aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/base_installation/files/cronie/puppet-post-merge2
m---------modules/postgresql0
-rw-r--r--modules/profile/manifests/postgresql.pp65
-rw-r--r--modules/role/manifests/cryptoportfolio.pp14
4 files changed, 80 insertions, 1 deletions
diff --git a/modules/base_installation/files/cronie/puppet-post-merge b/modules/base_installation/files/cronie/puppet-post-merge
index ac5e3ff..35fa2d7 100644
--- a/modules/base_installation/files/cronie/puppet-post-merge
+++ b/modules/base_installation/files/cronie/puppet-post-merge
@@ -1,7 +1,7 @@
1#!/bin/bash 1#!/bin/bash
2## Run Puppet locally using puppet apply 2## Run Puppet locally using puppet apply
3git submodule update --init 3git submodule update --init
4/usr/bin/puppet apply `pwd`/manifests/site.pp 4/usr/bin/puppet apply --test `pwd`/manifests/site.pp
5 5
6## Log status of the Puppet run 6## Log status of the Puppet run
7if [ $? -eq 0 ] 7if [ $? -eq 0 ]
diff --git a/modules/postgresql b/modules/postgresql
new file mode 160000
Subproject 52ea030ad94397ba0d066c36c3028a255341f9f
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
new file mode 100644
index 0000000..50e510e
--- /dev/null
+++ b/modules/profile/manifests/postgresql.pp
@@ -0,0 +1,65 @@
1class profile::postgresql {
2 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
3
4 class { '::postgresql::globals':
5 encoding => 'UTF-8',
6 locale => 'en_US.UTF-8',
7 pg_hba_conf_defaults => false,
8 }
9
10 # FIXME: get it from the postgresql module?
11 $pg_user = "postgres"
12
13 class { '::postgresql::client': }
14
15 # FIXME: postgresql module is buggy and doesn't create dir?
16 file { "/var/lib/postgres":
17 ensure => directory,
18 owner => $pg_user,
19 group => $pg_user,
20 before => File["/var/lib/postgres/data"],
21 require => Package["postgresql-server"],
22 }
23
24 class { '::postgresql::server':
25 postgres_password => generate_password(24, $password_seed, "postgres")
26 }
27
28 postgresql::server::pg_hba_rule { 'local access as postgres user':
29 description => 'Allow local access to postgres user',
30 type => 'local',
31 database => 'all',
32 user => $pg_user,
33 auth_method => 'ident',
34 order => "a1",
35 }
36 postgresql::server::pg_hba_rule { 'deny access to postgresql user':
37 description => 'Deny remote access to postgres user',
38 type => 'host',
39 database => 'all',
40 user => $pg_user,
41 address => "0.0.0.0/0",
42 auth_method => 'reject',
43 order => "a2",
44 }
45
46 postgresql::server::pg_hba_rule { 'local access':
47 description => 'Allow local access with password',
48 type => 'local',
49 database => 'all',
50 user => 'all',
51 auth_method => 'md5',
52 order => "b1",
53 }
54
55 postgresql::server::pg_hba_rule { 'local access with same name':
56 description => 'Allow local access with same name',
57 type => 'local',
58 database => 'all',
59 user => 'all',
60 auth_method => 'ident',
61 order => "b2",
62 }
63
64}
65
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
new file mode 100644
index 0000000..2755fee
--- /dev/null
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -0,0 +1,14 @@
1class role::cryptoportfolio {
2 include "base_installation"
3
4 include "profile::postgresql"
5
6 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
7
8 postgresql::server::db { 'cryptoportfolio':
9 user => 'cryptoportfolio',
10 password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")),
11 }
12
13 ensure_packages("go")
14}