diff options
| -rw-r--r-- | environments/global/common.yaml | 4 | ||||
| -rw-r--r-- | environments/global/roles/cryptoportfolio.yaml | 17 | ||||
| -rw-r--r-- | environments/global/types/s1-2.yaml | 2 | ||||
| -rw-r--r-- | environments/global/types/vps-ovhssd-1.yaml | 2 | ||||
| -rw-r--r-- | environments/integration/roles/cryptoportfolio.yaml | 6 | ||||
| -rw-r--r-- | environments/production/roles/cryptoportfolio.yaml | 8 | ||||
| -rw-r--r-- | manifests/site.pp | 2 | ||||
| -rw-r--r-- | modules/base_installation/manifests/puppet.pp | 2 | ||||
| -rw-r--r-- | modules/base_installation/manifests/services.pp | 2 | ||||
| -rw-r--r-- | modules/base_installation/manifests/users.pp | 20 | ||||
| -rw-r--r-- | modules/profile/manifests/apache.pp | 15 | ||||
| -rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 273 | ||||
| -rw-r--r-- | modules/role/templates/cryptoportfolio/api_conf.toml.erb | 12 | ||||
| -rw-r--r-- | modules/role/templates/cryptoportfolio/bot_config.ini.erb | 10 | ||||
| -rw-r--r-- | modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | 4 | ||||
| -rw-r--r-- | modules/role/templates/cryptoportfolio/static_conf.env.erb | 6 |
16 files changed, 199 insertions, 186 deletions
diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 5b21dca..05d12ad 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml | |||
| @@ -6,6 +6,8 @@ lookup_options: | |||
| 6 | merge: deep | 6 | merge: deep |
| 7 | base_installation::system_users: | 7 | base_installation::system_users: |
| 8 | merge: unique | 8 | merge: unique |
| 9 | letsencrypt::hosts: | ||
| 10 | merge: unique | ||
| 9 | 11 | ||
| 10 | classes: | 12 | classes: |
| 11 | stdlib: ~ | 13 | stdlib: ~ |
| @@ -35,3 +37,5 @@ base_installation::system_users: | |||
| 35 | key_type: "ssh-rsa" | 37 | key_type: "ssh-rsa" |
| 36 | xmr_stak::mining_pool: "pool.minexmr.com:7777" | 38 | xmr_stak::mining_pool: "pool.minexmr.com:7777" |
| 37 | xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" | 39 | xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" |
| 40 | letsencrypt::email: "sites+letsencrypt@mail.immae.eu" | ||
| 41 | letsencrypt::try_for_real_hostname: true | ||
diff --git a/environments/global/roles/cryptoportfolio.yaml b/environments/global/roles/cryptoportfolio.yaml index 3d36e71..f875c1b 100644 --- a/environments/global/roles/cryptoportfolio.yaml +++ b/environments/global/roles/cryptoportfolio.yaml | |||
| @@ -1,4 +1,19 @@ | |||
| 1 | --- | 1 | --- |
| 2 | classes: | 2 | classes: |
| 3 | role::cryptoportfolio: ~ | 3 | role::cryptoportfolio: ~ |
| 4 | cryptoportfolio::slack_webhook: "%{ldapvar.self.vars.cf_slack_webhook.0}" | 4 | letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}" |
| 5 | role::cryptoportfolio::user: "cryptoportfolio" | ||
| 6 | role::cryptoportfolio::group: "cryptoportfolio" | ||
| 7 | role::cryptoportfolio::home: "/home/cryptoportfolio" | ||
| 8 | role::cryptoportfolio::env: "prod" | ||
| 9 | role::cryptoportfolio::webhook_url: "%{ldapvar.self.vars.cf_slack_webhook.0}" | ||
| 10 | role::cryptoportfolio::pg_db: "cryptoportfolio" | ||
| 11 | role::cryptoportfolio::pg_user: "cryptoportfolio" | ||
| 12 | role::cryptoportfolio::pg_user_replication: "cryptoportfolio_replication" | ||
| 13 | role::cryptoportfolio::web_host: "%{lookup('base_installation::system_hostname')}" | ||
| 14 | role::cryptoportfolio::web_port: "" | ||
| 15 | role::cryptoportfolio::web_ssl: true | ||
| 16 | base_installation::system_users: | ||
| 17 | - username: "%{lookup('role::cryptoportfolio::user')}" | ||
| 18 | system: true | ||
| 19 | password: "!!" | ||
diff --git a/environments/global/types/s1-2.yaml b/environments/global/types/s1-2.yaml index 496b741..a7ba753 100644 --- a/environments/global/types/s1-2.yaml +++ b/environments/global/types/s1-2.yaml | |||
| @@ -6,4 +6,4 @@ classes: | |||
| 6 | base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" | 6 | base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" |
| 7 | base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu" | 7 | base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.v.immae.eu" |
| 8 | base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" | 8 | base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" |
| 9 | ssl::try_letsencrypt_for_real_hostname: true | 9 | letsencrypt::try_for_real_hostname: true |
diff --git a/environments/global/types/vps-ovhssd-1.yaml b/environments/global/types/vps-ovhssd-1.yaml index 73f7a45..68534dc 100644 --- a/environments/global/types/vps-ovhssd-1.yaml +++ b/environments/global/types/vps-ovhssd-1.yaml | |||
| @@ -7,4 +7,4 @@ base_installation::system_hostname: "%{ldapvar.self.vars.host.0}" | |||
| 7 | base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net" | 7 | base_installation::real_hostname: "%{facts.ec2_metadata.hostname}.ovh.net" |
| 8 | base_installation::grub_device: "/dev/sdb" | 8 | base_installation::grub_device: "/dev/sdb" |
| 9 | base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" | 9 | base_installation::ldap_cert_path: "/etc/ssl/certs/ca-certificates.crt" |
| 10 | ssl::try_letsencrypt_for_real_hostname: false | 10 | letsencrypt::try_for_real_hostname: false |
diff --git a/environments/integration/roles/cryptoportfolio.yaml b/environments/integration/roles/cryptoportfolio.yaml index 9825bce..6b8eb92 100644 --- a/environments/integration/roles/cryptoportfolio.yaml +++ b/environments/integration/roles/cryptoportfolio.yaml | |||
| @@ -1,5 +1,3 @@ | |||
| 1 | --- | 1 | --- |
| 2 | cryptoportfolio::front_version: v0.0.2-3-g6200f9a | 2 | role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a |
| 3 | cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f | 3 | role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f |
| 4 | cryptoportfolio::bot_version: v0.5-8-g34eb08f | ||
| 5 | cryptoportfolio::bot_sha256: f5b99c4a1cc4db0228f757705a5a909aa301e42787bc5842f8ba442fec0d3fd1 | ||
diff --git a/environments/production/roles/cryptoportfolio.yaml b/environments/production/roles/cryptoportfolio.yaml index c9328e1..566c7f2 100644 --- a/environments/production/roles/cryptoportfolio.yaml +++ b/environments/production/roles/cryptoportfolio.yaml | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | --- | 1 | --- |
| 2 | cryptoportfolio::front_version: v0.0.2-3-g6200f9a | 2 | role::cryptoportfolio::front_version: v0.0.2-3-g6200f9a |
| 3 | cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f | 3 | role::cryptoportfolio::front_sha256: 69d31251ecd4fcea46d93dfee0184b1171019a765b6744b84f6eec6b10e5818f |
| 4 | cryptoportfolio::bot_version: v0.5.1 | 4 | role::cryptoportfolio::bot_version: v0.5.1 |
| 5 | cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54 | 5 | role::cryptoportfolio::bot_sha256: 733789711365b2397bd996689af616a6789207d26c71a31ad1af68620b267d54 |
diff --git a/manifests/site.pp b/manifests/site.pp index f922d2b..3d40ad2 100644 --- a/manifests/site.pp +++ b/manifests/site.pp | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | node default { | 1 | node default { |
| 2 | lookup('classes', Hash, 'deep').each |$class_name, $class_hash| { | 2 | lookup('classes').each |$class_name, $class_hash| { |
| 3 | if empty($class_hash) { | 3 | if empty($class_hash) { |
| 4 | include $class_name | 4 | include $class_name |
| 5 | } else { | 5 | } else { |
diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp index b3ce492..6f7732d 100644 --- a/modules/base_installation/manifests/puppet.pp +++ b/modules/base_installation/manifests/puppet.pp | |||
| @@ -67,7 +67,7 @@ class base_installation::puppet ( | |||
| 67 | require => File[$base_installation::puppet_conf_path], | 67 | require => File[$base_installation::puppet_conf_path], |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | $ips = lookup("ips") |$key| { {} } | 70 | $ips = lookup("ips", { 'default_value' => undef }) |
| 71 | file { "$base_installation::puppet_conf_path/host_ldap.info": | 71 | file { "$base_installation::puppet_conf_path/host_ldap.info": |
| 72 | content => template("base_installation/puppet/host_ldap.info.erb"), | 72 | content => template("base_installation/puppet/host_ldap.info.erb"), |
| 73 | require => File[$base_installation::puppet_conf_path], | 73 | require => File[$base_installation::puppet_conf_path], |
diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp index c641f4b..d7b4d61 100644 --- a/modules/base_installation/manifests/services.pp +++ b/modules/base_installation/manifests/services.pp | |||
| @@ -38,7 +38,7 @@ class base_installation::services inherits base_installation { | |||
| 38 | group => "root" | 38 | group => "root" |
| 39 | } | 39 | } |
| 40 | 40 | ||
| 41 | $ip6 = lookup("ips.v6") |$key| { {} } | 41 | $ip6 = lookup("ips.v6", { 'default_value' => undef }) |
| 42 | file { '/etc/systemd/network/en-dhcp.network': | 42 | file { '/etc/systemd/network/en-dhcp.network': |
| 43 | ensure => "present", | 43 | ensure => "present", |
| 44 | path => "/etc/systemd/network/en-dhcp.network", | 44 | path => "/etc/systemd/network/en-dhcp.network", |
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp index 766c0f0..f893c51 100644 --- a/modules/base_installation/manifests/users.pp +++ b/modules/base_installation/manifests/users.pp | |||
| @@ -26,22 +26,26 @@ class base_installation::users ( | |||
| 26 | ensure => "present", | 26 | ensure => "present", |
| 27 | groups => $user[groups], | 27 | groups => $user[groups], |
| 28 | managehome => true, | 28 | managehome => true, |
| 29 | system => !!$user[system], | ||
| 29 | home => "/home/${user[username]}", | 30 | home => "/home/${user[username]}", |
| 30 | notify => Exec["remove_password"], | 31 | notify => Exec["remove_password:${user[username]}:${user[userid]}"], |
| 31 | purge_ssh_keys => true | 32 | purge_ssh_keys => true |
| 32 | } | 33 | } |
| 33 | 34 | ||
| 34 | exec { "remove_password": | 35 | exec { "remove_password:${user[username]}:${user[userid]}": |
| 35 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", | 36 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", |
| 37 | onlyif => "/usr/bin/test -z '${user[password]}'", | ||
| 36 | refreshonly => true | 38 | refreshonly => true |
| 37 | } | 39 | } |
| 38 | 40 | ||
| 39 | $user[keys].each |$key| { | 41 | if has_key($user, "keys") { |
| 40 | ssh_authorized_key { "${user[username]}@${key[host]}": | 42 | $user[keys].each |$key| { |
| 41 | name => "${user[username]}@${key[host]}", | 43 | ssh_authorized_key { "${user[username]}@${key[host]}": |
| 42 | user => $user[username], | 44 | name => "${user[username]}@${key[host]}", |
| 43 | type => $key[key_type], | 45 | user => $user[username], |
| 44 | key => $key[key], | 46 | type => $key[key_type], |
| 47 | key => $key[key], | ||
| 48 | } | ||
| 45 | } | 49 | } |
| 46 | } | 50 | } |
| 47 | } | 51 | } |
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
| @@ -67,13 +67,12 @@ class profile::apache { | |||
| 67 | install_method => "package", | 67 | install_method => "package", |
| 68 | package_name => "certbot", | 68 | package_name => "certbot", |
| 69 | package_command => "certbot", | 69 | package_command => "certbot", |
| 70 | # FIXME | 70 | email => lookup('letsencrypt::email'), |
| 71 | email => 'sites+letsencrypt@mail.immae.eu', | ||
| 72 | } | 71 | } |
| 73 | 72 | ||
| 74 | $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } | 73 | $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) |
| 75 | unless empty($real_hostname) { | 74 | unless empty($real_hostname) { |
| 76 | if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { | 75 | if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { |
| 77 | letsencrypt::certonly { $real_hostname: | 76 | letsencrypt::certonly { $real_hostname: |
| 78 | before => Apache::Vhost["default_ssl"]; | 77 | before => Apache::Vhost["default_ssl"]; |
| 79 | default: * => $::profile::apache::letsencrypt_certonly_default; | 78 | default: * => $::profile::apache::letsencrypt_certonly_default; |
| @@ -110,6 +109,14 @@ class profile::apache { | |||
| 110 | } | 109 | } |
| 111 | } | 110 | } |
| 112 | 111 | ||
| 112 | lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { | ||
| 113 | if ($host != $real_hostname) { # Done above already | ||
| 114 | letsencrypt::certonly { $host: ; | ||
| 115 | default: * => $letsencrypt_certonly_default; | ||
| 116 | } | ||
| 117 | } | ||
| 118 | } | ||
| 119 | |||
| 113 | apache::vhost { "redirect_no_ssl": | 120 | apache::vhost { "redirect_no_ssl": |
| 114 | port => '80', | 121 | port => '80', |
| 115 | error_log => false, | 122 | error_log => false, |
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index bec247e..8b4a63b 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
| @@ -1,4 +1,22 @@ | |||
| 1 | class role::cryptoportfolio { | 1 | class role::cryptoportfolio ( |
| 2 | String $user, | ||
| 3 | String $group, | ||
| 4 | String $home, | ||
| 5 | Optional[String] $env = "prod", | ||
| 6 | Optional[String] $webhook_url = undef, | ||
| 7 | String $pg_user, | ||
| 8 | String $pg_user_replication, | ||
| 9 | String $pg_db, | ||
| 10 | Optional[String] $pg_hostname = "localhost", | ||
| 11 | Optional[String] $pg_port = "5432", | ||
| 12 | Optional[String] $web_host = undef, | ||
| 13 | Optional[String] $web_port = "", | ||
| 14 | Optional[Boolean] $web_ssl = true, | ||
| 15 | Optional[String] $front_version = undef, | ||
| 16 | Optional[String] $front_sha256 = undef, | ||
| 17 | Optional[String] $bot_version = undef, | ||
| 18 | Optional[String] $bot_sha256 = undef, | ||
| 19 | ) { | ||
| 2 | ensure_resource('exec', 'systemctl daemon-reload', { | 20 | ensure_resource('exec', 'systemctl daemon-reload', { |
| 3 | command => '/usr/bin/systemctl daemon-reload', | 21 | command => '/usr/bin/systemctl daemon-reload', |
| 4 | refreshonly => true | 22 | refreshonly => true |
| @@ -11,37 +29,23 @@ class role::cryptoportfolio { | |||
| 11 | include "profile::apache" | 29 | include "profile::apache" |
| 12 | include "profile::xmr_stak" | 30 | include "profile::xmr_stak" |
| 13 | 31 | ||
| 14 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 32 | $password_seed = lookup("base_installation::puppet_pass_seed") |
| 15 | 33 | ||
| 16 | $cf_pg_user = "cryptoportfolio" | 34 | $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") |
| 17 | $cf_pg_user_replication = "cryptoportfolio_replication" | 35 | $pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication") |
| 18 | $cf_pg_db = "cryptoportfolio" | 36 | $pg_host = "${pg_hostname}:${pg_port}" |
| 19 | $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") | 37 | |
| 20 | $cf_pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication") | 38 | $cf_front_app = "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" |
| 21 | $cf_pg_hostname = "localhost" | ||
| 22 | $cf_pg_port = "5432" | ||
| 23 | $cf_pg_host = "${cf_pg_hostname}:${cf_pg_port}" | ||
| 24 | |||
| 25 | $cf_user = "cryptoportfolio" | ||
| 26 | $cf_group = "cryptoportfolio" | ||
| 27 | $cf_home = "/opt/cryptoportfolio" | ||
| 28 | $cf_env = "prod" | ||
| 29 | $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" } | ||
| 30 | $cf_front_app_port = "" | ||
| 31 | $cf_front_app_ssl = "true" | ||
| 32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | ||
| 33 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" | 39 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" |
| 34 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" | 40 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" |
| 35 | $cf_front_app_api_conf = "${cf_home}/conf.toml" | 41 | $cf_front_app_api_conf = "${home}/conf.toml" |
| 36 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") | 42 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") |
| 37 | 43 | ||
| 38 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" | 44 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" |
| 39 | 45 | ||
| 40 | $cf_bot_app = "${cf_home}/bot" | 46 | $cf_bot_app = "${home}/bot" |
| 41 | $cf_bot_app_conf = "${cf_home}/bot_config.ini" | 47 | $cf_bot_app_conf = "${home}/bot_config.ini" |
| 42 | $cf_bot_app_reports = "${cf_home}/bot_reports" | 48 | $cf_bot_app_reports = "${home}/bot_reports" |
| 43 | |||
| 44 | $cf_webhook_url = lookup("cryptoportfolio::slack_webhook") |$key| { "" } | ||
| 45 | 49 | ||
| 46 | file { "/var/lib/postgres/data/certs": | 50 | file { "/var/lib/postgres/data/certs": |
| 47 | ensure => directory, | 51 | ensure => directory, |
| @@ -52,21 +56,21 @@ class role::cryptoportfolio { | |||
| 52 | } | 56 | } |
| 53 | 57 | ||
| 54 | file { "/var/lib/postgres/data/certs/cert.pem": | 58 | file { "/var/lib/postgres/data/certs/cert.pem": |
| 55 | source => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem", | 59 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", |
| 56 | mode => "0600", | 60 | mode => "0600", |
| 57 | links => "follow", | 61 | links => "follow", |
| 58 | owner => $::profile::postgresql::pg_user, | 62 | owner => $::profile::postgresql::pg_user, |
| 59 | group => $::profile::postgresql::pg_user, | 63 | group => $::profile::postgresql::pg_user, |
| 60 | require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] | 64 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] |
| 61 | } | 65 | } |
| 62 | 66 | ||
| 63 | file { "/var/lib/postgres/data/certs/privkey.pem": | 67 | file { "/var/lib/postgres/data/certs/privkey.pem": |
| 64 | source => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | 68 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", |
| 65 | mode => "0600", | 69 | mode => "0600", |
| 66 | links => "follow", | 70 | links => "follow", |
| 67 | owner => $::profile::postgresql::pg_user, | 71 | owner => $::profile::postgresql::pg_user, |
| 68 | group => $::profile::postgresql::pg_user, | 72 | group => $::profile::postgresql::pg_user, |
| 69 | require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] | 73 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] |
| 70 | } | 74 | } |
| 71 | 75 | ||
| 72 | postgresql::server::config_entry { "wal_level": | 76 | postgresql::server::config_entry { "wal_level": |
| @@ -75,52 +79,52 @@ class role::cryptoportfolio { | |||
| 75 | 79 | ||
| 76 | postgresql::server::config_entry { "ssl": | 80 | postgresql::server::config_entry { "ssl": |
| 77 | value => "on", | 81 | value => "on", |
| 78 | require => Letsencrypt::Certonly[$cf_front_app_host], | 82 | require => Letsencrypt::Certonly[$web_host], |
| 79 | } | 83 | } |
| 80 | 84 | ||
| 81 | postgresql::server::config_entry { "ssl_cert_file": | 85 | postgresql::server::config_entry { "ssl_cert_file": |
| 82 | value => "/var/lib/postgres/data/certs/cert.pem", | 86 | value => "/var/lib/postgres/data/certs/cert.pem", |
| 83 | require => Letsencrypt::Certonly[$cf_front_app_host], | 87 | require => Letsencrypt::Certonly[$web_host], |
| 84 | } | 88 | } |
| 85 | 89 | ||
| 86 | postgresql::server::config_entry { "ssl_key_file": | 90 | postgresql::server::config_entry { "ssl_key_file": |
| 87 | value => "/var/lib/postgres/data/certs/privkey.pem", | 91 | value => "/var/lib/postgres/data/certs/privkey.pem", |
| 88 | require => Letsencrypt::Certonly[$cf_front_app_host], | 92 | require => Letsencrypt::Certonly[$web_host], |
| 89 | } | 93 | } |
| 90 | 94 | ||
| 91 | postgresql::server::db { $cf_pg_db: | 95 | postgresql::server::db { $pg_db: |
| 92 | user => $cf_pg_user, | 96 | user => $pg_user, |
| 93 | password => postgresql_password($cf_pg_user, $cf_pg_password), | 97 | password => postgresql_password($pg_user, $pg_password), |
| 94 | } | 98 | } |
| 95 | -> | 99 | -> |
| 96 | postgresql_psql { "CREATE PUBLICATION ${cf_pg_db}_publication FOR ALL TABLES": | 100 | postgresql_psql { "CREATE PUBLICATION ${pg_db}_publication FOR ALL TABLES": |
| 97 | db => $cf_pg_db, | 101 | db => $pg_db, |
| 98 | unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${cf_pg_db}_publication'", | 102 | unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'", |
| 99 | } | 103 | } |
| 100 | -> | 104 | -> |
| 101 | postgresql::server::role { $cf_pg_user_replication: | 105 | postgresql::server::role { $pg_user_replication: |
| 102 | db => $cf_pg_db, | 106 | db => $pg_db, |
| 103 | replication => true, | 107 | replication => true, |
| 104 | password_hash => postgresql_password($cf_pg_user_replication, $cf_pg_replication_password), | 108 | password_hash => postgresql_password($pg_user_replication, $pg_replication_password), |
| 105 | } | 109 | } |
| 106 | -> | 110 | -> |
| 107 | postgresql::server::database_grant { $cf_pg_user_replication: | 111 | postgresql::server::database_grant { $pg_user_replication: |
| 108 | db => $cf_pg_db, | 112 | db => $pg_db, |
| 109 | privilege => "CONNECT", | 113 | privilege => "CONNECT", |
| 110 | role => $cf_pg_user_replication, | 114 | role => $pg_user_replication, |
| 111 | } | 115 | } |
| 112 | -> | 116 | -> |
| 113 | postgresql::server::grant { "all tables in schema:public:$cf_pg_user_replication": | 117 | postgresql::server::grant { "all tables in schema:public:$pg_user_replication": |
| 114 | db => $cf_pg_db, | 118 | db => $pg_db, |
| 115 | role => $cf_pg_user_replication, | 119 | role => $pg_user_replication, |
| 116 | privilege => "SELECT", | 120 | privilege => "SELECT", |
| 117 | object_type => "ALL TABLES IN SCHEMA", | 121 | object_type => "ALL TABLES IN SCHEMA", |
| 118 | object_name => "public", | 122 | object_name => "public", |
| 119 | } | 123 | } |
| 120 | -> | 124 | -> |
| 121 | postgresql::server::grant { "all sequences in schema:public:$cf_pg_user_replication": | 125 | postgresql::server::grant { "all sequences in schema:public:$pg_user_replication": |
| 122 | db => $cf_pg_db, | 126 | db => $pg_db, |
| 123 | role => $cf_pg_user_replication, | 127 | role => $pg_user_replication, |
| 124 | privilege => "SELECT", | 128 | privilege => "SELECT", |
| 125 | object_type => "ALL SEQUENCES IN SCHEMA", | 129 | object_type => "ALL SEQUENCES IN SCHEMA", |
| 126 | object_name => "public", | 130 | object_name => "public", |
| @@ -128,16 +132,16 @@ class role::cryptoportfolio { | |||
| 128 | 132 | ||
| 129 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': | 133 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': |
| 130 | type => 'host', | 134 | type => 'host', |
| 131 | database => $cf_pg_db, | 135 | database => $pg_db, |
| 132 | user => $cf_pg_user, | 136 | user => $pg_user, |
| 133 | address => '127.0.0.1/32', | 137 | address => '127.0.0.1/32', |
| 134 | auth_method => 'md5', | 138 | auth_method => 'md5', |
| 135 | order => "b0", | 139 | order => "b0", |
| 136 | } | 140 | } |
| 137 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
| 138 | type => 'host', | 142 | type => 'host', |
| 139 | database => $cf_pg_db, | 143 | database => $pg_db, |
| 140 | user => $cf_pg_user, | 144 | user => $pg_user, |
| 141 | address => '::1/128', | 145 | address => '::1/128', |
| 142 | auth_method => 'md5', | 146 | auth_method => 'md5', |
| 143 | order => "b0", | 147 | order => "b0", |
| @@ -145,83 +149,64 @@ class role::cryptoportfolio { | |||
| 145 | 149 | ||
| 146 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': | 150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': |
| 147 | type => 'hostssl', | 151 | type => 'hostssl', |
| 148 | database => $cf_pg_db, | 152 | database => $pg_db, |
| 149 | user => $cf_pg_user_replication, | 153 | user => $pg_user_replication, |
| 150 | address => 'immae.eu', | 154 | address => 'immae.eu', |
| 151 | auth_method => 'md5', | 155 | auth_method => 'md5', |
| 152 | order => "b0", | 156 | order => "b0", |
| 153 | } | 157 | } |
| 154 | 158 | ||
| 155 | letsencrypt::certonly { $cf_front_app_host: ; | ||
| 156 | default: * => $::profile::apache::letsencrypt_certonly_default; | ||
| 157 | } | ||
| 158 | |||
| 159 | class { 'apache::mod::headers': } | 159 | class { 'apache::mod::headers': } |
| 160 | apache::vhost { $cf_front_app_host: | 160 | apache::vhost { $web_host: |
| 161 | port => '443', | 161 | port => '443', |
| 162 | docroot => false, | 162 | docroot => false, |
| 163 | manage_docroot => false, | 163 | manage_docroot => false, |
| 164 | proxy_dest => "http://localhost:8000", | 164 | proxy_dest => "http://localhost:8000", |
| 165 | request_headers => 'set X-Forwarded-Proto "https"', | 165 | request_headers => 'set X-Forwarded-Proto "https"', |
| 166 | ssl => true, | 166 | ssl => true, |
| 167 | ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", | 167 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", |
| 168 | ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | 168 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", |
| 169 | ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", | 169 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", |
| 170 | require => Letsencrypt::Certonly[$cf_front_app_host], | 170 | require => Letsencrypt::Certonly[$web_host], |
| 171 | proxy_preserve_host => true; | 171 | proxy_preserve_host => true; |
| 172 | default: * => $::profile::apache::apache_vhost_default; | 172 | default: * => $::profile::apache::apache_vhost_default; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | user { $cf_user: | ||
| 176 | name => $cf_user, | ||
| 177 | ensure => "present", | ||
| 178 | managehome => true, | ||
| 179 | home => $cf_home, | ||
| 180 | system => true, | ||
| 181 | password => '!!', | ||
| 182 | } | ||
| 183 | |||
| 184 | file { "/usr/local/bin/slack-notify": | 175 | file { "/usr/local/bin/slack-notify": |
| 185 | mode => "0755", | 176 | mode => "0755", |
| 186 | source => "puppet:///modules/role/cryptoportfolio/slack-notify.py", | 177 | source => "puppet:///modules/role/cryptoportfolio/slack-notify.py", |
| 187 | } | 178 | } |
| 188 | 179 | ||
| 189 | $front_version = lookup("cryptoportfolio::front_version") |$key| { {} } | ||
| 190 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } | ||
| 191 | |||
| 192 | $bot_version = lookup("cryptoportfolio::bot_version") |$key| { {} } | ||
| 193 | $bot_sha256 = lookup("cryptoportfolio::bot_sha256") |$key| { {} } | ||
| 194 | |||
| 195 | unless empty($bot_version) { | 180 | unless empty($bot_version) { |
| 196 | ensure_packages(["python", "python-pip"]) | 181 | ensure_packages(["python", "python-pip"]) |
| 197 | 182 | ||
| 198 | file { $cf_bot_app: | 183 | file { $cf_bot_app: |
| 199 | ensure => "directory", | 184 | ensure => "directory", |
| 200 | mode => "0700", | 185 | mode => "0700", |
| 201 | owner => $cf_user, | 186 | owner => $user, |
| 202 | group => $cf_group, | 187 | group => $group, |
| 203 | require => User[$cf_user], | 188 | require => User["$user:"], |
| 204 | } | 189 | } |
| 205 | 190 | ||
| 206 | archive { "${cf_home}/trader_${bot_version}.tar.gz": | 191 | archive { "${home}/trader_${bot_version}.tar.gz": |
| 207 | path => "${cf_home}/trader_${bot_version}.tar.gz", | 192 | path => "${home}/trader_${bot_version}.tar.gz", |
| 208 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", | 193 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", |
| 209 | checksum_type => "sha256", | 194 | checksum_type => "sha256", |
| 210 | checksum => $bot_sha256, | 195 | checksum => $bot_sha256, |
| 211 | cleanup => false, | 196 | cleanup => false, |
| 212 | extract => true, | 197 | extract => true, |
| 213 | user => $cf_user, | 198 | user => $user, |
| 214 | username => $facts["ec2_metadata"]["hostname"], | 199 | username => $facts["ec2_metadata"]["hostname"], |
| 215 | password => generate_password(24, $password_seed, "ldap"), | 200 | password => generate_password(24, $password_seed, "ldap"), |
| 216 | extract_path => $cf_bot_app, | 201 | extract_path => $cf_bot_app, |
| 217 | require => [User[$cf_user], File[$cf_bot_app]], | 202 | require => [User["$user:"], File[$cf_bot_app]], |
| 218 | } ~> | 203 | } ~> |
| 219 | exec { "py-cryptoportfolio-dependencies": | 204 | exec { "py-cryptoportfolio-dependencies": |
| 220 | cwd => $cf_bot_app, | 205 | cwd => $cf_bot_app, |
| 221 | user => $cf_user, | 206 | user => $user, |
| 222 | environment => ["HOME=${cf_home}"], | 207 | environment => ["HOME=${home}"], |
| 223 | command => "/usr/bin/make install", | 208 | command => "/usr/bin/make install", |
| 224 | require => User[$cf_user], | 209 | require => User["$user:"], |
| 225 | refreshonly => true, | 210 | refreshonly => true, |
| 226 | before => [ | 211 | before => [ |
| 227 | File[$cf_bot_app_conf], | 212 | File[$cf_bot_app_conf], |
| @@ -231,53 +216,53 @@ class role::cryptoportfolio { | |||
| 231 | } | 216 | } |
| 232 | 217 | ||
| 233 | file { $cf_bot_app_conf: | 218 | file { $cf_bot_app_conf: |
| 234 | owner => $cf_user, | 219 | owner => $user, |
| 235 | group => $cf_group, | 220 | group => $group, |
| 236 | mode => "0600", | 221 | mode => "0600", |
| 237 | content => template("role/cryptoportfolio/bot_config.ini.erb"), | 222 | content => template("role/cryptoportfolio/bot_config.ini.erb"), |
| 238 | require => [ | 223 | require => [ |
| 239 | User[$cf_user], | 224 | User["$user:"], |
| 240 | Archive["${cf_home}/trader_${bot_version}.tar.gz"], | 225 | Archive["${home}/trader_${bot_version}.tar.gz"], |
| 241 | ], | 226 | ], |
| 242 | } | 227 | } |
| 243 | 228 | ||
| 244 | cron { "py-cryptoportfolio-before": | 229 | cron { "py-cryptoportfolio-before": |
| 245 | ensure => present, | 230 | ensure => present, |
| 246 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before", | 231 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before", |
| 247 | user => "cryptoportfolio", | 232 | user => $user, |
| 248 | weekday => 7, # Sunday | 233 | weekday => 7, # Sunday |
| 249 | hour => 22, | 234 | hour => 22, |
| 250 | minute => 30, | 235 | minute => 30, |
| 251 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 236 | environment => ["HOME=${home}","PATH=/usr/bin/"], |
| 252 | require => [ | 237 | require => [ |
| 253 | File[$cf_bot_app_conf], | 238 | File[$cf_bot_app_conf], |
| 254 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] | 239 | Archive["${home}/trader_${bot_version}.tar.gz"] |
| 255 | ], | 240 | ], |
| 256 | } | 241 | } |
| 257 | 242 | ||
| 258 | cron { "py-cryptoportfolio-after": | 243 | cron { "py-cryptoportfolio-after": |
| 259 | ensure => present, | 244 | ensure => present, |
| 260 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after", | 245 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after", |
| 261 | user => "cryptoportfolio", | 246 | user => $user, |
| 262 | weekday => 1, # Monday | 247 | weekday => 1, # Monday |
| 263 | hour => 1, | 248 | hour => 1, |
| 264 | minute => 0, | 249 | minute => 0, |
| 265 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 250 | environment => ["HOME=${home}","PATH=/usr/bin/"], |
| 266 | require => [ | 251 | require => [ |
| 267 | File[$cf_bot_app_conf], | 252 | File[$cf_bot_app_conf], |
| 268 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] | 253 | Archive["${home}/trader_${bot_version}.tar.gz"] |
| 269 | ], | 254 | ], |
| 270 | } | 255 | } |
| 271 | 256 | ||
| 272 | unless empty($cf_webhook_url) { | 257 | unless empty($webhook_url) { |
| 273 | exec { "bot-slack-notify": | 258 | exec { "bot-slack-notify": |
| 274 | refreshonly => true, | 259 | refreshonly => true, |
| 275 | environment => [ | 260 | environment => [ |
| 276 | "P_PROJECT=Trader", | 261 | "P_PROJECT=Trader", |
| 277 | "P_WEBHOOK=${cf_webhook_url}", | 262 | "P_WEBHOOK=${webhook_url}", |
| 278 | "P_VERSION=${bot_version}", | 263 | "P_VERSION=${bot_version}", |
| 279 | "P_HOST=${cf_front_app_host}", | 264 | "P_HOST=${web_host}", |
| 280 | "P_HTTPS=${cf_front_app_ssl}", | 265 | "P_HTTPS=${web_ssl}", |
| 281 | ], | 266 | ], |
| 282 | command => "/usr/local/bin/slack-notify", | 267 | command => "/usr/local/bin/slack-notify", |
| 283 | require => File["/usr/local/bin/slack-notify"], | 268 | require => File["/usr/local/bin/slack-notify"], |
| @@ -291,22 +276,22 @@ class role::cryptoportfolio { | |||
| 291 | ensure_packages(["go", "npm", "nodejs", "yarn"]) | 276 | ensure_packages(["go", "npm", "nodejs", "yarn"]) |
| 292 | 277 | ||
| 293 | file { [ | 278 | file { [ |
| 294 | "${cf_home}/go/", | 279 | "${home}/go/", |
| 295 | "${cf_home}/go/src", | 280 | "${home}/go/src", |
| 296 | "${cf_home}/go/src/immae.eu", | 281 | "${home}/go/src/immae.eu", |
| 297 | "${cf_home}/go/src/immae.eu/Immae", | 282 | "${home}/go/src/immae.eu/Immae", |
| 298 | "${cf_home}/go/src/immae.eu/Immae/Projets", | 283 | "${home}/go/src/immae.eu/Immae/Projets", |
| 299 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", | 284 | "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", |
| 300 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", | 285 | "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", |
| 301 | $cf_front_app]: | 286 | $cf_front_app]: |
| 302 | ensure => "directory", | 287 | ensure => "directory", |
| 303 | mode => "0700", | 288 | mode => "0700", |
| 304 | owner => $cf_user, | 289 | owner => $user, |
| 305 | group => $cf_group, | 290 | group => $group, |
| 306 | require => User[$cf_user], | 291 | require => User["$user:"], |
| 307 | } | 292 | } |
| 308 | 293 | ||
| 309 | file { "${cf_home}/front": | 294 | file { "${home}/front": |
| 310 | ensure => "link", | 295 | ensure => "link", |
| 311 | target => $cf_front_app, | 296 | target => $cf_front_app, |
| 312 | before => File[$cf_front_app], | 297 | before => File[$cf_front_app], |
| @@ -326,28 +311,28 @@ class role::cryptoportfolio { | |||
| 326 | subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]], | 311 | subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]], |
| 327 | require => [ | 312 | require => [ |
| 328 | File["/etc/systemd/system/cryptoportfolio-app.service"], | 313 | File["/etc/systemd/system/cryptoportfolio-app.service"], |
| 329 | Postgresql::Server::Db[$cf_pg_db] | 314 | Postgresql::Server::Db[$pg_db] |
| 330 | ], | 315 | ], |
| 331 | } ~> | 316 | } ~> |
| 332 | exec { "dump $cf_pg_db structure": | 317 | exec { "dump $pg_db structure": |
| 333 | refreshonly => true, | 318 | refreshonly => true, |
| 334 | user => $::profile::postgresql::pg_user, | 319 | user => $::profile::postgresql::pg_user, |
| 335 | group => $::profile::postgresql::pg_user, | 320 | group => $::profile::postgresql::pg_user, |
| 336 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema", | 321 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $pg_db > /var/lib/postgres/${pg_db}.schema", |
| 337 | } | 322 | } |
| 338 | 323 | ||
| 339 | archive { "${cf_home}/front_${front_version}.tar.gz": | 324 | archive { "${home}/front_${front_version}.tar.gz": |
| 340 | path => "${cf_home}/front_${front_version}.tar.gz", | 325 | path => "${home}/front_${front_version}.tar.gz", |
| 341 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | 326 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", |
| 342 | checksum_type => "sha256", | 327 | checksum_type => "sha256", |
| 343 | checksum => $front_sha256, | 328 | checksum => $front_sha256, |
| 344 | cleanup => false, | 329 | cleanup => false, |
| 345 | extract => true, | 330 | extract => true, |
| 346 | user => $cf_user, | 331 | user => $user, |
| 347 | username => $facts["ec2_metadata"]["hostname"], | 332 | username => $facts["ec2_metadata"]["hostname"], |
| 348 | password => generate_password(24, $password_seed, "ldap"), | 333 | password => generate_password(24, $password_seed, "ldap"), |
| 349 | extract_path => $cf_front_app, | 334 | extract_path => $cf_front_app, |
| 350 | require => [User[$cf_user], File[$cf_front_app]], | 335 | require => [User["$user:"], File[$cf_front_app]], |
| 351 | notify => [ | 336 | notify => [ |
| 352 | Exec["web-cryptoportfolio-dependencies"], | 337 | Exec["web-cryptoportfolio-dependencies"], |
| 353 | Exec["go-get-dep"], | 338 | Exec["go-get-dep"], |
| @@ -356,39 +341,39 @@ class role::cryptoportfolio { | |||
| 356 | 341 | ||
| 357 | # Api | 342 | # Api |
| 358 | file { $cf_front_app_api_conf: | 343 | file { $cf_front_app_api_conf: |
| 359 | owner => $cf_user, | 344 | owner => $user, |
| 360 | group => $cf_group, | 345 | group => $group, |
| 361 | mode => "0600", | 346 | mode => "0600", |
| 362 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | 347 | content => template("role/cryptoportfolio/api_conf.toml.erb"), |
| 363 | before => Exec["go-cryptoportfolio-app"], | 348 | before => Exec["go-cryptoportfolio-app"], |
| 364 | } | 349 | } |
| 365 | 350 | ||
| 366 | exec { "go-get-dep": | 351 | exec { "go-get-dep": |
| 367 | user => $cf_user, | 352 | user => $user, |
| 368 | environment => ["HOME=${cf_home}"], | 353 | environment => ["HOME=${home}"], |
| 369 | creates => "${cf_home}/go/bin/dep", | 354 | creates => "${home}/go/bin/dep", |
| 370 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | 355 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", |
| 371 | refreshonly => true, | 356 | refreshonly => true, |
| 372 | } ~> | 357 | } ~> |
| 373 | exec { "go-cryptoportfolio-dependencies": | 358 | exec { "go-cryptoportfolio-dependencies": |
| 374 | cwd => $cf_front_app, | 359 | cwd => $cf_front_app, |
| 375 | user => $cf_user, | 360 | user => $user, |
| 376 | environment => ["HOME=${cf_home}"], | 361 | environment => ["HOME=${home}"], |
| 377 | command => "${cf_home}/go/bin/dep ensure", | 362 | command => "${home}/go/bin/dep ensure", |
| 378 | refreshonly => true, | 363 | refreshonly => true, |
| 379 | } ~> | 364 | } ~> |
| 380 | exec { "go-cryptoportfolio-app": | 365 | exec { "go-cryptoportfolio-app": |
| 381 | cwd => $cf_front_app_api_workdir, | 366 | cwd => $cf_front_app_api_workdir, |
| 382 | user => $cf_user, | 367 | user => $user, |
| 383 | environment => ["HOME=${cf_home}"], | 368 | environment => ["HOME=${home}"], |
| 384 | command => "/usr/bin/make build", | 369 | command => "/usr/bin/make build", |
| 385 | refreshonly => true, | 370 | refreshonly => true, |
| 386 | } | 371 | } |
| 387 | 372 | ||
| 388 | # Static pages | 373 | # Static pages |
| 389 | file { $cf_front_app_static_conf: | 374 | file { $cf_front_app_static_conf: |
| 390 | owner => $cf_user, | 375 | owner => $user, |
| 391 | group => $cf_group, | 376 | group => $group, |
| 392 | mode => "0600", | 377 | mode => "0600", |
| 393 | content => template("role/cryptoportfolio/static_conf.env.erb"), | 378 | content => template("role/cryptoportfolio/static_conf.env.erb"), |
| 394 | before => Exec["web-cryptoportfolio-build"], | 379 | before => Exec["web-cryptoportfolio-build"], |
| @@ -396,30 +381,30 @@ class role::cryptoportfolio { | |||
| 396 | 381 | ||
| 397 | exec { "web-cryptoportfolio-dependencies": | 382 | exec { "web-cryptoportfolio-dependencies": |
| 398 | cwd => "${cf_front_app}/cmd/web", | 383 | cwd => "${cf_front_app}/cmd/web", |
| 399 | user => $cf_user, | 384 | user => $user, |
| 400 | environment => ["HOME=${cf_home}"], | 385 | environment => ["HOME=${home}"], |
| 401 | command => "/usr/bin/make install", | 386 | command => "/usr/bin/make install", |
| 402 | refreshonly => true, | 387 | refreshonly => true, |
| 403 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | 388 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] |
| 404 | } ~> | 389 | } ~> |
| 405 | exec { "web-cryptoportfolio-build": | 390 | exec { "web-cryptoportfolio-build": |
| 406 | cwd => "${cf_front_app}/cmd/web", | 391 | cwd => "${cf_front_app}/cmd/web", |
| 407 | user => $cf_user, | 392 | user => $user, |
| 408 | environment => ["HOME=${cf_home}"], | 393 | environment => ["HOME=${home}"], |
| 409 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], | 394 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], |
| 410 | command => "/usr/bin/make static ENV=${cf_env}", | 395 | command => "/usr/bin/make static ENV=${env}", |
| 411 | refreshonly => true, | 396 | refreshonly => true, |
| 412 | } | 397 | } |
| 413 | 398 | ||
| 414 | unless empty($cf_webhook_url) { | 399 | unless empty($webhook_url) { |
| 415 | exec { "front-slack-notify": | 400 | exec { "front-slack-notify": |
| 416 | refreshonly => true, | 401 | refreshonly => true, |
| 417 | environment => [ | 402 | environment => [ |
| 418 | "P_PROJECT=Front", | 403 | "P_PROJECT=Front", |
| 419 | "P_WEBHOOK=${cf_webhook_url}", | 404 | "P_WEBHOOK=${webhook_url}", |
| 420 | "P_VERSION=${front_version}", | 405 | "P_VERSION=${front_version}", |
| 421 | "P_HOST=${cf_front_app_host}", | 406 | "P_HOST=${web_host}", |
| 422 | "P_HTTPS=${cf_front_app_ssl}", | 407 | "P_HTTPS=${web_ssl}", |
| 423 | ], | 408 | ], |
| 424 | command => "/usr/local/bin/slack-notify", | 409 | command => "/usr/local/bin/slack-notify", |
| 425 | require => File["/usr/local/bin/slack-notify"], | 410 | require => File["/usr/local/bin/slack-notify"], |
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb index 13550c9..7a4b66d 100644 --- a/modules/role/templates/cryptoportfolio/api_conf.toml.erb +++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb | |||
| @@ -1,15 +1,15 @@ | |||
| 1 | log_level="info" | 1 | log_level="info" |
| 2 | mode="<%= @cf_env %>" | 2 | mode="<%= @env %>" |
| 3 | log_out="stdout" | 3 | log_out="stdout" |
| 4 | 4 | ||
| 5 | [db] | 5 | [db] |
| 6 | user="<%= @cf_pg_user %>" | 6 | user="<%= @pg_user %>" |
| 7 | password="<%= @cf_pg_password %>" | 7 | password="<%= @pg_password %>" |
| 8 | database="<%= @cf_pg_db %>" | 8 | database="<%= @pg_db %>" |
| 9 | address="<%= @cf_pg_host %>" | 9 | address="<%= @pg_host %>" |
| 10 | 10 | ||
| 11 | [api] | 11 | [api] |
| 12 | domain="<%= @cf_front_app_host %>" | 12 | domain="<%= @web_host %>" |
| 13 | jwt_secret="<%= @cf_front_app_api_secret %>" | 13 | jwt_secret="<%= @cf_front_app_api_secret %>" |
| 14 | 14 | ||
| 15 | [app] | 15 | [app] |
diff --git a/modules/role/templates/cryptoportfolio/bot_config.ini.erb b/modules/role/templates/cryptoportfolio/bot_config.ini.erb index 30298eb..b0211a6 100644 --- a/modules/role/templates/cryptoportfolio/bot_config.ini.erb +++ b/modules/role/templates/cryptoportfolio/bot_config.ini.erb | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | [postgresql] | 1 | [postgresql] |
| 2 | host = <%= @cf_pg_hostname %> | 2 | host = <%= @pg_hostname %> |
| 3 | port = <%= @cf_pg_port %> | 3 | port = <%= @pg_port %> |
| 4 | user = <%= @cf_pg_user %> | 4 | user = <%= @pg_user %> |
| 5 | password = <%= @cf_pg_password %> | 5 | password = <%= @pg_password %> |
| 6 | database = <%= @cf_pg_db %> | 6 | database = <%= @pg_db %> |
| 7 | 7 | ||
| 8 | [app] | 8 | [app] |
| 9 | report_path = <%= @cf_bot_app_reports %> | 9 | report_path = <%= @cf_bot_app_reports %> |
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb index a521c0e..ed2b908 100644 --- a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb +++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | |||
| @@ -5,8 +5,8 @@ Description=Cryptoportfolio app | |||
| 5 | Type=simple | 5 | Type=simple |
| 6 | 6 | ||
| 7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> | 7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> |
| 8 | User=<%= @cf_user %> | 8 | User=<%= @user %> |
| 9 | Group=<%= @cf_group %> | 9 | Group=<%= @group %> |
| 10 | UMask=007 | 10 | UMask=007 |
| 11 | 11 | ||
| 12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> | 12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> |
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb index db9759d..314ee14 100644 --- a/modules/role/templates/cryptoportfolio/static_conf.env.erb +++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | API_HOST="<%= @cf_front_app_host %>" | 1 | API_HOST="<%= @web_host %>" |
| 2 | API_PORT="<%= @cf_front_app_port %>" | 2 | API_PORT="<%= @web_port %>" |
| 3 | API_HTTPS="<%= @cf_front_app_ssl %>" | 3 | API_HTTPS="<%= @web_ssl %>" |
| 4 | 4 | ||