2 include container::contained;
3 include container::no_ssh;
5 file { "${::puppet_vardir}/debconf/":
8 $gigi_pkg = $testServer ? {
9 'true' => 'wpia-gigi-testing',
10 default => 'wpia-gigi'
12 file { "${::puppet_vardir}/debconf/gigi-lang.debconf":
14 content => "$gigi_pkg $gigi_pkg/fetch-locales-command string gigi fetch-locales $gigi_translation"
16 exec { 'debconf-gigi':
18 command => "/usr/bin/debconf-set-selections < ${::puppet_vardir}/debconf/gigi-lang.debconf",
19 unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation' | /bin/grep -F '$gigi_pkg/fetch-locales'"
22 apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94':
23 source => 'http://deb2.dogcraft.de/signer.gpg',
26 file { '/etc/apt/sources.list.d/dogcraft.list':
27 source => 'puppet:///modules/lxc/dogcraft.list',
29 notify => Exec['apt_update']
32 require => [Exec['debconf-gigi'],Exec['apt_update']],
33 ensure => 'installed',
35 $gigi_pg_ip = $ips[postgres];
36 $gigi_pg_password = $passwords[postgres][gigi];
37 file { '/var/lib/wpia-gigi':
38 ensure => 'directory',
39 require => Package[$gigi_pkg]
41 file {'/var/lib/wpia-gigi/ocsp':
43 target => '/var/lib/cassiopeia/ca',
44 before => Exec['/gigi-ready'],
46 file {'/var/lib/wpia-gigi/ocsp.pkcs12':
49 before => Exec['/gigi-ready'],
51 file { '/var/lib/wpia-gigi/config':
54 file {'/var/lib/wpia-gigi/config/gigi.properties':
56 content => epp('gigi/gigi.properties')
58 file {'/var/lib/wpia-gigi/config/ca':
59 ensure => 'directory',
60 source => 'puppet:///modules/nre/config/ca',
63 notify => Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks']
65 file {'/var/lib/wpia-gigi/config/profiles':
66 ensure => 'directory',
67 source => 'puppet:///modules/nre/config/profiles',
71 exec {'keytool for /var/lib/wpia-gigi/config/cacerts.jks':
72 cwd => '/var/lib/wpia-gigi/config/ca',
74 require => Package[$gigi_pkg],
75 command => '/bin/rm -f ../cacerts.jks && /usr/bin/keytool -importcert -keystore ../cacerts.jks -noprompt -storepass changeit -file root.crt -alias root && for i in assured.crt codesign.crt env.crt orga.crt orgaSign.crt unassured.crt *_*.crt; do /usr/bin/keytool -importcert -keystore ../cacerts.jks -storepass changeit -file "$i" -alias "${i%.crt}"; done',
77 file {'/var/lib/wpia-gigi/config/truststorepw':
79 content => 'changeit',
81 file {['/etc/wpia','/etc/wpia/gigi']:
84 file {'/var/lib/wpia-gigi/config/keystore.pkcs12':
85 source => ['puppet:///modules/gigi/keystore.pkcs12', 'puppet:///modules/gigi/empty'],
86 notify => Exec['tar for gigi-conf']
88 file {'/var/lib/wpia-gigi/config/keystorepw':
89 source => ['puppet:///modules/gigi/keystorepw', 'puppet:///modules/gigi/empty'],
91 notify => Exec['tar for gigi-conf']
93 exec{'tar for gigi-conf':
94 command => 'if /usr/bin/[ -s /var/lib/wpia-gigi/config/keystore.pkcs12 ]; then /bin/tar cf /etc/wpia/gigi/conf.tar gigi.properties truststorepw cacerts.jks keystorepw keystore.pkcs12; else /bin/tar cf /etc/wpia/gigi/conf.tar gigi.properties truststorepw cacerts.jks; fi',
97 cwd => '/var/lib/wpia-gigi/config',
98 unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/gigi.properties -ot /etc/wpia/gigi/conf.tar ]',
99 subscribe => [File['/var/lib/wpia-gigi/config/truststorepw'],Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks'],File['/var/lib/wpia-gigi/config/gigi.properties']],
100 require => File['/etc/wpia/gigi']
102 file {'/var/lib/wpia-gigi/keys/crt':
103 ensure => 'directory',
105 require => Package[$gigi_pkg],
106 before => Exec['/gigi-ready'],
108 file {'/var/lib/wpia-gigi/keys/csr':
109 ensure => 'directory',
111 require => Package[$gigi_pkg],
112 before => Exec['/gigi-ready'],
115 creates => '/gigi-ready',
116 command =>'/bin/false',
117 require => Exec['tar for gigi-conf']
120 command => '/usr/bin/gigi fetch-alexa /var/lib/wpia-gigi/blacklist.dat 100',
121 creates => '/var/lib/wpia-gigi/blacklist.dat',
122 require => [File['/var/lib/wpia-gigi'],Package[$gigi_pkg]]
123 } -> service{'gigi-proxy.socket':
126 provider => 'systemd',
127 subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']],
128 require => [Package[$gigi_pkg], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
130 package{'wpia-cassiopeia':
131 ensure => 'installed',
132 require => Exec['apt_update']
134 if $signerLocation == 'self' {
135 package { 'tcpserial':
136 ensure => 'installed',
137 require => Exec['apt_update']
139 $cass_ip = $ips[cassiopeia]
140 systemd::unit_file {'tcpserial.service':
142 content => epp('gigi/tcpserial'),
143 require => Package['tcpserial']
145 service{'tcpserial.service':
148 provider => 'systemd',
149 before => Service['cassiopeia-client.service']
151 } elsif $signerLocation == '/dev/ttyS0' {
152 exec {'/bin/mknod /dev/ttyS0 c 4 64':
153 creates => "/dev/ttyS0",
154 before => Service['cassiopeia-client.service']
158 file {'/var/lib/cassiopeia/':
159 ensure => 'directory',
160 require => Package['wpia-cassiopeia']
162 file {'/var/lib/cassiopeia/config.txt':
164 content => epp('gigi/cassiopeia-client-conf')
167 file {'/var/lib/cassiopeia/logs':
168 ensure => 'directory',
171 file {'/var/lib/cassiopeia/profiles':
172 ensure => 'directory',
173 source => 'puppet:///modules/cassiopeia_client/profiles',
177 file {'/var/lib/cassiopeia/ca':
178 ensure => 'directory',
180 source => 'puppet:///modules/cassiopeia_client/ca',
184 file {'/var/lib/cassiopeia/keys':
185 ensure => 'directory',
186 require => File['/var/lib/cassiopeia/']
188 file {'/var/lib/cassiopeia/keys/ca.crt':
190 source => 'puppet:///modules/cassiopeia/ca.crt'
192 file {'/var/lib/cassiopeia/keys/signer_client.crt':
194 source => 'puppet:///modules/cassiopeia/signer_client.crt'
196 file {'/var/lib/cassiopeia/keys/signer_client.key':
198 source => 'puppet:///modules/cassiopeia/signer_client.key'
201 systemd::unit_file { 'cassiopeia-client.service':
202 source => 'puppet:///modules/gigi/cassiopeia-client.service',
205 service{'cassiopeia-client.service':
206 provider => 'systemd',
207 require => [File['/var/lib/cassiopeia/config.txt'],
208 File['/var/lib/cassiopeia/ca'],
209 File['/var/lib/cassiopeia/logs'],
210 File['/var/lib/cassiopeia/profiles'],
211 File['/var/lib/cassiopeia/keys/ca.crt'],
212 File['/var/lib/cassiopeia/keys/signer_client.crt'],
213 File['/var/lib/cassiopeia/keys/signer_client.key'],
214 Exec['/gigi-ready']],