X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=environments%2Fproduction%2Fmanifests%2Fgigi.pp;h=a1431aac9de528b86e14703fc46b116f5f5f371e;hb=95266f6237df2334741f3ce60050618259452ed4;hp=faac38b834d0621d94b8fca2be29956fc698ec5d;hpb=6a7320d1533a9e8df4c082ae528eb4c2474ec609;p=infra.git

diff --git a/environments/production/manifests/gigi.pp b/environments/production/manifests/gigi.pp
index faac38b..a1431aa 100644
--- a/environments/production/manifests/gigi.pp
+++ b/environments/production/manifests/gigi.pp
@@ -19,9 +19,8 @@ node gigi {
     unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation' | /bin/grep -F '$gigi_pkg/fetch-locales'"
   }
 
-  class{'apt':}
   apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94':
-    source => 'http://deb.dogcraft.de/signer.gpg',
+    source => 'http://deb2.dogcraft.de/signer.gpg',
     ensure => 'present'
   } ->
   file { '/etc/apt/sources.list.d/dogcraft.list':
@@ -36,7 +35,18 @@ node gigi {
   $gigi_pg_ip = $ips[postgres];
   $gigi_pg_password = $passwords[postgres][gigi];
   file { '/var/lib/wpia-gigi':
-    ensure => 'directory'
+    ensure => 'directory',
+    require => Package[$gigi_pkg]
+  }
+  file {'/var/lib/wpia-gigi/ocsp':
+    ensure => 'link',
+    target => '/var/lib/cassiopeia/ca',
+    before => Exec['/gigi-ready'],
+  }
+  file {'/var/lib/wpia-gigi/ocsp.pkcs12':
+    ensure => 'file',
+    owner => 'gigi',
+    before => Exec['/gigi-ready'],
   }
   file { '/var/lib/wpia-gigi/config':
     ensure => 'directory'
@@ -92,12 +102,14 @@ node gigi {
   file {'/var/lib/wpia-gigi/keys/crt':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   file {'/var/lib/wpia-gigi/keys/csr':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   exec {'/gigi-ready':
     creates => '/gigi-ready',
@@ -115,7 +127,7 @@ node gigi {
     subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']],
     require => [Package[$gigi_pkg], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
   }
-  package{'cacert-cassiopeia':
+  package{'wpia-cassiopeia':
     ensure => 'installed',
     require => Exec['apt_update']
   }
@@ -125,7 +137,7 @@ if $signerLocation == 'self' {
     require => Exec['apt_update']
   }
   $cass_ip = $ips[cassiopeia]
-  file {'/etc/systemd/system/tcpserial.service':
+  systemd::unit_file {'tcpserial.service':
     ensure => 'file',
     content => epp('gigi/tcpserial'),
     require => Package['tcpserial']
@@ -145,7 +157,7 @@ if $signerLocation == 'self' {
 
   file {'/var/lib/cassiopeia/':
     ensure => 'directory',
-    require => Package['cacert-cassiopeia']
+    require => Package['wpia-cassiopeia']
   }
   file {'/var/lib/cassiopeia/config.txt':
     ensure => 'file',
@@ -164,6 +176,7 @@ if $signerLocation == 'self' {
   }
   file {'/var/lib/cassiopeia/ca':
     ensure => 'directory',
+    owner => 'gigi',
     source => 'puppet:///modules/cassiopeia_client/ca',
     recurse => true,
   }
@@ -185,7 +198,7 @@ if $signerLocation == 'self' {
     source => 'puppet:///modules/cassiopeia/signer_client.key'
   }
 
-  file { '/etc/systemd/system/cassiopeia-client.service':
+  systemd::unit_file { 'cassiopeia-client.service':
     source => 'puppet:///modules/gigi/cassiopeia-client.service',
     ensure => 'present'
   } ->