summaryrefslogtreecommitdiff
path: root/puppet/modules/soledad/manifests/server.pp
blob: 06de8642dd67a6e185ad6922f6be156606e2b5b7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
class soledad::server {
  tag 'leap_service'
  include soledad

  $couchdb          = hiera('couch')
  $couchdb_host     = 'localhost'
  $couchdb_port     = '4096'
  $couchdb_user     = $couchdb['users']['soledad']['username']
  $couchdb_password = $couchdb['users']['soledad']['password']

  $x509      = hiera('x509')
  $x509_key  = $x509['key']
  $x509_cert = $x509['cert']
  $x509_ca   = $x509['ca_cert']

  x509::key { 'soledad':
    content => $x509_key,
    notify  => Service['soledad-server'];
  }

  x509::cert { 'soledad':
    content => $x509_cert,
    notify  => Service['soledad-server'];
  }

  x509::ca { 'soledad':
    content => $x509_ca,
    notify  => Service['soledad-server'];
  }

  #
  # SOLEDAD CONFIG
  #

  file { '/etc/leap/soledad-server.conf':
    content => template('soledad/soledad-server.conf.erb'),
    owner   => 'soledad',
    group   => 'soledad',
    mode    => '0600',
    notify  => Service['soledad-server'],
    require => Class['soledad'];
  }

  package { 'soledad-server':
    ensure => installed
  }

  file { '/etc/default/soledad':
    content => "CERT_PATH=/etc/x509/certs/soledad.crt\nPRIVKEY_PATH=/etc/x509/keys/soledad.key\n",
    require => Package['soledad-server']
  }

  service { 'soledad-server':
    ensure     => running,
    enable     => true,
    hasstatus  => true,
    hasrestart => true,
    require    => [ Class['soledad'], Package['soledad-server'] ];
  }

  include site_shorewall::soledad
}