Fix base URL for motion system
[cacert-puppet.git] / sitemodules / profiles / manifests / cacert_boardvoting.pp
1 # Class: profiles::cacert_boardvoting
2 # ===================================
3 #
4 # This class defines the cacert_boardvoting profile that configures the CAcert
5 # board voting system.
6 #
7 # Parameters
8 # ----------
9 #
10 # @param base_url base URL where the web interface can be
11 # found
12 #
13 # @param cookie_secret 32 bytes of secret key data for cookie
14 # encryption
15 #
16 # @param csrf_key 32 bytes of secret key data for CSRF
17 # protection token encryption
18 #
19 # @param mail_host hostname or IP address of the outgoing
20 # email server
21 #
22 # @param mail_port TCP port number of the outgoing email
23 # server
24 #
25 # @param notice_mail_address email address that should receive notices
26 # about new motions and motion status
27 # changes
28 #
29 # @param notification_sender_address email address that is used as the sender
30 # of generated emails
31 #
32 # @param server_certificate PEM encoded X.509 server certificate
33 #
34 # @param server_private_key PEM encoded unencrypted RSA private key
35 #
36 # @param vote_notice_mail_address email address that should receive
37 # notification when votes on a motion are
38 # made
39 #
40 # Examples
41 # --------
42 #
43 # @example
44 # class roles::myhost {
45 # include profiles::cacert_boardvoting
46 # }
47 #
48 # Authors
49 # -------
50 #
51 # Jan Dittberner <jandd@cacert.org>
52 #
53 # Copyright
54 # ---------
55 #
56 # Copyright 2018-2019 Jan Dittberner
57 #
58 class profiles::cacert_boardvoting (
59 String $base_url = "https://motion.cacert.org",
60 String $cookie_secret,
61 String $csrf_key,
62 String $mail_host = 'localhost',
63 Integer $mail_port = 25,
64 String $notice_mail_address = 'cacert-board@lists.cacert.org',
65 String $notification_sender_address = 'returns@cacert.org',
66 String $server_certificate,
67 String $server_private_key,
68 String $vote_notice_mail_address = 'cacert-board-votes@lists.cacert.org',
69 ) {
70 include profiles::cacert_debrepo
71 package { 'cacert-boardvoting':
72 ensure => latest,
73 require => Apt::Source['cacert'],
74 } ->
75 file { '/srv/cacert-boardvoting/config.yaml':
76 ensure => file,
77 owner => 'cacert-boardvoting',
78 group => 'root',
79 mode => '0600',
80 content => epp('profiles/cacert_boardvoting/config.yaml.epp', {
81 base_url => $base_url,
82 cookie_secret => $cookie_secret,
83 csrf_key => $csrf_key,
84 mail_host => $mail_host,
85 mail_port => $mail_port,
86 motion_address => $notice_mail_address,
87 sender_address => $notification_sender_address,
88 vote_address => $vote_notice_mail_address,
89 }),
90 notify => Service['cacert-boardvoting'],
91 }
92 file { '/srv/cacert-boardvoting/data/cacert_class3.pem':
93 ensure => file,
94 owner => 'cacert-boardvoting',
95 group => 'root',
96 mode => '0644',
97 source => 'puppet:///modules/profiles/base/cacert_class3_X0E.crt',
98 notify => Service['cacert-boardvoting'],
99 }
100 file { '/srv/cacert-boardvoting/data/server.crt':
101 ensure => file,
102 owner => 'cacert-boardvoting',
103 group => 'root',
104 mode => '0644',
105 content => $server_certificate,
106 notify => Service['cacert-boardvoting'],
107 }
108 file { '/srv/cacert-boardvoting/data/server.key':
109 ensure => file,
110 owner => 'cacert-boardvoting',
111 group => 'root',
112 mode => '0600',
113 content => $server_private_key,
114 notify => Service['cacert-boardvoting'],
115 }
116 service { 'cacert-boardvoting':
117 ensure => running,
118 enable => true,
119 }
120 }