class shiori ( $port = 8080, Array[String] $group_members = [], Optional[Hash] $nginx = undef, ) { # on arch this is available through the aur package { 'shiori-bin': ensure => installed, } user { 'shiori': ensure => present, system => true, home => '/var/www/shiori', } group { 'shiori': ensure => present, members => $group_members, } file { '/var/www/shiori': ensure => directory, owner => shiori, group => shiori, mode => '0750', } file { [ '/var/www/shiori/archive', '/var/www/shiori/thumb', ] : ensure => directory, owner => shiori, group => shiori, mode => '0770', } file { '/var/www/shiori/shiori.db': owner => 'shiori', group => 'shiori', mode => '0660', } file { '/etc/systemd/system/shiori.service': ensure => file, source => 'puppet:///modules/shiori/shiori.service', } file { '/etc/conf.d/shiori': ensure => 'file', content => @("EOF") # This file is managed by Puppet. # Editing it might also lead to inconsistencies with nginx PORT=${port} | EOF } service { 'shiori': ensure => running, enable => true, require => [ File['/etc/systemd/system/shiori.service'], File['/etc/conf.d/shiori'], ], } # TODO only run this if Class['profiles::group_profile'] is loaded file { '/etc/profile.d/group.d/shiori': ensure => file, content => "export SHIORI_DIR=/var/www/shiori\n", } if ($nginx) { $certname = $nginx['certname'] nginx::resource::server { $nginx['server_name']: ipv6_enable => true, ipv6_listen_options => '', ssl => true, ssl_redirect => true, ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", www_root => '/var/www/shiori', use_default_location => false, } nginx::resource::location { 'shiori /': location => '/', proxy => "http://[::]:$port", index_files => [], ssl => true, ssl_only => true, server => $nginx['server_name'], } } }