diff options
Diffstat (limited to 'modules')
4 files changed, 159 insertions, 32 deletions
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 046b79e..0f26527 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -5,23 +5,43 @@ class role::cryptoportfolio { | |||
5 | 5 | ||
6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } |
7 | 7 | ||
8 | postgresql::server::db { 'cryptoportfolio': | 8 | $cf_pg_user = "cryptoportfolio" |
9 | user => 'cryptoportfolio', | 9 | $cf_pg_db = "cryptoportfolio" |
10 | password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")), | 10 | $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") |
11 | $cf_pg_host = "localhost:5432" | ||
12 | |||
13 | $cf_user = "cryptoportfolio" | ||
14 | $cf_group = "cryptoportfolio" | ||
15 | $cf_home = "/opt/cryptoportfolio" | ||
16 | $cf_env = "prod" | ||
17 | $cf_front_app_host = "cryptoportfolio.immae.eu" | ||
18 | $cf_front_app_port = "" | ||
19 | $cf_front_app_ssl = "false" | ||
20 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | ||
21 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" | ||
22 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" | ||
23 | $cf_front_app_api_conf = "${cf_home}/conf.toml" | ||
24 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") | ||
25 | |||
26 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" | ||
27 | |||
28 | postgresql::server::db { $cf_pg_db: | ||
29 | user => $cf_pg_user, | ||
30 | password => postgresql_password($cf_pg_user, $cf_pg_password) | ||
11 | } | 31 | } |
12 | 32 | ||
13 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': | 33 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': |
14 | type => 'host', | 34 | type => 'host', |
15 | database => 'cryptoportfolio', | 35 | database => $cf_pg_db, |
16 | user => 'cryptoportfolio', | 36 | user => $cf_pg_user, |
17 | address => '127.0.0.1/32', | 37 | address => '127.0.0.1/32', |
18 | auth_method => 'md5', | 38 | auth_method => 'md5', |
19 | order => "b0", | 39 | order => "b0", |
20 | } | 40 | } |
21 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 41 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
22 | type => 'host', | 42 | type => 'host', |
23 | database => 'cryptoportfolio', | 43 | database => $cf_pg_db, |
24 | user => 'cryptoportfolio', | 44 | user => $cf_pg_user, |
25 | address => '::1/128', | 45 | address => '::1/128', |
26 | auth_method => 'md5', | 46 | auth_method => 'md5', |
27 | order => "b0", | 47 | order => "b0", |
@@ -29,18 +49,16 @@ class role::cryptoportfolio { | |||
29 | 49 | ||
30 | class { 'nginx': } | 50 | class { 'nginx': } |
31 | 51 | ||
32 | nginx::resource::server { 'cryptoportfolio.immae.eu': | 52 | nginx::resource::server { $cf_front_app_host: |
33 | listen_port => 80, | 53 | listen_port => 80, |
34 | proxy => 'http://localhost:8000', | 54 | proxy => 'http://localhost:8000', |
35 | } | 55 | } |
36 | 56 | ||
37 | ensure_packages(["go", "npm", "nodejs", "yarn"]) | 57 | user { $cf_user: |
38 | 58 | name => $cf_user, | |
39 | user { "cryptoportfolio": | ||
40 | name => "cryptoportfolio", | ||
41 | ensure => "present", | 59 | ensure => "present", |
42 | managehome => true, | 60 | managehome => true, |
43 | home => "/opt/cryptoportfolio", | 61 | home => $cf_home, |
44 | system => true, | 62 | system => true, |
45 | password => '!!', | 63 | password => '!!', |
46 | } | 64 | } |
@@ -49,37 +67,112 @@ class role::cryptoportfolio { | |||
49 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } | 67 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } |
50 | 68 | ||
51 | unless empty($front_version) { | 69 | unless empty($front_version) { |
52 | file { "/opt/cryptoportfolio/front": | 70 | ensure_packages(["go", "npm", "nodejs", "yarn"]) |
53 | ensure => directory, | ||
54 | mode => "0700", | ||
55 | owner => "cryptoportfolio", | ||
56 | group => "cryptoportfolio", | ||
57 | } | ||
58 | 71 | ||
59 | file { "/opt/cryptoportfolio/front/${front_version}": | 72 | file { [ |
60 | ensure => directory, | 73 | "${cf_home}/go/", |
74 | "${cf_home}/go/src", | ||
75 | "${cf_home}/go/src/immae.eu", | ||
76 | "${cf_home}/go/src/immae.eu/Immae", | ||
77 | "${cf_home}/go/src/immae.eu/Immae/Projets", | ||
78 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", | ||
79 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", | ||
80 | $cf_front_app]: | ||
81 | ensure => "directory", | ||
61 | mode => "0700", | 82 | mode => "0700", |
62 | owner => "cryptoportfolio", | 83 | owner => $cf_user, |
63 | group => "cryptoportfolio", | 84 | group => $cf_group, |
64 | require => File["/opt/cryptoportfolio/front"], | 85 | require => User[$cf_user], |
65 | } | 86 | } |
66 | 87 | ||
67 | archive { "/opt/cryptoportfolio/front/${front_version}.tar.gz": | 88 | archive { "${cf_home}/${front_version}.tar.gz": |
68 | path => "/opt/cryptoportfolio/front/${front_version}.tar.gz", | 89 | path => "${cf_home}/${front_version}.tar.gz", |
69 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | 90 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", |
70 | creates => "/opt/cryptoportfolio/front/${front_version}/README.md", | ||
71 | checksum_type => "sha256", | 91 | checksum_type => "sha256", |
72 | checksum => $front_sha256, | 92 | checksum => $front_sha256, |
73 | cleanup => false, | 93 | cleanup => false, |
74 | extract => true, | 94 | extract => true, |
75 | extract_path => "/opt/cryptoportfolio/front/${front_version}", | 95 | user => "cryptoportfolio", |
76 | require => File["/opt/cryptoportfolio/front/${front_version}"], | 96 | extract_path => $cf_front_app, |
97 | require => [User[$cf_user], File[$cf_front_app]], | ||
77 | } | 98 | } |
78 | 99 | ||
79 | file { "/opt/cryptoportfolio/front/current": | 100 | file { "${cf_home}/front": |
80 | ensure => "link", | 101 | ensure => "link", |
81 | target => "/opt/cryptoportfolio/front/${front_version}", | 102 | target => $cf_front_app, |
82 | require => Archive["/opt/cryptoportfolio/front/${front_version}.tar.gz"] | 103 | require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"] |
104 | } | ||
105 | |||
106 | exec { "go-get-dep": | ||
107 | user => $cf_user, | ||
108 | environment => ["HOME=${cf_home}"], | ||
109 | creates => "${cf_home}/go/bin/dep", | ||
110 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | ||
111 | require => User[$cf_user], | ||
112 | } | ||
113 | |||
114 | exec { "go-cryptoportfolio-dependencies": | ||
115 | cwd => $cf_front_app, | ||
116 | user => $cf_user, | ||
117 | environment => ["HOME=${cf_home}"], | ||
118 | creates => "${cf_front_app}/vendor", | ||
119 | command => "${cf_home}/go/bin/dep ensure", | ||
120 | require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]], | ||
121 | } | ||
122 | |||
123 | exec { "go-cryptoportfolio-app": | ||
124 | cwd => $cf_front_app_api_workdir, | ||
125 | user => $cf_user, | ||
126 | environment => ["HOME=${cf_home}"], | ||
127 | creates => $cf_front_app_api_bin, | ||
128 | command => "/usr/bin/make build", | ||
129 | require => Exec["go-cryptoportfolio-dependencies"], | ||
130 | } | ||
131 | |||
132 | file { "/etc/systemd/system/cryptoportfolio-app.service": | ||
133 | mode => "0644", | ||
134 | owner => "root", | ||
135 | group => "root", | ||
136 | content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"), | ||
137 | } ~> exec { 'systemctl deamon-reload': | ||
138 | command => '/usr/bin/systemctl daemon-reload', | ||
139 | refreshonly => true | ||
140 | } | ||
141 | |||
142 | service { 'cryptoportfolio-app': | ||
143 | enable => true, | ||
144 | ensure => "running", | ||
145 | require => [File["/etc/systemd/system/cryptoportfolio-app.service"]], | ||
146 | } | ||
147 | |||
148 | file { $cf_front_app_api_conf: | ||
149 | owner => $cf_user, | ||
150 | group => $cf_group, | ||
151 | mode => "0600", | ||
152 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | ||
153 | } | ||
154 | |||
155 | file { $cf_front_app_static_conf: | ||
156 | owner => $cf_user, | ||
157 | group => $cf_group, | ||
158 | mode => "0600", | ||
159 | content => template("role/cryptoportfolio/static_conf.env.erb"), | ||
160 | } | ||
161 | |||
162 | exec { "web-cryptoportfolio-dependencies": | ||
163 | cwd => "${cf_front_app}/cmd/web", | ||
164 | environment => ["HOME=${cf_home}"], | ||
165 | command => "/usr/bin/make install", | ||
166 | creates => "${cf_front_app}/cmd/web/node_modules", | ||
167 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | ||
168 | } | ||
169 | |||
170 | exec { "web-cryptoportfolio-build": | ||
171 | cwd => "${cf_front_app}/cmd/web", | ||
172 | environment => ["HOME=${cf_home}"], | ||
173 | command => "/usr/bin/make static ENV=${cf_env}", | ||
174 | creates => "${cf_front_app}/cmd/web/build/static", | ||
175 | require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]] | ||
83 | } | 176 | } |
84 | } | 177 | } |
85 | 178 | ||
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb new file mode 100644 index 0000000..13550c9 --- /dev/null +++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb | |||
@@ -0,0 +1,16 @@ | |||
1 | log_level="info" | ||
2 | mode="<%= @cf_env %>" | ||
3 | log_out="stdout" | ||
4 | |||
5 | [db] | ||
6 | user="<%= @cf_pg_user %>" | ||
7 | password="<%= @cf_pg_password %>" | ||
8 | database="<%= @cf_pg_db %>" | ||
9 | address="<%= @cf_pg_host %>" | ||
10 | |||
11 | [api] | ||
12 | domain="<%= @cf_front_app_host %>" | ||
13 | jwt_secret="<%= @cf_front_app_api_secret %>" | ||
14 | |||
15 | [app] | ||
16 | public_dir="../web/build/static" | ||
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb new file mode 100644 index 0000000..a521c0e --- /dev/null +++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | |||
@@ -0,0 +1,14 @@ | |||
1 | [Unit] | ||
2 | Description=Cryptoportfolio app | ||
3 | |||
4 | [Service] | ||
5 | Type=simple | ||
6 | |||
7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> | ||
8 | User=<%= @cf_user %> | ||
9 | Group=<%= @cf_group %> | ||
10 | UMask=007 | ||
11 | |||
12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> | ||
13 | |||
14 | Restart=on-failure | ||
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb new file mode 100644 index 0000000..db9759d --- /dev/null +++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb | |||
@@ -0,0 +1,4 @@ | |||
1 | API_HOST="<%= @cf_front_app_host %>" | ||
2 | API_PORT="<%= @cf_front_app_port %>" | ||
3 | API_HTTPS="<%= @cf_front_app_ssl %>" | ||
4 | |||