1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# setup soledad-server
class soledad::server {
tag 'leap_service'
include ::site_config::default
include ::soledad::common
$soledad = hiera('soledad')
$couchdb_user = $soledad['couchdb_soledad_user']['username']
$couchdb_password = $soledad['couchdb_soledad_user']['password']
$couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username']
$couchdb_host = 'localhost'
$couchdb_port = '5984'
$soledad_port = $soledad['port']
$sources = hiera('sources')
include x509::variables
include site_config::x509::cert
include site_config::x509::key
include site_config::x509::ca
#
# SOLEDAD CONFIG
#
file {
'/etc/soledad':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755';
'/etc/soledad/soledad-server.conf':
content => template('soledad/soledad-server.conf.erb'),
owner => 'soledad',
group => 'soledad',
mode => '0640',
notify => Service['soledad-server'],
require => [ User['soledad'], Group['soledad'] ];
'/srv/leap/soledad':
ensure => directory,
owner => 'soledad',
group => 'soledad',
require => [ User['soledad'], Group['soledad'] ];
'/var/lib/soledad':
ensure => directory,
owner => 'soledad',
group => 'soledad',
require => [ User['soledad'], Group['soledad'] ];
}
package { $sources['soledad']['package']:
ensure => $sources['soledad']['revision'],
require => Class['site_apt::leap_repo'];
}
file { '/etc/default/soledad':
content => template('soledad/default-soledad.erb'),
owner => 'soledad',
group => 'soledad',
mode => '0600',
notify => Service['soledad-server'],
require => [ User['soledad'], Group['soledad'] ];
}
service { 'soledad-server':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
require => [ User['soledad'], Group['soledad'] ],
subscribe => [
Package['soledad-server'],
Class['Site_config::X509::Key'],
Class['Site_config::X509::Cert'],
Class['Site_config::X509::Ca'] ];
}
include site_shorewall::soledad
include site_check_mk::agent::soledad
# set up users, group and directories for soledad-server
# although the soledad users are already created by the
# soledad-server package
group { 'soledad':
ensure => present,
system => true,
}
user {
'soledad':
ensure => present,
system => true,
gid => 'soledad',
home => '/srv/leap/soledad',
require => Group['soledad'];
'soledad-admin':
ensure => present,
system => true,
gid => 'soledad',
home => '/srv/leap/soledad',
require => Group['soledad'];
}
}
|