1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
class profiles::puppetboard {
# https://forge.puppet.com/modules/puppet/puppetboard/readme
# Configure Apache
class { 'apache':
default_vhost => false,
purge_configs => true,
}
$wsgi = $facts['os']['family'] ? {
'Debian' => {
package_name => 'libapache2-mod-wsgi-py3',
mod_path => '/usr/lib/apache2/modules/mod_wsgi.so',
},
default => {}
}
class { 'apache::mod::wsgi':
* => $wsgi,
}
# Configure puppetboard
class { 'puppetboard':
manage_git => true,
manage_virtualenv => true,
require => Class['puppetdb'],
puppetdb_port => 8080,
# Required for /metrics/ to work
puppetdb_host => '127.0.0.1',
enable_catalog => true,
python_loglevel => 'info',
offline_mode => true,
default_environment => '*',
}
class { '::profiles::letsencrypt':
provider => apache,
}
# Only set up TLS if we are ready. This allows us to bootstrap
# ourselves the next run.
$certname = lookup('certname')
if $certname and $facts['letsencrypt_directory'][$certname] {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 443,
ssl => true,
ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem",
ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem",
ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem",
}
apache::vhost { "http-redirect":
servername => $::fqdn,
port => 80,
redirect_source => ['/'],
redirect_dest => ["https://${::fqdn}/"],
redirect_status => ['permanent'],
docroot => false,
}
} else {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 80,
ssl => false,
}
}
}
|