diff options
Diffstat (limited to '')
-rw-r--r-- | manifests/concourse_complete.pp | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/manifests/concourse_complete.pp b/manifests/concourse_complete.pp new file mode 100644 index 0000000..69f83b5 --- /dev/null +++ b/manifests/concourse_complete.pp @@ -0,0 +1,59 @@ +# @summary A complete concourse setup. +# +# Configures all components of a concourse setup. +# +# Session signing key is the one generated by +# concourse generate-key -t rsa -f session_signing_key +# +# The tsa key pair is the two files generated by +# concourse generate-key -t ssh -f worker_key +class profiles::concourse_complete ( + Sensitive[String] $session_signing_key, + Sensitive[String] $tsa_public_key, + Sensitive[String] $tsa_private_key, +) { + class { '::concourse': + clusters => { + $concourse::default_cluster => { + # Database settings + 'postgres_user' => 'concourse', + 'postgres_password' => Sensitive(cache_data( + 'profiles::concourse', + 'postgres_password', + extlib::random_password(25) + )), + 'db_name' => "atc-${concourse::default_cluster}", + # worker settings + 'external_domain' => 'concourse.adrift.space', + 'tsa_public_key' => $tsa_public_key, + # Web settings + 'tsa_private_key' => $tsa_private_key, + 'session_signing_key' => $session_signing_key, + }, + }, + } + include ::profiles::postgresql + + concourse::database { 'Concourse Database': + } + + include ::concourse::worker + include ::concourse::web + + # Settings are gotten through hiera instead, all namespaced directly with + # `concourse::auth::ldap::`. + include ::concourse::auth::ldap + + concourse::proxy::nginx { 'concourse.adrift.space': + } + + include ::concourse::fly + + @@dns::record { 'CNAME concourse.adrift.space.': + type => 'CNAME', + zone => 'adrift.space.', + key => 'concourse', + value => 'gandalf.adrift.space.', + } + +} |