X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=modules%2Fmotion%2Fmanifests%2Fvirtual.pp;h=a2f601ca96863138f96a16957e21ad11b84c5681;hb=HEAD;hp=ccc379d35696035eac8730e3389aec69e560ae86;hpb=ec411b00d9969e8a56d313cbb7479bba600244d9;p=infra.git

diff --git a/modules/motion/manifests/virtual.pp b/modules/motion/manifests/virtual.pp
index ccc379d..a2f601c 100644
--- a/modules/motion/manifests/virtual.pp
+++ b/modules/motion/manifests/virtual.pp
@@ -25,11 +25,24 @@ define motion::virtual ($domain = "motion.${systemDomain}", $container = $name)
   }
   @front_vhost{$container:
     source => 'motion/nginx.epp',
-    args => {container => $container, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
+    args => {container => $container, name => $container, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
     crt => "motion/${container}",
     tag => [nginx]
   }
 
+  @file{'/etc/nginx/conf.d/bucket_size.conf':
+    content => "map_hash_bucket_size 256;log_format motion-cert '\$date_gmt \$host:\$ssl_client_serial:\$ssl_client_i_dn;\$motion_user_role';\n",
+    ensure => 'file',
+    before => Service['nginx'],
+    tag => [nginx]
+  }
+  @file{'/etc/nginx/conf.d/motion_map.conf':
+    content => inline_epp(file('motion/user_map.epp', 'motion/user_map.template.epp'), {name => $name}),
+    ensure => 'file',
+    before => Service['nginx'],
+    tag => [nginx]
+  }
+
 
   @postgresql::server::db { $container:
     user     => $container,
@@ -46,3 +59,17 @@ define motion::virtual ($domain = "motion.${systemDomain}", $container = $name)
     tag => [primary]
   }
 }
+
+define motion::frontend($domain, $container, $roots = 'puppet:///modules/motion/motion-roots.pem'){
+  @file{"/etc/ssl/${name}-roots.pem":
+    ensure => 'file',
+    source => [$roots, 'puppet:///modules/nre/config/ca/root.crt'],
+    tag => [nginx]
+  }
+  @front_vhost{"${container}-${domain}":
+    source => 'motion/nginx.epp',
+    args => {container => $container, name => $name, cert_stem => "/etc/ssl/private/${container}", domain => $domain, socket => "unix:/${container}-socket/motion.fcgi"},
+    crt => "motion/${container}",
+    tag => [nginx]
+  }
+}