define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description = false, $adminuser = 'yourname', $adminemail = 'me@example.org', $instance = 'ikiwiki', $account_creation_password = false, $add_plugins = false, $disable_plugins = false, $protocol = 'https', $owner = $name, $group = $name, $home = "/home/$owner", $ssh_localhost_auth = false) { $desc = $description ? { false => $title, default => $description, } case $ensure { 'present': { file { "/etc/ikiwiki/$name.setup": ensure => present, content => template('ikiwiki/ikiwiki.setup.erb'), owner => root, group => $group, mode => 640, notify => Exec["ikiwiki_refresh_${name}_${instance}"], } exec { "ikiwiki_refresh_${name}_${instance}": command => "/usr/local/sbin/ikiwiki-refresh $name $instance $owner $group", user => $owner, refreshonly => true, } exec { "ssh-keygen-ikiwiki-${name}_${instance}": command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa", creates => "${home}/.ssh/id_rsa", user => $owner, group => $group, require => File["${home}/.ssh"], } if !defined(File["${ikiwiki::sites_folder}/${name}/${instance}_src"]) { file { "${ikiwiki::sites_folder}/${name}/${instance}_src": ensure => directory, owner => $owner, group => $group, recurse => true, notify => Exec["ikiwiki_refresh_${name}_${instance}"], require => File["${ikiwiki::sites_folder}/${name}"], } } if !defined(File["${ikiwiki::sites_folder}/${name}/${instance}"]) { file { "${ikiwiki::sites_folder}/${name}/${instance}": ensure => directory, owner => $owner, group => $group, recurse => true, require => File["${ikiwiki::sites_folder}/${name}"], } } if !defined(File["${home}/.ssh"]) { file { "${home}/.ssh": ensure => directory, owner => $owner, group => $group, mode => 0700, } file { "${home}/.ssh/config": ensure => present, owner => $owner, group => $group, mode => 0600, require => File["${home}/.ssh"], } file { "${home}/.ssh/known_hosts": ensure => present, owner => $owner, group => $group, mode => 0600, require => File["${home}/.ssh"], } # The NoHostAuthenticationForLocalhost ssh option might be useful # for automated deployment environments so your ikiwiki user doesn't # get stuck with the fingerprint confirmation prompt when pushing # content via ssh in the first time it runs. line { 'NoHostAuthenticationForLocalhost-${owner}': file => "${home}/.ssh/config", line => "NoHostAuthenticationForLocalhost yes", ensure => $ssh_localhost_auth ? { 'auto' => present, 'fingerprint' => absent, 'default' => absent, }, } # Alternativelly, you can choose to include the host's fingeprints # directly into the known_hosts file. if $::sshrsakey != '' { line { 'known_hosts-localhost-rsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ssh-rsa ${::sshrsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, 'default' => undef, }, } } if $::sshdsakey != '' { line { 'known_hosts-localhost-dsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ssh-dss ${::sshdsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, 'default' => undef, }, } } if $::sshecdsakey != '' { line { 'known_hosts-localhost-ecdsa-${owner}': file => "${home}/.ssh/known_hosts", line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", ensure => $ssh_localhost_auth ? { 'fingerprint' => present, 'auto' => undef, 'default' => undef, }, } } } if !defined(File["${ikiwiki::sites_folder}/${name}"]) { file { "${ikiwiki::sites_folder}/${name}": ensure => directory, owner => root, group => root, } } # See http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ file { "/var/git/repositories/${name}.git/hooks/post-update": ensure => present, owner => $owner, group => $ikiwiki::git_implementation, mode => 6550, require => File["/etc/ikiwiki/$name.setup"], } file { "${ikiwiki::sites_folder}/${name}/${instance}/ikiwiki.cgi": ensure => present, owner => $owner, group => $ikiwiki::www_user, mode => 6550, require => File["/etc/ikiwiki/$name.setup"], } } 'absent': { file { "/etc/ikiwiki/$name.setup": ensure => absent, } } } }