diff options
Diffstat (limited to 'modules/profile')
-rw-r--r-- | modules/profile/manifests/apache.pp | 15 | ||||
-rw-r--r-- | modules/profile/manifests/postgresql.pp | 14 | ||||
-rw-r--r-- | modules/profile/manifests/xmr_stak.pp | 11 |
3 files changed, 24 insertions, 16 deletions
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
@@ -67,13 +67,12 @@ class profile::apache { | |||
67 | install_method => "package", | 67 | install_method => "package", |
68 | package_name => "certbot", | 68 | package_name => "certbot", |
69 | package_command => "certbot", | 69 | package_command => "certbot", |
70 | # FIXME | 70 | email => lookup('letsencrypt::email'), |
71 | email => 'sites+letsencrypt@mail.immae.eu', | ||
72 | } | 71 | } |
73 | 72 | ||
74 | $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } | 73 | $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) |
75 | unless empty($real_hostname) { | 74 | unless empty($real_hostname) { |
76 | if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { | 75 | if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { |
77 | letsencrypt::certonly { $real_hostname: | 76 | letsencrypt::certonly { $real_hostname: |
78 | before => Apache::Vhost["default_ssl"]; | 77 | before => Apache::Vhost["default_ssl"]; |
79 | default: * => $::profile::apache::letsencrypt_certonly_default; | 78 | default: * => $::profile::apache::letsencrypt_certonly_default; |
@@ -110,6 +109,14 @@ class profile::apache { | |||
110 | } | 109 | } |
111 | } | 110 | } |
112 | 111 | ||
112 | lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { | ||
113 | if ($host != $real_hostname) { # Done above already | ||
114 | letsencrypt::certonly { $host: ; | ||
115 | default: * => $letsencrypt_certonly_default; | ||
116 | } | ||
117 | } | ||
118 | } | ||
119 | |||
113 | apache::vhost { "redirect_no_ssl": | 120 | apache::vhost { "redirect_no_ssl": |
114 | port => '80', | 121 | port => '80', |
115 | error_log => false, | 122 | error_log => false, |
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 1024c66..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp | |||
@@ -1,5 +1,5 @@ | |||
1 | class profile::postgresql { | 1 | class profile::postgresql { |
2 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 2 | $password_seed = lookup("base_installation::puppet_pass_seed") |
3 | 3 | ||
4 | class { '::postgresql::globals': | 4 | class { '::postgresql::globals': |
5 | encoding => 'UTF-8', | 5 | encoding => 'UTF-8', |
@@ -32,7 +32,7 @@ class profile::postgresql { | |||
32 | database => 'all', | 32 | database => 'all', |
33 | user => $pg_user, | 33 | user => $pg_user, |
34 | auth_method => 'ident', | 34 | auth_method => 'ident', |
35 | order => "a1", | 35 | order => "00-01", |
36 | } | 36 | } |
37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': | 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': |
38 | description => 'Allow localhost access to postgres user', | 38 | description => 'Allow localhost access to postgres user', |
@@ -41,7 +41,7 @@ class profile::postgresql { | |||
41 | user => $pg_user, | 41 | user => $pg_user, |
42 | address => "127.0.0.1/32", | 42 | address => "127.0.0.1/32", |
43 | auth_method => 'md5', | 43 | auth_method => 'md5', |
44 | order => "a2", | 44 | order => "00-02", |
45 | } | 45 | } |
46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': |
47 | description => 'Allow localhost access to postgres user', | 47 | description => 'Allow localhost access to postgres user', |
@@ -50,7 +50,7 @@ class profile::postgresql { | |||
50 | user => $pg_user, | 50 | user => $pg_user, |
51 | address => "::1/128", | 51 | address => "::1/128", |
52 | auth_method => 'md5', | 52 | auth_method => 'md5', |
53 | order => "a3", | 53 | order => "00-03", |
54 | } | 54 | } |
55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': |
56 | description => 'Deny remote access to postgres user', | 56 | description => 'Deny remote access to postgres user', |
@@ -59,7 +59,7 @@ class profile::postgresql { | |||
59 | user => $pg_user, | 59 | user => $pg_user, |
60 | address => "0.0.0.0/0", | 60 | address => "0.0.0.0/0", |
61 | auth_method => 'reject', | 61 | auth_method => 'reject', |
62 | order => "a4", | 62 | order => "00-04", |
63 | } | 63 | } |
64 | 64 | ||
65 | postgresql::server::pg_hba_rule { 'local access': | 65 | postgresql::server::pg_hba_rule { 'local access': |
@@ -68,7 +68,7 @@ class profile::postgresql { | |||
68 | database => 'all', | 68 | database => 'all', |
69 | user => 'all', | 69 | user => 'all', |
70 | auth_method => 'md5', | 70 | auth_method => 'md5', |
71 | order => "b1", | 71 | order => "10-01", |
72 | } | 72 | } |
73 | 73 | ||
74 | postgresql::server::pg_hba_rule { 'local access with same name': | 74 | postgresql::server::pg_hba_rule { 'local access with same name': |
@@ -77,7 +77,7 @@ class profile::postgresql { | |||
77 | database => 'all', | 77 | database => 'all', |
78 | user => 'all', | 78 | user => 'all', |
79 | auth_method => 'ident', | 79 | auth_method => 'ident', |
80 | order => "b2", | 80 | order => "10-02", |
81 | } | 81 | } |
82 | 82 | ||
83 | } | 83 | } |
diff --git a/modules/profile/manifests/xmr_stak.pp b/modules/profile/manifests/xmr_stak.pp index e5582eb..c8bbcdd 100644 --- a/modules/profile/manifests/xmr_stak.pp +++ b/modules/profile/manifests/xmr_stak.pp | |||
@@ -1,4 +1,8 @@ | |||
1 | class profile::xmr_stak { | 1 | class profile::xmr_stak ( |
2 | String $mining_pool, | ||
3 | String $wallet, | ||
4 | Optional[String] $password = "x", | ||
5 | ) { | ||
2 | ensure_resource('exec', 'systemctl daemon-reload', { | 6 | ensure_resource('exec', 'systemctl daemon-reload', { |
3 | command => '/usr/bin/systemctl daemon-reload', | 7 | command => '/usr/bin/systemctl daemon-reload', |
4 | refreshonly => true | 8 | refreshonly => true |
@@ -26,10 +30,7 @@ class profile::xmr_stak { | |||
26 | notify => Exec["systemctl daemon-reload"] | 30 | notify => Exec["systemctl daemon-reload"] |
27 | } | 31 | } |
28 | 32 | ||
29 | $mining_pool = lookup("xmr_stak::mining_pool") |$key| { {} } | 33 | $instance = regsubst(lookup("base_installation::ldap_cn"), '\.', "_", "G") |
30 | $wallet = lookup("xmr_stak::wallet") |$key| { {} } | ||
31 | $password = lookup("xmr_stak::password") |$key| { "x" } | ||
32 | $instance = regsubst($facts["ec2_metadata"]["hostname"], '\.', "_", "G") | ||
33 | 34 | ||
34 | file { "/var/lib/xmr_stak/xmr-stak.conf": | 35 | file { "/var/lib/xmr_stak/xmr-stak.conf": |
35 | mode => "0644", | 36 | mode => "0644", |