Add postgresql module and cryptoportfolio role

diff --git a/.gitmodules b/.gitmodules
index fa48ebf28430c7995c657fc2939c718223e25492..e380041a81b07429256c3e205460a83e99336fec 100644 (file)
--- a/.gitmodules
+++ b/.gitmodules
@@ -28,6 +28,9 @@
 [submodule "modules/pacman"]
        path = modules/pacman
        url = git://git.immae.eu/github/aboe76/puppet-pacman
+[submodule "modules/postgresql"]
+       path = modules/postgresql
+       url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git
 [submodule "python/ovh"]
        path = python/ovh
        url = git://git.immae.eu/github/ovh/python-ovh

diff --git a/environments/production/data/roles/cryptoportfolio.yaml b/environments/production/data/roles/cryptoportfolio.yaml
new file mode 100644 (file)
index 0000000..da46382
--- /dev/null
+++ b/environments/production/data/roles/cryptoportfolio.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  role::cryptoportfolio: ~

diff --git a/modules/postgresql b/modules/postgresql
new file mode 160000 (submodule)
index 0000000..52ea030
--- /dev/null
+++ b/modules/postgresql
@@ -0,0 +1 @@
+Subproject commit 52ea030ad94397ba0d066c36c3028a255341f9fd

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
new file mode 100644 (file)
index 0000000..50e510e
--- /dev/null
+++ b/modules/profile/manifests/postgresql.pp
@@ -0,0 +1,65 @@
+class profile::postgresql {
+  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+
+  class { '::postgresql::globals':
+    encoding             => 'UTF-8',
+    locale               => 'en_US.UTF-8',
+    pg_hba_conf_defaults => false,
+  }
+
+  # FIXME: get it from the postgresql module?
+  $pg_user = "postgres"
+
+  class { '::postgresql::client': }
+
+  # FIXME: postgresql module is buggy and doesn't create dir?
+  file { "/var/lib/postgres":
+    ensure  => directory,
+    owner   => $pg_user,
+    group   => $pg_user,
+    before  => File["/var/lib/postgres/data"],
+    require => Package["postgresql-server"],
+  }
+
+  class { '::postgresql::server':
+    postgres_password => generate_password(24, $password_seed, "postgres")
+  }
+
+  postgresql::server::pg_hba_rule { 'local access as postgres user':
+    description => 'Allow local access to postgres user',
+    type        => 'local',
+    database    => 'all',
+    user        => $pg_user,
+    auth_method => 'ident',
+    order       => "a1",
+  }
+  postgresql::server::pg_hba_rule { 'deny access to postgresql user':
+    description => 'Deny remote access to postgres user',
+    type        => 'host',
+    database    => 'all',
+    user        => $pg_user,
+    address     => "0.0.0.0/0",
+    auth_method => 'reject',
+    order       => "a2",
+  }
+
+  postgresql::server::pg_hba_rule { 'local access':
+    description => 'Allow local access with password',
+    type        => 'local',
+    database    => 'all',
+    user        => 'all',
+    auth_method => 'md5',
+    order       => "b1",
+  }
+
+  postgresql::server::pg_hba_rule { 'local access with same name':
+    description => 'Allow local access with same name',
+    type        => 'local',
+    database    => 'all',
+    user        => 'all',
+    auth_method => 'ident',
+    order       => "b2",
+  }
+
+}
+

diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
new file mode 100644 (file)
index 0000000..2755fee
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -0,0 +1,14 @@
+class role::cryptoportfolio {
+  include "base_installation"
+
+  include "profile::postgresql"
+
+  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+
+  postgresql::server::db { 'cryptoportfolio':
+    user =>  'cryptoportfolio',
+    password =>  postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")),
+  }
+
+  ensure_packages("go")
+}