summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/cacert_boardvoting.pp
blob: 65f1d288bacd6ea866a541055cb0f27655aa17c9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Class: profiles::cacert_boardvoting
# ===================================
#
# This class defines the cacert_boardvoting profile that configures the CAcert
# board voting system.
#
# Parameters
# ----------
#
# @param base_url                    base URL where the web interface can be
#                                    found
#
# @param cookie_secret               32 bytes of secret key data for cookie
#                                    encryption
#
# @param csrf_key                    32 bytes of secret key data for CSRF
#                                    protection token encryption
#
# @param mail_host                   hostname or IP address of the outgoing
#                                    email server
#
# @param mail_port                   TCP port number of the outgoing email
#                                    server
#
# @param notice_mail_address         email address that should receive notices
#                                    about new motions and motion status
#                                    changes
#
# @param notification_sender_address email address that is used as the sender
#                                    of generated emails
#
# @param server_certificate          PEM encoded X.509 server certificate
#
# @param server_private_key          PEM encoded unencrypted RSA private key
#
# @param vote_notice_mail_address    email address that should receive
#                                    notification when votes on a motion are
#                                    made
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::cacert_boardvoting
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2018-2019 Jan Dittberner
#
class profiles::cacert_boardvoting (
  String $base_url = "https://motion.cacert.org",
  String $cookie_secret,
  String $csrf_key,
  String $mail_host = 'localhost',
  Integer $mail_port = 25,
  String $notice_mail_address = 'cacert-board@lists.cacert.org',
  String $notification_sender_address = 'returns@cacert.org',
  String $server_certificate,
  String $server_private_key,
  String $vote_notice_mail_address = 'cacert-board-votes@lists.cacert.org',
) {
  include profiles::cacert_debrepo
  package { 'cacert-boardvoting':
    ensure  => latest,
    require => Apt::Source['cacert'],
  } ->
  file { '/srv/cacert-boardvoting/config.yaml':
    ensure  => file,
    owner   => 'cacert-boardvoting',
    group   => 'root',
    mode    => '0600',
    content => epp('profiles/cacert_boardvoting/config.yaml.epp', {
      base_url       => $base_url,
      cookie_secret  => $cookie_secret,
      csrf_key       => $csrf_key,
      mail_host      => $mail_host,
      mail_port      => $mail_port,
      motion_address => $notice_mail_address,
      sender_address => $notification_sender_address,
      vote_address   => $vote_notice_mail_address,
      }),
    notify  => Service['cacert-boardvoting'],
  }
  file { '/srv/cacert-boardvoting/data/cacert_class3.pem':
    ensure => file,
    owner  => 'cacert-boardvoting',
    group  => 'root',
    mode   => '0644',
    source => 'puppet:///modules/profiles/base/cacert_class3_X0E.crt',
    notify  => Service['cacert-boardvoting'],
  }
  file { '/srv/cacert-boardvoting/data/server.crt':
    ensure  => file,
    owner   => 'cacert-boardvoting',
    group   => 'root',
    mode    => '0644',
    content => $server_certificate,
    notify  => Service['cacert-boardvoting'],
  }
  file { '/srv/cacert-boardvoting/data/server.key':
    ensure  => file,
    owner   => 'cacert-boardvoting',
    group   => 'root',
    mode    => '0600',
    content => $server_private_key,
    notify  => Service['cacert-boardvoting'],
  }
  service { 'cacert-boardvoting':
    ensure  => running,
    enable  => true,
  }
}