aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules6
-rw-r--r--environments/production/data/nodes/vps494082.yaml2
m---------modules/archive0
-rw-r--r--modules/aur/manifests/aura.pp4
-rw-r--r--modules/aur/manifests/package.pp4
m---------modules/nginx0
-rw-r--r--modules/role/manifests/cryptoportfolio.pp165
-rw-r--r--modules/role/templates/cryptoportfolio/api_conf.toml.erb16
-rw-r--r--modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb14
-rw-r--r--modules/role/templates/cryptoportfolio/static_conf.env.erb4
10 files changed, 205 insertions, 10 deletions
diff --git a/.gitmodules b/.gitmodules
index e380041..e893f13 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -31,6 +31,12 @@
31[submodule "modules/postgresql"] 31[submodule "modules/postgresql"]
32 path = modules/postgresql 32 path = modules/postgresql
33 url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git 33 url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git
34[submodule "modules/nginx"]
35 path = modules/nginx
36 url = git://git.immae.eu/github/voxpupuli/puppet-nginx.git
37[submodule "modules/archive"]
38 path = modules/archive
39 url = git://git.immae.eu/github/voxpupuli/puppet-archive.git
34[submodule "python/ovh"] 40[submodule "python/ovh"]
35 path = python/ovh 41 path = python/ovh
36 url = git://git.immae.eu/github/ovh/python-ovh 42 url = git://git.immae.eu/github/ovh/python-ovh
diff --git a/environments/production/data/nodes/vps494082.yaml b/environments/production/data/nodes/vps494082.yaml
index 1e14c8f..e9f2e54 100644
--- a/environments/production/data/nodes/vps494082.yaml
+++ b/environments/production/data/nodes/vps494082.yaml
@@ -1 +1,3 @@
1base_installation::system_hostname: cryptoportfolio.immae.eu 1base_installation::system_hostname: cryptoportfolio.immae.eu
2cryptoportfolio::front_version: v0.0.1
3cryptoportfolio::front_sha256: 1a2ec0d1d2b4c3efa7f7cae063c55dda174d058f31d8b6fb50f76492061d37f3
diff --git a/modules/archive b/modules/archive
new file mode 160000
Subproject 9af5cad2bbaafe0498032c38a37835e4ccba7d2
diff --git a/modules/aur/manifests/aura.pp b/modules/aur/manifests/aura.pp
index 1683cf8..3e06f0a 100644
--- a/modules/aur/manifests/aura.pp
+++ b/modules/aur/manifests/aura.pp
@@ -6,6 +6,10 @@ class aur::aura(
6 ensure => "present" 6 ensure => "present"
7 } 7 }
8 8
9 sudo::conf { 'aur-builder':
10 content => "aur-builder ALL=(root) NOPASSWD: /usr/bin/aura *"
11 }
12
9 ensure_packages(['base-devel'], { 'install_options' => '--needed' }) 13 ensure_packages(['base-devel'], { 'install_options' => '--needed' })
10 ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' }) 14 ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' })
11 15
diff --git a/modules/aur/manifests/package.pp b/modules/aur/manifests/package.pp
index 2fd346e..5b55f24 100644
--- a/modules/aur/manifests/package.pp
+++ b/modules/aur/manifests/package.pp
@@ -7,7 +7,7 @@ define aur::package (
7 exec { "pacman::aur::install::${name}": 7 exec { "pacman::aur::install::${name}":
8 cwd => "/tmp", 8 cwd => "/tmp",
9 require => Class[aur::aura], 9 require => Class[aur::aura],
10 command => "/usr/bin/aura -A ${name}", 10 command => "/usr/bin/sudo /usr/bin/aura --noconfirm -A ${name}",
11 user => "aur-builder", 11 user => "aur-builder",
12 unless => "/usr/bin/aura -Qk ${name}", 12 unless => "/usr/bin/aura -Qk ${name}",
13 logoutput => 'on_failure', 13 logoutput => 'on_failure',
@@ -18,7 +18,7 @@ define aur::package (
18 exec { "pacman::aur::remove::${name}": 18 exec { "pacman::aur::remove::${name}":
19 cwd => "/tmp", 19 cwd => "/tmp",
20 require => Class[aur::aura], 20 require => Class[aur::aura],
21 command => "/usr/bin/aura -Rs ${name}", 21 command => "/usr/bin/sudo /usr/bin/aura --noconfirm -Rs ${name}",
22 user => "aur-builder", 22 user => "aur-builder",
23 onlyif => "/usr/bin/aura -Qi ${name}", 23 onlyif => "/usr/bin/aura -Qi ${name}",
24 logoutput => 'on_failure', 24 logoutput => 'on_failure',
diff --git a/modules/nginx b/modules/nginx
new file mode 160000
Subproject a7f40a8893e394cc57695ff81ea53254bcf1ff3
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 4b03e16..0f26527 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -5,26 +5,175 @@ class role::cryptoportfolio {
5 5
6 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } 6 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
7 7
8 postgresql::server::db { 'cryptoportfolio': 8 $cf_pg_user = "cryptoportfolio"
9 user => 'cryptoportfolio', 9 $cf_pg_db = "cryptoportfolio"
10 password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")), 10 $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
11 $cf_pg_host = "localhost:5432"
12
13 $cf_user = "cryptoportfolio"
14 $cf_group = "cryptoportfolio"
15 $cf_home = "/opt/cryptoportfolio"
16 $cf_env = "prod"
17 $cf_front_app_host = "cryptoportfolio.immae.eu"
18 $cf_front_app_port = ""
19 $cf_front_app_ssl = "false"
20 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
21 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
22 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
23 $cf_front_app_api_conf = "${cf_home}/conf.toml"
24 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
25
26 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
27
28 postgresql::server::db { $cf_pg_db:
29 user => $cf_pg_user,
30 password => postgresql_password($cf_pg_user, $cf_pg_password)
11 } 31 }
12 32
13 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': 33 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
14 type => 'host', 34 type => 'host',
15 database => 'cryptoportfolio', 35 database => $cf_pg_db,
16 user => 'cryptoportfolio', 36 user => $cf_pg_user,
17 address => '127.0.0.1/32', 37 address => '127.0.0.1/32',
18 auth_method => 'md5', 38 auth_method => 'md5',
19 order => "b0", 39 order => "b0",
20 } 40 }
21 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': 41 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
22 type => 'host', 42 type => 'host',
23 database => 'cryptoportfolio', 43 database => $cf_pg_db,
24 user => 'cryptoportfolio', 44 user => $cf_pg_user,
25 address => '::1/128', 45 address => '::1/128',
26 auth_method => 'md5', 46 auth_method => 'md5',
27 order => "b0", 47 order => "b0",
28 } 48 }
29 ensure_packages("go") 49
50 class { 'nginx': }
51
52 nginx::resource::server { $cf_front_app_host:
53 listen_port => 80,
54 proxy => 'http://localhost:8000',
55 }
56
57 user { $cf_user:
58 name => $cf_user,
59 ensure => "present",
60 managehome => true,
61 home => $cf_home,
62 system => true,
63 password => '!!',
64 }
65
66 $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
67 $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
68
69 unless empty($front_version) {
70 ensure_packages(["go", "npm", "nodejs", "yarn"])
71
72 file { [
73 "${cf_home}/go/",
74 "${cf_home}/go/src",
75 "${cf_home}/go/src/immae.eu",
76 "${cf_home}/go/src/immae.eu/Immae",
77 "${cf_home}/go/src/immae.eu/Immae/Projets",
78 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
79 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
80 $cf_front_app]:
81 ensure => "directory",
82 mode => "0700",
83 owner => $cf_user,
84 group => $cf_group,
85 require => User[$cf_user],
86 }
87
88 archive { "${cf_home}/${front_version}.tar.gz":
89 path => "${cf_home}/${front_version}.tar.gz",
90 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
91 checksum_type => "sha256",
92 checksum => $front_sha256,
93 cleanup => false,
94 extract => true,
95 user => "cryptoportfolio",
96 extract_path => $cf_front_app,
97 require => [User[$cf_user], File[$cf_front_app]],
98 }
99
100 file { "${cf_home}/front":
101 ensure => "link",
102 target => $cf_front_app,
103 require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"]
104 }
105
106 exec { "go-get-dep":
107 user => $cf_user,
108 environment => ["HOME=${cf_home}"],
109 creates => "${cf_home}/go/bin/dep",
110 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
111 require => User[$cf_user],
112 }
113
114 exec { "go-cryptoportfolio-dependencies":
115 cwd => $cf_front_app,
116 user => $cf_user,
117 environment => ["HOME=${cf_home}"],
118 creates => "${cf_front_app}/vendor",
119 command => "${cf_home}/go/bin/dep ensure",
120 require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]],
121 }
122
123 exec { "go-cryptoportfolio-app":
124 cwd => $cf_front_app_api_workdir,
125 user => $cf_user,
126 environment => ["HOME=${cf_home}"],
127 creates => $cf_front_app_api_bin,
128 command => "/usr/bin/make build",
129 require => Exec["go-cryptoportfolio-dependencies"],
130 }
131
132 file { "/etc/systemd/system/cryptoportfolio-app.service":
133 mode => "0644",
134 owner => "root",
135 group => "root",
136 content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"),
137 } ~> exec { 'systemctl deamon-reload':
138 command => '/usr/bin/systemctl daemon-reload',
139 refreshonly => true
140 }
141
142 service { 'cryptoportfolio-app':
143 enable => true,
144 ensure => "running",
145 require => [File["/etc/systemd/system/cryptoportfolio-app.service"]],
146 }
147
148 file { $cf_front_app_api_conf:
149 owner => $cf_user,
150 group => $cf_group,
151 mode => "0600",
152 content => template("role/cryptoportfolio/api_conf.toml.erb"),
153 }
154
155 file { $cf_front_app_static_conf:
156 owner => $cf_user,
157 group => $cf_group,
158 mode => "0600",
159 content => template("role/cryptoportfolio/static_conf.env.erb"),
160 }
161
162 exec { "web-cryptoportfolio-dependencies":
163 cwd => "${cf_front_app}/cmd/web",
164 environment => ["HOME=${cf_home}"],
165 command => "/usr/bin/make install",
166 creates => "${cf_front_app}/cmd/web/node_modules",
167 require => [Package["npm"], Package["nodejs"], Package["yarn"]]
168 }
169
170 exec { "web-cryptoportfolio-build":
171 cwd => "${cf_front_app}/cmd/web",
172 environment => ["HOME=${cf_home}"],
173 command => "/usr/bin/make static ENV=${cf_env}",
174 creates => "${cf_front_app}/cmd/web/build/static",
175 require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]]
176 }
177 }
178
30} 179}
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
new file mode 100644
index 0000000..13550c9
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
@@ -0,0 +1,16 @@
1log_level="info"
2mode="<%= @cf_env %>"
3log_out="stdout"
4
5[db]
6user="<%= @cf_pg_user %>"
7password="<%= @cf_pg_password %>"
8database="<%= @cf_pg_db %>"
9address="<%= @cf_pg_host %>"
10
11[api]
12domain="<%= @cf_front_app_host %>"
13jwt_secret="<%= @cf_front_app_api_secret %>"
14
15[app]
16public_dir="../web/build/static"
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
new file mode 100644
index 0000000..a521c0e
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
@@ -0,0 +1,14 @@
1[Unit]
2Description=Cryptoportfolio app
3
4[Service]
5Type=simple
6
7WorkingDirectory=<%= @cf_front_app_api_workdir %>
8User=<%= @cf_user %>
9Group=<%= @cf_group %>
10UMask=007
11
12ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %>
13
14Restart=on-failure
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb
new file mode 100644
index 0000000..db9759d
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb
@@ -0,0 +1,4 @@
1API_HOST="<%= @cf_front_app_host %>"
2API_PORT="<%= @cf_front_app_port %>"
3API_HTTPS="<%= @cf_front_app_ssl %>"
4