From 8c572ffbcb1941446f6c05cbaec4a7b2f5fd8ae8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Sun, 18 Jun 2023 18:41:38 +0200
Subject: Replace concourse with module.

---
 manifests/concourse.pp          | 89 -----------------------------------------
 manifests/concourse_complete.pp | 59 +++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 89 deletions(-)
 delete mode 100644 manifests/concourse.pp
 create mode 100644 manifests/concourse_complete.pp

(limited to 'manifests')

diff --git a/manifests/concourse.pp b/manifests/concourse.pp
deleted file mode 100644
index 7679106..0000000
--- a/manifests/concourse.pp
+++ /dev/null
@@ -1,89 +0,0 @@
-# @summary Sets up the Concourse CI/CD system
-#
-# TODO file modes for just about everything.
-#
-# https://concourse-ci.org/
-class profiles::concourse (
-  String $database_name = 'atc',
-  String $database_username = 'concourse',
-  String $database_password = extlib::cache_data('profiles', 'concourse_database_password', extlib::random_password(25)),
-
-  String $keydir = '/usr/lib/concourse',
-  String $session_signing_key = "${keydir}/session_signing_key",
-  String $tsa_host_key = "${keydir}/tsa_host_key",
-  String $worker_key = "${keydir}/worker_key",
-  String $authorized_worker_keys = "${keydir}/authorized_worker_keys",
-) {
-  ensure_packages([
-    'concourse',
-    'concourse-resource-types',
-    'concourse-fly-cli',
-  ])
-
-  include ::profiles::postgresql
-
-  postgresql::server::db { $database_name:
-    user     => $database_username,
-    password => $database_password,
-    grant    => 'all',
-    comment  => 'Concourse CI',
-  }
-
-  exec { 'Concourse generate signing key':
-    command => ['concourse', 'generate-key', '-t', 'rsa', '-f', $session_signing_key],
-    creates => $session_signing_key,
-    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
-  }
-
-  exec { 'Concourse generate TSA host key':
-    command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $tsa_host_key],
-    creates => $tsa_host_key,
-    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
-  }
-
-  exec { 'Concourse generate worker key':
-    command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $worker_key],
-    creates => $worker_key,
-    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
-  }
-
-  file { $authorized_worker_keys:
-    content   => $worker_key,
-    require   => Exec['Concourse generate worker key'],
-    subscribe => Exec['Concourse generate worker key'],
-  }
-
-  $env = {
-    'CONCOURSE_ADD_LOCAL_USER'       => 'hugo:password',
-    'CONCOURSE_MAIN_TEAM_LOCAL_USER' => 'hugo',
-
-    'CONCOURSE_SESSION_SIGNING_KEY'  => $session_signing_key,
-    'CONCOURSE_TSA_HOST_KEY'         => $tsa_host_key,
-    'CONCOURSE_TSA_AUTHORIZED_KEYS'  => $authorized_worker_keys,
-
-    'CONCOURSE_POSTGRES_USER'        => $database_username,
-    'CONCOURSE_POSTGRES_PASSWORD'    => $database_password,
-  }
-
-  $env_declarations = $env.map |$k, $v| { "${k}=${v}" }.join("\n")
-  $env_str = @("EOF")
-  # Environment file for concourse.service
-  # File managed by Puppet. Local changes WILL be overwritten.
-  ${env_declarations}
-  | EOF
-
-  file { '/etc/conf.d/concourse':
-    content => $env_str,
-  }
-
-  systemd::unit_file { 'concourse.service':
-    source => "puppet:///modules/${module_name}/concourse.service",
-  } ~> service { 'concourse':
-    ensure => running,
-    enable => true,
-  }
-
-  # concourse quickstart --worker-work-dir=/usr/local/data/concourse
-  #
-  # cat worker-key >> authorized-worker-keys
-}
diff --git a/manifests/concourse_complete.pp b/manifests/concourse_complete.pp
new file mode 100644
index 0000000..69f83b5
--- /dev/null
+++ b/manifests/concourse_complete.pp
@@ -0,0 +1,59 @@
+# @summary A complete concourse setup.
+#
+# Configures all components of a concourse setup.
+#
+# Session signing key is the one generated by
+#     concourse generate-key -t rsa -f session_signing_key
+#
+# The tsa key pair is the two files generated by
+#     concourse generate-key -t ssh -f worker_key
+class profiles::concourse_complete (
+  Sensitive[String] $session_signing_key,
+  Sensitive[String] $tsa_public_key,
+  Sensitive[String] $tsa_private_key,
+) {
+  class { '::concourse':
+    clusters => {
+      $concourse::default_cluster => {
+        # Database settings
+        'postgres_user'       => 'concourse',
+        'postgres_password'   => Sensitive(cache_data(
+          'profiles::concourse',
+          'postgres_password',
+          extlib::random_password(25)
+        )),
+        'db_name'             => "atc-${concourse::default_cluster}",
+        # worker settings
+        'external_domain'     => 'concourse.adrift.space',
+        'tsa_public_key'      => $tsa_public_key,
+        # Web settings
+        'tsa_private_key'     => $tsa_private_key,
+        'session_signing_key' => $session_signing_key,
+      },
+    },
+  }
+  include ::profiles::postgresql
+
+  concourse::database { 'Concourse Database':
+  }
+
+  include ::concourse::worker
+  include ::concourse::web
+
+  # Settings are gotten through hiera instead, all namespaced directly with
+  # `concourse::auth::ldap::`.
+  include ::concourse::auth::ldap
+
+  concourse::proxy::nginx { 'concourse.adrift.space':
+  }
+
+  include ::concourse::fly
+
+  @@dns::record { 'CNAME concourse.adrift.space.':
+    type  => 'CNAME',
+    zone  => 'adrift.space.',
+    key   => 'concourse',
+    value => 'gandalf.adrift.space.',
+  }
+
+}
-- 
cgit v1.2.3