aboutsummaryrefslogtreecommitdiff
path: root/modules/role
diff options
context:
space:
mode:
Diffstat (limited to 'modules/role')
-rw-r--r--modules/role/manifests/backup.pp125
-rw-r--r--modules/role/manifests/cryptoportfolio.pp438
-rw-r--r--modules/role/manifests/cryptoportfolio/apache.pp17
-rw-r--r--modules/role/manifests/cryptoportfolio/bot.pp101
-rw-r--r--modules/role/manifests/cryptoportfolio/front.pp158
-rw-r--r--modules/role/manifests/cryptoportfolio/notify.pp6
-rw-r--r--modules/role/manifests/cryptoportfolio/postgresql.pp116
-rw-r--r--modules/role/templates/backup/backup_dirname_head.sh.erb27
-rw-r--r--modules/role/templates/backup/backup_dirname_part.sh.erb26
-rw-r--r--modules/role/templates/backup/backup_dirname_tail.sh.erb4
-rw-r--r--modules/role/templates/backup/backup_head.sh.erb20
-rw-r--r--modules/role/templates/backup/backup_immae_eu.sh.erb79
-rw-r--r--modules/role/templates/backup/backup_tail.sh.erb0
-rw-r--r--modules/role/templates/backup/ssh_host_changed.info.erb4
-rw-r--r--modules/role/templates/backup/ssh_key_changed.info.erb5
-rw-r--r--modules/role/templates/cryptoportfolio/api_conf.toml.erb12
-rw-r--r--modules/role/templates/cryptoportfolio/bot_config.ini.erb10
-rw-r--r--modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb4
-rw-r--r--modules/role/templates/cryptoportfolio/static_conf.env.erb6
19 files changed, 728 insertions, 430 deletions
diff --git a/modules/role/manifests/backup.pp b/modules/role/manifests/backup.pp
new file mode 100644
index 0000000..7a0c275
--- /dev/null
+++ b/modules/role/manifests/backup.pp
@@ -0,0 +1,125 @@
1class role::backup (
2 String $user,
3 String $group,
4 String $mailto,
5 Optional[Array] $backups = [],
6 Optional[String] $mountpoint = "/backup1",
7 Optional[String] $backup_script = "/usr/local/bin/backup.sh",
8) {
9 include "base_installation"
10
11 include "profile::fstab"
12 include "profile::mail"
13 include "profile::tools"
14 include "profile::xmr_stak"
15 include "profile::known_hosts"
16
17 ensure_packages(["rsync"])
18
19 ssh_keygen { $user:
20 notify => Notify_refresh["notify-backup-sshkey-change"]
21 }
22
23 $hosts = $backups.map |$backup| { $backup["host"] }
24
25 notify_refresh { "notify-backup-sshkey-change":
26 message => template("role/backup/ssh_key_changed.info.erb"),
27 refreshonly => true
28 }
29
30 $hosts.each |$host| {
31 notify_refresh { "notify-backup-sshhost-$host-changed":
32 message => template("role/backup/ssh_host_changed.info.erb"),
33 refreshonly => true,
34 subscribe => Sshkey[$host],
35 }
36 }
37
38 concat { $backup_script:
39 ensure => "present",
40 ensure_newline => true,
41 mode => "0755",
42 }
43
44 cron { "backup":
45 ensure => present,
46 command => $backup_script,
47 user => $user,
48 minute => 25,
49 hour => 3,
50 require => Concat[$backup_script],
51 }
52
53 concat::fragment { "backup_head":
54 target => $backup_script,
55 content => template("role/backup/backup_head.sh.erb"),
56 order => "01-50",
57 }
58
59 concat::fragment { "backup_tail":
60 target => $backup_script,
61 content => template("role/backup/backup_tail.sh.erb"),
62 order => "99-50",
63 }
64
65 $backups.each |$infos| {
66 $dirname = $infos["name"]
67 $login = $infos["login"]
68 $host = $infos["host"]
69 $dest = "$login@$host"
70 $base = "$mountpoint/$dirname"
71 $nbr = $infos["nbr"]
72 $order_dirname = $infos["order"]
73
74 file { $base:
75 ensure => "directory",
76 owner => $user,
77 group => $group,
78 require => Mount[$mountpoint],
79 } ->
80 file { "$base/older":
81 ensure => "directory",
82 owner => $user,
83 group => $group,
84 } ->
85 file { "$base/rsync_output":
86 ensure => "directory",
87 owner => $user,
88 group => $group,
89 }
90
91 concat::fragment { "backup_${dirname}_head":
92 target => $backup_script,
93 content => template("role/backup/backup_dirname_head.sh.erb"),
94 order => "$order_dirname-01",
95 }
96
97 concat::fragment { "backup_${dirname}_tail":
98 target => $backup_script,
99 content => template("role/backup/backup_dirname_tail.sh.erb"),
100 order => "$order_dirname-99",
101 }
102
103 $infos["parts"].each |$part| {
104 $local_folder = $part["local_folder"]
105 $remote_folder = $part["remote_folder"]
106 $exclude_from = $part["exclude_from"]
107 $files_from = $part["files_from"]
108 $args = $part["args"]
109 $order_part = $part["order"]
110
111 file { "$base/$local_folder":
112 ensure => "directory",
113 owner => $user,
114 group => $group,
115 require => File[$base],
116 }
117
118 concat::fragment { "backup_${dirname}_${local_folder}":
119 target => $backup_script,
120 content => template("role/backup/backup_dirname_part.sh.erb"),
121 order => "$order_dirname-$order_part",
122 }
123 }
124 }
125}
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index bec247e..799e297 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -1,9 +1,22 @@
1class role::cryptoportfolio { 1class role::cryptoportfolio (
2 ensure_resource('exec', 'systemctl daemon-reload', { 2 String $user,
3 command => '/usr/bin/systemctl daemon-reload', 3 String $group,
4 refreshonly => true 4 String $home,
5 }) 5 Optional[String] $env = "prod",
6 6 Optional[String] $webhook_url = undef,
7 String $pg_user,
8 String $pg_user_replication,
9 String $pg_db,
10 Optional[String] $pg_hostname = "localhost",
11 Optional[String] $pg_port = "5432",
12 Optional[String] $web_host = undef,
13 Optional[String] $web_port = "",
14 Optional[Boolean] $web_ssl = true,
15 Optional[String] $front_version = undef,
16 Optional[String] $front_sha256 = undef,
17 Optional[String] $bot_version = undef,
18 Optional[String] $bot_sha256 = undef,
19) {
7 include "base_installation" 20 include "base_installation"
8 21
9 include "profile::tools" 22 include "profile::tools"
@@ -11,420 +24,17 @@ class role::cryptoportfolio {
11 include "profile::apache" 24 include "profile::apache"
12 include "profile::xmr_stak" 25 include "profile::xmr_stak"
13 26
14 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } 27 contain "role::cryptoportfolio::postgresql"
15 28 contain "role::cryptoportfolio::apache"
16 $cf_pg_user = "cryptoportfolio"
17 $cf_pg_user_replication = "cryptoportfolio_replication"
18 $cf_pg_db = "cryptoportfolio"
19 $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
20 $cf_pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication")
21 $cf_pg_hostname = "localhost"
22 $cf_pg_port = "5432"
23 $cf_pg_host = "${cf_pg_hostname}:${cf_pg_port}"
24
25 $cf_user = "cryptoportfolio"
26 $cf_group = "cryptoportfolio"
27 $cf_home = "/opt/cryptoportfolio"
28 $cf_env = "prod"
29 $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
30 $cf_front_app_port = ""
31 $cf_front_app_ssl = "true"
32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
33 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
34 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
35 $cf_front_app_api_conf = "${cf_home}/conf.toml"
36 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
37
38 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
39
40 $cf_bot_app = "${cf_home}/bot"
41 $cf_bot_app_conf = "${cf_home}/bot_config.ini"
42 $cf_bot_app_reports = "${cf_home}/bot_reports"
43
44 $cf_webhook_url = lookup("cryptoportfolio::slack_webhook") |$key| { "" }
45
46 file { "/var/lib/postgres/data/certs":
47 ensure => directory,
48 mode => "0700",
49 owner => $::profile::postgresql::pg_user,
50 group => $::profile::postgresql::pg_user,
51 require => File["/var/lib/postgres"],
52 }
53 29
54 file { "/var/lib/postgres/data/certs/cert.pem": 30 contain "role::cryptoportfolio::notify"
55 source => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem",
56 mode => "0600",
57 links => "follow",
58 owner => $::profile::postgresql::pg_user,
59 group => $::profile::postgresql::pg_user,
60 require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
61 }
62
63 file { "/var/lib/postgres/data/certs/privkey.pem":
64 source => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
65 mode => "0600",
66 links => "follow",
67 owner => $::profile::postgresql::pg_user,
68 group => $::profile::postgresql::pg_user,
69 require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
70 }
71
72 postgresql::server::config_entry { "wal_level":
73 value => "logical",
74 }
75
76 postgresql::server::config_entry { "ssl":
77 value => "on",
78 require => Letsencrypt::Certonly[$cf_front_app_host],
79 }
80
81 postgresql::server::config_entry { "ssl_cert_file":
82 value => "/var/lib/postgres/data/certs/cert.pem",
83 require => Letsencrypt::Certonly[$cf_front_app_host],
84 }
85
86 postgresql::server::config_entry { "ssl_key_file":
87 value => "/var/lib/postgres/data/certs/privkey.pem",
88 require => Letsencrypt::Certonly[$cf_front_app_host],
89 }
90
91 postgresql::server::db { $cf_pg_db:
92 user => $cf_pg_user,
93 password => postgresql_password($cf_pg_user, $cf_pg_password),
94 }
95 ->
96 postgresql_psql { "CREATE PUBLICATION ${cf_pg_db}_publication FOR ALL TABLES":
97 db => $cf_pg_db,
98 unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${cf_pg_db}_publication'",
99 }
100 ->
101 postgresql::server::role { $cf_pg_user_replication:
102 db => $cf_pg_db,
103 replication => true,
104 password_hash => postgresql_password($cf_pg_user_replication, $cf_pg_replication_password),
105 }
106 ->
107 postgresql::server::database_grant { $cf_pg_user_replication:
108 db => $cf_pg_db,
109 privilege => "CONNECT",
110 role => $cf_pg_user_replication,
111 }
112 ->
113 postgresql::server::grant { "all tables in schema:public:$cf_pg_user_replication":
114 db => $cf_pg_db,
115 role => $cf_pg_user_replication,
116 privilege => "SELECT",
117 object_type => "ALL TABLES IN SCHEMA",
118 object_name => "public",
119 }
120 ->
121 postgresql::server::grant { "all sequences in schema:public:$cf_pg_user_replication":
122 db => $cf_pg_db,
123 role => $cf_pg_user_replication,
124 privilege => "SELECT",
125 object_type => "ALL SEQUENCES IN SCHEMA",
126 object_name => "public",
127 }
128
129 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
130 type => 'host',
131 database => $cf_pg_db,
132 user => $cf_pg_user,
133 address => '127.0.0.1/32',
134 auth_method => 'md5',
135 order => "b0",
136 }
137 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
138 type => 'host',
139 database => $cf_pg_db,
140 user => $cf_pg_user,
141 address => '::1/128',
142 auth_method => 'md5',
143 order => "b0",
144 }
145
146 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
147 type => 'hostssl',
148 database => $cf_pg_db,
149 user => $cf_pg_user_replication,
150 address => 'immae.eu',
151 auth_method => 'md5',
152 order => "b0",
153 }
154
155 letsencrypt::certonly { $cf_front_app_host: ;
156 default: * => $::profile::apache::letsencrypt_certonly_default;
157 }
158
159 class { 'apache::mod::headers': }
160 apache::vhost { $cf_front_app_host:
161 port => '443',
162 docroot => false,
163 manage_docroot => false,
164 proxy_dest => "http://localhost:8000",
165 request_headers => 'set X-Forwarded-Proto "https"',
166 ssl => true,
167 ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
168 ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
169 ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
170 require => Letsencrypt::Certonly[$cf_front_app_host],
171 proxy_preserve_host => true;
172 default: * => $::profile::apache::apache_vhost_default;
173 }
174
175 user { $cf_user:
176 name => $cf_user,
177 ensure => "present",
178 managehome => true,
179 home => $cf_home,
180 system => true,
181 password => '!!',
182 }
183
184 file { "/usr/local/bin/slack-notify":
185 mode => "0755",
186 source => "puppet:///modules/role/cryptoportfolio/slack-notify.py",
187 }
188
189 $front_version = lookup("cryptoportfolio::front_version") |$key| { {} }
190 $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} }
191
192 $bot_version = lookup("cryptoportfolio::bot_version") |$key| { {} }
193 $bot_sha256 = lookup("cryptoportfolio::bot_sha256") |$key| { {} }
194 31
195 unless empty($bot_version) { 32 unless empty($bot_version) {
196 ensure_packages(["python", "python-pip"]) 33 contain "role::cryptoportfolio::bot"
197
198 file { $cf_bot_app:
199 ensure => "directory",
200 mode => "0700",
201 owner => $cf_user,
202 group => $cf_group,
203 require => User[$cf_user],
204 }
205
206 archive { "${cf_home}/trader_${bot_version}.tar.gz":
207 path => "${cf_home}/trader_${bot_version}.tar.gz",
208 source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz",
209 checksum_type => "sha256",
210 checksum => $bot_sha256,
211 cleanup => false,
212 extract => true,
213 user => $cf_user,
214 username => $facts["ec2_metadata"]["hostname"],
215 password => generate_password(24, $password_seed, "ldap"),
216 extract_path => $cf_bot_app,
217 require => [User[$cf_user], File[$cf_bot_app]],
218 } ~>
219 exec { "py-cryptoportfolio-dependencies":
220 cwd => $cf_bot_app,
221 user => $cf_user,
222 environment => ["HOME=${cf_home}"],
223 command => "/usr/bin/make install",
224 require => User[$cf_user],
225 refreshonly => true,
226 before => [
227 File[$cf_bot_app_conf],
228 Cron["py-cryptoportfolio-before"],
229 Cron["py-cryptoportfolio-after"],
230 ]
231 }
232
233 file { $cf_bot_app_conf:
234 owner => $cf_user,
235 group => $cf_group,
236 mode => "0600",
237 content => template("role/cryptoportfolio/bot_config.ini.erb"),
238 require => [
239 User[$cf_user],
240 Archive["${cf_home}/trader_${bot_version}.tar.gz"],
241 ],
242 }
243
244 cron { "py-cryptoportfolio-before":
245 ensure => present,
246 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before",
247 user => "cryptoportfolio",
248 weekday => 7, # Sunday
249 hour => 22,
250 minute => 30,
251 environment => ["HOME=${cf_home}","PATH=/usr/bin/"],
252 require => [
253 File[$cf_bot_app_conf],
254 Archive["${cf_home}/trader_${bot_version}.tar.gz"]
255 ],
256 }
257
258 cron { "py-cryptoportfolio-after":
259 ensure => present,
260 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after",
261 user => "cryptoportfolio",
262 weekday => 1, # Monday
263 hour => 1,
264 minute => 0,
265 environment => ["HOME=${cf_home}","PATH=/usr/bin/"],
266 require => [
267 File[$cf_bot_app_conf],
268 Archive["${cf_home}/trader_${bot_version}.tar.gz"]
269 ],
270 }
271
272 unless empty($cf_webhook_url) {
273 exec { "bot-slack-notify":
274 refreshonly => true,
275 environment => [
276 "P_PROJECT=Trader",
277 "P_WEBHOOK=${cf_webhook_url}",
278 "P_VERSION=${bot_version}",
279 "P_HOST=${cf_front_app_host}",
280 "P_HTTPS=${cf_front_app_ssl}",
281 ],
282 command => "/usr/local/bin/slack-notify",
283 require => File["/usr/local/bin/slack-notify"],
284 subscribe => Exec["py-cryptoportfolio-dependencies"],
285 }
286 }
287 } 34 }
288 35
289 # FIXME: restore backup 36 # FIXME: restore backup
290 unless empty($front_version) { 37 unless empty($front_version) {
291 ensure_packages(["go", "npm", "nodejs", "yarn"]) 38 contain "role::cryptoportfolio::front"
292
293 file { [
294 "${cf_home}/go/",
295 "${cf_home}/go/src",
296 "${cf_home}/go/src/immae.eu",
297 "${cf_home}/go/src/immae.eu/Immae",
298 "${cf_home}/go/src/immae.eu/Immae/Projets",
299 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
300 "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
301 $cf_front_app]:
302 ensure => "directory",
303 mode => "0700",
304 owner => $cf_user,
305 group => $cf_group,
306 require => User[$cf_user],
307 }
308
309 file { "${cf_home}/front":
310 ensure => "link",
311 target => $cf_front_app,
312 before => File[$cf_front_app],
313 }
314
315 file { "/etc/systemd/system/cryptoportfolio-app.service":
316 mode => "0644",
317 owner => "root",
318 group => "root",
319 content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"),
320 notify => Exec["systemctl daemon-reload"],
321 }
322
323 service { 'cryptoportfolio-app':
324 enable => true,
325 ensure => "running",
326 subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
327 require => [
328 File["/etc/systemd/system/cryptoportfolio-app.service"],
329 Postgresql::Server::Db[$cf_pg_db]
330 ],
331 } ~>
332 exec { "dump $cf_pg_db structure":
333 refreshonly => true,
334 user => $::profile::postgresql::pg_user,
335 group => $::profile::postgresql::pg_user,
336 command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema",
337 }
338
339 archive { "${cf_home}/front_${front_version}.tar.gz":
340 path => "${cf_home}/front_${front_version}.tar.gz",
341 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
342 checksum_type => "sha256",
343 checksum => $front_sha256,
344 cleanup => false,
345 extract => true,
346 user => $cf_user,
347 username => $facts["ec2_metadata"]["hostname"],
348 password => generate_password(24, $password_seed, "ldap"),
349 extract_path => $cf_front_app,
350 require => [User[$cf_user], File[$cf_front_app]],
351 notify => [
352 Exec["web-cryptoportfolio-dependencies"],
353 Exec["go-get-dep"],
354 ]
355 }
356
357 # Api
358 file { $cf_front_app_api_conf:
359 owner => $cf_user,
360 group => $cf_group,
361 mode => "0600",
362 content => template("role/cryptoportfolio/api_conf.toml.erb"),
363 before => Exec["go-cryptoportfolio-app"],
364 }
365
366 exec { "go-get-dep":
367 user => $cf_user,
368 environment => ["HOME=${cf_home}"],
369 creates => "${cf_home}/go/bin/dep",
370 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
371 refreshonly => true,
372 } ~>
373 exec { "go-cryptoportfolio-dependencies":
374 cwd => $cf_front_app,
375 user => $cf_user,
376 environment => ["HOME=${cf_home}"],
377 command => "${cf_home}/go/bin/dep ensure",
378 refreshonly => true,
379 } ~>
380 exec { "go-cryptoportfolio-app":
381 cwd => $cf_front_app_api_workdir,
382 user => $cf_user,
383 environment => ["HOME=${cf_home}"],
384 command => "/usr/bin/make build",
385 refreshonly => true,
386 }
387
388 # Static pages
389 file { $cf_front_app_static_conf:
390 owner => $cf_user,
391 group => $cf_group,
392 mode => "0600",
393 content => template("role/cryptoportfolio/static_conf.env.erb"),
394 before => Exec["web-cryptoportfolio-build"],
395 }
396
397 exec { "web-cryptoportfolio-dependencies":
398 cwd => "${cf_front_app}/cmd/web",
399 user => $cf_user,
400 environment => ["HOME=${cf_home}"],
401 command => "/usr/bin/make install",
402 refreshonly => true,
403 require => [Package["npm"], Package["nodejs"], Package["yarn"]]
404 } ~>
405 exec { "web-cryptoportfolio-build":
406 cwd => "${cf_front_app}/cmd/web",
407 user => $cf_user,
408 environment => ["HOME=${cf_home}"],
409 path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"],
410 command => "/usr/bin/make static ENV=${cf_env}",
411 refreshonly => true,
412 }
413
414 unless empty($cf_webhook_url) {
415 exec { "front-slack-notify":
416 refreshonly => true,
417 environment => [
418 "P_PROJECT=Front",
419 "P_WEBHOOK=${cf_webhook_url}",
420 "P_VERSION=${front_version}",
421 "P_HOST=${cf_front_app_host}",
422 "P_HTTPS=${cf_front_app_ssl}",
423 ],
424 command => "/usr/local/bin/slack-notify",
425 require => File["/usr/local/bin/slack-notify"],
426 subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
427 }
428 }
429 } 39 }
430} 40}
diff --git a/modules/role/manifests/cryptoportfolio/apache.pp b/modules/role/manifests/cryptoportfolio/apache.pp
new file mode 100644
index 0000000..62d5447
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio/apache.pp
@@ -0,0 +1,17 @@
1class role::cryptoportfolio::apache inherits role::cryptoportfolio {
2 class { 'apache::mod::headers': }
3 apache::vhost { $web_host:
4 port => '443',
5 docroot => false,
6 manage_docroot => false,
7 proxy_dest => "http://localhost:8000",
8 request_headers => 'set X-Forwarded-Proto "https"',
9 ssl => true,
10 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
11 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
12 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
13 require => Letsencrypt::Certonly[$web_host],
14 proxy_preserve_host => true;
15 default: * => $::profile::apache::apache_vhost_default;
16 }
17}
diff --git a/modules/role/manifests/cryptoportfolio/bot.pp b/modules/role/manifests/cryptoportfolio/bot.pp
new file mode 100644
index 0000000..a15c779
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio/bot.pp
@@ -0,0 +1,101 @@
1class role::cryptoportfolio::bot inherits role::cryptoportfolio {
2 $password_seed = lookup("base_installation::puppet_pass_seed")
3
4 $cf_bot_app = "${home}/bot"
5 $cf_bot_app_conf = "${home}/bot_config.ini"
6 $cf_bot_app_reports = "${home}/bot_reports"
7
8 ensure_packages(["python", "python-pip"])
9
10 file { $cf_bot_app:
11 ensure => "directory",
12 mode => "0700",
13 owner => $user,
14 group => $group,
15 require => User["$user:"],
16 }
17
18 archive { "${home}/trader_${bot_version}.tar.gz":
19 path => "${home}/trader_${bot_version}.tar.gz",
20 source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz",
21 checksum_type => "sha256",
22 checksum => $bot_sha256,
23 cleanup => false,
24 extract => true,
25 user => $user,
26 username => lookup("base_installation::ldap_cn"),
27 password => generate_password(24, $password_seed, "ldap"),
28 extract_path => $cf_bot_app,
29 require => [User["$user:"], File[$cf_bot_app]],
30 } ~>
31 exec { "py-cryptoportfolio-dependencies":
32 cwd => $cf_bot_app,
33 user => $user,
34 environment => ["HOME=${home}"],
35 command => "/usr/bin/make install",
36 require => User["$user:"],
37 refreshonly => true,
38 before => [
39 File[$cf_bot_app_conf],
40 Cron["py-cryptoportfolio-before"],
41 Cron["py-cryptoportfolio-after"],
42 ]
43 }
44
45 $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
46 file { $cf_bot_app_conf:
47 owner => $user,
48 group => $group,
49 mode => "0600",
50 content => template("role/cryptoportfolio/bot_config.ini.erb"),
51 require => [
52 User["$user:"],
53 Archive["${home}/trader_${bot_version}.tar.gz"],
54 ],
55 }
56
57 cron { "py-cryptoportfolio-before":
58 ensure => present,
59 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before",
60 user => $user,
61 weekday => 7, # Sunday
62 hour => 22,
63 minute => 30,
64 environment => ["HOME=${home}","PATH=/usr/bin/"],
65 require => [
66 File[$cf_bot_app_conf],
67 Archive["${home}/trader_${bot_version}.tar.gz"]
68 ],
69 }
70
71 cron { "py-cryptoportfolio-after":
72 ensure => present,
73 command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after",
74 user => $user,
75 weekday => 1, # Monday
76 hour => 1,
77 minute => 0,
78 environment => ["HOME=${home}","PATH=/usr/bin/"],
79 require => [
80 File[$cf_bot_app_conf],
81 Archive["${home}/trader_${bot_version}.tar.gz"]
82 ],
83 }
84
85 unless empty($webhook_url) {
86 exec { "bot-slack-notify":
87 refreshonly => true,
88 environment => [
89 "P_PROJECT=Trader",
90 "P_WEBHOOK=${webhook_url}",
91 "P_VERSION=${bot_version}",
92 "P_HOST=${web_host}",
93 "P_HTTPS=${web_ssl}",
94 ],
95 command => "/usr/local/bin/slack-notify",
96 require => File["/usr/local/bin/slack-notify"],
97 subscribe => Exec["py-cryptoportfolio-dependencies"],
98 }
99 }
100}
101
diff --git a/modules/role/manifests/cryptoportfolio/front.pp b/modules/role/manifests/cryptoportfolio/front.pp
new file mode 100644
index 0000000..280ef8b
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio/front.pp
@@ -0,0 +1,158 @@
1class role::cryptoportfolio::front inherits role::cryptoportfolio {
2 ensure_resource('exec', 'systemctl daemon-reload', {
3 command => '/usr/bin/systemctl daemon-reload',
4 refreshonly => true
5 })
6
7 $password_seed = lookup("base_installation::puppet_pass_seed")
8
9 $cf_front_app = "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
10 $cf_front_app_api_workdir = "${cf_front_app}/cmd/app"
11 $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app"
12 $cf_front_app_api_conf = "${home}/conf.toml"
13 $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret")
14
15 $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env"
16
17 ensure_packages(["go", "npm", "nodejs", "yarn"])
18
19 file { [
20 "${home}/go/",
21 "${home}/go/src",
22 "${home}/go/src/immae.eu",
23 "${home}/go/src/immae.eu/Immae",
24 "${home}/go/src/immae.eu/Immae/Projets",
25 "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies",
26 "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio",
27 $cf_front_app]:
28 ensure => "directory",
29 mode => "0700",
30 owner => $user,
31 group => $group,
32 require => User["$user:"],
33 }
34
35 file { "${home}/front":
36 ensure => "link",
37 target => $cf_front_app,
38 before => File[$cf_front_app],
39 }
40
41 file { "/etc/systemd/system/cryptoportfolio-app.service":
42 mode => "0644",
43 owner => "root",
44 group => "root",
45 content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"),
46 notify => Exec["systemctl daemon-reload"],
47 }
48
49 service { 'cryptoportfolio-app':
50 enable => true,
51 ensure => "running",
52 subscribe => [File[$cf_front_app_api_conf], Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
53 require => [
54 File["/etc/systemd/system/cryptoportfolio-app.service"],
55 Postgresql::Server::Db[$pg_db]
56 ],
57 } ~>
58 exec { "dump $pg_db structure":
59 refreshonly => true,
60 user => $::profile::postgresql::pg_user,
61 group => $::profile::postgresql::pg_user,
62 command => "/usr/bin/pg_dump --schema-only --clean --no-publications $pg_db > /var/lib/postgres/${pg_db}.schema",
63 }
64
65 archive { "${home}/front_${front_version}.tar.gz":
66 path => "${home}/front_${front_version}.tar.gz",
67 source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz",
68 checksum_type => "sha256",
69 checksum => $front_sha256,
70 cleanup => false,
71 extract => true,
72 user => $user,
73 username => lookup("base_installation::ldap_cn"),
74 password => generate_password(24, $password_seed, "ldap"),
75 extract_path => $cf_front_app,
76 require => [User["$user:"], File[$cf_front_app]],
77 notify => [
78 Exec["web-cryptoportfolio-dependencies"],
79 Exec["go-get-dep"],
80 ]
81 }
82
83 # Api
84 $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
85 $pg_host = "${pg_hostname}:${pg_port}"
86 file { $cf_front_app_api_conf:
87 owner => $user,
88 group => $group,
89 mode => "0600",
90 content => template("role/cryptoportfolio/api_conf.toml.erb"),
91 before => Exec["go-cryptoportfolio-app"],
92 }
93
94 exec { "go-get-dep":
95 user => $user,
96 environment => ["HOME=${home}"],
97 creates => "${home}/go/bin/dep",
98 command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep",
99 refreshonly => true,
100 } ~>
101 exec { "go-cryptoportfolio-dependencies":
102 cwd => $cf_front_app,
103 user => $user,
104 environment => ["HOME=${home}"],
105 command => "${home}/go/bin/dep ensure",
106 refreshonly => true,
107 } ~>
108 exec { "go-cryptoportfolio-app":
109 cwd => $cf_front_app_api_workdir,
110 user => $user,
111 environment => ["HOME=${home}"],
112 command => "/usr/bin/make build",
113 refreshonly => true,
114 }
115
116 # Static pages
117 file { $cf_front_app_static_conf:
118 owner => $user,
119 group => $group,
120 mode => "0600",
121 content => template("role/cryptoportfolio/static_conf.env.erb"),
122 before => Exec["web-cryptoportfolio-build"],
123 }
124
125 exec { "web-cryptoportfolio-dependencies":
126 cwd => "${cf_front_app}/cmd/web",
127 user => $user,
128 environment => ["HOME=${home}"],
129 command => "/usr/bin/make install",
130 refreshonly => true,
131 require => [Package["npm"], Package["nodejs"], Package["yarn"]]
132 } ~>
133 exec { "web-cryptoportfolio-build":
134 cwd => "${cf_front_app}/cmd/web",
135 user => $user,
136 environment => ["HOME=${home}"],
137 path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"],
138 command => "/usr/bin/make static ENV=${env}",
139 refreshonly => true,
140 }
141
142 unless empty($webhook_url) {
143 exec { "front-slack-notify":
144 refreshonly => true,
145 environment => [
146 "P_PROJECT=Front",
147 "P_WEBHOOK=${webhook_url}",
148 "P_VERSION=${front_version}",
149 "P_HOST=${web_host}",
150 "P_HTTPS=${web_ssl}",
151 ],
152 command => "/usr/local/bin/slack-notify",
153 require => File["/usr/local/bin/slack-notify"],
154 subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]],
155 }
156 }
157
158}
diff --git a/modules/role/manifests/cryptoportfolio/notify.pp b/modules/role/manifests/cryptoportfolio/notify.pp
new file mode 100644
index 0000000..218312c
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio/notify.pp
@@ -0,0 +1,6 @@
1class role::cryptoportfolio::notify inherits role::cryptoportfolio {
2 file { "/usr/local/bin/slack-notify":
3 mode => "0755",
4 source => "puppet:///modules/role/cryptoportfolio/slack-notify.py",
5 }
6}
diff --git a/modules/role/manifests/cryptoportfolio/postgresql.pp b/modules/role/manifests/cryptoportfolio/postgresql.pp
new file mode 100644
index 0000000..cc4d2a9
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio/postgresql.pp
@@ -0,0 +1,116 @@
1class role::cryptoportfolio::postgresql inherits role::cryptoportfolio {
2 $password_seed = lookup("base_installation::puppet_pass_seed")
3
4 $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")
5 $pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication")
6
7 file { "/var/lib/postgres/data/certs":
8 ensure => directory,
9 mode => "0700",
10 owner => $::profile::postgresql::pg_user,
11 group => $::profile::postgresql::pg_user,
12 require => File["/var/lib/postgres"],
13 }
14
15 file { "/var/lib/postgres/data/certs/cert.pem":
16 source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
17 mode => "0600",
18 links => "follow",
19 owner => $::profile::postgresql::pg_user,
20 group => $::profile::postgresql::pg_user,
21 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
22 }
23
24 file { "/var/lib/postgres/data/certs/privkey.pem":
25 source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
26 mode => "0600",
27 links => "follow",
28 owner => $::profile::postgresql::pg_user,
29 group => $::profile::postgresql::pg_user,
30 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
31 }
32
33 postgresql::server::config_entry { "wal_level":
34 value => "logical",
35 }
36
37 postgresql::server::config_entry { "ssl":
38 value => "on",
39 require => Letsencrypt::Certonly[$web_host],
40 }
41
42 postgresql::server::config_entry { "ssl_cert_file":
43 value => "/var/lib/postgres/data/certs/cert.pem",
44 require => Letsencrypt::Certonly[$web_host],
45 }
46
47 postgresql::server::config_entry { "ssl_key_file":
48 value => "/var/lib/postgres/data/certs/privkey.pem",
49 require => Letsencrypt::Certonly[$web_host],
50 }
51
52 postgresql::server::db { $pg_db:
53 user => $pg_user,
54 password => postgresql_password($pg_user, $pg_password),
55 }
56 ->
57 postgresql_psql { "CREATE PUBLICATION ${pg_db}_publication FOR ALL TABLES":
58 db => $pg_db,
59 unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'",
60 }
61 ->
62 postgresql::server::role { $pg_user_replication:
63 db => $pg_db,
64 replication => true,
65 password_hash => postgresql_password($pg_user_replication, $pg_replication_password),
66 }
67 ->
68 postgresql::server::database_grant { $pg_user_replication:
69 db => $pg_db,
70 privilege => "CONNECT",
71 role => $pg_user_replication,
72 }
73 ->
74 postgresql::server::grant { "all tables in schema:public:$pg_user_replication":
75 db => $pg_db,
76 role => $pg_user_replication,
77 privilege => "SELECT",
78 object_type => "ALL TABLES IN SCHEMA",
79 object_name => "public",
80 }
81 ->
82 postgresql::server::grant { "all sequences in schema:public:$pg_user_replication":
83 db => $pg_db,
84 role => $pg_user_replication,
85 privilege => "SELECT",
86 object_type => "ALL SEQUENCES IN SCHEMA",
87 object_name => "public",
88 }
89
90 postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
91 type => 'host',
92 database => $pg_db,
93 user => $pg_user,
94 address => '127.0.0.1/32',
95 auth_method => 'md5',
96 order => "05-01",
97 }
98 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
99 type => 'host',
100 database => $pg_db,
101 user => $pg_user,
102 address => '::1/128',
103 auth_method => 'md5',
104 order => "05-01",
105 }
106
107 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
108 type => 'hostssl',
109 database => $pg_db,
110 user => $pg_user_replication,
111 address => 'immae.eu',
112 auth_method => 'md5',
113 order => "05-01",
114 }
115
116}
diff --git a/modules/role/templates/backup/backup_dirname_head.sh.erb b/modules/role/templates/backup/backup_dirname_head.sh.erb
new file mode 100644
index 0000000..e20cfd3
--- /dev/null
+++ b/modules/role/templates/backup/backup_dirname_head.sh.erb
@@ -0,0 +1,27 @@
1##### <%= @dirname %> #####
2DEST="<%= @dest %>"
3BASE="<%= @base %>"
4OLD_BAK_BASE=$BASE/older/j
5BAK_BASE=${OLD_BAK_BASE}0
6RSYNC_OUTPUT=$BASE/rsync_output
7NBR=<%= @nbr %>
8
9if ! ssh \
10 -o PreferredAuthentications=publickey \
11 -o StrictHostKeyChecking=yes \
12 -o ClearAllForwardings=yes \
13 $DEST backup; then
14 echo "Fichier de verrouillage backup sur $DEST ou impossible de se connecter" >&2
15 skip=$DEST
16fi
17
18rm -rf ${OLD_BAK_BASE}${NBR}
19for j in `seq -w $(($NBR-1)) -1 0`; do
20 [ ! -d ${OLD_BAK_BASE}$j ] && continue
21 mv ${OLD_BAK_BASE}$j ${OLD_BAK_BASE}$(($j+1))
22done
23mkdir $BAK_BASE
24mv $RSYNC_OUTPUT $BAK_BASE
25mkdir $RSYNC_OUTPUT
26
27if [ "$skip" != "$DEST" ]; then
diff --git a/modules/role/templates/backup/backup_dirname_part.sh.erb b/modules/role/templates/backup/backup_dirname_part.sh.erb
new file mode 100644
index 0000000..ec662c4
--- /dev/null
+++ b/modules/role/templates/backup/backup_dirname_part.sh.erb
@@ -0,0 +1,26 @@
1### <%= @dirname %> <%= @local_folder %> ###
2LOCAL="<%= @local_folder %>"
3REMOTE="<%= @remote_folder %>"
4
5cd $BASE/$LOCAL
6cat > $EXCL_FROM <<EOF
7<%= @exclude_from.join("\n") %>
8EOF
9cat > $FILES_FROM <<EOF
10<%= @files_from.join("\n") %>
11EOF
12
13OUT=$RSYNC_OUTPUT/$LOCAL
14rsync -XAavbrz --fake-super -e ssh --numeric-ids --delete \
15 --backup-dir=$BAK_BASE/$LOCAL \
16<%- unless @args.empty? -%>
17 <%= @args %>\
18<% end -%>
19<%- unless @exclude_from.empty? -%>
20 --exclude-from=$EXCL_FROM \
21<% end -%>
22<%- unless @files_from.empty? -%>
23 --files-from=$FILES_FROM \
24<% end -%>
25 $DEST:$REMOTE . > $OUT || true
26### End <%= @dirname %> <%= @local_folder %> ###
diff --git a/modules/role/templates/backup/backup_dirname_tail.sh.erb b/modules/role/templates/backup/backup_dirname_tail.sh.erb
new file mode 100644
index 0000000..6b16c9d
--- /dev/null
+++ b/modules/role/templates/backup/backup_dirname_tail.sh.erb
@@ -0,0 +1,4 @@
1
2 ssh $DEST sh -c "date > .last_backup"
3fi # [ "$skip" != "$DEST" ]
4##### End <%= @dirname %> #####
diff --git a/modules/role/templates/backup/backup_head.sh.erb b/modules/role/templates/backup/backup_head.sh.erb
new file mode 100644
index 0000000..be9f5bf
--- /dev/null
+++ b/modules/role/templates/backup/backup_head.sh.erb
@@ -0,0 +1,20 @@
1#!/bin/bash
2MAILTO="<%= @mailto %>"
3
4EXCL_FROM=`mktemp`
5FILES_FROM=`mktemp`
6TMP_STDERR=`mktemp`
7
8on_exit() {
9 if [ -s "$TMP_STDERR" ]; then
10 cat "$TMP_STDERR" | mail -Ssendwait -s "save_distant rsync error" "$MAILTO"
11 fi
12 rm -f $TMP_STDERR $EXCL_FROM $FILES_FROM
13}
14
15trap "on_exit" EXIT
16
17exec 2> "$TMP_STDERR"
18exec < /dev/null
19
20set -e
diff --git a/modules/role/templates/backup/backup_immae_eu.sh.erb b/modules/role/templates/backup/backup_immae_eu.sh.erb
new file mode 100644
index 0000000..4fab30e
--- /dev/null
+++ b/modules/role/templates/backup/backup_immae_eu.sh.erb
@@ -0,0 +1,79 @@
1#!/bin/bash
2DEST="<%= @dest %>"
3MAILTO="<%= @mailto %>"
4BASE="<%= @base %>"
5OLD_BAK_BASE=$BASE/older/j
6BAK_BASE=${OLD_BAK_BASE}0
7RSYNC_OUTPUT=$BASE/rsync_output
8NBR=7
9
10TMP=`mktemp`
11TMP_STDERR=`mktemp`
12
13trap "rm -f $TMP $TMP_STDERR" EXIT
14
15exec 2> "$TMP_STDERR"
16
17set -e
18if ! `ssh -o ClearAllForwardings=yes $DEST backup`; then
19 echo "Fichier de verrouillage backup sur $DEST"
20 exit 1
21fi
22
23rm -rf ${OLD_BAK_BASE}${NBR}
24for j in `seq -w $(($NBR-1)) -1 0`; do
25 [ ! -d ${OLD_BAK_BASE}$j ] && continue
26 mv ${OLD_BAK_BASE}$j ${OLD_BAK_BASE}$(($j+1))
27done
28mkdir $BAK_BASE
29mv $RSYNC_OUTPUT $BAK_BASE
30mkdir $RSYNC_OUTPUT
31
32##############
33NAME="home"
34FOLDER="/home/immae"
35
36cd $BASE/$NAME
37cat > $TMP <<EOF
38/.no_backup/
39/hosts/florian/nobackup/
40/hosts/connexionswing.com/
41/hosts/connexionswing.immae.eu/
42/hosts/ludivine.immae.eu/
43/hosts/ludivinecassal.com/
44/hosts/piedsjaloux.fr/
45/hosts/piedsjaloux.immae.eu/
46/hosts/spip/sites/*/
47/hosts/spip/spip*
48EOF
49OUT=$RSYNC_OUTPUT/$NAME
50rsync -XAavbrz --fake-super -e ssh --numeric-ids --delete \
51 --backup-dir=$BAK_BASE/$NAME --exclude-from=$TMP \
52 $DEST:$FOLDER . > $OUT || true
53
54##############
55NAME="system"
56FOLDER="/"
57
58cd $BASE/$NAME
59cat > $TMP <<EOF
60/etc/
61/srv/
62/var/lib/
63/var/spool/
64/var/named/
65/usr/local/
66EOF
67OUT=$RSYNC_OUTPUT/$NAME
68rsync -XAavbrz -R --fake-super -e ssh --numeric-ids --delete \
69 --rsync-path='sudo rsync' \
70 --backup-dir=$BAK_BASE/$NAME \
71 --files-from=$TMP \
72 $DEST:$FOLDER . > $OUT || true
73
74##############
75ssh $DEST sh -c "date > .last_backup"
76
77if [ -s "$TMP_STDERR" ]; then
78 cat "$TMP_STDERR" | mail -Ssendwait -s "save_distant rsync error" "$MAILTO"
79fi
diff --git a/modules/role/templates/backup/backup_tail.sh.erb b/modules/role/templates/backup/backup_tail.sh.erb
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/modules/role/templates/backup/backup_tail.sh.erb
diff --git a/modules/role/templates/backup/ssh_host_changed.info.erb b/modules/role/templates/backup/ssh_host_changed.info.erb
new file mode 100644
index 0000000..ebf202e
--- /dev/null
+++ b/modules/role/templates/backup/ssh_host_changed.info.erb
@@ -0,0 +1,4 @@
1Host <%= @host %> added, please send <%= @user %> key if necessary.
2<%- if File.exist?("/home/#{@user}/.ssh/id_rsa.pub") %>
3 <%= File.read("/home/#{@user}/.ssh/id_rsa.pub") %>
4<% end -%>
diff --git a/modules/role/templates/backup/ssh_key_changed.info.erb b/modules/role/templates/backup/ssh_key_changed.info.erb
new file mode 100644
index 0000000..43fd2ec
--- /dev/null
+++ b/modules/role/templates/backup/ssh_key_changed.info.erb
@@ -0,0 +1,5 @@
1ssh key of <%= @user %> changed,
2please update hosts:
3<%- @hosts.each do |host| %>
4 - <%= host %>
5<% end -%>
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
index 13550c9..7a4b66d 100644
--- a/modules/role/templates/cryptoportfolio/api_conf.toml.erb
+++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb
@@ -1,15 +1,15 @@
1log_level="info" 1log_level="info"
2mode="<%= @cf_env %>" 2mode="<%= @env %>"
3log_out="stdout" 3log_out="stdout"
4 4
5[db] 5[db]
6user="<%= @cf_pg_user %>" 6user="<%= @pg_user %>"
7password="<%= @cf_pg_password %>" 7password="<%= @pg_password %>"
8database="<%= @cf_pg_db %>" 8database="<%= @pg_db %>"
9address="<%= @cf_pg_host %>" 9address="<%= @pg_host %>"
10 10
11[api] 11[api]
12domain="<%= @cf_front_app_host %>" 12domain="<%= @web_host %>"
13jwt_secret="<%= @cf_front_app_api_secret %>" 13jwt_secret="<%= @cf_front_app_api_secret %>"
14 14
15[app] 15[app]
diff --git a/modules/role/templates/cryptoportfolio/bot_config.ini.erb b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
index 30298eb..b0211a6 100644
--- a/modules/role/templates/cryptoportfolio/bot_config.ini.erb
+++ b/modules/role/templates/cryptoportfolio/bot_config.ini.erb
@@ -1,9 +1,9 @@
1[postgresql] 1[postgresql]
2host = <%= @cf_pg_hostname %> 2host = <%= @pg_hostname %>
3port = <%= @cf_pg_port %> 3port = <%= @pg_port %>
4user = <%= @cf_pg_user %> 4user = <%= @pg_user %>
5password = <%= @cf_pg_password %> 5password = <%= @pg_password %>
6database = <%= @cf_pg_db %> 6database = <%= @pg_db %>
7 7
8[app] 8[app]
9report_path = <%= @cf_bot_app_reports %> 9report_path = <%= @cf_bot_app_reports %>
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
index a521c0e..ed2b908 100644
--- a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
+++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb
@@ -5,8 +5,8 @@ Description=Cryptoportfolio app
5Type=simple 5Type=simple
6 6
7WorkingDirectory=<%= @cf_front_app_api_workdir %> 7WorkingDirectory=<%= @cf_front_app_api_workdir %>
8User=<%= @cf_user %> 8User=<%= @user %>
9Group=<%= @cf_group %> 9Group=<%= @group %>
10UMask=007 10UMask=007
11 11
12ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> 12ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %>
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb
index db9759d..314ee14 100644
--- a/modules/role/templates/cryptoportfolio/static_conf.env.erb
+++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb
@@ -1,4 +1,4 @@
1API_HOST="<%= @cf_front_app_host %>" 1API_HOST="<%= @web_host %>"
2API_PORT="<%= @cf_front_app_port %>" 2API_PORT="<%= @web_port %>"
3API_HTTPS="<%= @cf_front_app_ssl %>" 3API_HTTPS="<%= @web_ssl %>"
4 4