mirror.pp 3.94 KB
Newer Older
1
2
# Manage a mirror of a git-annex repository
define tails::git_annex::mirror (
3
  Pattern[/\A[a-z_-]+\z/] $user,
4
5
6
7
8
9
  Stdlib::Absolutepath $home,
  String $ssh_keyname,

  Stdlib::Absolutepath $checkout_dir,
  String $remote_repo,

10
11
12
  Enum['present', 'absent'] $ensure           = 'present',
  String $mode                                = 'mirror',
  Boolean $direct_mode                        = true,
13
14
  Array[String] $pull_hour                    = ['*'],
  Array[String] $pull_minute                  = ['14', '29', '44', '59'],
15
16
17
18
19
20
21
22
23
24
25

  Boolean $manage_mount                       = false,
  $mount_point                                = false,
  $mount_device                               = false,
  $mount_fstype                               = false,
  $mount_options                              = false,

  String $webserver                           = 'nginx',
  Boolean $manage_vhost                       = false,
  $vhost_template                             = false,
  $vhost_auth_source                          = false,
26
27
28
29
30
31
32
33
34
) {

  ### Resources

  vcsrepo { $checkout_dir:
    ensure   => $ensure,
    provider => git,
    source   => $remote_repo,
    user     => $user,
35
    require  => Sshkeys::Set_client_key_pair[$ssh_keyname],
36
37
  }

38
  file { $checkout_dir:
intrigeri's avatar
intrigeri committed
39
40
41
42
43
    ensure  => directory,
    owner   => $user,
    group   => 'www-data',
    mode    => '0750',
    require => Vcsrepo[$checkout_dir],
44
45
  }

46
47
48
49
50
51
52
53
54
55
56
  exec { "Switch ${name} to direct mode":
    command => 'git annex direct',
    user    => $user,
    cwd     => $checkout_dir,
    creates => "${checkout_dir}/.git/annex",
    require => [
      Package['git-annex'],
      Vcsrepo[$checkout_dir],
    ],
  }

57
58
59
60
61
62
63
64
65
66
67
  $service_ensure = $ensure ? {
    absent  => stopped,
    default => running,
  }
  $daemon_reload_exec = "systemctl-daemon-reload-git-annex-mirror-${name}"
  exec { $daemon_reload_exec:
    refreshonly => true,
    command     => '/bin/systemctl daemon-reload',
  }
  $timer = "git-annex-mirror-${name}.timer"
  file { "/etc/systemd/system/${timer}":
68
    ensure  => $ensure,
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
    content => template('tails/git_annex/mirror.timer.erb'),
    notify  => [
      Exec[$daemon_reload_exec],
      Service[$timer],
    ],
  }
  $command = "/usr/local/bin/pull-git-annex ${mode}"
  file { "/etc/systemd/system/git-annex-mirror-${name}.service":
    content => template('tails/git_annex/mirror.service.erb'),
    notify  => Exec[$daemon_reload_exec],
  }
  service { $timer:
    ensure   => $service_ensure,
    provider => 'systemd',
    enable   => true,
    require  => [
85
86
      Exec["Switch ${name} to direct mode"],
      File['/usr/local/bin/pull-git-annex'],
87
      Exec[$daemon_reload_exec],
88
89
90
    ],
  }

intrigeri's avatar
intrigeri committed
91
92
93
  user { $user:
    ensure => $ensure,
    system => true,
intrigeri's avatar
intrigeri committed
94
    home   => $home,
intrigeri's avatar
intrigeri committed
95
96
  }

intrigeri's avatar
intrigeri committed
97
  file { [ $home, "${home}/.ssh" ]:
intrigeri's avatar
intrigeri committed
98
99
100
101
    ensure => directory,
    owner  => $user,
    group  => $user,
    mode   => '0700',
102
103
  }

104
105
106
107
108
109
110
111
112
113
  sshkeys::set_client_key_pair { $ssh_keyname:
    keyname => $ssh_keyname,
    user    => $user,
    home    => $home,
    require => [
      User[$user],
      File["${home}/.ssh"],
    ],
  }

114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
  if $manage_mount {
    validate_string($mount_point)
    validate_string($mount_device)
    validate_string($mount_fstype)
    validate_string($mount_options)

    file { $mount_point:
      ensure => directory,
      owner  => $user,
      group  => 'www-data',
      mode   => '2755',
    }

    mount { $mount_point:
      ensure  => mounted,
      device  => $mount_device,
      fstype  => $mount_fstype,
      options => $mount_options,
    }
133

134
135
  }

136
137
138
  if $manage_vhost {
    case $webserver {

139
      'nginx': {
140
141
        ensure_packages(['libnginx-mod-http-fancyindex'])

142
        nginx::vhostsd { $name:
intrigeri's avatar
intrigeri committed
143
          content => template($vhost_template),
144
          require => Package['libnginx-mod-http-fancyindex'],
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
        }
        if $vhost_auth_source {
          nginx::authd { $name:
            source  => $vhost_auth_source,
          }
        }
      }

      default: {
        fail("Unsupported webserver ${webserver}")
      }

    }
  }

160
}