summaryrefslogtreecommitdiff
path: root/sitemodules/profiles
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles')
-rw-r--r--sitemodules/profiles/manifests/cacert_boardvoting.pp91
-rw-r--r--sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp24
2 files changed, 113 insertions, 2 deletions
diff --git a/sitemodules/profiles/manifests/cacert_boardvoting.pp b/sitemodules/profiles/manifests/cacert_boardvoting.pp
index 6b57864..e44e03a 100644
--- a/sitemodules/profiles/manifests/cacert_boardvoting.pp
+++ b/sitemodules/profiles/manifests/cacert_boardvoting.pp
@@ -7,7 +7,35 @@
# Parameters
# ----------
#
-# This class has no parameters
+# @param base_url base URL where the web interface can be
+# found
+#
+# @param cookie_secret 32 bytes of secret key data for cookie
+# encryption
+#
+# @param csrf_key 32 bytes of secret key data for CSRF
+# protection token encryption
+#
+# @param mail_host hostname or IP address of the outgoing
+# email server
+#
+# @param mail_port TCP port number of the outgoing email
+# server
+#
+# @param notice_mail_address email address that should receive notices
+# about new motions and motion status
+# changes
+#
+# @param notification_sender_address email address that is used as the sender
+# of generated emails
+#
+# @param server_certificate PEM encoded X.509 server certificate
+#
+# @param server_private_key PEM encoded unencrypted RSA private key
+#
+# @param vote_notice_mail_address email address that should receive
+# notification when votes on a motion are
+# made
#
# Examples
# --------
@@ -27,7 +55,18 @@
#
# Copyright 2018-2019 Jan Dittberner
#
-class profiles::cacert_boardvoting () {
+class profiles::cacert_boardvoting (
+ String $base_url = "https://motions.cacert.org",
+ String $cookie_secret,
+ String $csrf_key,
+ String $mail_host = 'localhost',
+ Integer $mail_port = 25,
+ String $notice_mail_address = 'cacert-board@lists.cacert.org',
+ String $notification_sender_address = 'returns@cacert.org',
+ String $server_certificate,
+ String $server_private_key,
+ String $vote_notice_mail_address = 'cacert-board-votes@lists.cacert.org',
+) {
include apt
apt::key { 'cacert':
id => '4C4F8164EFE3DAFEC82F22FC82D61CAA4E904466',
@@ -38,5 +77,53 @@ class profiles::cacert_boardvoting () {
location => 'http://webstatic.infra.cacert.org',
repos => 'main',
release => "${::lsbdistcodename}-cacert",
+ } ->
+ package { 'cacert-boardvoting':
+ ensure => latest,
+ } ->
+ file { '/srv/cacert-boardvoting/config.yaml':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0600',
+ content => epp('profiles/cacert_boardvoting/config.yaml.epp', {
+ base_url => $base_url,
+ cookie_secret => $cookie_secret,
+ csrf_key => $csrf_key,
+ mail_host => $mail_host,
+ mail_port => $mail_port,
+ motion_address => $notice_mail_address,
+ sender_address => $notification_sender_address,
+ vote_address => $vote_notice_mail_address,
+ }),
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/cacert_class3.pem':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0644',
+ source => 'http://www.cacert.org/certs/class3_X0E.crt',
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/server.crt':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0644',
+ content => $server_certificate,
+ notify => Service['cacert-boardvoting'],
+ }
+ file { '/srv/cacert-boardvoting/data/server.key':
+ ensure => file,
+ owner => 'cacert-boardvoting',
+ group => 'root',
+ mode => '0600',
+ content => $server_private_key,
+ notify => Service['cacert-boardvoting'],
+ }
+ service { 'cacert-boardvoting':
+ ensure => running,
+ enable => true,
}
}
diff --git a/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp b/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp
new file mode 100644
index 0000000..653edb6
--- /dev/null
+++ b/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp
@@ -0,0 +1,24 @@
+<%- | String $base_url,
+ String $cookie_secret,
+ String $csrf_key,
+ String $mail_host,
+ Integer $mail_port,
+ String $motion_address,
+ String $sender_address,
+ String $vote_address
+| -%>
+---
+notice_mail_address: <%= $motion_address %>
+vote_notice_mail_address: <%= $vote_address %>
+notification_sender_address: <%= $sender_address %>
+database_file: /srv/cacert-boardvoting/data/database.sqlite
+client_ca_certificates: /srv/cacert-boardvoting/data/cacert_class3.pem
+server_certificate: /srv/cacert-boardvoting/data/server.crt
+server_key: /srv/cacert-boardvoting/data/server.key
+https_address: <%= $facts[networking][ip] %>:8443
+cookie_secret: <%= $cookie_secret %>
+csrf_key: <%= $csrf_key %>
+base_url: <%= $base_url %>
+mail_server:
+ host: <%= $mail_host %>
+ port: <%= $mail_port %>