diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 22:58:15 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 22:58:15 +0100 |
| commit | 985b53a258ee18eaca8d437ae532c232a6d19921 (patch) | |
| tree | 450cbcdec808189b8e08ed84bd3255dcfaadeebe /modules/profile/manifests | |
| parent | 96d61e22a20255c2b437eb3a3b81f9b44a1814de (diff) | |
| parent | 39e05b4ec79c5dc07417a6cb1f0e1b2dcd111a1a (diff) | |
| download | Puppet-985b53a258ee18eaca8d437ae532c232a6d19921.tar.gz Puppet-985b53a258ee18eaca8d437ae532c232a6d19921.tar.zst Puppet-985b53a258ee18eaca8d437ae532c232a6d19921.zip | |
Merge branch 'cleanup' into dev
Diffstat (limited to 'modules/profile/manifests')
| -rw-r--r-- | modules/profile/manifests/apache.pp | 15 | ||||
| -rw-r--r-- | modules/profile/manifests/postgresql.pp | 14 | ||||
| -rw-r--r-- | modules/profile/manifests/xmr_stak.pp | 11 |
3 files changed, 24 insertions, 16 deletions
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
| @@ -67,13 +67,12 @@ class profile::apache { | |||
| 67 | install_method => "package", | 67 | install_method => "package", |
| 68 | package_name => "certbot", | 68 | package_name => "certbot", |
| 69 | package_command => "certbot", | 69 | package_command => "certbot", |
| 70 | # FIXME | 70 | email => lookup('letsencrypt::email'), |
| 71 | email => 'sites+letsencrypt@mail.immae.eu', | ||
| 72 | } | 71 | } |
| 73 | 72 | ||
| 74 | $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } | 73 | $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) |
| 75 | unless empty($real_hostname) { | 74 | unless empty($real_hostname) { |
| 76 | if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { | 75 | if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { |
| 77 | letsencrypt::certonly { $real_hostname: | 76 | letsencrypt::certonly { $real_hostname: |
| 78 | before => Apache::Vhost["default_ssl"]; | 77 | before => Apache::Vhost["default_ssl"]; |
| 79 | default: * => $::profile::apache::letsencrypt_certonly_default; | 78 | default: * => $::profile::apache::letsencrypt_certonly_default; |
| @@ -110,6 +109,14 @@ class profile::apache { | |||
| 110 | } | 109 | } |
| 111 | } | 110 | } |
| 112 | 111 | ||
| 112 | lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { | ||
| 113 | if ($host != $real_hostname) { # Done above already | ||
| 114 | letsencrypt::certonly { $host: ; | ||
| 115 | default: * => $letsencrypt_certonly_default; | ||
| 116 | } | ||
| 117 | } | ||
| 118 | } | ||
| 119 | |||
| 113 | apache::vhost { "redirect_no_ssl": | 120 | apache::vhost { "redirect_no_ssl": |
| 114 | port => '80', | 121 | port => '80', |
| 115 | error_log => false, | 122 | error_log => false, |
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 1024c66..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | class profile::postgresql { | 1 | class profile::postgresql { |
| 2 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 2 | $password_seed = lookup("base_installation::puppet_pass_seed") |
| 3 | 3 | ||
| 4 | class { '::postgresql::globals': | 4 | class { '::postgresql::globals': |
| 5 | encoding => 'UTF-8', | 5 | encoding => 'UTF-8', |
| @@ -32,7 +32,7 @@ class profile::postgresql { | |||
| 32 | database => 'all', | 32 | database => 'all', |
| 33 | user => $pg_user, | 33 | user => $pg_user, |
| 34 | auth_method => 'ident', | 34 | auth_method => 'ident', |
| 35 | order => "a1", | 35 | order => "00-01", |
| 36 | } | 36 | } |
| 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': | 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': |
| 38 | description => 'Allow localhost access to postgres user', | 38 | description => 'Allow localhost access to postgres user', |
| @@ -41,7 +41,7 @@ class profile::postgresql { | |||
| 41 | user => $pg_user, | 41 | user => $pg_user, |
| 42 | address => "127.0.0.1/32", | 42 | address => "127.0.0.1/32", |
| 43 | auth_method => 'md5', | 43 | auth_method => 'md5', |
| 44 | order => "a2", | 44 | order => "00-02", |
| 45 | } | 45 | } |
| 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': |
| 47 | description => 'Allow localhost access to postgres user', | 47 | description => 'Allow localhost access to postgres user', |
| @@ -50,7 +50,7 @@ class profile::postgresql { | |||
| 50 | user => $pg_user, | 50 | user => $pg_user, |
| 51 | address => "::1/128", | 51 | address => "::1/128", |
| 52 | auth_method => 'md5', | 52 | auth_method => 'md5', |
| 53 | order => "a3", | 53 | order => "00-03", |
| 54 | } | 54 | } |
| 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': |
| 56 | description => 'Deny remote access to postgres user', | 56 | description => 'Deny remote access to postgres user', |
| @@ -59,7 +59,7 @@ class profile::postgresql { | |||
| 59 | user => $pg_user, | 59 | user => $pg_user, |
| 60 | address => "0.0.0.0/0", | 60 | address => "0.0.0.0/0", |
| 61 | auth_method => 'reject', | 61 | auth_method => 'reject', |
| 62 | order => "a4", | 62 | order => "00-04", |
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | postgresql::server::pg_hba_rule { 'local access': | 65 | postgresql::server::pg_hba_rule { 'local access': |
| @@ -68,7 +68,7 @@ class profile::postgresql { | |||
| 68 | database => 'all', | 68 | database => 'all', |
| 69 | user => 'all', | 69 | user => 'all', |
| 70 | auth_method => 'md5', | 70 | auth_method => 'md5', |
| 71 | order => "b1", | 71 | order => "10-01", |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | postgresql::server::pg_hba_rule { 'local access with same name': | 74 | postgresql::server::pg_hba_rule { 'local access with same name': |
| @@ -77,7 +77,7 @@ class profile::postgresql { | |||
| 77 | database => 'all', | 77 | database => 'all', |
| 78 | user => 'all', | 78 | user => 'all', |
| 79 | auth_method => 'ident', | 79 | auth_method => 'ident', |
| 80 | order => "b2", | 80 | order => "10-02", |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | } | 83 | } |
diff --git a/modules/profile/manifests/xmr_stak.pp b/modules/profile/manifests/xmr_stak.pp index e5582eb..c8bbcdd 100644 --- a/modules/profile/manifests/xmr_stak.pp +++ b/modules/profile/manifests/xmr_stak.pp | |||
| @@ -1,4 +1,8 @@ | |||
| 1 | class profile::xmr_stak { | 1 | class profile::xmr_stak ( |
| 2 | String $mining_pool, | ||
| 3 | String $wallet, | ||
| 4 | Optional[String] $password = "x", | ||
| 5 | ) { | ||
| 2 | ensure_resource('exec', 'systemctl daemon-reload', { | 6 | ensure_resource('exec', 'systemctl daemon-reload', { |
| 3 | command => '/usr/bin/systemctl daemon-reload', | 7 | command => '/usr/bin/systemctl daemon-reload', |
| 4 | refreshonly => true | 8 | refreshonly => true |
| @@ -26,10 +30,7 @@ class profile::xmr_stak { | |||
| 26 | notify => Exec["systemctl daemon-reload"] | 30 | notify => Exec["systemctl daemon-reload"] |
| 27 | } | 31 | } |
| 28 | 32 | ||
| 29 | $mining_pool = lookup("xmr_stak::mining_pool") |$key| { {} } | 33 | $instance = regsubst(lookup("base_installation::ldap_cn"), '\.', "_", "G") |
| 30 | $wallet = lookup("xmr_stak::wallet") |$key| { {} } | ||
| 31 | $password = lookup("xmr_stak::password") |$key| { "x" } | ||
| 32 | $instance = regsubst($facts["ec2_metadata"]["hostname"], '\.', "_", "G") | ||
| 33 | 34 | ||
| 34 | file { "/var/lib/xmr_stak/xmr-stak.conf": | 35 | file { "/var/lib/xmr_stak/xmr-stak.conf": |
| 35 | mode => "0644", | 36 | mode => "0644", |