From a3e2822e3f459c5e8eda6e7bd049c37d76570548 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 3 May 2023 03:36:45 +0200
Subject: Puppetboard remove wsgi setup.

This was added by 9.0.0 of the actual module.
---
 manifests/puppetboard.pp | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index b9f1337..ca42c88 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -6,18 +6,6 @@ class profiles::puppetboard {
     purge_configs => true,
   }
 
-  $wsgi = $facts['os']['family'] ? {
-    'Debian' => {
-      package_name => 'libapache2-mod-wsgi-py3',
-      mod_path     => '/usr/lib/apache2/modules/mod_wsgi.so',
-    },
-    default  => {}
-  }
-
-  class { 'apache::mod::wsgi':
-    * => $wsgi,
-  }
-
   # Configure puppetboard
 
   class { 'puppetboard':
-- 
cgit v1.2.3


From a4a8c54261b41589faabe9e05ef703f03f3c5a3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 3 May 2023 10:57:47 +0200
Subject: Puppetboard: allow foreign puppetdb.

---
 manifests/puppetboard.pp | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index ca42c88..9b57038 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -1,4 +1,18 @@
-class profiles::puppetboard {
+# @summary configures a puppetborad server, fronted by apache2
+#
+# A parameter $ensure
+# (`Enum['present', 'absent'] $ensure = 'present'`)
+# would be nice, but class['Apache'] doesn't have that parameter,
+# making this a moot point
+#
+# @param puppetdb_host
+#   Host to connect for puppetdb
+# @param puppetdb_port
+#   Port to connect for puppetdb
+class profiles::puppetboard (
+  String $puppetdb_host,
+  Stdlib::Port $puppetdb_port,
+) {
   # https://forge.puppet.com/modules/puppet/puppetboard/readme
   # Configure Apache
   class { 'apache':
@@ -12,9 +26,9 @@ class profiles::puppetboard {
     manage_git        => true,
     manage_virtualenv => true,
     require           => Class['puppetdb'],
-    puppetdb_port     => 8080,
+    puppetdb_port     => $puppetdb_port,
     # Required for /metrics/ to work
-    puppetdb_host       => '127.0.0.1',
+    puppetdb_host       => $puppetdb_host,
     enable_catalog      => true,
     python_loglevel     => 'info',
     offline_mode        => true,
-- 
cgit v1.2.3


From 22ab33d5d6b436f75e0ae8f76c32c56a5cffee61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 3 May 2023 11:05:02 +0200
Subject: Puppetboard: Change require to after on puppetdb

Require disables us from running them on different nodes. This will
hopefully allow them to run on different nodes, but maintain their
relative order if run on the same node.
---
 manifests/puppetboard.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index 9b57038..6d49da8 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -25,7 +25,7 @@ class profiles::puppetboard (
   class { 'puppetboard':
     manage_git        => true,
     manage_virtualenv => true,
-    require           => Class['puppetdb'],
+    after             => Class['puppetdb'],
     puppetdb_port     => $puppetdb_port,
     # Required for /metrics/ to work
     puppetdb_host       => $puppetdb_host,
-- 
cgit v1.2.3


From 6f0806ec2643cb28646d9b0b31bd2c4f07fbfc9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 3 May 2023 11:08:46 +0200
Subject: See last commit for rationalle.

---
 manifests/puppetboard.pp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index 6d49da8..acb7330 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -25,7 +25,6 @@ class profiles::puppetboard (
   class { 'puppetboard':
     manage_git        => true,
     manage_virtualenv => true,
-    after             => Class['puppetdb'],
     puppetdb_port     => $puppetdb_port,
     # Required for /metrics/ to work
     puppetdb_host       => $puppetdb_host,
@@ -35,6 +34,10 @@ class profiles::puppetboard (
     default_environment => '*',
   }
 
+  if defined(Class['puppetdb']) {
+    Class['puppetdb'] -> Class['puppetboard']
+  }
+
   class { '::profiles::letsencrypt':
     provider => apache,
   }
-- 
cgit v1.2.3


From 84f87c91acfc468582cc7ae0ba46881191d9a5f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 12 Jun 2023 16:35:10 +0200
Subject: Puppetboard fix linter errors.

---
 manifests/puppetboard.pp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index acb7330..6a351a3 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -23,9 +23,9 @@ class profiles::puppetboard (
   # Configure puppetboard
 
   class { 'puppetboard':
-    manage_git        => true,
-    manage_virtualenv => true,
-    puppetdb_port     => $puppetdb_port,
+    manage_git          => true,
+    manage_virtualenv   => true,
+    puppetdb_port       => $puppetdb_port,
     # Required for /metrics/ to work
     puppetdb_host       => $puppetdb_host,
     enable_catalog      => true,
@@ -55,7 +55,7 @@ class profiles::puppetboard (
       ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
     }
 
-    apache::vhost { "http-redirect":
+    apache::vhost { 'http-redirect':
       servername      => $::fqdn,
       port            => 80,
       redirect_source => ['/'],
-- 
cgit v1.2.3


From d7d93b511b8a99159a080782220e91b24549db91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 12 Jun 2023 18:03:27 +0200
Subject: Update puppetboard to new certbot.

---
 manifests/puppetboard.pp | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index 6a351a3..a33c02b 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -5,11 +5,16 @@
 # would be nice, but class['Apache'] doesn't have that parameter,
 # making this a moot point
 #
+# TODO apt install python3-venv
+#
+# @param server_name
+#   Published name of the server
 # @param puppetdb_host
 #   Host to connect for puppetdb
 # @param puppetdb_port
 #   Port to connect for puppetdb
 class profiles::puppetboard (
+  String $server_name,
   String $puppetdb_host,
   Stdlib::Port $puppetdb_port,
 ) {
@@ -22,6 +27,9 @@ class profiles::puppetboard (
 
   # Configure puppetboard
 
+  include ::letsencrypt
+  # include ::profiles::certificate
+
   class { 'puppetboard':
     manage_git          => true,
     manage_virtualenv   => true,
@@ -38,21 +46,23 @@ class profiles::puppetboard (
     Class['puppetdb'] -> Class['puppetboard']
   }
 
-  class { '::profiles::letsencrypt':
-    provider => apache,
+  # Don't use "global" certificate, since that probably probably
+  # requies nginx
+  letsencrypt::cert { $server_name:
+    domains       => [ $server_name ],
+    authenticator => 'apache',
+    config        => {
+      'post-hook' => 'apache2ctl restart',
+    }
   }
 
   # Only set up TLS if we are ready. This allows us to bootstrap
   # ourselves the next run.
-  $certname = lookup('certname')
-  if $certname and $facts['letsencrypt_directory'][$certname] {
+  if $facts['letsencrypt_directory'][$server_name] {
     class { 'puppetboard::apache::vhost':
       vhost_name => $::fqdn,
       port       => 443,
-      ssl        => true,
-      ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
-      ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
-      ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+      *          => letsencrypt::conf::apache($server_name),
     }
 
     apache::vhost { 'http-redirect':
-- 
cgit v1.2.3