aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/auth.pp70
-rw-r--r--manifests/instance.pp99
-rw-r--r--templates/deploy.sh.erb2
-rw-r--r--templates/refresh.sh.erb6
4 files changed, 96 insertions, 81 deletions
diff --git a/manifests/auth.pp b/manifests/auth.pp
new file mode 100644
index 0000000..6bbd65b
--- /dev/null
+++ b/manifests/auth.pp
@@ -0,0 +1,70 @@
+# This has probably to be removed from this module
+define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+ file { "${home}/.ssh/config":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ file { "${home}/.ssh/known_hosts":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ # The NoHostAuthenticationForLocalhost ssh option might be useful
+ # for automated deployment environments so your ikiwiki user doesn't
+ # get stuck with the fingerprint confirmation prompt when pushing
+ # content via ssh in the first time it runs.
+ line { 'NoHostAuthenticationForLocalhost-${owner}':
+ file => "${home}/.ssh/config",
+ line => "NoHostAuthenticationForLocalhost yes",
+ ensure => $ssh_localhost_auth ? {
+ 'auto' => present,
+ 'fingerprint' => absent,
+ default => absent,
+ },
+ }
+
+ # Alternativelly, you can choose to include the host's fingeprints
+ # directly into the known_hosts file.
+ if $::sshrsakey != '' {
+ line { 'known_hosts-localhost-rsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-rsa ${::sshrsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshdsakey != '' {
+ line { 'known_hosts-localhost-dsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-dss ${::sshdsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshecdsakey != '' {
+ line { 'known_hosts-localhost-ecdsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+}
diff --git a/manifests/instance.pp b/manifests/instance.pp
index 06f3cc8..8b4e13f 100644
--- a/manifests/instance.pp
+++ b/manifests/instance.pp
@@ -1,13 +1,26 @@
-define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description = false,
- $adminuser = 'yourname', $adminemail = 'me@example.org', $instance = 'ikiwiki',
- $account_creation_password = false, $add_plugins = false, $disable_plugins = false,
- $protocol = 'https', $owner = $name, $group = $name, $home = "/home/$owner", $ssh_localhost_auth = false) {
+define ikiwiki::instance(
+ $ensure = 'present',
+ $base_url = $domain,
+ $description = false,
+ $adminuser = 'yourname',
+ $adminemail = 'me@example.org',
+ $account_creation_password = false,
+ $add_plugins = false,
+ $disable_plugins = false,
+ $protocol = 'https',
+ $owner = $name,
+ $group = $name,
+ $home = "/home/$owner"
+) {
$desc = $description ? {
false => $title,
default => $description,
}
+ # This was previously a parameter
+ $instance = 'ikiwiki'
+
case $ensure {
'present': {
file { "/etc/ikiwiki/$name.setup":
@@ -16,16 +29,16 @@ define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description
owner => root,
group => $group,
mode => 640,
- notify => Exec["ikiwiki_refresh_${name}_${instance}"],
+ notify => Exec["ikiwiki_refresh_${name}"],
}
- exec { "ikiwiki_refresh_${name}_${instance}":
- command => "/usr/local/sbin/ikiwiki-refresh $name $instance $owner $group",
+ exec { "ikiwiki_refresh_${name}":
+ command => "/usr/local/sbin/ikiwiki-refresh $name $owner $group",
user => root,
refreshonly => true,
}
- exec { "ssh-keygen-ikiwiki-${name}_${instance}":
+ exec { "ssh-keygen-ikiwiki-${owner}":
command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa",
creates => "${home}/.ssh/id_rsa",
user => $owner,
@@ -39,7 +52,7 @@ define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description
owner => $owner,
group => $group,
recurse => true,
- notify => Exec["ikiwiki_refresh_${name}_${instance}"],
+ notify => Exec["ikiwiki_refresh_${name}"],
require => File["${ikiwiki::sites_folder}/${name}"],
}
}
@@ -61,74 +74,6 @@ define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description
group => $group,
mode => 0700,
}
-
- file { "${home}/.ssh/config":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- file { "${home}/.ssh/known_hosts":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # The NoHostAuthenticationForLocalhost ssh option might be useful
- # for automated deployment environments so your ikiwiki user doesn't
- # get stuck with the fingerprint confirmation prompt when pushing
- # content via ssh in the first time it runs.
- line { 'NoHostAuthenticationForLocalhost-${owner}':
- file => "${home}/.ssh/config",
- line => "NoHostAuthenticationForLocalhost yes",
- ensure => $ssh_localhost_auth ? {
- 'auto' => present,
- 'fingerprint' => absent,
- default => absent,
- },
- }
-
- # Alternativelly, you can choose to include the host's fingeprints
- # directly into the known_hosts file.
- if $::sshrsakey != '' {
- line { 'known_hosts-localhost-rsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-rsa ${::sshrsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshdsakey != '' {
- line { 'known_hosts-localhost-dsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-dss ${::sshdsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshecdsakey != '' {
- line { 'known_hosts-localhost-ecdsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
}
if !defined(File["${ikiwiki::sites_folder}/${name}"]) {
diff --git a/templates/deploy.sh.erb b/templates/deploy.sh.erb
index 34064d7..61fd2d5 100644
--- a/templates/deploy.sh.erb
+++ b/templates/deploy.sh.erb
@@ -1,7 +1,7 @@
#!/bin/bash
NAME="$1"
-INSTANCE="$2"
+INSTANCE="ikiwiki"
BASE="<%= scope.lookupvar('ikiwiki::sites_folder') %>"
SITE=$BASE/$NAME
CONF="/etc/ikiwiki"
diff --git a/templates/refresh.sh.erb b/templates/refresh.sh.erb
index d7b7502..92c42ca 100644
--- a/templates/refresh.sh.erb
+++ b/templates/refresh.sh.erb
@@ -1,12 +1,12 @@
#!/bin/bash
NAME="$1"
-INSTANCE="$2"
-WEB_OWNER="$3"
-WEB_GROUP="$4"
+WEB_OWNER="$2"
+WEB_GROUP="$3"
BASE="<%= scope.lookupvar('ikiwiki::sites_folder') %>"
SITE="$BASE/$NAME"
CONF="/etc/ikiwiki"
+INSTANCE="ikiwiki"
REPO_OWNER="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
REPO_GROUP="<%= scope.lookupvar('ikiwiki::git_implementation') %>"
REPO="/var/git/repositories/$NAME.git"