modules/shiori/manifests/init.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

class shiori (
  $port = 8080,
  Array[String] $group_members = [],
  Optional[Hash] $nginx = undef,
) {

  # on arch this is available through the aur
  package { 'shiori-bin':
    ensure => installed,
  }

  user { 'shiori':
    ensure => present,
    system => true,
    home   => '/var/www/shiori',
  }

  group { 'shiori':
    ensure  => present,
    members => $group_members,
  }

  file { '/var/www/shiori':
    ensure => directory,
    owner  => shiori,
    group  => shiori,
    mode   => '0750',
  }

  file { [
    '/var/www/shiori/archive',
    '/var/www/shiori/thumb',
  ] :
    ensure => directory,
    owner  => shiori,
    group  => shiori,
    mode   => '0770',
  }

  file { '/var/www/shiori/shiori.db':
    owner => 'shiori',
    group => 'shiori',
    mode  => '0660',
  }

  file { '/etc/systemd/system/shiori.service':
    ensure => file,
    source => 'puppet:///modules/shiori/shiori.service',
  }

  file { '/etc/conf.d/shiori':
    ensure  => 'file',
    content => @("EOF")
      # This file is managed by Puppet.
      # Editing it might also lead to inconsistencies with nginx
      PORT=${port}
      | EOF
  }

  service { 'shiori':
    ensure  => running,
    enable  => true,
    require => [
      File['/etc/systemd/system/shiori.service'],
      File['/etc/conf.d/shiori'],
    ],
  }

  # TODO only run this if Class['profiles::group_profile'] is loaded
  file { '/etc/profile.d/group.d/shiori':
    ensure  => file,
    content => "export SHIORI_DIR=/var/www/shiori\n",
  }

  if ($nginx) {
    $certname = $nginx['certname']
    nginx::resource::server { $nginx['server_name']:
      ipv6_enable          => true,
      ipv6_listen_options  => '',
      ssl                  => true,
      ssl_redirect         => true,
      ssl_cert             => "/etc/letsencrypt/live/${certname}/fullchain.pem",
      ssl_key              => "/etc/letsencrypt/live/${certname}/privkey.pem",
      www_root             => '/var/www/shiori',
      use_default_location => false,
    }

    nginx::resource::location { 'shiori /':
      location    => '/',
      proxy       => "http://[::]:$port",
      index_files => [],
      ssl         => true,
      ssl_only    => true,
      server      => $nginx['server_name'],
    }
  }
}