diff options
Diffstat (limited to 'modules')
9 files changed, 170 insertions, 174 deletions
diff --git a/modules/base_installation/manifests/puppet.pp b/modules/base_installation/manifests/puppet.pp index b3ce492..6f7732d 100644 --- a/modules/base_installation/manifests/puppet.pp +++ b/modules/base_installation/manifests/puppet.pp | |||
@@ -67,7 +67,7 @@ class base_installation::puppet ( | |||
67 | require => File[$base_installation::puppet_conf_path], | 67 | require => File[$base_installation::puppet_conf_path], |
68 | } | 68 | } |
69 | 69 | ||
70 | $ips = lookup("ips") |$key| { {} } | 70 | $ips = lookup("ips", { 'default_value' => undef }) |
71 | file { "$base_installation::puppet_conf_path/host_ldap.info": | 71 | file { "$base_installation::puppet_conf_path/host_ldap.info": |
72 | content => template("base_installation/puppet/host_ldap.info.erb"), | 72 | content => template("base_installation/puppet/host_ldap.info.erb"), |
73 | require => File[$base_installation::puppet_conf_path], | 73 | require => File[$base_installation::puppet_conf_path], |
diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp index c641f4b..d7b4d61 100644 --- a/modules/base_installation/manifests/services.pp +++ b/modules/base_installation/manifests/services.pp | |||
@@ -38,7 +38,7 @@ class base_installation::services inherits base_installation { | |||
38 | group => "root" | 38 | group => "root" |
39 | } | 39 | } |
40 | 40 | ||
41 | $ip6 = lookup("ips.v6") |$key| { {} } | 41 | $ip6 = lookup("ips.v6", { 'default_value' => undef }) |
42 | file { '/etc/systemd/network/en-dhcp.network': | 42 | file { '/etc/systemd/network/en-dhcp.network': |
43 | ensure => "present", | 43 | ensure => "present", |
44 | path => "/etc/systemd/network/en-dhcp.network", | 44 | path => "/etc/systemd/network/en-dhcp.network", |
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp index 766c0f0..f893c51 100644 --- a/modules/base_installation/manifests/users.pp +++ b/modules/base_installation/manifests/users.pp | |||
@@ -26,22 +26,26 @@ class base_installation::users ( | |||
26 | ensure => "present", | 26 | ensure => "present", |
27 | groups => $user[groups], | 27 | groups => $user[groups], |
28 | managehome => true, | 28 | managehome => true, |
29 | system => !!$user[system], | ||
29 | home => "/home/${user[username]}", | 30 | home => "/home/${user[username]}", |
30 | notify => Exec["remove_password"], | 31 | notify => Exec["remove_password:${user[username]}:${user[userid]}"], |
31 | purge_ssh_keys => true | 32 | purge_ssh_keys => true |
32 | } | 33 | } |
33 | 34 | ||
34 | exec { "remove_password": | 35 | exec { "remove_password:${user[username]}:${user[userid]}": |
35 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", | 36 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", |
37 | onlyif => "/usr/bin/test -z '${user[password]}'", | ||
36 | refreshonly => true | 38 | refreshonly => true |
37 | } | 39 | } |
38 | 40 | ||
39 | $user[keys].each |$key| { | 41 | if has_key($user, "keys") { |
40 | ssh_authorized_key { "${user[username]}@${key[host]}": | 42 | $user[keys].each |$key| { |
41 | name => "${user[username]}@${key[host]}", | 43 | ssh_authorized_key { "${user[username]}@${key[host]}": |
42 | user => $user[username], | 44 | name => "${user[username]}@${key[host]}", |
43 | type => $key[key_type], | 45 | user => $user[username], |
44 | key => $key[key], | 46 | type => $key[key_type], |
47 | key => $key[key], | ||
48 | } | ||
45 | } | 49 | } |
46 | } | 50 | } |
47 | } | 51 | } |
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
@@ -67,13 +67,12 @@ class profile::apache { | |||
67 | install_method => "package", | 67 | install_method => "package", |
68 | package_name => "certbot", | 68 | package_name => "certbot", |
69 | package_command => "certbot", | 69 | package_command => "certbot", |
70 | # FIXME | 70 | email => lookup('letsencrypt::email'), |
71 | email => 'sites+letsencrypt@mail.immae.eu', | ||
72 | } | 71 | } |
73 | 72 | ||
74 | $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } | 73 | $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) |
75 | unless empty($real_hostname) { | 74 | unless empty($real_hostname) { |
76 | if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { | 75 | if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { |
77 | letsencrypt::certonly { $real_hostname: | 76 | letsencrypt::certonly { $real_hostname: |
78 | before => Apache::Vhost["default_ssl"]; | 77 | before => Apache::Vhost["default_ssl"]; |
79 | default: * => $::profile::apache::letsencrypt_certonly_default; | 78 | default: * => $::profile::apache::letsencrypt_certonly_default; |
@@ -110,6 +109,14 @@ class profile::apache { | |||
110 | } | 109 | } |
111 | } | 110 | } |
112 | 111 | ||
112 | lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { | ||
113 | if ($host != $real_hostname) { # Done above already | ||
114 | letsencrypt::certonly { $host: ; | ||
115 | default: * => $letsencrypt_certonly_default; | ||
116 | } | ||
117 | } | ||
118 | } | ||
119 | |||
113 | apache::vhost { "redirect_no_ssl": | 120 | apache::vhost { "redirect_no_ssl": |
114 | port => '80', | 121 | port => '80', |
115 | error_log => false, | 122 | error_log => false, |
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index bec247e..8b4a63b 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -1,4 +1,22 @@ | |||
1 | class role::cryptoportfolio { | 1 | class role::cryptoportfolio ( |
2 | String $user, | ||
3 | String $group, | ||
4 | String $home, | ||
5 | Optional[String] $env = "prod", | ||
6 | Optional[String] $webhook_url = undef, | ||
7 | String $pg_user, | ||
8 | String $pg_user_replication, | ||
9 | String $pg_db, | ||
10 | Optional[String] $pg_hostname = "localhost", | ||
11 | Optional[String] $pg_port = "5432", | ||
12 | Optional[String] $web_host = undef, | ||
13 | Optional[String] $web_port = "", | ||
14 | Optional[Boolean] $web_ssl = true, | ||
15 | Optional[String] $front_version = undef, | ||
16 | Optional[String] $front_sha256 = undef, | ||
17 | Optional[String] $bot_version = undef, | ||
18 | Optional[String] $bot_sha256 = undef, | ||
19 | ) { | ||
2 | ensure_resource('exec', 'systemctl daemon-reload', { | 20 | ensure_resource('exec', 'systemctl daemon-reload', { |
3 | command => '/usr/bin/systemctl daemon-reload', | 21 | command => '/usr/bin/systemctl daemon-reload', |
4 | refreshonly => true | 22 | refreshonly => true |
@@ -11,37 +29,23 @@ class role::cryptoportfolio { | |||
11 | include "profile::apache" | 29 | include "profile::apache" |
12 | include "profile::xmr_stak" | 30 | include "profile::xmr_stak" |
13 | 31 | ||
14 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 32 | $password_seed = lookup("base_installation::puppet_pass_seed") |
15 | 33 | ||
16 | $cf_pg_user = "cryptoportfolio" | 34 | $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") |
17 | $cf_pg_user_replication = "cryptoportfolio_replication" | 35 | $pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication") |
18 | $cf_pg_db = "cryptoportfolio" | 36 | $pg_host = "${pg_hostname}:${pg_port}" |
19 | $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") | 37 | |
20 | $cf_pg_replication_password = generate_password(24, $password_seed, "postgres_cryptoportfolio_replication") | 38 | $cf_front_app = "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" |
21 | $cf_pg_hostname = "localhost" | ||
22 | $cf_pg_port = "5432" | ||
23 | $cf_pg_host = "${cf_pg_hostname}:${cf_pg_port}" | ||
24 | |||
25 | $cf_user = "cryptoportfolio" | ||
26 | $cf_group = "cryptoportfolio" | ||
27 | $cf_home = "/opt/cryptoportfolio" | ||
28 | $cf_env = "prod" | ||
29 | $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" } | ||
30 | $cf_front_app_port = "" | ||
31 | $cf_front_app_ssl = "true" | ||
32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | ||
33 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" | 39 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" |
34 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" | 40 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" |
35 | $cf_front_app_api_conf = "${cf_home}/conf.toml" | 41 | $cf_front_app_api_conf = "${home}/conf.toml" |
36 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") | 42 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") |
37 | 43 | ||
38 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" | 44 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" |
39 | 45 | ||
40 | $cf_bot_app = "${cf_home}/bot" | 46 | $cf_bot_app = "${home}/bot" |
41 | $cf_bot_app_conf = "${cf_home}/bot_config.ini" | 47 | $cf_bot_app_conf = "${home}/bot_config.ini" |
42 | $cf_bot_app_reports = "${cf_home}/bot_reports" | 48 | $cf_bot_app_reports = "${home}/bot_reports" |
43 | |||
44 | $cf_webhook_url = lookup("cryptoportfolio::slack_webhook") |$key| { "" } | ||
45 | 49 | ||
46 | file { "/var/lib/postgres/data/certs": | 50 | file { "/var/lib/postgres/data/certs": |
47 | ensure => directory, | 51 | ensure => directory, |
@@ -52,21 +56,21 @@ class role::cryptoportfolio { | |||
52 | } | 56 | } |
53 | 57 | ||
54 | file { "/var/lib/postgres/data/certs/cert.pem": | 58 | file { "/var/lib/postgres/data/certs/cert.pem": |
55 | source => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem", | 59 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", |
56 | mode => "0600", | 60 | mode => "0600", |
57 | links => "follow", | 61 | links => "follow", |
58 | owner => $::profile::postgresql::pg_user, | 62 | owner => $::profile::postgresql::pg_user, |
59 | group => $::profile::postgresql::pg_user, | 63 | group => $::profile::postgresql::pg_user, |
60 | require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] | 64 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] |
61 | } | 65 | } |
62 | 66 | ||
63 | file { "/var/lib/postgres/data/certs/privkey.pem": | 67 | file { "/var/lib/postgres/data/certs/privkey.pem": |
64 | source => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | 68 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", |
65 | mode => "0600", | 69 | mode => "0600", |
66 | links => "follow", | 70 | links => "follow", |
67 | owner => $::profile::postgresql::pg_user, | 71 | owner => $::profile::postgresql::pg_user, |
68 | group => $::profile::postgresql::pg_user, | 72 | group => $::profile::postgresql::pg_user, |
69 | require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]] | 73 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] |
70 | } | 74 | } |
71 | 75 | ||
72 | postgresql::server::config_entry { "wal_level": | 76 | postgresql::server::config_entry { "wal_level": |
@@ -75,52 +79,52 @@ class role::cryptoportfolio { | |||
75 | 79 | ||
76 | postgresql::server::config_entry { "ssl": | 80 | postgresql::server::config_entry { "ssl": |
77 | value => "on", | 81 | value => "on", |
78 | require => Letsencrypt::Certonly[$cf_front_app_host], | 82 | require => Letsencrypt::Certonly[$web_host], |
79 | } | 83 | } |
80 | 84 | ||
81 | postgresql::server::config_entry { "ssl_cert_file": | 85 | postgresql::server::config_entry { "ssl_cert_file": |
82 | value => "/var/lib/postgres/data/certs/cert.pem", | 86 | value => "/var/lib/postgres/data/certs/cert.pem", |
83 | require => Letsencrypt::Certonly[$cf_front_app_host], | 87 | require => Letsencrypt::Certonly[$web_host], |
84 | } | 88 | } |
85 | 89 | ||
86 | postgresql::server::config_entry { "ssl_key_file": | 90 | postgresql::server::config_entry { "ssl_key_file": |
87 | value => "/var/lib/postgres/data/certs/privkey.pem", | 91 | value => "/var/lib/postgres/data/certs/privkey.pem", |
88 | require => Letsencrypt::Certonly[$cf_front_app_host], | 92 | require => Letsencrypt::Certonly[$web_host], |
89 | } | 93 | } |
90 | 94 | ||
91 | postgresql::server::db { $cf_pg_db: | 95 | postgresql::server::db { $pg_db: |
92 | user => $cf_pg_user, | 96 | user => $pg_user, |
93 | password => postgresql_password($cf_pg_user, $cf_pg_password), | 97 | password => postgresql_password($pg_user, $pg_password), |
94 | } | 98 | } |
95 | -> | 99 | -> |
96 | postgresql_psql { "CREATE PUBLICATION ${cf_pg_db}_publication FOR ALL TABLES": | 100 | postgresql_psql { "CREATE PUBLICATION ${pg_db}_publication FOR ALL TABLES": |
97 | db => $cf_pg_db, | 101 | db => $pg_db, |
98 | unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${cf_pg_db}_publication'", | 102 | unless => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'", |
99 | } | 103 | } |
100 | -> | 104 | -> |
101 | postgresql::server::role { $cf_pg_user_replication: | 105 | postgresql::server::role { $pg_user_replication: |
102 | db => $cf_pg_db, | 106 | db => $pg_db, |
103 | replication => true, | 107 | replication => true, |
104 | password_hash => postgresql_password($cf_pg_user_replication, $cf_pg_replication_password), | 108 | password_hash => postgresql_password($pg_user_replication, $pg_replication_password), |
105 | } | 109 | } |
106 | -> | 110 | -> |
107 | postgresql::server::database_grant { $cf_pg_user_replication: | 111 | postgresql::server::database_grant { $pg_user_replication: |
108 | db => $cf_pg_db, | 112 | db => $pg_db, |
109 | privilege => "CONNECT", | 113 | privilege => "CONNECT", |
110 | role => $cf_pg_user_replication, | 114 | role => $pg_user_replication, |
111 | } | 115 | } |
112 | -> | 116 | -> |
113 | postgresql::server::grant { "all tables in schema:public:$cf_pg_user_replication": | 117 | postgresql::server::grant { "all tables in schema:public:$pg_user_replication": |
114 | db => $cf_pg_db, | 118 | db => $pg_db, |
115 | role => $cf_pg_user_replication, | 119 | role => $pg_user_replication, |
116 | privilege => "SELECT", | 120 | privilege => "SELECT", |
117 | object_type => "ALL TABLES IN SCHEMA", | 121 | object_type => "ALL TABLES IN SCHEMA", |
118 | object_name => "public", | 122 | object_name => "public", |
119 | } | 123 | } |
120 | -> | 124 | -> |
121 | postgresql::server::grant { "all sequences in schema:public:$cf_pg_user_replication": | 125 | postgresql::server::grant { "all sequences in schema:public:$pg_user_replication": |
122 | db => $cf_pg_db, | 126 | db => $pg_db, |
123 | role => $cf_pg_user_replication, | 127 | role => $pg_user_replication, |
124 | privilege => "SELECT", | 128 | privilege => "SELECT", |
125 | object_type => "ALL SEQUENCES IN SCHEMA", | 129 | object_type => "ALL SEQUENCES IN SCHEMA", |
126 | object_name => "public", | 130 | object_name => "public", |
@@ -128,16 +132,16 @@ class role::cryptoportfolio { | |||
128 | 132 | ||
129 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': | 133 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': |
130 | type => 'host', | 134 | type => 'host', |
131 | database => $cf_pg_db, | 135 | database => $pg_db, |
132 | user => $cf_pg_user, | 136 | user => $pg_user, |
133 | address => '127.0.0.1/32', | 137 | address => '127.0.0.1/32', |
134 | auth_method => 'md5', | 138 | auth_method => 'md5', |
135 | order => "b0", | 139 | order => "b0", |
136 | } | 140 | } |
137 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
138 | type => 'host', | 142 | type => 'host', |
139 | database => $cf_pg_db, | 143 | database => $pg_db, |
140 | user => $cf_pg_user, | 144 | user => $pg_user, |
141 | address => '::1/128', | 145 | address => '::1/128', |
142 | auth_method => 'md5', | 146 | auth_method => 'md5', |
143 | order => "b0", | 147 | order => "b0", |
@@ -145,83 +149,64 @@ class role::cryptoportfolio { | |||
145 | 149 | ||
146 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': | 150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': |
147 | type => 'hostssl', | 151 | type => 'hostssl', |
148 | database => $cf_pg_db, | 152 | database => $pg_db, |
149 | user => $cf_pg_user_replication, | 153 | user => $pg_user_replication, |
150 | address => 'immae.eu', | 154 | address => 'immae.eu', |
151 | auth_method => 'md5', | 155 | auth_method => 'md5', |
152 | order => "b0", | 156 | order => "b0", |
153 | } | 157 | } |
154 | 158 | ||
155 | letsencrypt::certonly { $cf_front_app_host: ; | ||
156 | default: * => $::profile::apache::letsencrypt_certonly_default; | ||
157 | } | ||
158 | |||
159 | class { 'apache::mod::headers': } | 159 | class { 'apache::mod::headers': } |
160 | apache::vhost { $cf_front_app_host: | 160 | apache::vhost { $web_host: |
161 | port => '443', | 161 | port => '443', |
162 | docroot => false, | 162 | docroot => false, |
163 | manage_docroot => false, | 163 | manage_docroot => false, |
164 | proxy_dest => "http://localhost:8000", | 164 | proxy_dest => "http://localhost:8000", |
165 | request_headers => 'set X-Forwarded-Proto "https"', | 165 | request_headers => 'set X-Forwarded-Proto "https"', |
166 | ssl => true, | 166 | ssl => true, |
167 | ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", | 167 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", |
168 | ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | 168 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", |
169 | ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", | 169 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", |
170 | require => Letsencrypt::Certonly[$cf_front_app_host], | 170 | require => Letsencrypt::Certonly[$web_host], |
171 | proxy_preserve_host => true; | 171 | proxy_preserve_host => true; |
172 | default: * => $::profile::apache::apache_vhost_default; | 172 | default: * => $::profile::apache::apache_vhost_default; |
173 | } | 173 | } |
174 | 174 | ||
175 | user { $cf_user: | ||
176 | name => $cf_user, | ||
177 | ensure => "present", | ||
178 | managehome => true, | ||
179 | home => $cf_home, | ||
180 | system => true, | ||
181 | password => '!!', | ||
182 | } | ||
183 | |||
184 | file { "/usr/local/bin/slack-notify": | 175 | file { "/usr/local/bin/slack-notify": |
185 | mode => "0755", | 176 | mode => "0755", |
186 | source => "puppet:///modules/role/cryptoportfolio/slack-notify.py", | 177 | source => "puppet:///modules/role/cryptoportfolio/slack-notify.py", |
187 | } | 178 | } |
188 | 179 | ||
189 | $front_version = lookup("cryptoportfolio::front_version") |$key| { {} } | ||
190 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } | ||
191 | |||
192 | $bot_version = lookup("cryptoportfolio::bot_version") |$key| { {} } | ||
193 | $bot_sha256 = lookup("cryptoportfolio::bot_sha256") |$key| { {} } | ||
194 | |||
195 | unless empty($bot_version) { | 180 | unless empty($bot_version) { |
196 | ensure_packages(["python", "python-pip"]) | 181 | ensure_packages(["python", "python-pip"]) |
197 | 182 | ||
198 | file { $cf_bot_app: | 183 | file { $cf_bot_app: |
199 | ensure => "directory", | 184 | ensure => "directory", |
200 | mode => "0700", | 185 | mode => "0700", |
201 | owner => $cf_user, | 186 | owner => $user, |
202 | group => $cf_group, | 187 | group => $group, |
203 | require => User[$cf_user], | 188 | require => User["$user:"], |
204 | } | 189 | } |
205 | 190 | ||
206 | archive { "${cf_home}/trader_${bot_version}.tar.gz": | 191 | archive { "${home}/trader_${bot_version}.tar.gz": |
207 | path => "${cf_home}/trader_${bot_version}.tar.gz", | 192 | path => "${home}/trader_${bot_version}.tar.gz", |
208 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", | 193 | source => "https://git.immae.eu/releases/cryptoportfolio/trader/trader_${bot_version}.tar.gz", |
209 | checksum_type => "sha256", | 194 | checksum_type => "sha256", |
210 | checksum => $bot_sha256, | 195 | checksum => $bot_sha256, |
211 | cleanup => false, | 196 | cleanup => false, |
212 | extract => true, | 197 | extract => true, |
213 | user => $cf_user, | 198 | user => $user, |
214 | username => $facts["ec2_metadata"]["hostname"], | 199 | username => $facts["ec2_metadata"]["hostname"], |
215 | password => generate_password(24, $password_seed, "ldap"), | 200 | password => generate_password(24, $password_seed, "ldap"), |
216 | extract_path => $cf_bot_app, | 201 | extract_path => $cf_bot_app, |
217 | require => [User[$cf_user], File[$cf_bot_app]], | 202 | require => [User["$user:"], File[$cf_bot_app]], |
218 | } ~> | 203 | } ~> |
219 | exec { "py-cryptoportfolio-dependencies": | 204 | exec { "py-cryptoportfolio-dependencies": |
220 | cwd => $cf_bot_app, | 205 | cwd => $cf_bot_app, |
221 | user => $cf_user, | 206 | user => $user, |
222 | environment => ["HOME=${cf_home}"], | 207 | environment => ["HOME=${home}"], |
223 | command => "/usr/bin/make install", | 208 | command => "/usr/bin/make install", |
224 | require => User[$cf_user], | 209 | require => User["$user:"], |
225 | refreshonly => true, | 210 | refreshonly => true, |
226 | before => [ | 211 | before => [ |
227 | File[$cf_bot_app_conf], | 212 | File[$cf_bot_app_conf], |
@@ -231,53 +216,53 @@ class role::cryptoportfolio { | |||
231 | } | 216 | } |
232 | 217 | ||
233 | file { $cf_bot_app_conf: | 218 | file { $cf_bot_app_conf: |
234 | owner => $cf_user, | 219 | owner => $user, |
235 | group => $cf_group, | 220 | group => $group, |
236 | mode => "0600", | 221 | mode => "0600", |
237 | content => template("role/cryptoportfolio/bot_config.ini.erb"), | 222 | content => template("role/cryptoportfolio/bot_config.ini.erb"), |
238 | require => [ | 223 | require => [ |
239 | User[$cf_user], | 224 | User["$user:"], |
240 | Archive["${cf_home}/trader_${bot_version}.tar.gz"], | 225 | Archive["${home}/trader_${bot_version}.tar.gz"], |
241 | ], | 226 | ], |
242 | } | 227 | } |
243 | 228 | ||
244 | cron { "py-cryptoportfolio-before": | 229 | cron { "py-cryptoportfolio-before": |
245 | ensure => present, | 230 | ensure => present, |
246 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before", | 231 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --before", |
247 | user => "cryptoportfolio", | 232 | user => $user, |
248 | weekday => 7, # Sunday | 233 | weekday => 7, # Sunday |
249 | hour => 22, | 234 | hour => 22, |
250 | minute => 30, | 235 | minute => 30, |
251 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 236 | environment => ["HOME=${home}","PATH=/usr/bin/"], |
252 | require => [ | 237 | require => [ |
253 | File[$cf_bot_app_conf], | 238 | File[$cf_bot_app_conf], |
254 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] | 239 | Archive["${home}/trader_${bot_version}.tar.gz"] |
255 | ], | 240 | ], |
256 | } | 241 | } |
257 | 242 | ||
258 | cron { "py-cryptoportfolio-after": | 243 | cron { "py-cryptoportfolio-after": |
259 | ensure => present, | 244 | ensure => present, |
260 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after", | 245 | command => "cd $cf_bot_app ; python main.py --config $cf_bot_app_conf --after", |
261 | user => "cryptoportfolio", | 246 | user => $user, |
262 | weekday => 1, # Monday | 247 | weekday => 1, # Monday |
263 | hour => 1, | 248 | hour => 1, |
264 | minute => 0, | 249 | minute => 0, |
265 | environment => ["HOME=${cf_home}","PATH=/usr/bin/"], | 250 | environment => ["HOME=${home}","PATH=/usr/bin/"], |
266 | require => [ | 251 | require => [ |
267 | File[$cf_bot_app_conf], | 252 | File[$cf_bot_app_conf], |
268 | Archive["${cf_home}/trader_${bot_version}.tar.gz"] | 253 | Archive["${home}/trader_${bot_version}.tar.gz"] |
269 | ], | 254 | ], |
270 | } | 255 | } |
271 | 256 | ||
272 | unless empty($cf_webhook_url) { | 257 | unless empty($webhook_url) { |
273 | exec { "bot-slack-notify": | 258 | exec { "bot-slack-notify": |
274 | refreshonly => true, | 259 | refreshonly => true, |
275 | environment => [ | 260 | environment => [ |
276 | "P_PROJECT=Trader", | 261 | "P_PROJECT=Trader", |
277 | "P_WEBHOOK=${cf_webhook_url}", | 262 | "P_WEBHOOK=${webhook_url}", |
278 | "P_VERSION=${bot_version}", | 263 | "P_VERSION=${bot_version}", |
279 | "P_HOST=${cf_front_app_host}", | 264 | "P_HOST=${web_host}", |
280 | "P_HTTPS=${cf_front_app_ssl}", | 265 | "P_HTTPS=${web_ssl}", |
281 | ], | 266 | ], |
282 | command => "/usr/local/bin/slack-notify", | 267 | command => "/usr/local/bin/slack-notify", |
283 | require => File["/usr/local/bin/slack-notify"], | 268 | require => File["/usr/local/bin/slack-notify"], |
@@ -291,22 +276,22 @@ class role::cryptoportfolio { | |||
291 | ensure_packages(["go", "npm", "nodejs", "yarn"]) | 276 | ensure_packages(["go", "npm", "nodejs", "yarn"]) |
292 | 277 | ||
293 | file { [ | 278 | file { [ |
294 | "${cf_home}/go/", | 279 | "${home}/go/", |
295 | "${cf_home}/go/src", | 280 | "${home}/go/src", |
296 | "${cf_home}/go/src/immae.eu", | 281 | "${home}/go/src/immae.eu", |
297 | "${cf_home}/go/src/immae.eu/Immae", | 282 | "${home}/go/src/immae.eu/Immae", |
298 | "${cf_home}/go/src/immae.eu/Immae/Projets", | 283 | "${home}/go/src/immae.eu/Immae/Projets", |
299 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", | 284 | "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", |
300 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", | 285 | "${home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", |
301 | $cf_front_app]: | 286 | $cf_front_app]: |
302 | ensure => "directory", | 287 | ensure => "directory", |
303 | mode => "0700", | 288 | mode => "0700", |
304 | owner => $cf_user, | 289 | owner => $user, |
305 | group => $cf_group, | 290 | group => $group, |
306 | require => User[$cf_user], | 291 | require => User["$user:"], |
307 | } | 292 | } |
308 | 293 | ||
309 | file { "${cf_home}/front": | 294 | file { "${home}/front": |
310 | ensure => "link", | 295 | ensure => "link", |
311 | target => $cf_front_app, | 296 | target => $cf_front_app, |
312 | before => File[$cf_front_app], | 297 | before => File[$cf_front_app], |
@@ -326,28 +311,28 @@ class role::cryptoportfolio { | |||
326 | subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]], | 311 | subscribe => [Exec["go-cryptoportfolio-app"], Exec["web-cryptoportfolio-build"]], |
327 | require => [ | 312 | require => [ |
328 | File["/etc/systemd/system/cryptoportfolio-app.service"], | 313 | File["/etc/systemd/system/cryptoportfolio-app.service"], |
329 | Postgresql::Server::Db[$cf_pg_db] | 314 | Postgresql::Server::Db[$pg_db] |
330 | ], | 315 | ], |
331 | } ~> | 316 | } ~> |
332 | exec { "dump $cf_pg_db structure": | 317 | exec { "dump $pg_db structure": |
333 | refreshonly => true, | 318 | refreshonly => true, |
334 | user => $::profile::postgresql::pg_user, | 319 | user => $::profile::postgresql::pg_user, |
335 | group => $::profile::postgresql::pg_user, | 320 | group => $::profile::postgresql::pg_user, |
336 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $cf_pg_db > /var/lib/postgres/${cf_pg_db}.schema", | 321 | command => "/usr/bin/pg_dump --schema-only --clean --no-publications $pg_db > /var/lib/postgres/${pg_db}.schema", |
337 | } | 322 | } |
338 | 323 | ||
339 | archive { "${cf_home}/front_${front_version}.tar.gz": | 324 | archive { "${home}/front_${front_version}.tar.gz": |
340 | path => "${cf_home}/front_${front_version}.tar.gz", | 325 | path => "${home}/front_${front_version}.tar.gz", |
341 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | 326 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", |
342 | checksum_type => "sha256", | 327 | checksum_type => "sha256", |
343 | checksum => $front_sha256, | 328 | checksum => $front_sha256, |
344 | cleanup => false, | 329 | cleanup => false, |
345 | extract => true, | 330 | extract => true, |
346 | user => $cf_user, | 331 | user => $user, |
347 | username => $facts["ec2_metadata"]["hostname"], | 332 | username => $facts["ec2_metadata"]["hostname"], |
348 | password => generate_password(24, $password_seed, "ldap"), | 333 | password => generate_password(24, $password_seed, "ldap"), |
349 | extract_path => $cf_front_app, | 334 | extract_path => $cf_front_app, |
350 | require => [User[$cf_user], File[$cf_front_app]], | 335 | require => [User["$user:"], File[$cf_front_app]], |
351 | notify => [ | 336 | notify => [ |
352 | Exec["web-cryptoportfolio-dependencies"], | 337 | Exec["web-cryptoportfolio-dependencies"], |
353 | Exec["go-get-dep"], | 338 | Exec["go-get-dep"], |
@@ -356,39 +341,39 @@ class role::cryptoportfolio { | |||
356 | 341 | ||
357 | # Api | 342 | # Api |
358 | file { $cf_front_app_api_conf: | 343 | file { $cf_front_app_api_conf: |
359 | owner => $cf_user, | 344 | owner => $user, |
360 | group => $cf_group, | 345 | group => $group, |
361 | mode => "0600", | 346 | mode => "0600", |
362 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | 347 | content => template("role/cryptoportfolio/api_conf.toml.erb"), |
363 | before => Exec["go-cryptoportfolio-app"], | 348 | before => Exec["go-cryptoportfolio-app"], |
364 | } | 349 | } |
365 | 350 | ||
366 | exec { "go-get-dep": | 351 | exec { "go-get-dep": |
367 | user => $cf_user, | 352 | user => $user, |
368 | environment => ["HOME=${cf_home}"], | 353 | environment => ["HOME=${home}"], |
369 | creates => "${cf_home}/go/bin/dep", | 354 | creates => "${home}/go/bin/dep", |
370 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | 355 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", |
371 | refreshonly => true, | 356 | refreshonly => true, |
372 | } ~> | 357 | } ~> |
373 | exec { "go-cryptoportfolio-dependencies": | 358 | exec { "go-cryptoportfolio-dependencies": |
374 | cwd => $cf_front_app, | 359 | cwd => $cf_front_app, |
375 | user => $cf_user, | 360 | user => $user, |
376 | environment => ["HOME=${cf_home}"], | 361 | environment => ["HOME=${home}"], |
377 | command => "${cf_home}/go/bin/dep ensure", | 362 | command => "${home}/go/bin/dep ensure", |
378 | refreshonly => true, | 363 | refreshonly => true, |
379 | } ~> | 364 | } ~> |
380 | exec { "go-cryptoportfolio-app": | 365 | exec { "go-cryptoportfolio-app": |
381 | cwd => $cf_front_app_api_workdir, | 366 | cwd => $cf_front_app_api_workdir, |
382 | user => $cf_user, | 367 | user => $user, |
383 | environment => ["HOME=${cf_home}"], | 368 | environment => ["HOME=${home}"], |
384 | command => "/usr/bin/make build", | 369 | command => "/usr/bin/make build", |
385 | refreshonly => true, | 370 | refreshonly => true, |
386 | } | 371 | } |
387 | 372 | ||
388 | # Static pages | 373 | # Static pages |
389 | file { $cf_front_app_static_conf: | 374 | file { $cf_front_app_static_conf: |
390 | owner => $cf_user, | 375 | owner => $user, |
391 | group => $cf_group, | 376 | group => $group, |
392 | mode => "0600", | 377 | mode => "0600", |
393 | content => template("role/cryptoportfolio/static_conf.env.erb"), | 378 | content => template("role/cryptoportfolio/static_conf.env.erb"), |
394 | before => Exec["web-cryptoportfolio-build"], | 379 | before => Exec["web-cryptoportfolio-build"], |
@@ -396,30 +381,30 @@ class role::cryptoportfolio { | |||
396 | 381 | ||
397 | exec { "web-cryptoportfolio-dependencies": | 382 | exec { "web-cryptoportfolio-dependencies": |
398 | cwd => "${cf_front_app}/cmd/web", | 383 | cwd => "${cf_front_app}/cmd/web", |
399 | user => $cf_user, | 384 | user => $user, |
400 | environment => ["HOME=${cf_home}"], | 385 | environment => ["HOME=${home}"], |
401 | command => "/usr/bin/make install", | 386 | command => "/usr/bin/make install", |
402 | refreshonly => true, | 387 | refreshonly => true, |
403 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | 388 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] |
404 | } ~> | 389 | } ~> |
405 | exec { "web-cryptoportfolio-build": | 390 | exec { "web-cryptoportfolio-build": |
406 | cwd => "${cf_front_app}/cmd/web", | 391 | cwd => "${cf_front_app}/cmd/web", |
407 | user => $cf_user, | 392 | user => $user, |
408 | environment => ["HOME=${cf_home}"], | 393 | environment => ["HOME=${home}"], |
409 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], | 394 | path => ["${cf_front_app}/cmd/web/node_modules/.bin/", "/usr/bin"], |
410 | command => "/usr/bin/make static ENV=${cf_env}", | 395 | command => "/usr/bin/make static ENV=${env}", |
411 | refreshonly => true, | 396 | refreshonly => true, |
412 | } | 397 | } |
413 | 398 | ||
414 | unless empty($cf_webhook_url) { | 399 | unless empty($webhook_url) { |
415 | exec { "front-slack-notify": | 400 | exec { "front-slack-notify": |
416 | refreshonly => true, | 401 | refreshonly => true, |
417 | environment => [ | 402 | environment => [ |
418 | "P_PROJECT=Front", | 403 | "P_PROJECT=Front", |
419 | "P_WEBHOOK=${cf_webhook_url}", | 404 | "P_WEBHOOK=${webhook_url}", |
420 | "P_VERSION=${front_version}", | 405 | "P_VERSION=${front_version}", |
421 | "P_HOST=${cf_front_app_host}", | 406 | "P_HOST=${web_host}", |
422 | "P_HTTPS=${cf_front_app_ssl}", | 407 | "P_HTTPS=${web_ssl}", |
423 | ], | 408 | ], |
424 | command => "/usr/local/bin/slack-notify", | 409 | command => "/usr/local/bin/slack-notify", |
425 | require => File["/usr/local/bin/slack-notify"], | 410 | require => File["/usr/local/bin/slack-notify"], |
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb index 13550c9..7a4b66d 100644 --- a/modules/role/templates/cryptoportfolio/api_conf.toml.erb +++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb | |||
@@ -1,15 +1,15 @@ | |||
1 | log_level="info" | 1 | log_level="info" |
2 | mode="<%= @cf_env %>" | 2 | mode="<%= @env %>" |
3 | log_out="stdout" | 3 | log_out="stdout" |
4 | 4 | ||
5 | [db] | 5 | [db] |
6 | user="<%= @cf_pg_user %>" | 6 | user="<%= @pg_user %>" |
7 | password="<%= @cf_pg_password %>" | 7 | password="<%= @pg_password %>" |
8 | database="<%= @cf_pg_db %>" | 8 | database="<%= @pg_db %>" |
9 | address="<%= @cf_pg_host %>" | 9 | address="<%= @pg_host %>" |
10 | 10 | ||
11 | [api] | 11 | [api] |
12 | domain="<%= @cf_front_app_host %>" | 12 | domain="<%= @web_host %>" |
13 | jwt_secret="<%= @cf_front_app_api_secret %>" | 13 | jwt_secret="<%= @cf_front_app_api_secret %>" |
14 | 14 | ||
15 | [app] | 15 | [app] |
diff --git a/modules/role/templates/cryptoportfolio/bot_config.ini.erb b/modules/role/templates/cryptoportfolio/bot_config.ini.erb index 30298eb..b0211a6 100644 --- a/modules/role/templates/cryptoportfolio/bot_config.ini.erb +++ b/modules/role/templates/cryptoportfolio/bot_config.ini.erb | |||
@@ -1,9 +1,9 @@ | |||
1 | [postgresql] | 1 | [postgresql] |
2 | host = <%= @cf_pg_hostname %> | 2 | host = <%= @pg_hostname %> |
3 | port = <%= @cf_pg_port %> | 3 | port = <%= @pg_port %> |
4 | user = <%= @cf_pg_user %> | 4 | user = <%= @pg_user %> |
5 | password = <%= @cf_pg_password %> | 5 | password = <%= @pg_password %> |
6 | database = <%= @cf_pg_db %> | 6 | database = <%= @pg_db %> |
7 | 7 | ||
8 | [app] | 8 | [app] |
9 | report_path = <%= @cf_bot_app_reports %> | 9 | report_path = <%= @cf_bot_app_reports %> |
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb index a521c0e..ed2b908 100644 --- a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb +++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | |||
@@ -5,8 +5,8 @@ Description=Cryptoportfolio app | |||
5 | Type=simple | 5 | Type=simple |
6 | 6 | ||
7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> | 7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> |
8 | User=<%= @cf_user %> | 8 | User=<%= @user %> |
9 | Group=<%= @cf_group %> | 9 | Group=<%= @group %> |
10 | UMask=007 | 10 | UMask=007 |
11 | 11 | ||
12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> | 12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> |
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb index db9759d..314ee14 100644 --- a/modules/role/templates/cryptoportfolio/static_conf.env.erb +++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb | |||
@@ -1,4 +1,4 @@ | |||
1 | API_HOST="<%= @cf_front_app_host %>" | 1 | API_HOST="<%= @web_host %>" |
2 | API_PORT="<%= @cf_front_app_port %>" | 2 | API_PORT="<%= @web_port %>" |
3 | API_HTTPS="<%= @cf_front_app_ssl %>" | 3 | API_HTTPS="<%= @web_ssl %>" |
4 | 4 | ||