Setup cacert-boardvoting configuration on motion
authorJan Dittberner <jandd@cacert.org>
Fri, 2 Aug 2019 18:19:14 +0000 (20:19 +0200)
committerJan Dittberner <jandd@cacert.org>
Fri, 2 Aug 2019 19:11:01 +0000 (21:11 +0200)
- write config file
- add certificate and private key for TLS
- add trusted certificate
- start cacert-boardvoting service

hieradata/nodes/motion.yaml
sitemodules/profiles/manifests/cacert_boardvoting.pp
sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp [new file with mode: 0644]

index 15de6c6..c719c08 100644 (file)
@@ -14,3 +14,224 @@ profiles::icinga2_agent::pki_ticket: >
     pINd2zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBFDA0rqy9ELGvgfhPS
     826ogDClIoHwcGV6JFe+nACOgye8JBdCkvUJmlEdPUawmLrjto1ZtVHHsCks
     XJx1XYBR3vY=]
+profiles::cacert_boardvoting::cookie_secret: >
+    ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAH+GZS+H+iQKPzWUCsOXE/Lc8V5qIYleMqHZH
+    93LcnFX0m9gY6CEEDkSzlcnrtyPUsMGubmb6lIJ1zvFLxhf1HNCkJzzDxj6G
+    X6cbP32QDDO7q/Gs961nuVCW2t7JysiZ+WHXTOzb5u3kHDXkdugOpxkZC19k
+    Z/K7u1RFn2kxiLziWWyla6t8oCjyIfR43XeckSpHskRKS29baVKLRSz9qlFX
+    saQy/KpnxNpPmIASpYOmNO8NcU7Fzfo1QfnNkjFpwxh4SbVI4CvhVWX1WdU6
+    koP5e3qETucQa4eTgCS8ZwNN8IWkPMgKr+bWjYSdAI6M9pjZ2hkOfxstQ0tu
+    HRjC/zBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBkBZdsVnxBj8ejMMe+
+    lY7ygDA6eB64BpOOfiTQ2gdnHagIv9JeFwW9wGaD6wc+HZKfu5UKEFlkpkMg
+    M9wxxAhBUlc=]
+profiles::cacert_boardvoting::csrf_key: >
+    ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAIrQdj2r/LUGR929i202pTLTvG6vplBCOkZ3f
+    /29l5wR1aajD0Kz8Jfs14PAO0a5IEksQwf875uJPKjOCWZS+WlJgrpqGHXt1
+    OU89MN0ZmhsNtejQq355WmG2sY5z7PO/xfUcEAYuOcZO5a89Mitf18v+dRqy
+    UEpXHsvlUI/5wCz2KNqL7BCkd/50Z+TE4OGPM4bZzvio48tUZhBMLHDUU3hr
+    PQsOhih8y1qoDdFUvypp9SIqF5VWX+I9v1qhcnYpPGc2nQLEpSs9Wp3xMJhm
+    owKy6zxmO2/0GUVMX6NQaIk6XLthHVgW7au3wPC5WV0pVxBgXQxDQFuWSN7W
+    BUkT9DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCYfwhgtuCfhI8cy/Lr
+    /jX1gDDj1Mft02q1naNtqZy5rVQSTdbsiaN2LbufDSFaSyOKWkRcGEBXvtzx
+    g9VtuODC3gU=]
+profiles::cacert_boardvoting::server_private_key: >
+    ENC[PKCS7,MIIOPQYJKoZIhvcNAQcDoIIOLjCCDioCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAStUTFbQnEHcB1BmtsNJr5BCMrexVYY6lylNy
+    IO5Jf8zxurV6DrcZpWboxI/bqpFYuFWhFC7L8cIU8Tm+gyQfQTasOikV8Q80
+    g3yCeMmtaQjoT0fiJlA5qShoKckim6Vj1PUdmU2yOl+BVrGynoW3dJVlVw1B
+    m1wsQ4hYQlGVf5rG8YSso83nDfTJK5Mlz85aknFsjHcuWQPUsEDbyW1eAj4E
+    UDvmbMcaEMCNzWwl+zA8W/a+WVEpFc3WdRmQYhOitRgH2qOzbr3yDNBHp25H
+    7aiPfoZBJ8D3+ItxS5rvLHVrORMO9OnUoIWayVYUe+VEZMY3Gr0qwJejW+wo
+    cnpbZjCCDP4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJVq5dybSDLtpCVJ
+    ROWseUWAggzQLmRQv67ATFzorWp3kG7lkcgtFPoUcXlnuVXddGC2hKI+IxNL
+    +BKyF47DCYwfioSraopp/+vNMakbpvxMH9FcTZZ2t1omEjsHQVnSiOiAKGbC
+    NnQZnmx4R7wGurNpNx6YyaRk1R3GVgO10FSAgzEIRjaYjLAY9c10G2OA1fbo
+    iHVrS6rwOFWOf2CSiT7GQkqxAFf0kdYmAnHMdO8MquedngC2/8oV2rAhKTaY
+    tt5aJPXRjTfYeCKTe9+KO0UqAc3kQxNDqFnrVzxeCbAw1vhjVivKHAWsy78O
+    ahIBuZ43MCCqwJyinqBzt0Jwim00PUO9YhhOvO5LSIbamMxrYYqP1iT+sJTx
+    dtM5ZVXC7qmFWwbd+PHmDBM1oMS9cy0ZstA5MZS9o5bZmc3+nTGzSMNUr8Fa
+    ifr/e2j8VyFwo/WcIrkwKJsR9HHeEYgRbXSYzY0Z0BQLU499OISWWobM9VNB
+    bhUGh4MHFxxn2/m7ZIEMcl+1TagYfbGu2Ty/xQ7O+c6F6gMqQkPbZ1zuqOtM
+    hrz/gl3GvQ2IyzadkB8em4TChehDCVWjifupUGn8dsZX11rkhyK9NGgGv686
+    i25I06SVYbtLj5KQZrsXhjlnk7te1Vd3lgyBtW4DwdvZwQ3BY62Zv+eNuP32
+    9og9TnxHXgM9QUS6F/FHC4LRErIpfOc/K7pk4Uo/cTZTsFMyul92gOdMdfij
+    j9Izv8Z0pgBRTqk+rsCrEE6qZ7fyenklKiCQXJLebuveHmxwSniaMCv5R0qC
+    NYBWyKEP3Jf2O+Mj+24+zFybEnIc6E7Yg42fmQgCiPXoU07L2NwA+B+IXIGe
+    u9gzt74tYBzVXMA+ctq5Kkbgi1yJAH2ZjYuRf3mcPI8LNnHqxQ97PLTpX2cG
+    gUZf6sY3+XnflZwyLdNiS1Ff8ABzB4ibsrF2QUjEWGzjWBbdetfEE3X0dHAi
+    8rq9JZGKSiKtQpEEvt/UlfMXGUuu6PkS27rTC5nAnauiuaSKurSCDGKrREAv
+    7YP59QHvEgkK5ll3hXLLCkAgIE/Esx9mmaae10m6xD2BcICct8pwr7eYx+s3
+    lY90Oz3QU0094QVbAu4sLNFLv/F0uKXn6es7i603uoWnR+sRDv1WLZrbRfOJ
+    s0JVCgsCZn5HtoAaQVS6NOu0L/nM0XzP1wQiPdszSEImczgsOIi5o31U8ePk
+    Ano/CjJOLDmArNpJSk/y02oQpoczhz3DHuS9l6XE0sWxRA2JUQ+MiLJTd/U7
+    P2l8qooNV2GK4zBPO1LlqYfHPkOt1ysreNRoVISqodGt0Rp46zY85PzF/3z2
+    QIfRT/ltNpMk498Uo0vo9LY9tn7vKJymwNQW8vpjh0Y+nSTXgN5cJ+7ElHWI
+    ucGOc6DEtepRAc8TjsLrUGsL+phPzWAmac6HpCyF69EoD9bX9Gn7uDTHZe6i
+    rDPgc3S/x84WJjvcpisyzJcCcjSkVyJpwABUBuRaf0YA1RaV65Nmc/jJdWsu
+    +mFSRAZRnH3YCVlMyPIg/vDTygwAUOIJrMVOHJaAAoIXxbC2dfOg6QNIAkB2
+    Fay4FUCtdKOqxhqNJcz6MhbP3CPfjH7DXJnauCc1cB9/ybLXs8pzkaGqi/5B
+    CPrNwDEMC5QWVYyh0ndZNldMRqiEityKR1qCl004vEFyhjq+6rOkYs1DsyR1
+    DP7anDLpIFU7uPqSSFlzz6rvQ5OoJ7X+HH2aZzdaFgmwMEB3mswRgFpkYT0m
+    Ma/vGcdAeirgAf1YRUK3G+PmMzn0yOUALxfiSH0eUsSZ0IMkZKsTvrJ5HOSI
+    fSDffURlxlAamwr3VhpcTOPgclakN702Bmbh6WFRwsaHwz/S20qvTK8WBBQ+
+    PmFvaGG4Q9ky0I+4rmodgPVUIBRIBTlIAqnleyiaGhCG9LvwG091T4PGa/WQ
+    XcfWU9p6s4zkjF52330GwdD8/BNgaqyvy2DRCtFXcbH0IKBmYRHNwU4+ISv1
+    k6jOtL8jfxDSlVBdSBSoZ2p7c8LyHCPBY2RuKxP9SpRkvVLEp+Z7dK3ewhUU
+    NDdCDxKpei1yB259SjnvpgAx7JOEu06dLPnx6sxjZbKe02QbpJz+M2bzt3T4
+    D0KyFlVXiwNt6EhnJwI140K9jgFTANYKV0miGOBZZnwyYs9kbQpr5rbHyG+O
+    QWgPLd53bC9tkidyeyEgozykagC98/BtOWIQk8Cg7Vuo3kFagpjubjprVnKH
+    /bzIpQrNLrfQ6qg65V2tSQeBbOM2Bzkskn/43gvke9nirkqfnCBecDxt3DYy
+    AS5TjRKEfEyI+R1SJ1zv/rXBC11z8RlGm/VGN0mLCuv7SqWtwRWp7r+oqu5W
+    76nHPtsqdfYhzABo30lbZzEaOkhHp8/hVOlWQYmQ3nyfWj5EwKXy92yuxHKy
+    yCCS4063V1ro8lx8oDGiLmaT+8ztmEtnpvifGnRtfpc0zOvTraY2iDO2fAxz
+    YcLUgtbZgPl+hzTjRDvcBnZcZECYylV9/2MS7heXiehCklkNJWaZFTCp27ME
+    eAIzBpnnXrLdL/46VkTxFNssmkqxm2lzdJTcAEFSLWkjIkrNoRzjM8pgs9In
+    8kO/vA0AZ++/Yg1+CQBV07luhpMGaZ6/ln07n271hpgpe13NYZ/5CU1lNHRD
+    VBaOH6sPzDTEoPYAWZN3OQzEPWAer4l69kdqk7HEl4naR0mSss8O1j2cndKS
+    vfa6c/jgQ1yCbshnzpmy7bi7GmXkt28ZmLo27OaG3it5OsRvW/8z8WnHHREC
+    6FIXne08i2DhnK4j8IrQkBekCTISkgpVvIst+qo0Yab0sHaeJLUG+RIpjj0R
+    8PiCLLjmwAGJxjnZRcU1fGnYGxcLXQR7C9QtAi1mZyVpMrePHBPgaXfxRaaw
+    i1c/DACv73X41KnwROnpCFC7x3wB0Mgdsh5J7jMzvmS1QPFtzBnnta4OsUjc
+    WgDMyBeR9+KyoX0tVC4OSgYFUR9+vQ6HeK8/73BORl+pm58dzp9e6llg9yen
+    q3I3KvpfkgbCg2fby5gU/c9B6qzmZHuo/6YLCaK4CvQXkp5nXOh8UVCUdSkx
+    s7+FWykWcXiykxRhl4PKOCKg4Dk6bC8Xakaz7Dunle7c+GouxxuObmDsPP0Q
+    TmeGWJzAE5/uY/JXJbb0dfTdH4uZ9QjA8dj0mhIkNwGOBZbXpwWfqUU3jKdk
+    SlooeU9QmJYer6Wve33PqOB09clTGWlCzvx4HzlUfPnSna7lxAZuJKd8xmJq
+    /slDHu5eKk3rPsTMMqLcmPXXvzH6qTTeVhn/e75El6fvtk5N0RXzz1Krw38h
+    pLC3ITAB3HPhjR94mbdH6VrO+63d+4lTnF5OvpH6A+7OV/Znm0kc7h7pk95S
+    4Egx/8FUMZBgyLe9phLRvLbmtPjlUZ63ghDhhU7v+A95i4smXVmj42QNAhaM
+    hA/AgxAFt3X5wx+9pL0pL9Y5WChSzQqdWrzPT7lnCbl0cTW07o8dq+56ACwa
+    t42FoQA9V+f+OOYBX/E3NStegxomq4aUnUdjdyA1b88S/W2ehs2EkiaonRUE
+    5ZzsMCNF2LosWANZmq7MoZtexHTjghYAYz75Add10pX131IZthr3KpI7PYGD
+    8c10fXbnO7gXVJ/pupV3lcP3vcb72xIEBNEAAMin7GumvAjYBIpCyzfOm/Cz
+    Wq0CX7kHNfurN75mw3pt+iOVq2Dgwjvs9gobCy4lVO6odQDWZHMamaMTfdiS
+    rFUqCvIathEi/XW3/FQtJDeOpq1f5ExHpX+JK4RWpOBBQvwzqyAk3jhtem+K
+    jKAaNa8cxLneitahgjLG8ci/CfPws5uGtZ1srMlhblqjgA7FQ3/flra5f99Q
+    eypeoBxpHIk/7S59bTDX9NRfeV7+ZohxXVD6mAviRHwK4bcH1QUEpHVknUn1
+    Y7Yc2ogVE0a055K7gpXtesJVHi1kbOmK2GhGvQl7KHms90/Cc0ZCyrZITmX1
+    vUefYpwet9rxamjpGJixt7ud7fqs0bLMFtkwb8gKGm9Dj9LoOwCG931LTHz6
+    wbIRVrqatgoHms4i9ZVZQrgQgByX7yt7ZzA7zT07oHMHltlo5AAfNZBpEcbz
+    pdrCzH5u4AdSHmGoUFdWglvl1H+ymL3Fz0aRmN/Ri7NflDYNYwcfdv8470bp
+    AX6vVjieY5wrTs1CzkIIcbg46654FGwh0avk7fVz6EQtIjr3eCgXP4eYe4v+
+    krE1Z9/cqgkO4pUcIy2bkqKU0ph6Dn+XGw5zLrqyGmJPVPGFrIOVkj4HH/eb
+    VVhNkSK8QOKhOVBBKktOQC0YL/osjQZtPnJMBxVNI7f2Gq/D8s1IrO48njjE
+    dGysl2EveYjeu7SL9ytOJllT5RLMmwZdJg+PQRcPYMxMHSjJWB4fFNqbQS7h
+    HfAzMg==]
+profiles::cacert_boardvoting::server_certificate: |
+    -----BEGIN CERTIFICATE-----
+    MIIGNzCCBB+gAwIBAgIDAtijMA0GCSqGSIb3DQEBCwUAMFQxFDASBgNVBAoTC0NB
+    Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
+    BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkwODAyMTgwNjIyWhcNMjEwODAx
+    MTgwNjIyWjBeMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT
+    eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMRowGAYDVQQDExFtb3Rpb24uY2Fj
+    ZXJ0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOfEOLHn/ktc
+    ET6XYHhyG4tubnIdFV7MM9cM7E6hRInSHlOIgwle81rNjazAnRda33liAu+npOLj
+    lLRt5cg1d+RqUyTEALk6gDz1p7udDFPsoypmN1WavB6yYTkZFb8zOxNOuOrUItaC
+    IqYBSugUcfUijr65og8s9f7M4XdsF7QL1aCY3YLSTEM52KZ9/7o0eB0nZT6E5Nej
+    HEu3URLnpNHU6O+rfLAyBGvQK8oZArE0uelOx4TL5Rt0rYN+ute4Zg/QnY+aQs1F
+    ppGU2qG2+54Wb7cqKYH81jk0IMlNwU6TXWxPM20kJyhDQdBB5XN6NIcrqcVW9V9V
+    vI2/kAqBXRoa0YWdy7Wz75eU8camHLivWTV3/ShJ3R8eABhVwVPJT0dlj9B9XxSi
+    Ai+GsQS//5RzSydbo84KHGauewA/vWqt/WH/Dad2onutVgvafG+V+WtTsjalxlzS
+    ZSTtbyZk7VGUUyAlcq/qvP1XW60ZZGxKC4A0HHE/i0vJ6Xqqqc3zpRI8KkBiW/fV
+    3JBAM+RjPbrwMj1cRGt1w5uNL9OEPd9yAs5hPDytdZhFW+iFLiB4TS2CgFMCy8yW
+    5P6pRnjurklVMPNaKMOcNQD/vEmbmwQ1DlnlA48V3dPlYOQfnDWDSBduo8A6WQVP
+    q7vo3naytro9C/yG9+nEIkz+gPcPA65HAgMBAAGjggEGMIIBAjAMBgNVHRMBAf8E
+    AjAAMA4GA1UdDwEB/wQEAwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUH
+    AwEGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
+    BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmG
+    J2h0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDA9BgNVHREE
+    NjA0ghFtb3Rpb24uY2FjZXJ0Lm9yZ6AfBggrBgEFBQcIBaATDBFtb3Rpb24uY2Fj
+    ZXJ0Lm9yZzANBgkqhkiG9w0BAQsFAAOCAgEAZxxIl0BcedFdYXnFrCudYqPKROuo
+    LKw6I0yXG+R+h4c1xAHPFafyFsoejHP4R1fuv+bOP/JBxk9sT7iwPu0a+hVG1etw
+    7jNnx6oYlnrT7xRaT3phSvS6C0wiW3IsmzLREXZixTZsPzDKJrMJTUrA6Sd3Vs4L
+    xc17OK1SVPMdB+ubXWpM5BEuk433ZP8Lg8Ifb3d1+RNB+TDTaqZBPIDvnvu1qY/v
+    nQ4Wq6UIMinnjGDcRZ/JdPNJ31OgAIvkiIk7POPWLSdmOKNqb6p9kfAJVntj9qZa
+    KuhX3hb3E59lj0n4hGAOEaSL3TEZhx7ZYxy17mTr8+QJZsNnyXgnJJl9D184J9jY
+    +b0hNwu9EcVHInzfmMo1TrSU6q5oxpMBEXsEs02XA7dGM+CK3iCzWheyKby5Uwhg
+    KDvPprkfM6sNnjm48vT8mxUkpxshWVFrOWP6CeALeiX+J+H1airBaSPcVm5DGd1H
+    DX6VxbMhq5rdD+waaUyXn4IpLHCXoal2yToYI7DUbb1kUPf6Pc6nwXzzcmIZGAZw
+    +soaV7zXgffYiPfVznFfNaASb2bSbRA+5yQxckV2MHqyh6V27gV2T+5hQPOgT4lg
+    cvec/OtKRgz1r0TFsTD8J6GbpyQu3U0o4hXbG+mAJNjN0E3IqjQOxkbfoEurSvgT
+    Gd9tgGjDeIb8YnI=
+    -----END CERTIFICATE-----
+    -----BEGIN CERTIFICATE-----
+    MIIG0jCCBLqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+    IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+    IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+    Y2FjZXJ0Lm9yZzAeFw0xMTA1MjMxNzQ4MDJaFw0yMTA1MjAxNzQ4MDJaMFQxFDAS
+    BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+    cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+    AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+    4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+    Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+    0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+    FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+    bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+    SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+    6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+    m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+    eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+    kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+    6QIDAQABo4IBiDCCAYQwHQYDVR0OBBYEFHWocWBMiBPweNmJd7VtxYnfvLF6MA8G
+    A1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMGCCsGAQUFBzABhhdodHRw
+    Oi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYcaHR0cDovL3d3dy5DQWNl
+    cnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUH
+    AgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwNAYJYIZI
+    AYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAw
+    UAYJYIZIAYb4QgENBEMWQVRvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
+    RlJFRSwgZ28gdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMB8GA1UdIwQYMBaAFBa1
+    MhvUx/Pg5o7zvdKwOu6yORjRMA0GCSqGSIb3DQEBCwUAA4ICAQBakBbQNiNWZJWJ
+    vI+spCDJJoqp81TkQBg/SstDxpt2CebKVKeMlAuSaNZZuxeXe2nqrdRM4SlbKBWP
+    3Rn0lVknlxjbjwm5fXh6yLBCVrXq616xJtCXE74FHIbhNAUVsQa92jzQE2OEbTWU
+    0D6Zghih+j+cN0eFiuDuc3iC1GuZMb/Zw21AXbkVxzZ4ipaL0YQgsSt1P22ipb69
+    6OLkrURctgY2cHS4pI62VpRgkwJ/Lw2n+C9vtukozMhrlPSTA0OhNEGiGp2hRpWa
+    hiG+HGcIYfAV9v7og3dO9TnS0XDbbk1RqXPpc/DtrJWzmZN0O4KIx0OtLJJWG9zp
+    9JrJyO6USIFYgar0U8HHHoTccth+8vJirz7Aw4DlCujo27OoIksg3OzgX/DkvWYl
+    0J8EMlXoH0iTv3qcroQItOUFsgilbjRba86Q5kLhnCxjdW2CbbNSp8vlZn0uFxd8
+    spxQcXs0CIn19uvcQIo4Z4uQ+00Lg9xI9YFV9S2MbSanlNUlvbB4UvHkel0p6bGt
+    Amp1dJBSkZOFm0Z6ek+G7w7R1aTifjGJrdw032O+VIKwCgu8DdskR0w0B68ydZn0
+    ATnMnr5ExvcWkZBtCgQa2NvSKrcQnlaqo9icEF4XevI/VTezlb1LjYMWHVd5R6C2
+    p4wTyVBIM8hjrLcKiChF43GRJtne7w==
+    -----END CERTIFICATE-----
+    -----BEGIN CERTIFICATE-----
+    MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+    IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+    IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+    Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+    BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+    MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+    ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+    CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+    8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+    zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+    fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+    w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+    G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+    epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+    laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+    QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+    fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+    YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8w
+    ggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTAD
+    AQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
+    cGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlm
+    aWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9y
+    ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tl
+    LmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9y
+    ZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
+    c3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TAN
+    BgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0q
+    Ih1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtja
+    JQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad9
+    4SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6
+    cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9i
+    vmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe
+    +0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/h
+    JCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmx
+    XdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eN
+    aQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n
+    1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVr
+    Gwc=
+    -----END CERTIFICATE-----
index 6b57864..e44e03a 100644 (file)
@@ -7,7 +7,35 @@
 # Parameters
 # ----------
 #
-# This class has no parameters
+# @param base_url                    base URL where the web interface can be
+#                                    found
+#
+# @param cookie_secret               32 bytes of secret key data for cookie
+#                                    encryption
+#
+# @param csrf_key                    32 bytes of secret key data for CSRF
+#                                    protection token encryption
+#
+# @param mail_host                   hostname or IP address of the outgoing
+#                                    email server
+#
+# @param mail_port                   TCP port number of the outgoing email
+#                                    server
+#
+# @param notice_mail_address         email address that should receive notices
+#                                    about new motions and motion status
+#                                    changes
+#
+# @param notification_sender_address email address that is used as the sender
+#                                    of generated emails
+#
+# @param server_certificate          PEM encoded X.509 server certificate
+#
+# @param server_private_key          PEM encoded unencrypted RSA private key
+#
+# @param vote_notice_mail_address    email address that should receive
+#                                    notification when votes on a motion are
+#                                    made
 #
 # Examples
 # --------
 #
 # Copyright 2018-2019 Jan Dittberner
 #
-class profiles::cacert_boardvoting () {
+class profiles::cacert_boardvoting (
+  String $base_url = "https://motions.cacert.org",
+  String $cookie_secret,
+  String $csrf_key,
+  String $mail_host = 'localhost',
+  Integer $mail_port = 25,
+  String $notice_mail_address = 'cacert-board@lists.cacert.org',
+  String $notification_sender_address = 'returns@cacert.org',
+  String $server_certificate,
+  String $server_private_key,
+  String $vote_notice_mail_address = 'cacert-board-votes@lists.cacert.org',
+) {
   include apt
   apt::key { 'cacert':
     id      => '4C4F8164EFE3DAFEC82F22FC82D61CAA4E904466',
@@ -38,5 +77,53 @@ class profiles::cacert_boardvoting () {
     location => 'http://webstatic.infra.cacert.org',
     repos    => 'main',
     release  => "${::lsbdistcodename}-cacert",
+  } ->
+  package { 'cacert-boardvoting':
+    ensure  => latest,
+  } ->
+  file { '/srv/cacert-boardvoting/config.yaml':
+    ensure  => file,
+    owner   => 'cacert-boardvoting',
+    group   => 'root',
+    mode    => '0600',
+    content => epp('profiles/cacert_boardvoting/config.yaml.epp', {
+      base_url       => $base_url,
+      cookie_secret  => $cookie_secret,
+      csrf_key       => $csrf_key,
+      mail_host      => $mail_host,
+      mail_port      => $mail_port,
+      motion_address => $notice_mail_address,
+      sender_address => $notification_sender_address,
+      vote_address   => $vote_notice_mail_address,
+      }),
+    notify  => Service['cacert-boardvoting'],
+  }
+  file { '/srv/cacert-boardvoting/data/cacert_class3.pem':
+    ensure => file,
+    owner  => 'cacert-boardvoting',
+    group  => 'root',
+    mode   => '0644',
+    source => 'http://www.cacert.org/certs/class3_X0E.crt',
+    notify  => Service['cacert-boardvoting'],
+  }
+  file { '/srv/cacert-boardvoting/data/server.crt':
+    ensure  => file,
+    owner   => 'cacert-boardvoting',
+    group   => 'root',
+    mode    => '0644',
+    content => $server_certificate,
+    notify  => Service['cacert-boardvoting'],
+  }
+  file { '/srv/cacert-boardvoting/data/server.key':
+    ensure  => file,
+    owner   => 'cacert-boardvoting',
+    group   => 'root',
+    mode    => '0600',
+    content => $server_private_key,
+    notify  => Service['cacert-boardvoting'],
+  }
+  service { 'cacert-boardvoting':
+    ensure  => running,
+    enable  => true,
   }
 }
diff --git a/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp b/sitemodules/profiles/templates/cacert_boardvoting/config.yaml.epp
new file mode 100644 (file)
index 0000000..653edb6
--- /dev/null
@@ -0,0 +1,24 @@
+<%- | String $base_url,
+      String $cookie_secret,
+      String $csrf_key,
+      String $mail_host,
+      Integer $mail_port,
+      String $motion_address,
+      String $sender_address,
+      String $vote_address
+| -%>
+---
+notice_mail_address: <%= $motion_address %>
+vote_notice_mail_address: <%= $vote_address %>
+notification_sender_address: <%= $sender_address %>
+database_file: /srv/cacert-boardvoting/data/database.sqlite
+client_ca_certificates: /srv/cacert-boardvoting/data/cacert_class3.pem
+server_certificate: /srv/cacert-boardvoting/data/server.crt
+server_key: /srv/cacert-boardvoting/data/server.key
+https_address: <%= $facts[networking][ip] %>:8443
+cookie_secret: <%= $cookie_secret %>
+csrf_key: <%= $csrf_key %>
+base_url: <%= $base_url %>
+mail_server:
+  host: <%= $mail_host %>
+  port: <%= $mail_port %>