diff options
Diffstat (limited to 'modules/catdap')
| -rw-r--r-- | modules/catdap/manifests/init.pp | 67 | ||||
| -rw-r--r-- | modules/catdap/manifests/snapshot.pp | 21 | ||||
| -rw-r--r-- | modules/catdap/templates/catdap_local.yml | 111 |
3 files changed, 157 insertions, 42 deletions
diff --git a/modules/catdap/manifests/init.pp b/modules/catdap/manifests/init.pp index 018b6ed5..f7172208 100644 --- a/modules/catdap/manifests/init.pp +++ b/modules/catdap/manifests/init.pp @@ -1,42 +1,47 @@ class catdap { - $catdap_location = "/var/www/identity" - $catdap_vhost = "identity.$domain" + $upstream_git = "git://git.${::domain}/web/identity" # TODO switch to a proper rpm packaging - $rpm_requirement = ['perl-Catalyst-Runtime',"perl-FCGI", 'perl-Catalyst-Plugin-Authorization-Roles', -"perl-Catalyst-Action-RenderView", "perl-Catalyst-Model-LDAP-FromAuthentication", "perl-Catalyst-P-A-Store-LDAP", "perl-Catalyst-Plugin-Authentication", "perl-Catalyst-Plugin-Captcha", -"perl-Catalyst-Plugin-ConfigLoader", "perl-Catalyst-Plugin-I18N", "perl-Catalyst-Plugin-Session-Store-File", "perl-Catalyst-Plugin-Static-Simple", -"perl-Catalyst-P-S-State-Cookie", "perl-Catalyst-P-S-Store-File", "perl-Catalyst-View-Email", -"perl-Catalyst-View-TT", "perl-Config-General", "perl-Crypt-CBC", "perl-Data-UUID", -"perl-Email-Valid", "perl-Moose", "perl-namespace-autoclean", "perl-Test-Simple", -"perl-Crypt-Blowfish", "perl-Email-Date-Format", "perl-YAML-LibYAML", -] + $rpm_requirement = ['perl-Catalyst-Runtime', + 'perl-FCGI', + 'perl-Catalyst-Plugin-Authorization-Roles', + 'perl-Catalyst-Action-RenderView', + 'perl-Catalyst-Model-LDAP-FromAuthentication', + 'perl-Catalyst-P-A-Store-LDAP', + 'perl-Catalyst-Plugin-Authentication', + 'perl-Catalyst-Plugin-Captcha', + 'perl-Catalyst-Plugin-ConfigLoader', + 'perl-Catalyst-Plugin-I18N', + 'perl-Catalyst-Plugin-Session-Store-File', + 'perl-Catalyst-Plugin-Static-Simple', + 'perl-Catalyst-P-S-State-Cookie', + 'perl-Catalyst-View-Email', + 'perl-Catalyst-View-TT', + 'perl-Config-General', + 'perl-Crypt-CBC', + 'perl-Data-UUID', + 'perl-Email-Valid', + 'perl-Moose', + 'perl-namespace-autoclean', + 'perl-Test-Simple', + 'perl-Crypt-Blowfish', + 'perl-Email-Date-Format', + 'perl-YAML-LibYAML', + 'perl-IO-Socket-INET6' ] - package { $rpm_requirement: - ensure => installed - } + package { $rpm_requirement: } - subversion::snapshot { $catdap_location: - source => "svn://svn.mageia.org/soft/identity/CatDap/branches/live" - } + $ldap_password = extlookup('catdap_ldap','x') - $catdap_password = extlookup('catdap_password') - - file { "$catdap_location/catdap_local.yml": - ensure => present, - owner => root, - group => apache, - mode => 640, - content => template("catdap/catdap_local.yml"), - require => Subversion::Snapshot[$catdap_location] + catdap::snapshot { "identity.${::domain}": + location => '/var/www/identity', + git_location => $upstream_git, + git_branch => 'topic/production', } - apache::vhost_catalyst_app { $catdap_vhost: - script => "$catdap_location/script/catdap_fastcgi.pl", - location => $catdap_location, - use_ssl => true, + catdap::snapshot { "identity-trunk.${::domain}": + location => '/var/www/identity-trunk', + git_location => $upstream_git, } - - apache::vhost_redirect_ssl { $catdap_vhost: } } diff --git a/modules/catdap/manifests/snapshot.pp b/modules/catdap/manifests/snapshot.pp new file mode 100644 index 00000000..35ca692e --- /dev/null +++ b/modules/catdap/manifests/snapshot.pp @@ -0,0 +1,21 @@ +define catdap::snapshot($location, $git_location, $git_branch = 'master') { + file { "${location}/catdap_local.yml": + group => apache, + mode => '0640', + content => template('catdap/catdap_local.yml'), + require => Git::Snapshot[$location], + } + + git::snapshot { $location: + source => $git_location, + branch => $git_branch, + } + + apache::vhost::catalyst_app { $name: + script => "${location}/script/catdap_fastcgi.pl", + location => $location, + use_ssl => true, + } + + apache::vhost::redirect_ssl { $name: } +} diff --git a/modules/catdap/templates/catdap_local.yml b/modules/catdap/templates/catdap_local.yml index 50f43601..d982b40b 100644 --- a/modules/catdap/templates/catdap_local.yml +++ b/modules/catdap/templates/catdap_local.yml @@ -1,22 +1,20 @@ <% -ldap_server = 'ldap.' + domain +ldap_server = "ldap-master.#{domain}" -ldap_password = catdap_password - -ldap_account = 'cn=catdap-valstar,ou=System Accounts,' + dc_suffix +ldap_account = "cn=catdap-#{hostname},ou=System Accounts,#{dc_suffix}" %> organisation: Mageia apptitle: Mageia Identity Management -emailfrom: noreply@<%= domain %> +emailfrom: noreply@<%= @domain %> Model::Proxy: - base: ou=People,<%= dc_suffix %> + base: ou=People,<%= @dc_suffix %> dn: <%= ldap_account %> - password: <%= ldap_password %> + password: <%= scope.lookupvar("catdap::ldap_password") %> Model::User: - base: <%= dc_suffix %> + base: <%= @dc_suffix %> host: <%= ldap_server %> start_tls: 1 @@ -27,7 +25,98 @@ authentication: store: ldap_server: <%= ldap_server %> binddn: <%= ldap_account %> - bindpw: <%= ldap_password %> - user_basedn: ou=People,<%= dc_suffix %> - role_basedn: <%= dc_suffix %> + bindpw: <%= scope.lookupvar("catdap::ldap_password") %> + user_basedn: ou=People,<%= @dc_suffix %> + role_basedn: <%= @dc_suffix %> + +register: + login_regex: ^[a-z][a-z0-9]*$ + login_blacklist: + - abuse + - apache + - bcd + - hostmaster + - iurt + - listmaster + - MAILER-DAEMON + - mirror + - noc + - postmaster + - president + - schedbot + - secretary + - security + - signbot + - treasurer + - webmaster + - www + + email_domain_blacklist: + - armyspy.com + - bitmessage.ch + - codehot.co.uk + - crazymailing.com + - dayrep.com + - group.mageia.org + - grr.la + - guerrillamail.biz + - guerrillamail.com + - guerrillamail.de + - guerrillamail.info + - guerrillamail.net + - guerrillamail.org + - guerrillamailblock.com + - jourrapide.com + - ml.mageia.org + - namecheap.com + - pokemail.net + - rhyta.com + - runbox.com + - sharklasers.com + - spam4.me + - vmani.com + - wowring.ru + - yopmail.com + - zasod.com +Controller::User: + editable_attrs: + - cn + - sn + - givenName + - mobile + - mailForwardingAddress + - preferredLanguage + uneditable_attrs: + - uid + - uidNumber + - gidNumber + - homeDirectory + - mail + - sshPublicKey + - loginShell + skip_attrs: + - objectClass + - krb5Key + - sambaMungedDial + - sambaPasswordHistory + - userPassword + - sambaLMPassword + - sambaNTPassword + - sambaPwdMustChange + - sambaSID + - sambaPrimaryGroupSID + - sambaAcctFlags + - sambaPwdCanChange + - sambaPwdLastSet + - sambaKickOffTime + - sambaUserWorkstations + - sambaLogonTime + - krb5KeyVersionNumber + - krb5PasswordEnd + - krb5MaxLife + - krb5MaxRenew + - krb5KDCFlags + - shadowLastChange + - roomNumber + - secretary |