1 define motion::virtual ($domain = "motion.${systemDomain}", $container = $name) {
2 @file{"/run/${container}-socket":
6 @lxc::container { $container:
7 contname => $container,
8 ip => $ips[$container],
9 dir => ['/motion-socket'],
11 "/run/${container}-socket" => { 'target' => "motion-socket"},
15 @lxc::container_bind{ "/run/${container}-socket":
16 container => 'front-nginx',
17 target => "${container}-socket",
21 @file{"/etc/ssl/${container}-roots.pem":
23 source => ['puppet:///modules/motion/motion-roots.pem', 'puppet:///modules/nre/config/ca/root.crt'],
26 @front_vhost{$container:
27 source => 'motion/nginx.epp',
28 args => {container => $container, name => $container, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
29 crt => "motion/${container}",
33 @file{'/etc/nginx/conf.d/bucket_size.conf':
34 content => "map_hash_bucket_size 256;log_format motion-cert '\$date_gmt \$host:\$ssl_client_serial:\$ssl_client_i_dn;\$motion_user_role';\n",
36 before => Service['nginx'],
39 @file{'/etc/nginx/conf.d/motion_map.conf':
40 content => inline_epp(file('motion/user_map.epp', 'motion/user_map.template.epp'), {name => $name}),
42 before => Service['nginx'],
47 @postgresql::server::db { $container:
49 password => postgresql_password($container, 'motion'),
52 @postgresql::server::pg_hba_rule { "allow ${container} to access its database":
53 description => "Open up PostgreSQL for access from motion-user to its database",
55 database => $container,
57 address => "${ips[$container]}/32",
63 define motion::frontend($domain, $container, $roots = 'puppet:///modules/motion/motion-roots.pem'){
64 @file{"/etc/ssl/${name}-roots.pem":
66 source => [$roots, 'puppet:///modules/nre/config/ca/root.crt'],
69 @front_vhost{"${container}-${domain}":
70 source => 'motion/nginx.epp',
71 args => {container => $container, name => $name, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
72 crt => "motion/${container}",