aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-13 13:23:17 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-13 22:51:36 +0100
commit0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c (patch)
tree95af1b06a4b8d67759628071f163b3d42c9c7f22 /modules
parent96d61e22a20255c2b437eb3a3b81f9b44a1814de (diff)
downloadPuppet-0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c.tar.gz
Puppet-0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c.tar.zst
Puppet-0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c.zip
Start to cleanup the files
Diffstat (limited to 'modules')
-rw-r--r--modules/base_installation/manifests/puppet.pp2
-rw-r--r--modules/base_installation/manifests/services.pp2
-rw-r--r--modules/base_installation/manifests/users.pp20
-rw-r--r--modules/profile/manifests/apache.pp15
-rw-r--r--modules/role/manifests/cryptoportfolio.pp273
-rw-r--r--modules/role/templates/cryptoportfolio/api_conf.toml.erb12
-rw-r--r--modules/role/templates/cryptoportfolio/bot_config.ini.erb10
-rw-r--r--modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb4
-rw-r--r--modules/role/templates/cryptoportfolio/static_conf.env.erb6
9 files changed, 170 insertions, 174 deletions
diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp
index b3ce492..6f7732d 100644
--- a/modules/base_installation/manifests/puppet.pp
+++ b/modules/base_installation/manifests/puppet.pp
@@ -67,7 +67,7 @@ class base_installation::puppet (
67 require => File[$base_installation::puppet_conf_path], 67 require => File[$base_installation::puppet_conf_path],
68 } 68 }
69 69
70 $ips = lookup("ips") |$key| { {} } 70 $ips = lookup("ips", { 'default_value' => undef })
71 file { "$base_installation::puppet_conf_path/host_ldap.info": 71 file { "$base_installation::puppet_conf_path/host_ldap.info":
72 content => template("base_installation/puppet/host_ldap.info.erb"), 72 content => template("base_installation/puppet/host_ldap.info.erb"),
73 require => File[$base_installation::puppet_conf_path], 73 require => File[$base_installation::puppet_conf_path],
diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp
index c641f4b..d7b4d61 100644
--- a/modules/base_installation/manifests/services.pp
+++ b/modules/base_installation/manifests/services.pp
@@ -38,7 +38,7 @@ class base_installation::services inherits base_installation {
38 group => "root" 38 group => "root"
39 } 39 }
40 40
41 $ip6 = lookup("ips.v6") |$key| { {} } 41 $ip6 = lookup("ips.v6", { 'default_value' => undef })
42 file { '/etc/systemd/network/en-dhcp.network': 42 file { '/etc/systemd/network/en-dhcp.network':
43 ensure => "present", 43 ensure => "present",
44 path => "/etc/systemd/network/en-dhcp.network", 44 path => "/etc/systemd/network/en-dhcp.network",
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index 766c0f0..f893c51 100644
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -26,22 +26,26 @@ class base_installation::users (
26 ensure => "present", 26 ensure => "present",
27 groups => $user[groups], 27 groups => $user[groups],
28 managehome => true, 28 managehome => true,
29 system => !!$user[system],
29 home => "/home/${user[username]}", 30 home => "/home/${user[username]}",
30 notify => Exec["remove_password"], 31 notify => Exec["remove_password:${user[username]}:${user[userid]}"],
31 purge_ssh_keys => true 32 purge_ssh_keys => true
32 } 33 }
33 34
34 exec { "remove_password": 35 exec { "remove_password:${user[username]}:${user[userid]}":
35 command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", 36 command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
37 onlyif => "/usr/bin/test -z '${user[password]}'",
36 refreshonly => true 38 refreshonly => true
37 } 39 }
38 40
39 $user[keys].each |$key| { 41 if has_key($user, "keys") {
40 ssh_authorized_key { "${user[username]}@${key[host]}": 42 $user[keys].each |$key| {
41 name => "${user[username]}@${key[host]}", 43 ssh_authorized_key { "${user[username]}@${key[host]}":
42 user => $user[username], 44 name => "${user[username]}@${key[host]}",
43 type => $key[key_type], 45 user => $user[username],
44 key => $key[key], 46 type => $key[key_type],
47 key => $key[key],
48 }
45 } 49 }
46 } 50 }
47 } 51 }
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 8db58da..382633b 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -67,13 +67,12 @@ class profile::apache {
67 install_method => "package", 67 install_method => "package",
68 package_name => "certbot", 68 package_name => "certbot",
69 package_command => "certbot", 69 package_command => "certbot",
70 # FIXME 70 email => lookup('letsencrypt::email'),
71 email => 'sites+letsencrypt@mail.immae.eu',
72 } 71 }
73 72
74 $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } 73 $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
75 unless empty($real_hostname) { 74 unless empty($real_hostname) {
76 if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { 75 if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
77 letsencrypt::certonly { $real_hostname: 76 letsencrypt::certonly { $real_hostname:
78 before => Apache::Vhost["default_ssl"]; 77 before => Apache::Vhost["default_ssl"];
79 default: * => $::profile::apache::letsencrypt_certonly_default; 78 default: * => $::profile::apache::letsencrypt_certonly_default;
@@ -110,6 +109,14 @@ class profile::apache {
110 } 109 }
111 } 110 }
112 111
112 lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
113 if ($host != $real_hostname) { # Done above already
114 letsencrypt::certonly { $host: ;
115 default: * => $letsencrypt_certonly_default;
116 }
117 }
118 }
119
113 apache::vhost { "redirect_no_ssl": 120 apache::vhost { "redirect_no_ssl":
114 port => '80', 121 port => '80',
115 error_log => false, 122 error_log => false,
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index bec247e..8b4a63b 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -1,4 +1,22 @@
1class role::cryptoportfolio { 1class role::cryptoportfolio (
2 String $user,
3 String $group,
4 String $home,
5 Optional[String] $env = "prod",
6 Optional[String] $webhook_url = undef,
7 String $pg_user,
8 String $pg_user_replication,
9 String $pg_db,
10 Optional[String] $pg_hostname = "localhost",
11 Optional[String] $pg_port = "5432",
12 Optional[String] $web_host = undef,
13 Optional[String] $web_port = "",
14 Optional[Boolean] $web_ssl = true,
15 Optional[String] $front_version = undef,
16 Optional[String] $front_sha256 = undef,
17 Optional[String] $bot_version = undef,
18 Optional[String] $bot_sha256 = undef,
19) {
2 ensure_resource('exec', 'systemctl daemon-reload', { 20 ensure_resource('exec', 'systemctl daemon-reload', {
3 command => '/usr/bin/systemctl daemon-reload', 21 command => '/usr/bin/systemctl daemon-reload',
4 refreshonly => true 22 refreshonly => true
@@ -11,37 +29,23 @@ class role::cryptoportfolio {
11 include "profile::apache" 29 include "profile::apache"
12 include "profile::xmr_stak" 30 include "profile::xmr_stak"
13 31
14 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } 32 $password_seed = lookup("base_installation::puppet_pass_seed")
15 33
16 $cf_pg_user = "cryptoportfolio" 34 $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
17 $cf_pg_user_replication = "cryptoportfolio_replication" 35 $pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication")
18 $cf_pg_db = "cryptoportfolio" 36 $pg_host = "${pg_hostname}:${pg_port}"
19 $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") 37
20 $cf_pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication") 38 $cf_front_app = "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
21 $cf_pg_hostname = "localhost"
22 $cf_pg_port = "5432"
23 $cf_pg_host = "${cf_pg_hostname}:${cf_pg_port}"
24
25 $cf_user = "cryptoportfolio"
26 $cf_group = "cryptoportfolio"
27 $cf_home = "/opt/cryptoportfolio"
28 $cf_env = "prod"
29 $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
30 $cf_front_app_port = ""
31 $cf_front_app_ssl = "true"
32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
33 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" 39 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
34 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" 40 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
35 $cf_front_app_api_conf = "${cf_home}/conf.toml" 41 $cf_front_app_api_conf = "${home}/conf.toml"
36 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") 42 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
37 43
38 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" 44 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
39 45
40 $cf_bot_app = "${cf_home}/bot" 46 $cf_bot_app = "${home}/bot"
41 $cf_bot_app_conf = "${cf_home}/bot_config.ini" 47 $cf_bot_app_conf = "${home}/bot_config.ini"
42 $cf_bot_app_reports = "${cf_home}/bot_reports" 48 $cf_bot_app_reports = "${home}/bot_reports"
43
44 $cf_webhook_url = lookup("cryptoportfolio::slack_webhook") |$key| { "" }
45 49
46 file { "/var/lib/postgres/data/certs": 50 file { "/var/lib/postgres/data/certs":
47 ensure => directory, 51 ensure => directory,
@@ -52,21 +56,21 @@ class role::cryptoportfolio {
52 } 56 }
53 57
54 file { "/var/lib/postgres/data/certs/cert.pem": 58 file { "/var/lib/postgres/data/certs/cert.pem":
55 source => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem", 59 source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
56 mode => "0600", 60 mode => "0600",
57 links => "follow", 61 links => "follow",
58 owner => $::profile::postgresql::pg_user, 62 owner => $::profile::postgresql::pg_user,
59 group => $::profile::postgresql::pg_user, 63 group => $::profile::postgresql::pg_user,
60 require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] 64 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
61 } 65 }
62 66
63 file { "/var/lib/postgres/data/certs/privkey.pem": 67 file { "/var/lib/postgres/data/certs/privkey.pem":
64 source => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem", 68 source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
65 mode => "0600", 69 mode => "0600",
66 links => "follow", 70 links => "follow",
67 owner => $::profile::postgresql::pg_user, 71 owner => $::profile::postgresql::pg_user,
68 group => $::profile::postgresql::pg_user, 72 group => $::profile::postgresql::pg_user,
69 require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] 73 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
70 } 74 }
71 75
72 postgresql::server::config_entry { "wal_level": 76 postgresql::server::config_entry { "wal_level":
@@ -75,52 +79,52 @@ class role::cryptoportfolio {
75 79
76 postgresql::server::config_entry { "ssl": 80 postgresql::server::config_entry { "ssl":
77 value => "on", 81 value => "on",
78 require => Letsencrypt::Certonly[$cf_front_app_host], 82 require => Letsencrypt::Certonly[$web_host],
79 } 83 }
80 84
81 postgresql::server::config_entry { "ssl_cert_file": 85 postgresql::server::config_entry { "ssl_cert_file":
82 value => "/var/lib/postgres/data/certs/cert.pem", 86 value => "/var/lib/postgres/data/certs/cert.pem",
83 require => Letsencrypt::Certonly[$cf_front_app_host], 87 require => Letsencrypt::Certonly[$web_host],
84 } 88 }
85 89
86 postgresql::server::config_entry { "ssl_key_file": 90 postgresql::server::config_entry { "ssl_key_file":
87 value => "/var/lib/postgres/data/certs/privkey.pem", 91 value => "/var/lib/postgres/data/certs/privkey.pem",
88 require => Letsencrypt::Certonly[$cf_front_app_host], 92 require => Letsencrypt::Certonly[$web_host],
89 } 93 }
90 94
91 postgresql::server::db { $cf_pg_db: 95 postgresql::server::db { $pg_db:
92 user => $cf_pg_user, 96 user => $pg_user,
93 password => postgresql_password($cf_pg_user, $cf_pg_password), 97 password => postgresql_password($pg_user, $pg_password),
94 } 98 }
95 -> 99 ->
96 postgresql_psql { "CREATE PUBLICATION ${cf_pg_db}_publication FOR ALL TABLES": 100 postgresql_psql { "CREATE PUBLICATION ${pg_db}_publication FOR ALL TABLES":
97 db => $cf_pg_db, 101 db => $pg_db,
98 unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${cf_pg_db}_publication'", 102 unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'",
99 } 103 }
100 -> 104 ->
101 postgresql::server::role { $cf_pg_user_replication: 105 postgresql::server::role { $pg_user_replication:
102 db => $cf_pg_db, 106 db => $pg_db,
103 replication => true, 107 replication => true,
104 password_hash => postgresql_password($cf_pg_user_replication, $cf_pg_replication_password), 108 password_hash => postgresql_password($pg_user_replication, $pg_replication_password),
105 } 109 }
106 -> 110 ->
107 postgresql::server::database_grant { $cf_pg_user_replication: 111 postgresql::server::database_grant { $pg_user_replication:
108 db => $cf_pg_db, 112 db => $pg_db,
109 privilege => "CONNECT", 113 privilege => "CONNECT",
110 role => $cf_pg_user_replication, 114 role => $pg_user_replication,
111 } 115 }
112 -> 116 ->
113 postgresql::server::grant { "all tables in schema:public:$cf_pg_user_replication": 117 postgresql::server::grant { "all tables in schema:public:$pg_user_replication":
114 db => $cf_pg_db, 118 db => $pg_db,
115 role => $cf_pg_user_replication, 119 role => $pg_user_replication,
116 privilege => "SELECT", 120 privilege => "SELECT",
117 object_type => "ALL TABLES IN SCHEMA", 121 object_type => "ALL TABLES IN SCHEMA",
118 object_name => "public", 122 object_name => "public",
119 } 123 }
120 -> 124 ->
121 postgresql::server::grant { "all sequences in schema:public:$cf_pg_user_replication": 125 postgresql::server::grant { "all sequences in schema:public:$pg_user_replication":
122 db => $cf_pg_db, 126 db => $pg_db,
123 role => $cf_pg_user_replication, 127 role => $pg_user_replication,
124 privilege => "SELECT", 128 privilege => "SELECT",
125 object_type => "ALL SEQUENCES IN SCHEMA", 129 object_type => "ALL SEQUENCES IN SCHEMA",
126 object_name => "public", 130 object_name => "public",
@@ -128,16 +132,16 @@ class role::cryptoportfolio {
128 132
129 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': 133 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
130 type => 'host', 134 type => 'host',
131 database => $cf_pg_db, 135 database => $pg_db,
132 user => $cf_pg_user, 136 user => $pg_user,
133 address => '127.0.0.1/32', 137 address => '127.0.0.1/32',
134 auth_method => 'md5', 138 auth_method => 'md5',
135 order => "b0", 139 order => "b0",
136 } 140 }
137 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': 141 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
138 type => 'host', 142 type => 'host',
139 database => $cf_pg_db, 143 database => $pg_db,
140 user => $cf_pg_user, 144 user => $pg_user,
141 address => '::1/128', 145 address => '::1/128',
142 auth_method => 'md5', 146 auth_method => 'md5',
143 order => "b0", 147 order => "b0",
@@ -145,83 +149,64 @@ class role::cryptoportfolio {
145 149
146 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': 150 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
147 type => 'hostssl', 151 type => 'hostssl',
148 database => $cf_pg_db, 152 database => $pg_db,
149 user => $cf_pg_user_replication, 153 user => $pg_user_replication,
150 address => 'immae.eu', 154 address => 'immae.eu',
151 auth_method => 'md5', 155 auth_method => 'md5',
152 order => "b0", 156 order => "b0",
153 } 157 }
154 158
155 letsencrypt::certonly { $cf_front_app_host: ;
156 default: * => $::profile::apache::letsencrypt_certonly_default;
157 }
158
159 class { 'apache::mod::headers': } 159 class { 'apache::mod::headers': }
160 apache::vhost { $cf_front_app_host: 160 apache::vhost { $web_host:
161 port => '443', 161 port => '443',
162 docroot => false, 162 docroot => false,
163 manage_docroot => false, 163 manage_docroot => false,
164 proxy_dest => "http://localhost:8000", 164 proxy_dest => "http://localhost:8000",
165 request_headers => 'set X-Forwarded-Proto "https"', 165 request_headers => 'set X-Forwarded-Proto "https"',
166 ssl => true, 166 ssl => true,
167 ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", 167 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
168 ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", 168 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
169 ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", 169 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
170 require => Letsencrypt::Certonly[$cf_front_app_host], 170 require => Letsencrypt::Certonly[$web_host],
171 proxy_preserve_host => true; 171 proxy_preserve_host => true;
172 default: * => $::profile::apache::apache_vhost_default; 172 default: * => $::profile::apache::apache_vhost_default;
173 } 173 }
174 174
175 user { $cf_user:
176 name => $cf_user,
177 ensure => "present",
178 managehome => true,
179 home => $cf_home,
180 system => true,
181 password => '!!',
182 }
183
184 file { "/usr/local/bin/slack-notify": 175 file { "/usr/local/bin/slack-notify":
185 mode => "0755", 176 mode => "0755",
186 source => "puppet:///modules/role/cryptoportfolio/slack-notify.py", 177 source => "puppet:///modules/role/cryptoportfolio/slack-notify.py",
187 } 178 }
188 179
189 $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
190 $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
191
192 $bot_version = lookup("cryptoportfolio::bot_version") |$key| { {} }
193 $bot_sha256 = lookup("cryptoportfolio::bot_sha256") |$key| { {} }
194
195 unless empty($bot_version) { 180 unless empty($bot_version) {
196 ensure_packages(["python", "python-pip"]) 181 ensure_packages(["python", "python-pip"])
197 182
198 file { $cf_bot_app: 183 file { $cf_bot_app:
199 ensure => "directory", 184 ensure => "directory",
200 mode => "0700", 185 mode => "0700",
201 owner => $cf_user, 186 owner => $user,
202 group => $cf_group, 187 group => $group,
203 require => User[$cf_user], 188 require => User["$user:"],
204 } 189 }
205 190
206 archive { "${cf_home}/trader_${bot_version}.tar.gz": 191 archive { "${home}/trader_${bot_version}.tar.gz":
207 path => "${cf_home}/trader_${bot_version}.tar.gz", 192 path => "${home}/trader_${bot_version}.tar.gz",
208 source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", 193 source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz",
209 checksum_type => "sha256", 194 checksum_type => "sha256",
210 checksum => $bot_sha256, 195 checksum => $bot_sha256,
211 cleanup => false, 196 cleanup => false,
212 extract => true, 197 extract => true,
213 user => $cf_user, 198 user => $user,
214 username => $facts["ec2_metadata"]["hostname"], 199 username => $facts["ec2_metadata"]["hostname"],
215 password => generate_password(24, $password_seed, "ldap"), 200 password => generate_password(24, $password_seed, "ldap"),
216 extract_path => $cf_bot_app, 201 extract_path => $cf_bot_app,
217 require => [User[$cf_user], File[$cf_bot_app]], 202 require => [User["$user:"], File[$cf_bot_app]],
218 } ~> 203 } ~>
219 exec { "py-cryptoportfolio-dependencies": 204 exec { "py-cryptoportfolio-dependencies":
220 cwd => $cf_bot_app, 205 cwd => $cf_bot_app,
221 user => $cf_user, 206 user => $user,
222 environment => ["HOME=${cf_home}"], 207 environment => ["HOME=${home}"],
223 command => "/usr/bin/make install", 208 command => "/usr/bin/make install",
224 require => User[$cf_user], 209 require => User["$user:"],
225 refreshonly => true, 210 refreshonly => true,
226 before => [ 211 before => [
227 File[$cf_bot_app_conf], 212 File[$cf_bot_app_conf],
@@ -231,53 +216,53 @@ class role::cryptoportfolio {
231 } 216 }
232 217
233 file { $cf_bot_app_conf: 218 file { $cf_bot_app_conf:
234 owner => $cf_user, 219 owner => $user,
235 group => $cf_group, 220 group => $group,
236 mode => "0600", 221 mode => "0600",
237 content => template("role/cryptoportfolio/bot_config.ini.erb"), 222 content => template("role/cryptoportfolio/bot_config.ini.erb"),
238 require => [ 223 require => [
239 User[$cf_user], 224 User["$user:"],
240 Archive["${cf_home}/trader_${bot_version}.tar.gz"], 225 Archive["${home}/trader_${bot_version}.tar.gz"],
241 ], 226 ],
242 } 227 }
243 228
244 cron { "py-cryptoportfolio-before": 229 cron { "py-cryptoportfolio-before":
245 ensure => present, 230 ensure => present,
246 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before", 231 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before",
247 user => "cryptoportfolio", 232 user => $user,
248 weekday => 7, # Sunday 233 weekday => 7, # Sunday
249 hour => 22, 234 hour => 22,
250 minute => 30, 235 minute => 30,
251 environment => ["HOME=${cf_home}","PATH=/usr/bin/"], 236 environment => ["HOME=${home}","PATH=/usr/bin/"],
252 require => [ 237 require => [
253 File[$cf_bot_app_conf], 238 File[$cf_bot_app_conf],
254 Archive["${cf_home}/trader_${bot_version}.tar.gz"] 239 Archive["${home}/trader_${bot_version}.tar.gz"]
255 ], 240 ],
256 } 241 }
257 242
258 cron { "py-cryptoportfolio-after": 243 cron { "py-cryptoportfolio-after":
259 ensure => present, 244 ensure => present,
260 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after", 245 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after",
261 user => "cryptoportfolio", 246 user => $user,
262 weekday => 1, # Monday 247 weekday => 1, # Monday
263 hour => 1, 248 hour => 1,
264 minute => 0, 249 minute => 0,
265 environment => ["HOME=${cf_home}","PATH=/usr/bin/"], 250 environment => ["HOME=${home}","PATH=/usr/bin/"],
266 require => [ 251 require => [
267 File[$cf_bot_app_conf], 252 File[$cf_bot_app_conf],
268 Archive["${cf_home}/trader_${bot_version}.tar.gz"] 253 Archive["${home}/trader_${bot_version}.tar.gz"]
269 ], 254 ],
270 } 255 }
271 256
272 unless empty($cf_webhook_url) { 257 unless empty($webhook_url) {
273 exec { "bot-slack-notify": 258 exec { "bot-slack-notify":
274 refreshonly => true, 259 refreshonly => true,
275 environment => [ 260 environment => [
276 "P_PROJECT=Trader", 261 "P_PROJECT=Trader",
277 "P_WEBHOOK=${cf_webhook_url}", 262 "P_WEBHOOK=${webhook_url}",
278 "P_VERSION=${bot_version}", 263 "P_VERSION=${bot_version}",
279 "P_HOST=${cf_front_app_host}", 264 "P_HOST=${web_host}",
280 "P_HTTPS=${cf_front_app_ssl}", 265 "P_HTTPS=${web_ssl}",
281 ], 266 ],
282 command => "/usr/local/bin/slack-notify", 267 command => "/usr/local/bin/slack-notify",
283 require => File["/usr/local/bin/slack-notify"], 268 require => File["/usr/local/bin/slack-notify"],
@@ -291,22 +276,22 @@ class role::cryptoportfolio {
291 ensure_packages(["go", "npm", "nodejs", "yarn"]) 276 ensure_packages(["go", "npm", "nodejs", "yarn"])
292 277
293 file { [ 278 file { [
294 "${cf_home}/go/", 279 "${home}/go/",
295 "${cf_home}/go/src", 280 "${home}/go/src",
296 "${cf_home}/go/src/immae.eu", 281 "${home}/go/src/immae.eu",
297 "${cf_home}/go/src/immae.eu/Immae", 282 "${home}/go/src/immae.eu/Immae",
298 "${cf_home}/go/src/immae.eu/Immae/Projets", 283 "${home}/go/src/immae.eu/Immae/Projets",
299 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", 284 "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
300 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", 285 "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
301 $cf_front_app]: 286 $cf_front_app]:
302 ensure => "directory", 287 ensure => "directory",
303 mode => "0700", 288 mode => "0700",
304 owner => $cf_user, 289 owner => $user,
305 group => $cf_group, 290 group => $group,
306 require => User[$cf_user], 291 require => User["$user:"],
307 } 292 }
308 293
309 file { "${cf_home}/front": 294 file { "${home}/front":
310 ensure => "link", 295 ensure => "link",
311 target => $cf_front_app, 296 target => $cf_front_app,
312 before => File[$cf_front_app], 297 before => File[$cf_front_app],
@@ -326,28 +311,28 @@ class role::cryptoportfolio {
326 subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]], 311 subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
327 require => [ 312 require => [
328 File["/etc/systemd/system/cryptoportfolio-app.service"], 313 File["/etc/systemd/system/cryptoportfolio-app.service"],
329 Postgresql::Server::Db[$cf_pg_db] 314 Postgresql::Server::Db[$pg_db]
330 ], 315 ],
331 } ~> 316 } ~>
332 exec { "dump $cf_pg_db structure": 317 exec { "dump $pg_db structure":
333 refreshonly => true, 318 refreshonly => true,
334 user => $::profile::postgresql::pg_user, 319 user => $::profile::postgresql::pg_user,
335 group => $::profile::postgresql::pg_user, 320 group => $::profile::postgresql::pg_user,
336 command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema", 321 command => "/usr/bin/pg_dump --schema-only --clean --no-publications $pg_db > /var/lib/postgres/${pg_db}.schema",
337 } 322 }
338 323
339 archive { "${cf_home}/front_${front_version}.tar.gz": 324 archive { "${home}/front_${front_version}.tar.gz":
340 path => "${cf_home}/front_${front_version}.tar.gz", 325 path => "${home}/front_${front_version}.tar.gz",
341 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", 326 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
342 checksum_type => "sha256", 327 checksum_type => "sha256",
343 checksum => $front_sha256, 328 checksum => $front_sha256,
344 cleanup => false, 329 cleanup => false,
345 extract => true, 330 extract => true,
346 user => $cf_user, 331 user => $user,
347 username => $facts["ec2_metadata"]["hostname"], 332 username => $facts["ec2_metadata"]["hostname"],
348 password => generate_password(24, $password_seed, "ldap"), 333 password => generate_password(24, $password_seed, "ldap"),
349 extract_path => $cf_front_app, 334 extract_path => $cf_front_app,
350 require => [User[$cf_user], File[$cf_front_app]], 335 require => [User["$user:"], File[$cf_front_app]],
351 notify => [ 336 notify => [
352 Exec["web-cryptoportfolio-dependencies"], 337 Exec["web-cryptoportfolio-dependencies"],
353 Exec["go-get-dep"], 338 Exec["go-get-dep"],
@@ -356,39 +341,39 @@ class role::cryptoportfolio {
356 341
357 # Api 342 # Api
358 file { $cf_front_app_api_conf: 343 file { $cf_front_app_api_conf:
359 owner => $cf_user, 344 owner => $user,
360 group => $cf_group, 345 group => $group,
361 mode => "0600", 346 mode => "0600",
362 content => template("role/cryptoportfolio/api_conf.toml.erb"), 347 content => template("role/cryptoportfolio/api_conf.toml.erb"),
363 before => Exec["go-cryptoportfolio-app"], 348 before => Exec["go-cryptoportfolio-app"],
364 } 349 }
365 350
366 exec { "go-get-dep": 351 exec { "go-get-dep":
367 user => $cf_user, 352 user => $user,
368 environment => ["HOME=${cf_home}"], 353 environment => ["HOME=${home}"],
369 creates => "${cf_home}/go/bin/dep", 354 creates => "${home}/go/bin/dep",
370 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", 355 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
371 refreshonly => true, 356 refreshonly => true,
372 } ~> 357 } ~>
373 exec { "go-cryptoportfolio-dependencies": 358 exec { "go-cryptoportfolio-dependencies":
374 cwd => $cf_front_app, 359 cwd => $cf_front_app,
375 user => $cf_user, 360 user => $user,
376 environment => ["HOME=${cf_home}"], 361 environment => ["HOME=${home}"],
377 command => "${cf_home}/go/bin/dep ensure", 362 command => "${home}/go/bin/dep ensure",
378 refreshonly => true, 363 refreshonly => true,
379 } ~> 364 } ~>
380 exec { "go-cryptoportfolio-app": 365 exec { "go-cryptoportfolio-app":
381 cwd => $cf_front_app_api_workdir, 366 cwd => $cf_front_app_api_workdir,
382 user => $cf_user, 367 user => $user,
383 environment => ["HOME=${cf_home}"], 368 environment => ["HOME=${home}"],
384 command => "/usr/bin/make build", 369 command => "/usr/bin/make build",
385 refreshonly => true, 370 refreshonly => true,
386 } 371 }
387 372
388 # Static pages 373 # Static pages
389 file { $cf_front_app_static_conf: 374 file { $cf_front_app_static_conf:
390 owner => $cf_user, 375 owner => $user,
391 group => $cf_group, 376 group => $group,
392 mode => "0600", 377 mode => "0600",
393 content => template("role/cryptoportfolio/static_conf.env.erb"), 378 content => template("role/cryptoportfolio/static_conf.env.erb"),
394 before => Exec["web-cryptoportfolio-build"], 379 before => Exec["web-cryptoportfolio-build"],
@@ -396,30 +381,30 @@ class role::cryptoportfolio {
396 381
397 exec { "web-cryptoportfolio-dependencies": 382 exec { "web-cryptoportfolio-dependencies":
398 cwd => "${cf_front_app}/cmd/web", 383 cwd => "${cf_front_app}/cmd/web",
399 user => $cf_user, 384 user => $user,
400 environment => ["HOME=${cf_home}"], 385 environment => ["HOME=${home}"],
401 command => "/usr/bin/make install", 386 command => "/usr/bin/make install",
402 refreshonly => true, 387 refreshonly => true,
403 require => [Package["npm"], Package["nodejs"], Package["yarn"]] 388 require => [Package["npm"], Package["nodejs"], Package["yarn"]]
404 } ~> 389 } ~>
405 exec { "web-cryptoportfolio-build": 390 exec { "web-cryptoportfolio-build":
406 cwd => "${cf_front_app}/cmd/web", 391 cwd => "${cf_front_app}/cmd/web",
407 user => $cf_user, 392 user => $user,
408 environment => ["HOME=${cf_home}"], 393 environment => ["HOME=${home}"],
409 path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], 394 path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"],
410 command => "/usr/bin/make static ENV=${cf_env}", 395 command => "/usr/bin/make static ENV=${env}",
411 refreshonly => true, 396 refreshonly => true,
412 } 397 }
413 398
414 unless empty($cf_webhook_url) { 399 unless empty($webhook_url) {
415 exec { "front-slack-notify": 400 exec { "front-slack-notify":
416 refreshonly => true, 401 refreshonly => true,
417 environment => [ 402 environment => [
418 "P_PROJECT=Front", 403 "P_PROJECT=Front",
419 "P_WEBHOOK=${cf_webhook_url}", 404 "P_WEBHOOK=${webhook_url}",
420 "P_VERSION=${front_version}", 405 "P_VERSION=${front_version}",
421 "P_HOST=${cf_front_app_host}", 406 "P_HOST=${web_host}",
422 "P_HTTPS=${cf_front_app_ssl}", 407 "P_HTTPS=${web_ssl}",
423 ], 408 ],
424 command => "/usr/local/bin/slack-notify", 409 command => "/usr/local/bin/slack-notify",
425 require => File["/usr/local/bin/slack-notify"], 410 require => File["/usr/local/bin/slack-notify"],
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
index 13550c9..7a4b66d 100644
--- a/modules/role/templates/cryptoportfolio/api_conf.toml.erb
+++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
@@ -1,15 +1,15 @@
1log_level="info" 1log_level="info"
2mode="<%= @cf_env %>" 2mode="<%= @env %>"
3log_out="stdout" 3log_out="stdout"
4 4
5[db] 5[db]
6user="<%= @cf_pg_user %>" 6user="<%= @pg_user %>"
7password="<%= @cf_pg_password %>" 7password="<%= @pg_password %>"
8database="<%= @cf_pg_db %>" 8database="<%= @pg_db %>"
9address="<%= @cf_pg_host %>" 9address="<%= @pg_host %>"
10 10
11[api] 11[api]
12domain="<%= @cf_front_app_host %>" 12domain="<%= @web_host %>"
13jwt_secret="<%= @cf_front_app_api_secret %>" 13jwt_secret="<%= @cf_front_app_api_secret %>"
14 14
15[app] 15[app]
diff --git a/modules/role/templates/cryptoportfolio/bot_config.ini.erb b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
index 30298eb..b0211a6 100644
--- a/modules/role/templates/cryptoportfolio/bot_config.ini.erb
+++ b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
@@ -1,9 +1,9 @@
1[postgresql] 1[postgresql]
2host = <%= @cf_pg_hostname %> 2host = <%= @pg_hostname %>
3port = <%= @cf_pg_port %> 3port = <%= @pg_port %>
4user = <%= @cf_pg_user %> 4user = <%= @pg_user %>
5password = <%= @cf_pg_password %> 5password = <%= @pg_password %>
6database = <%= @cf_pg_db %> 6database = <%= @pg_db %>
7 7
8[app] 8[app]
9report_path = <%= @cf_bot_app_reports %> 9report_path = <%= @cf_bot_app_reports %>
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
index a521c0e..ed2b908 100644
--- a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
+++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
@@ -5,8 +5,8 @@ Description=Cryptoportfolio app
5Type=simple 5Type=simple
6 6
7WorkingDirectory=<%= @cf_front_app_api_workdir %> 7WorkingDirectory=<%= @cf_front_app_api_workdir %>
8User=<%= @cf_user %> 8User=<%= @user %>
9Group=<%= @cf_group %> 9Group=<%= @group %>
10UMask=007 10UMask=007
11 11
12ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> 12ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %>
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb
index db9759d..314ee14 100644
--- a/modules/role/templates/cryptoportfolio/static_conf.env.erb
+++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb
@@ -1,4 +1,4 @@
1API_HOST="<%= @cf_front_app_host %>" 1API_HOST="<%= @web_host %>"
2API_PORT="<%= @cf_front_app_port %>" 2API_PORT="<%= @web_port %>"
3API_HTTPS="<%= @cf_front_app_ssl %>" 3API_HTTPS="<%= @web_ssl %>"
4 4