X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fdacs%2Fmanifests%2Finit.pp;h=8c865df61f868d0d4870b0b73019251ebf5b85fb;hb=61b1f29e849df28f2892efc5f98318611e99eeeb;hp=a9e703de2c4cbb684556f7c90205e72647e9f670;hpb=b971cc837b8783402899e0aba3755a1f89ca1e27;p=dsa-puppet.git diff --git a/modules/dacs/manifests/init.pp b/modules/dacs/manifests/init.pp index a9e703de..8c865df6 100644 --- a/modules/dacs/manifests/init.pp +++ b/modules/dacs/manifests/init.pp @@ -1,101 +1,97 @@ +# = Class: dacs +# +# This class installs and configures dacs for web auth +# +# == Sample Usage: +# +# include dacs +# class dacs { - package { - "dacs": ensure => installed; - "libapache2-mod-dacs": ensure => installed; - } + package { 'dacs': + ensure => installed, + } + package { 'libapache2-mod-dacs': + ensure => installed, + } - file { - "/etc/dacs/federations": - ensure => directory, - owner => root, - group => www-data, - mode => 750, - purge => true - ; - - "/etc/dacs/federations/debian.org/": - ensure => directory, - owner => root, - group => www-data, - mode => 750, - purge => true - ; - - "/etc/dacs/federations/debian.org/DEBIAN": - ensure => directory, - owner => root, - group => www-data, - mode => 750, - purge => true - ; - - "/etc/dacs/federations/debian.org/DEBIAN/acls": - ensure => directory, - owner => root, - group => www-data, - mode => 750, - purge => true - ; - - "/etc/dacs/federations/debian.org/DEBIAN/groups": - ensure => directory, - owner => root, - group => www-data, - mode => 750, - purge => true - ; - - "/etc/dacs/federations/site.conf": - source => [ "puppet:///modules/dacs/per-host/$fqdn/site.conf", - "puppet:///modules/dacs/common/site.conf" ], - mode => 640, - owner => root, - group => www-data - ; - - "/etc/dacs/federations/debian.org/DEBIAN/dacs.conf": - source => [ "puppet:///modules/dacs/per-host/$fqdn/dacs.conf", - "puppet:///modules/dacs/common/dacs.conf" ], - mode => 640, - owner => root, - group => www-data - ; - - "/etc/dacs/federations/debian.org/DEBIAN/acls/revocations": - source => [ "puppet:///modules/dacs/per-host/$fqdn/revocations", - "puppet:///modules/dacs/common/revocations" ], - mode => 640, - owner => root, - group => www-data - ; - - "/etc/dacs/federations/debian.org/DEBIAN/acls/acl-noauth.0": - source => [ "puppet:///modules/dacs/per-host/$fqdn/acl-noauth.0", - "puppet:///modules/dacs/common/acl-noauth.0" ], - mode => 640, - owner => root, - group => www-data - notify => Exec["dacsacl"] - ; - - "/etc/dacs/federations/debian.org/DEBIAN/acls/acl-private.0": - source => [ "puppet:///modules/dacs/per-host/$fqdn/acl-private.0", - "puppet:///modules/dacs/common/acl-private.0" ], - mode => 640, - owner => root, - group => www-data - notify => Exec["dacsacl"] - ; - } - - exec { - "dacsacl": - command => "dacsacl -uj DEBIAN", - refreshonly => true, - } + file { '/var/log/dacs': + ensure => directory, + owner => root, + group => www-data, + mode => '0770', + purge => true, + } + file { [ + '/etc/dacs/federations', + '/etc/dacs/federations/debian.org/', + '/etc/dacs/federations/debian.org/DEBIAN', + '/etc/dacs/federations/debian.org/DEBIAN/acls', + '/etc/dacs/federations/debian.org/DEBIAN/groups', + '/etc/dacs/federations/debian.org/DEBIAN/groups/DACS' + ]: + ensure => directory, + owner => root, + group => www-data, + mode => '0750', + require => Package['libapache2-mod-dacs'], + purge => true + } + file { '/etc/dacs/federations/site.conf': + source => 'puppet:///modules/dacs/common/site.conf', + mode => '0640', + owner => root, + group => www-data + } + file { '/etc/dacs/federations/debian.org/DEBIAN/dacs.conf': + source => 'puppet:///modules/dacs/common/dacs.conf', + mode => '0640', + owner => root, + group => www-data + } + file { '/etc/dacs/federations/debian.org/DEBIAN/acls/revocations': + source => 'puppet:///modules/dacs/common/revocations', + mode => '0640', + owner => root, + group => www-data + } + file { '/etc/dacs/federations/debian.org/DEBIAN/groups/DACS/jurisdictions.grp': + source => 'puppet:///modules/dacs/common/jurisdictions.grp', + mode => '0640', + owner => root, + group => www-data + } + file { '/etc/dacs/federations/debian.org/DEBIAN/acls/acl-noauth.0': + source => [ "puppet:///modules/dacs/per-host/${::fqdn}/acl-noauth.0", + 'puppet:///modules/dacs/common/acl-noauth.0' ], + mode => '0640', + owner => root, + group => www-data, + notify => Exec['dacsacl'] + } + file { '/etc/dacs/federations/debian.org/DEBIAN/acls/acl-private.0': + source => [ "puppet:///modules/dacs/per-host/${::fqdn}/acl-private.0", + 'puppet:///modules/dacs/common/acl-private.0' ], + mode => '0640', + owner => root, + group => www-data, + notify => Exec['dacsacl'] + } + file { '/etc/dacs/federations/debian.org/federation_keyfile': + source => 'puppet:///modules/dacs/private/debian.org_federation_keyfile', + mode => '0640', + owner => root, + group => www-data + } + file { '/etc/dacs/federations/debian.org/DEBIAN/jurisdiction_keyfile': + source => 'puppet:///modules/dacs/private/DEBIAN_jurisdiction_keyfile', + mode => '0640', + owner => root, + group => www-data + } + exec { 'dacsacl': + command => 'dacsacl -sc /etc/dacs/federations/site.conf -c /etc/dacs/federations/debian.org/DEBIAN/dacs.conf -uj DEBIAN && chown root:www-data /etc/dacs/federations/debian.org/DEBIAN/acls/INDEX', + refreshonly => true, + } } -# vim:set et: -# vim:set sts=4 ts=4: -# vim:set shiftwidth=4: