2018-02-27 18:58:42 +00:00
|
|
|
# Common configuration for acme_vault
|
2020-08-11 20:11:20 +00:00
|
|
|
#
|
2018-02-27 18:58:42 +00:00
|
|
|
|
2018-02-22 20:50:27 +00:00
|
|
|
class acme_vault::common (
|
|
|
|
|
$user = $::acme_vault::params::user,
|
|
|
|
|
$group = $::acme_vault::params::group,
|
2020-11-16 19:03:04 +00:00
|
|
|
$group_members = $::acme_vault::params::group_members,
|
2018-02-22 20:50:27 +00:00
|
|
|
$home_dir = $::acme_vault::params::home_dir,
|
2018-02-26 18:01:25 +00:00
|
|
|
$contact_email = $::acme_vault::params::contact_email,
|
2018-03-01 20:59:07 +00:00
|
|
|
$domains = $::acme_vault::params::domains,
|
2019-08-08 16:01:55 +00:00
|
|
|
$overrides = $::acme_vault::params::overrides,
|
2018-02-22 20:50:27 +00:00
|
|
|
|
|
|
|
|
$vault_token = $::acme_vault::params::vault_token,
|
|
|
|
|
$vault_addr = $::acme_vault::params::vault_addr,
|
|
|
|
|
$vault_bin = $::acme_vault::params::vault_bin,
|
2018-02-23 15:03:41 +00:00
|
|
|
$vault_prefix = $::acme_vault::params::vault_prefix,
|
2018-02-22 20:50:27 +00:00
|
|
|
|
|
|
|
|
) inherits acme_vault::params {
|
|
|
|
|
|
|
|
|
|
$common_bashrc_template = @(END)
|
2020-08-11 20:11:20 +00:00
|
|
|
export PATH=$HOME:$PATH
|
|
|
|
|
export VAULT_BIN=<%= @vault_bin %>
|
|
|
|
|
export VAULT_TOKEN=<%= @vault_token %>
|
|
|
|
|
export VAULT_ADDR=<%= @vault_addr %>
|
|
|
|
|
export VAULT_PREFIX=<%= @vault_prefix %>
|
|
|
|
|
| END
|
|
|
|
|
|
2018-02-22 20:50:27 +00:00
|
|
|
# create acme_vault user
|
|
|
|
|
user { $user:
|
|
|
|
|
ensure => present,
|
|
|
|
|
gid => $group,
|
|
|
|
|
system => true,
|
|
|
|
|
home => $home_dir,
|
|
|
|
|
managehome => true,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { $home_dir:
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
2018-02-26 19:54:07 +00:00
|
|
|
mode => '0750',
|
2018-02-22 20:50:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-02 15:05:06 +00:00
|
|
|
# group membership is handled through collected virtual resources. This
|
|
|
|
|
# allows other modules/profiles to add members to the group, for services
|
|
|
|
|
# that require access to the certs
|
|
|
|
|
|
|
|
|
|
@group { $group:
|
|
|
|
|
ensure => present,
|
|
|
|
|
system => true,
|
|
|
|
|
tag => 'acme_vault_group',
|
2020-11-16 19:03:04 +00:00
|
|
|
}
|
|
|
|
|
|
2021-07-02 15:05:06 +00:00
|
|
|
# include lines similar to this in your own modules to add members to the
|
|
|
|
|
# group. We use this method here to add the group_members paramater, but
|
|
|
|
|
# it will work the same in any module.
|
|
|
|
|
|
|
|
|
|
Group <| tag == 'acme_vault_group' |> { members +> $group_members }
|
|
|
|
|
|
2018-02-22 20:50:27 +00:00
|
|
|
# variables in bashrc
|
|
|
|
|
concat { "${home_dir}/.bashrc":
|
2018-02-26 19:54:07 +00:00
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0600',
|
2018-02-22 20:50:27 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-26 19:54:07 +00:00
|
|
|
concat::fragment{ 'vault_bashrc':
|
2018-02-22 20:50:27 +00:00
|
|
|
target => "${home_dir}/.bashrc",
|
|
|
|
|
content => inline_template($common_bashrc_template),
|
2018-02-26 19:54:07 +00:00
|
|
|
order => '01',
|
2018-02-22 20:50:27 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-26 18:01:25 +00:00
|
|
|
# common dummy cron job to set MAILTO
|
2018-02-26 19:54:07 +00:00
|
|
|
cron { 'dummy_mailto':
|
|
|
|
|
command => '/bin/true',
|
2018-02-26 18:01:25 +00:00
|
|
|
user => $user,
|
|
|
|
|
month => 7,
|
2018-03-05 18:23:44 +00:00
|
|
|
hour => 1,
|
|
|
|
|
minute => 29,
|
2018-02-26 18:01:25 +00:00
|
|
|
environment => "MAILTO=${contact_email}",
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-05 18:05:42 +00:00
|
|
|
# renew vault token
|
|
|
|
|
cron { 'renew vault token':
|
2021-10-31 18:04:21 +00:00
|
|
|
command => ". \$HOME/.bashrc && $vault_bin token renew > /dev/null",
|
2018-03-05 18:05:42 +00:00
|
|
|
user => $user,
|
|
|
|
|
weekday => 1,
|
2018-03-05 18:23:44 +00:00
|
|
|
hour => 10,
|
|
|
|
|
minute => 17,
|
2018-03-05 18:05:42 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-22 20:50:27 +00:00
|
|
|
}
|
|
|
|
|
|
