Fix configuration directory name
[cacert-puppet.git] / sitemodules / profiles / manifests / cacert_selfservice.pp
1 # Class: profiles::cacert_selfservice
2 # ===================================
3 #
4 # This class defines the cacert_selfservice profile that configures the CAcert
5 # community self service system web interface.
6 #
7 # Parameters
8 # ----------
9 #
10 # @param server_certificate PEM encoded X.509 server certificate
11 #
12 # @param server_private_key PEM encoded unencrypted RSA private key
13 #
14 # Examples
15 # --------
16 #
17 # @example
18 # class roles::myhost {
19 # include profiles::cacert_selfservice
20 # }
21 #
22 # Authors
23 # -------
24 #
25 # Jan Dittberner <jandd@cacert.org>
26 #
27 # Copyright
28 # ---------
29 #
30 # Copyright 2019 Jan Dittberner
31 #
32 class profiles::cacert_selfservice (
33 String $server_certificate,
34 String $server_private_key,
35 ) {
36 include profiles::cacert_debrepo
37
38 $service_name = 'cacert-selfservice'
39 $config_directory = "/etc/${service_name}"
40 $config_file = "${config_directory}/config.yaml"
41 $server_certificate_file = "${config_directory}/certs/server.crt.pem"
42 $server_key_file = "${config_directory}/private/server.key.pem"
43 $log_directory = "/var/log/${service_name}"
44
45 $api_ca_file = "${config_directory}/certs/api_cas.pem"
46 $client_ca_file = "${config_directory}/certs/client_cas.pem"
47
48 package { $service_name:
49 ensure => latest,
50 require => Apt::Source['cacert'],
51 }
52
53 file { $log_directory:
54 ensure => directory,
55 owner => $service_name,
56 group => 'root',
57 mode => '0750',
58 require => Package[$service_name],
59 }
60 file { "${config_directory}/certs":
61 ensure => directory,
62 owner => $service_name,
63 group => 'root',
64 mode => '0750',
65 require => Package[$service_name],
66 }
67 file { "${config_directory}/private":
68 ensure => directory,
69 owner => $service_name,
70 group => 'root',
71 mode => '0700',
72 require => Package[$service_name],
73 }
74 file { $server_certificate_file:
75 ensure => file,
76 owner => $service_name,
77 group => 'root',
78 mode => '0644',
79 content => $server_certificate,
80 require => File["${config_directory}/certs"],
81 notify => Service[$service_name],
82 }
83 file { $server_key_file:
84 ensure => file,
85 owner => $service_name,
86 group => 'root',
87 mode => '0600',
88 content => $server_private_key,
89 require => File["${config_directory}/private"],
90 notify => Service[$service_name],
91 }
92 concat { $client_ca_file:
93 ensure => present,
94 owner => $service_name,
95 group => 'root',
96 mode => '0640',
97 require => File["${config_directory}/certs"],
98 notify => Service[$service_name],
99 }
100 concat::fragment { 'cacert-class3-client-ca':
101 tag => 'cacert-class3-client-ca',
102 order => 10,
103 target => $client_ca_file,
104 source => 'puppet:///modules/profiles/base/cacert_class3_X0E.crt',
105 }
106 concat::fragment { 'cacert-class1-client-ca':
107 tag => 'cacert-class1-client-ca',
108 order => 20,
109 target => $client_ca_file,
110 source => 'puppet:///modules/profiles/base/cacert_class1_X0F.crt',
111 }
112
113 file { $api_ca_file:
114 ensure => file,
115 owner => $service_name,
116 group => 'root',
117 mode => '0640',
118 source => 'puppet:///modules/profiles/base/cacert_class3_X0E.crt',
119 require => File["${config_directory}/certs"],
120 notify => Service[$service_name],
121 }
122
123 service { $service_name:
124 ensure => running,
125 enable => true,
126 require => Package[$service_name],
127 }
128 }