[feat] Create-user-db: use couchdb admin rights

- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
  the soledad-admin user can read it

- Resolves: #7502

1 files changed, 14 insertions, 7 deletions

diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
index b71fab69..e437c8f2 100644
--- a/puppet/modules/soledad/manifests/server.pp
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -1,3 +1,4 @@
+# setup soledad-server
 class soledad::server {
   tag 'leap_service'
   include soledad
@@ -22,13 +23,19 @@ class soledad::server {
   # SOLEDAD CONFIG
   #
 
-  file { '/etc/leap/soledad-server.conf':
-    content => template('soledad/soledad-server.conf.erb'),
-    owner   => 'soledad',
-    group   => 'soledad',
-    mode    => '0600',
-    notify  => Service['soledad-server'],
-    require => Class['soledad'];
+  file {
+    '/etc/soledad':
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0755';
+    '/etc/soledad/soledad-server.conf':
+      content => template('soledad/soledad-server.conf.erb'),
+      owner   => 'soledad',
+      group   => 'soledad',
+      mode    => '0640',
+      notify  => Service['soledad-server'],
+      require => Class['soledad'];
   }
 
   package { $sources['soledad']['package']: