diff options
Diffstat (limited to 'modules/catdap')
| -rw-r--r-- | modules/catdap/manifests/init.pp | 34 | ||||
| -rw-r--r-- | modules/catdap/manifests/snapshot.pp | 21 | ||||
| -rw-r--r-- | modules/catdap/templates/catdap_local.yml | 106 |
3 files changed, 115 insertions, 46 deletions
diff --git a/modules/catdap/manifests/init.pp b/modules/catdap/manifests/init.pp index 713b8b86..f7172208 100644 --- a/modules/catdap/manifests/init.pp +++ b/modules/catdap/manifests/init.pp @@ -1,6 +1,6 @@ class catdap { - $upstream_svn = 'svn://svn.mageia.org/svn/soft/identity/CatDap/' + $upstream_git = "git://git.${::domain}/web/identity" # TODO switch to a proper rpm packaging $rpm_requirement = ['perl-Catalyst-Runtime', @@ -16,7 +16,6 @@ class catdap { 'perl-Catalyst-Plugin-Session-Store-File', 'perl-Catalyst-Plugin-Static-Simple', 'perl-Catalyst-P-S-State-Cookie', - 'perl-Catalyst-P-S-Store-File', 'perl-Catalyst-View-Email', 'perl-Catalyst-View-TT', 'perl-Config-General', @@ -29,41 +28,20 @@ class catdap { 'perl-Crypt-Blowfish', 'perl-Email-Date-Format', 'perl-YAML-LibYAML', - 'perl-Catalyst-Plugin-Unicode-Encoding', 'perl-IO-Socket-INET6' ] package { $rpm_requirement: } $ldap_password = extlookup('catdap_ldap','x') - define catdap_snapshot($location, $svn_location) { - file { "$location/catdap_local.yml": - group => apache, - mode => '0640', - content => template('catdap/catdap_local.yml'), - require => Subversion::Snapshot[$location], - } - - subversion::snapshot { $location: - source => $svn_location - } - - apache::vhost_catalyst_app { $name: - script => "$location/script/catdap_fastcgi.pl", - location => $location, - use_ssl => true, - } - - apache::vhost_redirect_ssl { $name: } - } - - catdap_snapshot { "identity.$::domain": + catdap::snapshot { "identity.${::domain}": location => '/var/www/identity', - svn_location => "$upstream_svn/branches/live" + git_location => $upstream_git, + git_branch => 'topic/production', } - catdap_snapshot { "identity-trunk.$::domain": + catdap::snapshot { "identity-trunk.${::domain}": location => '/var/www/identity-trunk', - svn_location => "$upstream_svn/trunk" + git_location => $upstream_git, } } diff --git a/modules/catdap/manifests/snapshot.pp b/modules/catdap/manifests/snapshot.pp new file mode 100644 index 00000000..35ca692e --- /dev/null +++ b/modules/catdap/manifests/snapshot.pp @@ -0,0 +1,21 @@ +define catdap::snapshot($location, $git_location, $git_branch = 'master') { + file { "${location}/catdap_local.yml": + group => apache, + mode => '0640', + content => template('catdap/catdap_local.yml'), + require => Git::Snapshot[$location], + } + + git::snapshot { $location: + source => $git_location, + branch => $git_branch, + } + + apache::vhost::catalyst_app { $name: + script => "${location}/script/catdap_fastcgi.pl", + location => $location, + use_ssl => true, + } + + apache::vhost::redirect_ssl { $name: } +} diff --git a/modules/catdap/templates/catdap_local.yml b/modules/catdap/templates/catdap_local.yml index 429da7c2..d982b40b 100644 --- a/modules/catdap/templates/catdap_local.yml +++ b/modules/catdap/templates/catdap_local.yml @@ -6,15 +6,15 @@ ldap_account = "cn=catdap-#{hostname},ou=System Accounts,#{dc_suffix}" organisation: Mageia apptitle: Mageia Identity Management -emailfrom: noreply@<%= domain %> +emailfrom: noreply@<%= @domain %> Model::Proxy: - base: ou=People,<%= dc_suffix %> + base: ou=People,<%= @dc_suffix %> dn: <%= ldap_account %> - password: <%= ldap_password %> + password: <%= scope.lookupvar("catdap::ldap_password") %> Model::User: - base: <%= dc_suffix %> + base: <%= @dc_suffix %> host: <%= ldap_server %> start_tls: 1 @@ -25,28 +25,98 @@ authentication: store: ldap_server: <%= ldap_server %> binddn: <%= ldap_account %> - bindpw: <%= ldap_password %> - user_basedn: ou=People,<%= dc_suffix %> - role_basedn: <%= dc_suffix %> + bindpw: <%= scope.lookupvar("catdap::ldap_password") %> + user_basedn: ou=People,<%= @dc_suffix %> + role_basedn: <%= @dc_suffix %> register: + login_regex: ^[a-z][a-z0-9]*$ login_blacklist: + - abuse - apache - - mirror - bcd - - iurt - - schedbot - - signbot - - postmaster - hostmaster - - abuse - - noc - - security + - iurt - listmaster - MAILER-DAEMON - - webmaster - - www - - treasurer + - mirror + - noc + - postmaster - president + - schedbot - secretary - security + - signbot + - treasurer + - webmaster + - www + + email_domain_blacklist: + - armyspy.com + - bitmessage.ch + - codehot.co.uk + - crazymailing.com + - dayrep.com + - group.mageia.org + - grr.la + - guerrillamail.biz + - guerrillamail.com + - guerrillamail.de + - guerrillamail.info + - guerrillamail.net + - guerrillamail.org + - guerrillamailblock.com + - jourrapide.com + - ml.mageia.org + - namecheap.com + - pokemail.net + - rhyta.com + - runbox.com + - sharklasers.com + - spam4.me + - vmani.com + - wowring.ru + - yopmail.com + - zasod.com + +Controller::User: + editable_attrs: + - cn + - sn + - givenName + - mobile + - mailForwardingAddress + - preferredLanguage + uneditable_attrs: + - uid + - uidNumber + - gidNumber + - homeDirectory + - mail + - sshPublicKey + - loginShell + skip_attrs: + - objectClass + - krb5Key + - sambaMungedDial + - sambaPasswordHistory + - userPassword + - sambaLMPassword + - sambaNTPassword + - sambaPwdMustChange + - sambaSID + - sambaPrimaryGroupSID + - sambaAcctFlags + - sambaPwdCanChange + - sambaPwdLastSet + - sambaKickOffTime + - sambaUserWorkstations + - sambaLogonTime + - krb5KeyVersionNumber + - krb5PasswordEnd + - krb5MaxLife + - krb5MaxRenew + - krb5KDCFlags + - shadowLastChange + - roomNumber + - secretary |