2 include container::contained;
3 include container::no_ssh;
5 file { "${::puppet_vardir}/debconf/":
8 file { "${::puppet_vardir}/debconf/gigi-lang.debconf":
10 content => "wpia-gigi-testing wpia-gigi-testing/fetch-locales-command string gigi fetch-locales $gigi_translation"
12 exec { 'debconf-gigi-testing':
14 command => "/usr/bin/debconf-set-selections < ${::puppet_vardir}/debconf/gigi-lang.debconf",
15 unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation'"
19 apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94':
20 source => 'http://deb.dogcraft.de/signer.gpg',
23 file { '/etc/apt/sources.list.d/dogcraft.list':
24 source => 'puppet:///modules/lxc/dogcraft.list',
26 notify => Exec['apt_update']
28 package { 'wpia-gigi-testing':
29 require => [Exec['debconf-gigi-testing'],Exec['apt_update']],
30 ensure => 'installed',
32 $gigi_pg_ip = $ips[postgres];
33 $gigi_pg_password = $passwords[postgres][gigi];
34 file { '/var/lib/wpia-gigi':
37 file { '/var/lib/wpia-gigi/config':
40 file {'/var/lib/wpia-gigi/config/gigi.properties':
42 content => epp('gigi/gigi.properties')
44 file {'/var/lib/wpia-gigi/config/ca':
45 ensure => 'directory',
46 source => 'puppet:///modules/nre/config/ca',
49 notify => Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks']
51 file {'/var/lib/wpia-gigi/config/profiles':
52 ensure => 'directory',
53 source => 'puppet:///modules/nre/config/profiles',
57 exec {'keytool for /var/lib/wpia-gigi/config/cacerts.jks':
58 cwd => '/var/lib/wpia-gigi/config/ca',
60 require => Package['wpia-gigi-testing'],
61 command => '/bin/rm -f ../cacerts.jks && /usr/bin/keytool -importcert -keystore ../cacerts.jks -noprompt -storepass changeit -file root.crt -alias root && for i in assured.crt codesign.crt env.crt orga.crt orgaSign.crt unassured.crt *_*.crt; do /usr/bin/keytool -importcert -keystore ../cacerts.jks -storepass changeit -file "$i" -alias "${i%.crt}"; done',
63 file {'/var/lib/wpia-gigi/config/truststorepw':
65 content => 'changeit',
67 file {['/etc/wpia','/etc/wpia/gigi']:
70 file {'/var/lib/wpia-gigi/config/keystore.pkcs12':
71 source => ['puppet:///modules/gigi/keystore.pkcs12', 'puppet:///modules/gigi/empty'],
72 notify => Exec['tar for gigi-conf']
74 file {'/var/lib/wpia-gigi/config/keystorepw':
75 source => ['puppet:///modules/gigi/keystorepw', 'puppet:///modules/gigi/empty'],
77 notify => Exec['tar for gigi-conf']
79 exec{'tar for gigi-conf':
80 command => 'if /usr/bin/[ -s /var/lib/wpia-gigi/config/keystore.pkcs12 ]; then /bin/tar cf /etc/wpia/gigi/conf.tar gigi.properties truststorepw cacerts.jks keystorepw keystore.pkcs12; else /bin/tar cf /etc/wpia/gigi/conf.tar gigi.properties truststorepw cacerts.jks; fi',
83 cwd => '/var/lib/wpia-gigi/config',
84 unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ]',
85 subscribe => [File['/var/lib/wpia-gigi/config/truststorepw'],Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks'],File['/var/lib/wpia-gigi/config/gigi.properties']],
86 require => File['/etc/wpia/gigi']
88 file {'/var/lib/wpia-gigi/keys/crt':
89 ensure => 'directory',
91 require => Package['wpia-gigi-testing']
93 file {'/var/lib/wpia-gigi/keys/csr':
94 ensure => 'directory',
96 require => Package['wpia-gigi-testing']
99 creates => '/gigi-ready',
100 command =>'/bin/false'
103 command => '/usr/bin/gigi fetch-alexa /var/lib/wpia-gigi/blacklist.dat 100',
104 creates => '/var/lib/wpia-gigi/blacklist.dat',
105 require => [File['/var/lib/wpia-gigi'],Package['wpia-gigi-testing']]
106 } -> service{'gigi-proxy.socket':
108 provider => 'systemd',
109 subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']],
110 require => [Package['wpia-gigi-testing'], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
112 package{'cacert-cassiopeia':
113 ensure => 'installed',
114 require => Exec['apt_update']
116 if $signerLocation == 'self' {
117 package { 'tcpserial':
118 ensure => 'installed',
119 require => Exec['apt_update']
121 $cass_ip = $ips[cassiopeia]
122 file {'/etc/systemd/system/tcpserial.service':
124 content => epp('gigi/tcpserial'),
125 require => Package['tcpserial']
127 service{'tcpserial.service':
129 provider => 'systemd',
130 before => Service['cassiopeia-client.service']
132 } elsif $signerLocation == '/dev/ttyS0' {
133 exec {'/bin/mknod /dev/ttyS0 c 4 64':
134 creates => "/dev/ttyS0",
135 before => Service['cassiopeia-client.service']
139 file {'/var/lib/cassiopeia/':
140 ensure => 'directory',
141 require => Package['cacert-cassiopeia']
143 file {'/var/lib/cassiopeia/config.txt':
145 content => epp('gigi/cassiopeia-client-conf')
148 file {'/var/lib/cassiopeia/logs':
149 ensure => 'directory',
152 file {'/var/lib/cassiopeia/profiles':
153 ensure => 'directory',
154 source => 'puppet:///modules/cassiopeia_client/profiles',
158 file {'/var/lib/cassiopeia/ca':
159 ensure => 'directory',
160 source => 'puppet:///modules/cassiopeia_client/ca',
164 file {'/var/lib/cassiopeia/keys':
165 ensure => 'directory',
166 require => File['/var/lib/cassiopeia/']
168 file {'/var/lib/cassiopeia/keys/ca.crt':
170 source => 'puppet:///modules/cassiopeia/ca.crt'
172 file {'/var/lib/cassiopeia/keys/signer_client.crt':
174 source => 'puppet:///modules/cassiopeia/signer_client.crt'
176 file {'/var/lib/cassiopeia/keys/signer_client.key':
178 source => 'puppet:///modules/cassiopeia/signer_client.key'
181 file { '/etc/systemd/system/cassiopeia-client.service':
182 source => 'puppet:///modules/gigi/cassiopeia-client.service',
185 service{'cassiopeia-client.service':
186 provider => 'systemd',
187 require => [File['/var/lib/cassiopeia/config.txt'],
188 File['/var/lib/cassiopeia/ca'],
189 File['/var/lib/cassiopeia/logs'],
190 File['/var/lib/cassiopeia/profiles'],
191 File['/var/lib/cassiopeia/keys/ca.crt'],
192 File['/var/lib/cassiopeia/keys/signer_client.crt'],
193 File['/var/lib/cassiopeia/keys/signer_client.key'],
194 Exec['/gigi-ready']],