5 files changed, 110 insertions, 0 deletions

diff --git a/puppet/modules/soledad/manifests/common.pp b/puppet/modules/soledad/manifests/common.pp
new file mode 100644
index 00000000..8a1d664a
--- /dev/null
+++ b/puppet/modules/soledad/manifests/common.pp
@@ -0,0 +1,10 @@
+class soledad::common {
+
+  include soledad
+
+  package { 'soledad-common':
+    ensure  => latest,
+    require => User['soledad']
+  }
+
+}
diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp
new file mode 100644
index 00000000..7cf0b729
--- /dev/null
+++ b/puppet/modules/soledad/manifests/init.pp
@@ -0,0 +1,29 @@
+class soledad {
+
+  group { 'soledad':
+    ensure    => present,
+    allowdupe => false;
+  }
+
+  user { 'soledad':
+    ensure    => present,
+    allowdupe => false,
+    gid       => 'soledad',
+    home      => '/srv/leap/soledad',
+    require   => Group['soledad'];
+  }
+
+  file {
+    '/srv/leap/soledad':
+      ensure  => directory,
+      owner   => 'soledad',
+      group   => 'soledad',
+      require => User['soledad'];
+
+    '/var/lib/soledad':
+      ensure  => directory,
+      owner   => 'soledad',
+      group   => 'soledad',
+      require => User['soledad'];
+  }
+}
diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
new file mode 100644
index 00000000..394e6032
--- /dev/null
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -0,0 +1,63 @@
+class soledad::server {
+  tag 'leap_service'
+  include soledad
+  include site_apt::preferences::twisted
+
+  $soledad           = hiera('soledad')
+  $couchdb_user      = $soledad['couchdb_soledad_user']['username']
+  $couchdb_password  = $soledad['couchdb_soledad_user']['password']
+
+  $couchdb_host = 'localhost'
+  $couchdb_port = '5984'
+
+  $soledad_port = $soledad['port']
+
+  include site_config::x509::cert
+  include site_config::x509::key
+  include site_config::x509::ca
+
+  #
+  # SOLEDAD CONFIG
+  #
+
+  file { '/etc/leap/soledad-server.conf':
+    content => template('soledad/soledad-server.conf.erb'),
+    owner   => 'soledad',
+    group   => 'soledad',
+    mode    => '0600',
+    notify  => Service['soledad-server'],
+    require => Class['soledad'];
+  }
+
+  package { 'soledad-server':
+    ensure  => latest,
+    require => [
+      Class['site_apt::preferences::twisted'],
+      Class['site_apt::leap_repo'] ];
+  }
+
+  file { '/etc/default/soledad':
+    content => template('soledad/default-soledad.erb'),
+    owner   => 'soledad',
+    group   => 'soledad',
+    mode    => '0600',
+    notify  => Service['soledad-server'],
+    require => Class['soledad'];
+  }
+
+  service { 'soledad-server':
+    ensure     => running,
+    enable     => true,
+    hasstatus  => true,
+    hasrestart => true,
+    require    => Class['soledad'],
+    subscribe  => [
+      Package['soledad-server'],
+      Class['Site_config::X509::Key'],
+      Class['Site_config::X509::Cert'],
+      Class['Site_config::X509::Ca'] ];
+  }
+
+  include site_shorewall::soledad
+  include site_check_mk::agent::soledad
+}
diff --git a/puppet/modules/soledad/templates/default-soledad.erb b/puppet/modules/soledad/templates/default-soledad.erb
new file mode 100644
index 00000000..32504e38
--- /dev/null
+++ b/puppet/modules/soledad/templates/default-soledad.erb
@@ -0,0 +1,5 @@
+# this file is managed by puppet
+START=yes
+CERT_PATH=<%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
+PRIVKEY_PATH=<%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
+HTTPS_PORT=<%=@soledad_port%>
diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
new file mode 100644
index 00000000..47d1f6e4
--- /dev/null
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -0,0 +1,3 @@
+[soledad-server]
+couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
+