1 files changed, 59 insertions, 0 deletions

diff --git a/manifests/concourse_complete.pp b/manifests/concourse_complete.pp
new file mode 100644
index 0000000..69f83b5
--- /dev/null
+++ b/manifests/concourse_complete.pp
@@ -0,0 +1,59 @@
+# @summary A complete concourse setup.
+#
+# Configures all components of a concourse setup.
+#
+# Session signing key is the one generated by
+#     concourse generate-key -t rsa -f session_signing_key
+#
+# The tsa key pair is the two files generated by
+#     concourse generate-key -t ssh -f worker_key
+class profiles::concourse_complete (
+  Sensitive[String] $session_signing_key,
+  Sensitive[String] $tsa_public_key,
+  Sensitive[String] $tsa_private_key,
+) {
+  class { '::concourse':
+    clusters => {
+      $concourse::default_cluster => {
+        # Database settings
+        'postgres_user'       => 'concourse',
+        'postgres_password'   => Sensitive(cache_data(
+          'profiles::concourse',
+          'postgres_password',
+          extlib::random_password(25)
+        )),
+        'db_name'             => "atc-${concourse::default_cluster}",
+        # worker settings
+        'external_domain'     => 'concourse.adrift.space',
+        'tsa_public_key'      => $tsa_public_key,
+        # Web settings
+        'tsa_private_key'     => $tsa_private_key,
+        'session_signing_key' => $session_signing_key,
+      },
+    },
+  }
+  include ::profiles::postgresql
+
+  concourse::database { 'Concourse Database':
+  }
+
+  include ::concourse::worker
+  include ::concourse::web
+
+  # Settings are gotten through hiera instead, all namespaced directly with
+  # `concourse::auth::ldap::`.
+  include ::concourse::auth::ldap
+
+  concourse::proxy::nginx { 'concourse.adrift.space':
+  }
+
+  include ::concourse::fly
+
+  @@dns::record { 'CNAME concourse.adrift.space.':
+    type  => 'CNAME',
+    zone  => 'adrift.space.',
+    key   => 'concourse',
+    value => 'gandalf.adrift.space.',
+  }
+
+}