summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-02 20:19:14 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-02 21:11:01 +0200
commitf69a10d21a05d2857a7335ebf14562c99d3814a4 (patch)
treec32eb31359d46700ab79684423569daab19787b9
parenta62daa7235acef7d6a8d7a71a8e378b357a044fe (diff)
downloadcacert-puppet-f69a10d21a05d2857a7335ebf14562c99d3814a4.tar.gz
cacert-puppet-f69a10d21a05d2857a7335ebf14562c99d3814a4.tar.xz
cacert-puppet-f69a10d21a05d2857a7335ebf14562c99d3814a4.zip
Setup cacert-boardvoting configuration on motion
- write config file - add certificate and private key for TLS - add trusted certificate - start cacert-boardvoting service
-rw-r--r--hieradata/nodes/motion.yaml221
-rw-r--r--sitemodules/profiles/manifests/cacert_boardvoting.pp91
-rw-r--r--sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp24
3 files changed, 334 insertions, 2 deletions
diff --git a/hieradata/nodes/motion.yaml b/hieradata/nodes/motion.yaml
index 15de6c6..c719c08 100644
--- a/hieradata/nodes/motion.yaml
+++ b/hieradata/nodes/motion.yaml
@@ -14,3 +14,224 @@ profiles::icinga2_agent::pki_ticket: >
pINd2zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBFDA0rqy9ELGvgfhPS
826ogDClIoHwcGV6JFe+nACOgye8JBdCkvUJmlEdPUawmLrjto1ZtVHHsCks
XJx1XYBR3vY=]
+profiles::cacert_boardvoting::cookie_secret: >
+ ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAH+GZS+H+iQKPzWUCsOXE/Lc8V5qIYleMqHZH
+ 93LcnFX0m9gY6CEEDkSzlcnrtyPUsMGubmb6lIJ1zvFLxhf1HNCkJzzDxj6G
+ X6cbP32QDDO7q/Gs961nuVCW2t7JysiZ+WHXTOzb5u3kHDXkdugOpxkZC19k
+ Z/K7u1RFn2kxiLziWWyla6t8oCjyIfR43XeckSpHskRKS29baVKLRSz9qlFX
+ saQy/KpnxNpPmIASpYOmNO8NcU7Fzfo1QfnNkjFpwxh4SbVI4CvhVWX1WdU6
+ koP5e3qETucQa4eTgCS8ZwNN8IWkPMgKr+bWjYSdAI6M9pjZ2hkOfxstQ0tu
+ HRjC/zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBkBZdsVnxBj8ejMMe+
+ lY7ygDA6eB64BpOOfiTQ2gdnHagIv9JeFwW9wGaD6wc+HZKfu5UKEFlkpkMg
+ M9wxxAhBUlc=]
+profiles::cacert_boardvoting::csrf_key: >
+ ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAIrQdj2r/LUGR929i202pTLTvG6vplBCOkZ3f
+ /29l5wR1aajD0Kz8Jfs14PAO0a5IEksQwf875uJPKjOCWZS+WlJgrpqGHXt1
+ OU89MN0ZmhsNtejQq355WmG2sY5z7PO/xfUcEAYuOcZO5a89Mitf18v+dRqy
+ UEpXHsvlUI/5wCz2KNqL7BCkd/50Z+TE4OGPM4bZzvio48tUZhBMLHDUU3hr
+ PQsOhih8y1qoDdFUvypp9SIqF5VWX+I9v1qhcnYpPGc2nQLEpSs9Wp3xMJhm
+ owKy6zxmO2/0GUVMX6NQaIk6XLthHVgW7au3wPC5WV0pVxBgXQxDQFuWSN7W
+ BUkT9DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCYfwhgtuCfhI8cy/Lr
+ /jX1gDDj1Mft02q1naNtqZy5rVQSTdbsiaN2LbufDSFaSyOKWkRcGEBXvtzx
+ g9VtuODC3gU=]
+profiles::cacert_boardvoting::server_private_key: >
+ ENC[PKCS7,MIIOPQYJKoZIhvcNAQcDoIIOLjCCDioCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAStUTFbQnEHcB1BmtsNJr5BCMrexVYY6lylNy
+ IO5Jf8zxurV6DrcZpWboxI/bqpFYuFWhFC7L8cIU8Tm+gyQfQTasOikV8Q80
+ g3yCeMmtaQjoT0fiJlA5qShoKckim6Vj1PUdmU2yOl+BVrGynoW3dJVlVw1B
+ m1wsQ4hYQlGVf5rG8YSso83nDfTJK5Mlz85aknFsjHcuWQPUsEDbyW1eAj4E
+ UDvmbMcaEMCNzWwl+zA8W/a+WVEpFc3WdRmQYhOitRgH2qOzbr3yDNBHp25H
+ 7aiPfoZBJ8D3+ItxS5rvLHVrORMO9OnUoIWayVYUe+VEZMY3Gr0qwJejW+wo
+ cnpbZjCCDP4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJVq5dybSDLtpCVJ
+ ROWseUWAggzQLmRQv67ATFzorWp3kG7lkcgtFPoUcXlnuVXddGC2hKI+IxNL
+ +BKyF47DCYwfioSraopp/+vNMakbpvxMH9FcTZZ2t1omEjsHQVnSiOiAKGbC
+ NnQZnmx4R7wGurNpNx6YyaRk1R3GVgO10FSAgzEIRjaYjLAY9c10G2OA1fbo
+ iHVrS6rwOFWOf2CSiT7GQkqxAFf0kdYmAnHMdO8MquedngC2/8oV2rAhKTaY
+ tt5aJPXRjTfYeCKTe9+KO0UqAc3kQxNDqFnrVzxeCbAw1vhjVivKHAWsy78O
+ ahIBuZ43MCCqwJyinqBzt0Jwim00PUO9YhhOvO5LSIbamMxrYYqP1iT+sJTx
+ dtM5ZVXC7qmFWwbd+PHmDBM1oMS9cy0ZstA5MZS9o5bZmc3+nTGzSMNUr8Fa
+ ifr/e2j8VyFwo/WcIrkwKJsR9HHeEYgRbXSYzY0Z0BQLU499OISWWobM9VNB
+ bhUGh4MHFxxn2/m7ZIEMcl+1TagYfbGu2Ty/xQ7O+c6F6gMqQkPbZ1zuqOtM
+ hrz/gl3GvQ2IyzadkB8em4TChehDCVWjifupUGn8dsZX11rkhyK9NGgGv686
+ i25I06SVYbtLj5KQZrsXhjlnk7te1Vd3lgyBtW4DwdvZwQ3BY62Zv+eNuP32
+ 9og9TnxHXgM9QUS6F/FHC4LRErIpfOc/K7pk4Uo/cTZTsFMyul92gOdMdfij
+ j9Izv8Z0pgBRTqk+rsCrEE6qZ7fyenklKiCQXJLebuveHmxwSniaMCv5R0qC
+ NYBWyKEP3Jf2O+Mj+24+zFybEnIc6E7Yg42fmQgCiPXoU07L2NwA+B+IXIGe
+ u9gzt74tYBzVXMA+ctq5Kkbgi1yJAH2ZjYuRf3mcPI8LNnHqxQ97PLTpX2cG
+ gUZf6sY3+XnflZwyLdNiS1Ff8ABzB4ibsrF2QUjEWGzjWBbdetfEE3X0dHAi
+ 8rq9JZGKSiKtQpEEvt/UlfMXGUuu6PkS27rTC5nAnauiuaSKurSCDGKrREAv
+ 7YP59QHvEgkK5ll3hXLLCkAgIE/Esx9mmaae10m6xD2BcICct8pwr7eYx+s3
+ lY90Oz3QU0094QVbAu4sLNFLv/F0uKXn6es7i603uoWnR+sRDv1WLZrbRfOJ
+ s0JVCgsCZn5HtoAaQVS6NOu0L/nM0XzP1wQiPdszSEImczgsOIi5o31U8ePk
+ Ano/CjJOLDmArNpJSk/y02oQpoczhz3DHuS9l6XE0sWxRA2JUQ+MiLJTd/U7
+ P2l8qooNV2GK4zBPO1LlqYfHPkOt1ysreNRoVISqodGt0Rp46zY85PzF/3z2
+ QIfRT/ltNpMk498Uo0vo9LY9tn7vKJymwNQW8vpjh0Y+nSTXgN5cJ+7ElHWI
+ ucGOc6DEtepRAc8TjsLrUGsL+phPzWAmac6HpCyF69EoD9bX9Gn7uDTHZe6i
+ rDPgc3S/x84WJjvcpisyzJcCcjSkVyJpwABUBuRaf0YA1RaV65Nmc/jJdWsu
+ +mFSRAZRnH3YCVlMyPIg/vDTygwAUOIJrMVOHJaAAoIXxbC2dfOg6QNIAkB2
+ Fay4FUCtdKOqxhqNJcz6MhbP3CPfjH7DXJnauCc1cB9/ybLXs8pzkaGqi/5B
+ CPrNwDEMC5QWVYyh0ndZNldMRqiEityKR1qCl004vEFyhjq+6rOkYs1DsyR1
+ DP7anDLpIFU7uPqSSFlzz6rvQ5OoJ7X+HH2aZzdaFgmwMEB3mswRgFpkYT0m
+ Ma/vGcdAeirgAf1YRUK3G+PmMzn0yOUALxfiSH0eUsSZ0IMkZKsTvrJ5HOSI
+ fSDffURlxlAamwr3VhpcTOPgclakN702Bmbh6WFRwsaHwz/S20qvTK8WBBQ+
+ PmFvaGG4Q9ky0I+4rmodgPVUIBRIBTlIAqnleyiaGhCG9LvwG091T4PGa/WQ
+ XcfWU9p6s4zkjF52330GwdD8/BNgaqyvy2DRCtFXcbH0IKBmYRHNwU4+ISv1
+ k6jOtL8jfxDSlVBdSBSoZ2p7c8LyHCPBY2RuKxP9SpRkvVLEp+Z7dK3ewhUU
+ NDdCDxKpei1yB259SjnvpgAx7JOEu06dLPnx6sxjZbKe02QbpJz+M2bzt3T4
+ D0KyFlVXiwNt6EhnJwI140K9jgFTANYKV0miGOBZZnwyYs9kbQpr5rbHyG+O
+ QWgPLd53bC9tkidyeyEgozykagC98/BtOWIQk8Cg7Vuo3kFagpjubjprVnKH
+ /bzIpQrNLrfQ6qg65V2tSQeBbOM2Bzkskn/43gvke9nirkqfnCBecDxt3DYy
+ AS5TjRKEfEyI+R1SJ1zv/rXBC11z8RlGm/VGN0mLCuv7SqWtwRWp7r+oqu5W
+ 76nHPtsqdfYhzABo30lbZzEaOkhHp8/hVOlWQYmQ3nyfWj5EwKXy92yuxHKy
+ yCCS4063V1ro8lx8oDGiLmaT+8ztmEtnpvifGnRtfpc0zOvTraY2iDO2fAxz
+ YcLUgtbZgPl+hzTjRDvcBnZcZECYylV9/2MS7heXiehCklkNJWaZFTCp27ME
+ eAIzBpnnXrLdL/46VkTxFNssmkqxm2lzdJTcAEFSLWkjIkrNoRzjM8pgs9In
+ 8kO/vA0AZ++/Yg1+CQBV07luhpMGaZ6/ln07n271hpgpe13NYZ/5CU1lNHRD
+ VBaOH6sPzDTEoPYAWZN3OQzEPWAer4l69kdqk7HEl4naR0mSss8O1j2cndKS
+ vfa6c/jgQ1yCbshnzpmy7bi7GmXkt28ZmLo27OaG3it5OsRvW/8z8WnHHREC
+ 6FIXne08i2DhnK4j8IrQkBekCTISkgpVvIst+qo0Yab0sHaeJLUG+RIpjj0R
+ 8PiCLLjmwAGJxjnZRcU1fGnYGxcLXQR7C9QtAi1mZyVpMrePHBPgaXfxRaaw
+ i1c/DACv73X41KnwROnpCFC7x3wB0Mgdsh5J7jMzvmS1QPFtzBnnta4OsUjc
+ WgDMyBeR9+KyoX0tVC4OSgYFUR9+vQ6HeK8/73BORl+pm58dzp9e6llg9yen
+ q3I3KvpfkgbCg2fby5gU/c9B6qzmZHuo/6YLCaK4CvQXkp5nXOh8UVCUdSkx
+ s7+FWykWcXiykxRhl4PKOCKg4Dk6bC8Xakaz7Dunle7c+GouxxuObmDsPP0Q
+ TmeGWJzAE5/uY/JXJbb0dfTdH4uZ9QjA8dj0mhIkNwGOBZbXpwWfqUU3jKdk
+ SlooeU9QmJYer6Wve33PqOB09clTGWlCzvx4HzlUfPnSna7lxAZuJKd8xmJq
+ /slDHu5eKk3rPsTMMqLcmPXXvzH6qTTeVhn/e75El6fvtk5N0RXzz1Krw38h
+ pLC3ITAB3HPhjR94mbdH6VrO+63d+4lTnF5OvpH6A+7OV/Znm0kc7h7pk95S
+ 4Egx/8FUMZBgyLe9phLRvLbmtPjlUZ63ghDhhU7v+A95i4smXVmj42QNAhaM
+ hA/AgxAFt3X5wx+9pL0pL9Y5WChSzQqdWrzPT7lnCbl0cTW07o8dq+56ACwa
+ t42FoQA9V+f+OOYBX/E3NStegxomq4aUnUdjdyA1b88S/W2ehs2EkiaonRUE
+ 5ZzsMCNF2LosWANZmq7MoZtexHTjghYAYz75Add10pX131IZthr3KpI7PYGD
+ 8c10fXbnO7gXVJ/pupV3lcP3vcb72xIEBNEAAMin7GumvAjYBIpCyzfOm/Cz
+ Wq0CX7kHNfurN75mw3pt+iOVq2Dgwjvs9gobCy4lVO6odQDWZHMamaMTfdiS
+ rFUqCvIathEi/XW3/FQtJDeOpq1f5ExHpX+JK4RWpOBBQvwzqyAk3jhtem+K
+ jKAaNa8cxLneitahgjLG8ci/CfPws5uGtZ1srMlhblqjgA7FQ3/flra5f99Q
+ eypeoBxpHIk/7S59bTDX9NRfeV7+ZohxXVD6mAviRHwK4bcH1QUEpHVknUn1
+ Y7Yc2ogVE0a055K7gpXtesJVHi1kbOmK2GhGvQl7KHms90/Cc0ZCyrZITmX1
+ vUefYpwet9rxamjpGJixt7ud7fqs0bLMFtkwb8gKGm9Dj9LoOwCG931LTHz6
+ wbIRVrqatgoHms4i9ZVZQrgQgByX7yt7ZzA7zT07oHMHltlo5AAfNZBpEcbz
+ pdrCzH5u4AdSHmGoUFdWglvl1H+ymL3Fz0aRmN/Ri7NflDYNYwcfdv8470bp
+ AX6vVjieY5wrTs1CzkIIcbg46654FGwh0avk7fVz6EQtIjr3eCgXP4eYe4v+
+ krE1Z9/cqgkO4pUcIy2bkqKU0ph6Dn+XGw5zLrqyGmJPVPGFrIOVkj4HH/eb
+ VVhNkSK8QOKhOVBBKktOQC0YL/osjQZtPnJMBxVNI7f2Gq/D8s1IrO48njjE
+ dGysl2EveYjeu7SL9ytOJllT5RLMmwZdJg+PQRcPYMxMHSjJWB4fFNqbQS7h
+ HfAzMg==]
+profiles::cacert_boardvoting::server_certificate: |
+ -----BEGIN CERTIFICATE-----
+ MIIGNzCCBB+gAwIBAgIDAtijMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+ Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+ BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODAyMTgwNjIyWhcNMjEwODAx
+ MTgwNjIyWjBeMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT
+ eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMRowGAYDVQQDExFtb3Rpb24uY2Fj
+ ZXJ0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOfEOLHn/ktc
+ ET6XYHhyG4tubnIdFV7MM9cM7E6hRInSHlOIgwle81rNjazAnRda33liAu+npOLj
+ lLRt5cg1d+RqUyTEALk6gDz1p7udDFPsoypmN1WavB6yYTkZFb8zOxNOuOrUItaC
+ IqYBSugUcfUijr65og8s9f7M4XdsF7QL1aCY3YLSTEM52KZ9/7o0eB0nZT6E5Nej
+ HEu3URLnpNHU6O+rfLAyBGvQK8oZArE0uelOx4TL5Rt0rYN+ute4Zg/QnY+aQs1F
+ ppGU2qG2+54Wb7cqKYH81jk0IMlNwU6TXWxPM20kJyhDQdBB5XN6NIcrqcVW9V9V
+ vI2/kAqBXRoa0YWdy7Wz75eU8camHLivWTV3/ShJ3R8eABhVwVPJT0dlj9B9XxSi
+ Ai+GsQS//5RzSydbo84KHGauewA/vWqt/WH/Dad2onutVgvafG+V+WtTsjalxlzS
+ ZSTtbyZk7VGUUyAlcq/qvP1XW60ZZGxKC4A0HHE/i0vJ6Xqqqc3zpRI8KkBiW/fV
+ 3JBAM+RjPbrwMj1cRGt1w5uNL9OEPd9yAs5hPDytdZhFW+iFLiB4TS2CgFMCy8yW
+ 5P6pRnjurklVMPNaKMOcNQD/vEmbmwQ1DlnlA48V3dPlYOQfnDWDSBduo8A6WQVP
+ q7vo3naytro9C/yG9+nEIkz+gPcPA65HAgMBAAGjggEGMIIBAjAMBgNVHRMBAf8E
+ AjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUH
+ AwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
+ BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmG
+ J2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDA9BgNVHREE
+ NjA0ghFtb3Rpb24uY2FjZXJ0Lm9yZ6AfBggrBgEFBQcIBaATDBFtb3Rpb24uY2Fj
+ ZXJ0Lm9yZzANBgkqhkiG9w0BAQsFAAOCAgEAZxxIl0BcedFdYXnFrCudYqPKROuo
+ LKw6I0yXG+R+h4c1xAHPFafyFsoejHP4R1fuv+bOP/JBxk9sT7iwPu0a+hVG1etw
+ 7jNnx6oYlnrT7xRaT3phSvS6C0wiW3IsmzLREXZixTZsPzDKJrMJTUrA6Sd3Vs4L
+ xc17OK1SVPMdB+ubXWpM5BEuk433ZP8Lg8Ifb3d1+RNB+TDTaqZBPIDvnvu1qY/v
+ nQ4Wq6UIMinnjGDcRZ/JdPNJ31OgAIvkiIk7POPWLSdmOKNqb6p9kfAJVntj9qZa
+ KuhX3hb3E59lj0n4hGAOEaSL3TEZhx7ZYxy17mTr8+QJZsNnyXgnJJl9D184J9jY
+ +b0hNwu9EcVHInzfmMo1TrSU6q5oxpMBEXsEs02XA7dGM+CK3iCzWheyKby5Uwhg
+ KDvPprkfM6sNnjm48vT8mxUkpxshWVFrOWP6CeALeiX+J+H1airBaSPcVm5DGd1H
+ DX6VxbMhq5rdD+waaUyXn4IpLHCXoal2yToYI7DUbb1kUPf6Pc6nwXzzcmIZGAZw
+ +soaV7zXgffYiPfVznFfNaASb2bSbRA+5yQxckV2MHqyh6V27gV2T+5hQPOgT4lg
+ cvec/OtKRgz1r0TFsTD8J6GbpyQu3U0o4hXbG+mAJNjN0E3IqjQOxkbfoEurSvgT
+ Gd9tgGjDeIb8YnI=
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIG0jCCBLqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+ IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+ IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+ Y2FjZXJ0Lm9yZzAeFw0xMTA1MjMxNzQ4MDJaFw0yMTA1MjAxNzQ4MDJaMFQxFDAS
+ BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+ cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+ AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+ 4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+ Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+ 0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+ FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+ bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+ SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+ 6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+ m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+ eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+ kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+ 6QIDAQABo4IBiDCCAYQwHQYDVR0OBBYEFHWocWBMiBPweNmJd7VtxYnfvLF6MA8G
+ A1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMGCCsGAQUFBzABhhdodHRw
+ Oi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYcaHR0cDovL3d3dy5DQWNl
+ cnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUH
+ AgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwNAYJYIZI
+ AYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAw
+ UAYJYIZIAYb4QgENBEMWQVRvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
+ RlJFRSwgZ28gdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMB8GA1UdIwQYMBaAFBa1
+ MhvUx/Pg5o7zvdKwOu6yORjRMA0GCSqGSIb3DQEBCwUAA4ICAQBakBbQNiNWZJWJ
+ vI+spCDJJoqp81TkQBg/SstDxpt2CebKVKeMlAuSaNZZuxeXe2nqrdRM4SlbKBWP
+ 3Rn0lVknlxjbjwm5fXh6yLBCVrXq616xJtCXE74FHIbhNAUVsQa92jzQE2OEbTWU
+ 0D6Zghih+j+cN0eFiuDuc3iC1GuZMb/Zw21AXbkVxzZ4ipaL0YQgsSt1P22ipb69
+ 6OLkrURctgY2cHS4pI62VpRgkwJ/Lw2n+C9vtukozMhrlPSTA0OhNEGiGp2hRpWa
+ hiG+HGcIYfAV9v7og3dO9TnS0XDbbk1RqXPpc/DtrJWzmZN0O4KIx0OtLJJWG9zp
+ 9JrJyO6USIFYgar0U8HHHoTccth+8vJirz7Aw4DlCujo27OoIksg3OzgX/DkvWYl
+ 0J8EMlXoH0iTv3qcroQItOUFsgilbjRba86Q5kLhnCxjdW2CbbNSp8vlZn0uFxd8
+ spxQcXs0CIn19uvcQIo4Z4uQ+00Lg9xI9YFV9S2MbSanlNUlvbB4UvHkel0p6bGt
+ Amp1dJBSkZOFm0Z6ek+G7w7R1aTifjGJrdw032O+VIKwCgu8DdskR0w0B68ydZn0
+ ATnMnr5ExvcWkZBtCgQa2NvSKrcQnlaqo9icEF4XevI/VTezlb1LjYMWHVd5R6C2
+ p4wTyVBIM8hjrLcKiChF43GRJtne7w==
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+ IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+ IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+ Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+ BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+ MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+ CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+ 8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+ zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+ fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+ w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+ G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+ epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+ laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+ QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+ fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+ YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8w
+ ggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTAD
+ AQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
+ cGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlm
+ aWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9y
+ ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tl
+ LmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9y
+ ZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
+ c3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TAN
+ BgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0q
+ Ih1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtja
+ JQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad9
+ 4SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6
+ cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9i
+ vmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe
+ +0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/h
+ JCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmx
+ XdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eN
+ aQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n
+ 1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVr
+ Gwc=
+ -----END CERTIFICATE-----
diff --git a/sitemodules/profiles/manifests/cacert_boardvoting.pp b/sitemodules/profiles/manifests/cacert_boardvoting.pp
index 6b57864..e44e03a 100644
--- a/sitemodules/profiles/manifests/cacert_boardvoting.pp
+++ b/sitemodules/profiles/manifests/cacert_boardvoting.pp
@@ -7,7 +7,35 @@
# Parameters
# ----------
#
-# This class has no parameters
+# @param base_url base URL where the web interface can be
+# found
+#
+# @param cookie_secret 32 bytes of secret key data for cookie
+# encryption
+#
+# @param csrf_key 32 bytes of secret key data for CSRF
+# protection token encryption
+#
+# @param mail_host hostname or IP address of the outgoing
+# email server
+#
+# @param mail_port TCP port number of the outgoing email
+# server
+#
+# @param notice_mail_address email address that should receive notices
+# about new motions and motion status
+# changes
+#
+# @param notification_sender_address email address that is used as the sender
+# of generated emails
+#
+# @param server_certificate PEM encoded X.509 server certificate
+#
+# @param server_private_key PEM encoded unencrypted RSA private key
+#
+# @param vote_notice_mail_address email address that should receive
+# notification when votes on a motion are
+# made
#
# Examples
# --------
@@ -27,7 +55,18 @@
#
# Copyright 2018-2019 Jan Dittberner
#
-class profiles::cacert_boardvoting () {
+class profiles::cacert_boardvoting (
+ String $base_url = "https://motions.cacert.org",
+ String $cookie_secret,
+ String $csrf_key,
+ String $mail_host = 'localhost',
+ Integer $mail_port = 25,
+ String $notice_mail_address = 'cacert-board@lists.cacert.org',
+ String $notification_sender_address = 'returns@cacert.org',
+ String $server_certificate,
+ String $server_private_key,
+ String $vote_notice_mail_address = 'cacert-board-votes@lists.cacert.org',
+) {
include apt
apt::key { 'cacert':
id => '4C4F8164EFE3DAFEC82F22FC82D61CAA4E904466',
@@ -38,5 +77,53 @@ class profiles::cacert_boardvoting () {
location => 'http://webstatic.infra.cacert.org',
repos => 'main',
release => "${::lsbdistcodename}-cacert",
+ } ->
+ package { 'cacert-boardvoting':
+ ensure => latest,
+ } ->
+ file { '/srv/cacert-boardvoting/config.yaml':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0600',
+ content => epp('profiles/cacert_boardvoting/config.yaml.epp', {
+ base_url => $base_url,
+ cookie_secret => $cookie_secret,
+ csrf_key => $csrf_key,
+ mail_host => $mail_host,
+ mail_port => $mail_port,
+ motion_address => $notice_mail_address,
+ sender_address => $notification_sender_address,
+ vote_address => $vote_notice_mail_address,
+ }),
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/cacert_class3.pem':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0644',
+ source => 'http://www.cacert.org/certs/class3_X0E.crt',
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/server.crt':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0644',
+ content => $server_certificate,
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/server.key':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0600',
+ content => $server_private_key,
+ notify => Service['cacert-boardvoting'],
+ }
+ service { 'cacert-boardvoting':
+ ensure => running,
+ enable => true,
}
}
diff --git a/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp b/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp
new file mode 100644
index 0000000..653edb6
--- /dev/null
+++ b/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp
@@ -0,0 +1,24 @@
+<%- | String $base_url,
+ String $cookie_secret,
+ String $csrf_key,
+ String $mail_host,
+ Integer $mail_port,
+ String $motion_address,
+ String $sender_address,
+ String $vote_address
+| -%>
+---
+notice_mail_address: <%= $motion_address %>
+vote_notice_mail_address: <%= $vote_address %>
+notification_sender_address: <%= $sender_address %>
+database_file: /srv/cacert-boardvoting/data/database.sqlite
+client_ca_certificates: /srv/cacert-boardvoting/data/cacert_class3.pem
+server_certificate: /srv/cacert-boardvoting/data/server.crt
+server_key: /srv/cacert-boardvoting/data/server.key
+https_address: <%= $facts[networking][ip] %>:8443
+cookie_secret: <%= $cookie_secret %>
+csrf_key: <%= $csrf_key %>
+base_url: <%= $base_url %>
+mail_server:
+ host: <%= $mail_host %>
+ port: <%= $mail_port %>