]
       ],
     } ~>
-    exec { "dump $cf_pg_db structure":
+    exec { "dump $pg_db structure":
       refreshonly => true,
       user        => $::profile::postgresql::pg_user,
       group       => $::profile::postgresql::pg_user,
-      command     => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema",
+      command     => "/usr/bin/pg_dump --schema-only --clean --no-publications $pg_db > /var/lib/postgres/${pg_db}.schema",
     }
 
-    archive { "${cf_home}/front_${front_version}.tar.gz":
-      path          => "${cf_home}/front_${front_version}.tar.gz",
+    archive { "${home}/front_${front_version}.tar.gz":
+      path          => "${home}/front_${front_version}.tar.gz",
       source        => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
       checksum_type => "sha256",
       checksum      => $front_sha256,
       cleanup       => false,
       extract       => true,
-      user          => $cf_user,
+      user          => $user,
       username      => $facts["ec2_metadata"]["hostname"],
       password      => generate_password(24, $password_seed, "ldap"),
       extract_path  => $cf_front_app,
-      require       => [User[$cf_user], File[$cf_front_app]],
+      require       => [User["$user:"], File[$cf_front_app]],
       notify        => [
         Exec["web-cryptoportfolio-dependencies"],
         Exec["go-get-dep"],
@@ -356,39 +341,39 @@ class role::cryptoportfolio {
 
     # Api
     file { $cf_front_app_api_conf:
-      owner   => $cf_user,
-      group   => $cf_group,
+      owner   => $user,
+      group   => $group,
       mode    => "0600",
       content => template("role/cryptoportfolio/api_conf.toml.erb"),
       before  => Exec["go-cryptoportfolio-app"],
     }
 
     exec { "go-get-dep":
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
-      creates     => "${cf_home}/go/bin/dep",
+      user        => $user,
+      environment => ["HOME=${home}"],
+      creates     => "${home}/go/bin/dep",
       command     => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
       refreshonly => true,
     } ~>
     exec { "go-cryptoportfolio-dependencies":
       cwd         => $cf_front_app,
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
-      command     => "${cf_home}/go/bin/dep ensure",
+      user        => $user,
+      environment => ["HOME=${home}"],
+      command     => "${home}/go/bin/dep ensure",
       refreshonly => true,
     } ~>
     exec { "go-cryptoportfolio-app":
       cwd         => $cf_front_app_api_workdir,
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
+      user        => $user,
+      environment => ["HOME=${home}"],
       command     => "/usr/bin/make build",
       refreshonly => true,
     }
 
     # Static pages
     file { $cf_front_app_static_conf:
-      owner   => $cf_user,
-      group   => $cf_group,
+      owner   => $user,
+      group   => $group,
       mode    => "0600",
       content => template("role/cryptoportfolio/static_conf.env.erb"),
       before  => Exec["web-cryptoportfolio-build"],
@@ -396,30 +381,30 @@ class role::cryptoportfolio {
 
     exec { "web-cryptoportfolio-dependencies":
       cwd         => "${cf_front_app}/cmd/web",
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
+      user        => $user,
+      environment => ["HOME=${home}"],
       command     => "/usr/bin/make install",
       refreshonly => true,
       require     => [Package["npm"], Package["nodejs"], Package["yarn"]]
     } ~>
     exec { "web-cryptoportfolio-build":
       cwd         => "${cf_front_app}/cmd/web",
-      user        => $cf_user,
-      environment => ["HOME=${cf_home}"],
+      user        => $user,
+      environment => ["HOME=${home}"],
       path        => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"],
-      command     => "/usr/bin/make static ENV=${cf_env}",
+      command     => "/usr/bin/make static ENV=${env}",
       refreshonly => true,
     }
 
-    unless empty($cf_webhook_url) {
+    unless empty($webhook_url) {
       exec { "front-slack-notify":
         refreshonly => true,
         environment => [
           "P_PROJECT=Front",
-          "P_WEBHOOK=${cf_webhook_url}",
+          "P_WEBHOOK=${webhook_url}",
           "P_VERSION=${front_version}",
-          "P_HOST=${cf_front_app_host}",
-          "P_HTTPS=${cf_front_app_ssl}",
+          "P_HOST=${web_host}",
+          "P_HTTPS=${web_ssl}",
         ],
         command     => "/usr/local/bin/slack-notify",
         require     => File["/usr/local/bin/slack-notify"],

diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
index 13550c9a8b4de44a6cfb695af36695548d754191..7a4b66d1062a24341f0524d2e6aaca030cff84ce 100644 (file)
--- a/modules/role/templates/cryptoportfolio/api_conf.toml.erb
+++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
@@ -1,15 +1,15 @@
 log_level="info"
-mode="<%= @cf_env %>"
+mode="<%= @env %>"
 log_out="stdout"
 
 [db]
-user="<%= @cf_pg_user %>"
-password="<%= @cf_pg_password %>"
-database="<%= @cf_pg_db %>"
-address="<%= @cf_pg_host %>"
+user="<%= @pg_user %>"
+password="<%= @pg_password %>"
+database="<%= @pg_db %>"
+address="<%= @pg_host %>"
 
 [api]
-domain="<%= @cf_front_app_host %>"
+domain="<%= @web_host %>"
 jwt_secret="<%= @cf_front_app_api_secret %>"
 
 [app]

diff --git a/modules/role/templates/cryptoportfolio/bot_config.ini.erb b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
index 30298eb5c4efde0db8ef4b1fe8ecef8aec797526..b0211a6b59841333ff1f5cc4f9798227de9ef732 100644 (file)
--- a/modules/role/templates/cryptoportfolio/bot_config.ini.erb
+++ b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
@@ -1,9 +1,9 @@
 [postgresql]
-host = <%= @cf_pg_hostname %>
-port = <%= @cf_pg_port %>
-user = <%= @cf_pg_user %>
-password = <%= @cf_pg_password %>
-database = <%= @cf_pg_db %>
+host = <%= @pg_hostname %>
+port = <%= @pg_port %>
+user = <%= @pg_user %>
+password = <%= @pg_password %>
+database = <%= @pg_db %>
 
 [app]
 report_path = <%= @cf_bot_app_reports %>

diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
index a521c0e16ea87638f6f689f436613559590e7b95..ed2b9082a486ea7efb33832d6989981591e58800 100644 (file)
--- a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
+++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
@@ -5,8 +5,8 @@ Description=Cryptoportfolio app
 Type=simple
   
 WorkingDirectory=<%= @cf_front_app_api_workdir %>
-User=<%= @cf_user %>
-Group=<%= @cf_group %>
+User=<%= @user %>
+Group=<%= @group %>
 UMask=007
   
 ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %>

diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb
index db9759ddbc0fae627ede073de3dffbf8aa0b0430..314ee14c558594ca5674906033a0895a2cf4e4d7 100644 (file)
--- a/modules/role/templates/cryptoportfolio/static_conf.env.erb
+++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb
@@ -1,4 +1,4 @@
-API_HOST="<%= @cf_front_app_host %>"
-API_PORT="<%= @cf_front_app_port %>"
-API_HTTPS="<%= @cf_front_app_ssl %>"
+API_HOST="<%= @web_host %>"
+API_PORT="<%= @web_port %>"
+API_HTTPS="<%= @web_ssl %>"