diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/base_installation/files/cronie/puppet-post-merge | 2 | ||||
m--------- | modules/postgresql | 0 | ||||
-rw-r--r-- | modules/profile/manifests/postgresql.pp | 65 | ||||
-rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 14 |
4 files changed, 80 insertions, 1 deletions
diff --git a/modules/base_installation/files/cronie/puppet-post-merge b/modules/base_installation/files/cronie/puppet-post-merge index ac5e3ff..35fa2d7 100644 --- a/modules/base_installation/files/cronie/puppet-post-merge +++ b/modules/base_installation/files/cronie/puppet-post-merge | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | ## Run Puppet locally using puppet apply | 2 | ## Run Puppet locally using puppet apply |
3 | git submodule update --init | 3 | git submodule update --init |
4 | /usr/bin/puppet apply `pwd`/manifests/site.pp | 4 | /usr/bin/puppet apply --test `pwd`/manifests/site.pp |
5 | 5 | ||
6 | ## Log status of the Puppet run | 6 | ## Log status of the Puppet run |
7 | if [ $? -eq 0 ] | 7 | if [ $? -eq 0 ] |
diff --git a/modules/postgresql b/modules/postgresql new file mode 160000 | |||
Subproject 52ea030ad94397ba0d066c36c3028a255341f9f | |||
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp new file mode 100644 index 0000000..50e510e --- /dev/null +++ b/modules/profile/manifests/postgresql.pp | |||
@@ -0,0 +1,65 @@ | |||
1 | class profile::postgresql { | ||
2 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | ||
3 | |||
4 | class { '::postgresql::globals': | ||
5 | encoding => 'UTF-8', | ||
6 | locale => 'en_US.UTF-8', | ||
7 | pg_hba_conf_defaults => false, | ||
8 | } | ||
9 | |||
10 | # FIXME: get it from the postgresql module? | ||
11 | $pg_user = "postgres" | ||
12 | |||
13 | class { '::postgresql::client': } | ||
14 | |||
15 | # FIXME: postgresql module is buggy and doesn't create dir? | ||
16 | file { "/var/lib/postgres": | ||
17 | ensure => directory, | ||
18 | owner => $pg_user, | ||
19 | group => $pg_user, | ||
20 | before => File["/var/lib/postgres/data"], | ||
21 | require => Package["postgresql-server"], | ||
22 | } | ||
23 | |||
24 | class { '::postgresql::server': | ||
25 | postgres_password => generate_password(24, $password_seed, "postgres") | ||
26 | } | ||
27 | |||
28 | postgresql::server::pg_hba_rule { 'local access as postgres user': | ||
29 | description => 'Allow local access to postgres user', | ||
30 | type => 'local', | ||
31 | database => 'all', | ||
32 | user => $pg_user, | ||
33 | auth_method => 'ident', | ||
34 | order => "a1", | ||
35 | } | ||
36 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | ||
37 | description => 'Deny remote access to postgres user', | ||
38 | type => 'host', | ||
39 | database => 'all', | ||
40 | user => $pg_user, | ||
41 | address => "0.0.0.0/0", | ||
42 | auth_method => 'reject', | ||
43 | order => "a2", | ||
44 | } | ||
45 | |||
46 | postgresql::server::pg_hba_rule { 'local access': | ||
47 | description => 'Allow local access with password', | ||
48 | type => 'local', | ||
49 | database => 'all', | ||
50 | user => 'all', | ||
51 | auth_method => 'md5', | ||
52 | order => "b1", | ||
53 | } | ||
54 | |||
55 | postgresql::server::pg_hba_rule { 'local access with same name': | ||
56 | description => 'Allow local access with same name', | ||
57 | type => 'local', | ||
58 | database => 'all', | ||
59 | user => 'all', | ||
60 | auth_method => 'ident', | ||
61 | order => "b2", | ||
62 | } | ||
63 | |||
64 | } | ||
65 | |||
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp new file mode 100644 index 0000000..2755fee --- /dev/null +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -0,0 +1,14 @@ | |||
1 | class role::cryptoportfolio { | ||
2 | include "base_installation" | ||
3 | |||
4 | include "profile::postgresql" | ||
5 | |||
6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | ||
7 | |||
8 | postgresql::server::db { 'cryptoportfolio': | ||
9 | user => 'cryptoportfolio', | ||
10 | password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")), | ||
11 | } | ||
12 | |||
13 | ensure_packages("go") | ||
14 | } | ||