add: motion system from source

[infra.git] / modules / motion / manifests / virtual.pp

diff --git a/modules/motion/manifests/virtual.pp b/modules/motion/manifests/virtual.pp
new file mode 100644 (file)
index 0000000..ccc379d
--- /dev/null
+++ b/modules/motion/manifests/virtual.pp
@@ -0,0 +1,48 @@
+define motion::virtual ($domain = "motion.${systemDomain}", $container = $name) {
+  @file{"/run/${container}-socket":
+    ensure => 'directory',
+    tag => [root]
+  } ->
+  @lxc::container { $container:
+    contname => $container,
+    ip => $ips[$container],
+    dir => ['/motion-socket'],
+    bind => {
+      "/run/${container}-socket" => { 'target' => "motion-socket"},
+    },
+    tag => [root]
+  }
+  @lxc::container_bind{ "/run/${container}-socket":
+    container => 'front-nginx',
+    target => "${container}-socket",
+    tag => [root]
+  }
+
+  @file{"/etc/ssl/${container}-roots.pem":
+    ensure => 'file',
+    source => ['puppet:///modules/motion/motion-roots.pem', 'puppet:///modules/nre/config/ca/root.crt'],
+    tag => [nginx]
+  }
+  @front_vhost{$container:
+    source => 'motion/nginx.epp',
+    args => {container => $container, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
+    crt => "motion/${container}",
+    tag => [nginx]
+  }
+
+
+  @postgresql::server::db { $container:
+    user     => $container,
+    password => postgresql_password($container, 'motion'),
+    tag => [primary]
+  }
+  @postgresql::server::pg_hba_rule { "allow ${container} to access its database":
+    description => "Open up PostgreSQL for access from motion-user to its database",
+    type        => 'host',
+    database    => $container,
+    user        => $container,
+    address     => "${ips[$container]}/32",
+    auth_method => 'md5',
+    tag => [primary]
+  }
+}