diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-10-05 14:24:45 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-10-20 02:18:10 +0200 |
| commit | 0b8b2b0b4477eb837842096f76e8d6ae670b30c2 (patch) | |
| tree | 632f2ba5c1a82ea3155dbfef815c4e1e421f18ef | |
| parent | Freebsd work. (diff) | |
| download | profiles-0b8b2b0b4477eb837842096f76e8d6ae670b30c2.tar.gz profiles-0b8b2b0b4477eb837842096f76e8d6ae670b30c2.tar.xz | |
Add transient puppetboard2 in FreeBSD porting work.
| -rw-r--r-- | manifests/certificate.pp | 4 | ||||
| -rw-r--r-- | manifests/puppetboard2.pp | 80 |
2 files changed, 82 insertions, 2 deletions
diff --git a/manifests/certificate.pp b/manifests/certificate.pp index 829ae37..c3be0b9 100644 --- a/manifests/certificate.pp +++ b/manifests/certificate.pp @@ -2,7 +2,7 @@ # Should preferably be included before a letsencrypt::domain resource # is declared. class profiles::certificate ( - String $cert_name = $::fqdn, + String $cert_name = $trusted['hostname'], Letsencrypt::Authenticator $authenticator = 'nginx', Hash[String,Any] $config = { # more portable than 'systemctl reload nginx' @@ -12,7 +12,7 @@ class profiles::certificate ( include ::letsencrypt letsencrypt::cert { $cert_name: - domains => [ $::fqdn, ], + domains => [ $trusted['hostname'], ], authenticator => $authenticator, config => $config, } diff --git a/manifests/puppetboard2.pp b/manifests/puppetboard2.pp new file mode 100644 index 0000000..6bab407 --- /dev/null +++ b/manifests/puppetboard2.pp @@ -0,0 +1,80 @@ +class profiles::puppetboard2 ( +) { + + file { '/srv': + ensure => directory, + } + + class { 'puppetboard': + manage_git => true, + manage_virtualenv => false, + install_from => 'package', + puppetdb_port => 8080, + # Required for /metrics/ to work + puppetdb_host => 'puppet.adrift.space', + enable_catalog => true, + python_loglevel => 'info', + offline_mode => true, + default_environment => '*', + } + + include ::nginx + include ::profiles::certificate + + letsencrypt::domain { 'puppetboard.adrift.space': + # cert_name => $profiles::certificate::cert_name, + cert_name => 'puppetboard.adrift.space', + } + + ensure_packages(['uwsgi-py39']) + + # uwsgi --socket /tmp/uwsgi-puppetboard --master --uid uwsgi --wsgi-file /usr/local/www/puppetboard/wsgi.py + + nginx::resource::server { 'puppetboard.adrift.space': + ipv6_enable => true, + ipv6_listen_options => '', + www_root => '/', + use_default_location => false, + * => letsencrypt::conf::nginx('puppetboard.adrift.space'), + } + + $uwsgi_sock = '/var/run/uwsgi.sock' + + if $facts['letsencrypt_directory']['puppetboard.adrift.space'] { + nginx::resource::location { + default: + server => 'puppetboard.adrift.space', + ssl => true, + ssl_only => true, + index_files => [], + ; + 'puppetboard.adrift.space - puppetboard /': + location => '/', + uwsgi => "unix:${uwsgi_sock}", + uwsgi_param => { + 'UWSGI_FILE' => '/usr/local/www/puppetboard/wsgi.py', + 'Host' => '$host', + 'X-Real-Ip' => '$remote_addr', + 'X-Forwarded-For' => '$proxy_add_x_forwarded_for', + 'X-Forwarded-Proto' => '$http_x_forwarded_proto', + }, + } + } + + # The following is extremeley BSD specific, also, uwsgi should be managed separately. + + ensure_packages(['uwsgi-py39']) + + service { 'uwsgi': + ensure => running, + enable => true, + } + + file { '/etc/rc.conf.d/uwsgi': + content => @("EOF") + # Added by Puppet + uwsgi_socket=${uwsgi_sock} + | EOF + } + +} |