diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-18 14:09:05 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-06-26 00:50:56 +0200 |
commit | f568173a3d8a43ac30fa9294a75c260042b9e415 (patch) | |
tree | 7f816c955a576a884791035cf815ea67ac465ba3 /modules/role/manifests | |
parent | a1c3146595f8f6c7b78adfca8388dd35083b4c7f (diff) | |
download | Puppet-f568173a3d8a43ac30fa9294a75c260042b9e415.tar.gz Puppet-f568173a3d8a43ac30fa9294a75c260042b9e415.tar.zst Puppet-f568173a3d8a43ac30fa9294a75c260042b9e415.zip |
Add postgresql_master profile
Diffstat (limited to 'modules/role/manifests')
-rw-r--r-- | modules/role/manifests/etherpad.pp | 52 |
1 files changed, 6 insertions, 46 deletions
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 476a210..a43f146 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp | |||
@@ -66,54 +66,14 @@ class role::etherpad ( | |||
66 | subscribe => Aur::Package["etherpad-lite"], | 66 | subscribe => Aur::Package["etherpad-lite"], |
67 | } | 67 | } |
68 | 68 | ||
69 | $web_host = "outils-1.v.immae.eu" | 69 | $web_host = "outils-1.v.immae.eu" |
70 | $pg_db = "etherpad-lite" | 70 | $pg_db = "etherpad-lite" |
71 | $pg_user = "etherpad-lite" | 71 | $pg_user = "etherpad-lite" |
72 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") | 72 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") |
73 | 73 | ||
74 | file { "/var/lib/postgres/data/certs": | 74 | profile::postgresql_master { "postgresql master for etherpad": |
75 | ensure => directory, | 75 | letsencrypt_host => $web_host, |
76 | mode => "0700", | 76 | backup_hosts => ["backup-1"], |
77 | owner => $::profile::postgresql::pg_user, | ||
78 | group => $::profile::postgresql::pg_user, | ||
79 | require => File["/var/lib/postgres"], | ||
80 | } | ||
81 | |||
82 | file { "/var/lib/postgres/data/certs/cert.pem": | ||
83 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", | ||
84 | mode => "0600", | ||
85 | links => "follow", | ||
86 | owner => $::profile::postgresql::pg_user, | ||
87 | group => $::profile::postgresql::pg_user, | ||
88 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | ||
89 | } | ||
90 | |||
91 | file { "/var/lib/postgres/data/certs/privkey.pem": | ||
92 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", | ||
93 | mode => "0600", | ||
94 | links => "follow", | ||
95 | owner => $::profile::postgresql::pg_user, | ||
96 | group => $::profile::postgresql::pg_user, | ||
97 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | ||
98 | } | ||
99 | |||
100 | postgresql::server::config_entry { "wal_level": | ||
101 | value => "logical", | ||
102 | } | ||
103 | |||
104 | postgresql::server::config_entry { "ssl": | ||
105 | value => "on", | ||
106 | require => Letsencrypt::Certonly[$web_host], | ||
107 | } | ||
108 | |||
109 | postgresql::server::config_entry { "ssl_cert_file": | ||
110 | value => "/var/lib/postgres/data/certs/cert.pem", | ||
111 | require => Letsencrypt::Certonly[$web_host], | ||
112 | } | ||
113 | |||
114 | postgresql::server::config_entry { "ssl_key_file": | ||
115 | value => "/var/lib/postgres/data/certs/privkey.pem", | ||
116 | require => Letsencrypt::Certonly[$web_host], | ||
117 | } | 77 | } |
118 | 78 | ||
119 | postgresql::server::db { $pg_db: | 79 | postgresql::server::db { $pg_db: |