Commit 8dbdcb47 authored by Matthias Fechner's avatar Matthias Fechner
Browse files

Added a puppet example.

parent c3946c4d
quiet=0
# PgSQL12
# https://svnweb.freebsd.org/ports/branches/2021Q1/Mk/bsd.default-versions.mk?revision=560000&view=markup#l100
my_packages="misc/mc sysutils/puppet7 www/gitlab-ce postgresql12-server postgresql12-contrib redis nginx"
jail_gitlab()
{
ver=13
ip4_addr="DHCP,DHCPv6"
host_hostname="${jname}.my.domain"
pkg_bootstrap=1
pkglist="${my_packages}"
allow_sysvipc=1
allow_raw_sockets=1
}
postcreate_gitlab()
{
local _ip
# turn off unnecessary services
sysrc jname=${jname} syslogd_enable="NO" \
cron_enable="NO" \
sendmail_enable="NO" \
sendmail_submit_enable="NO"\
sendmail_outbound_enable="NO" \
sendmail_msp_queue_enable="NO" \
syslogd_enable="NO"
# execute cmd inside jail
jexec jname=${jname} /bin/sh <<EOF
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
set -o errexit
pkg install -y ${my_packages} || true
pkg clean -ya || true
sysrc gitlab_enable=YES
EOF
cp ${myworkdir}/puppet.conf ${data}/usr/local/etc/puppet/puppet.conf
jexec jname=${jname} /bin/sh <<EOF
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
puppet agent -t || true
EOF
}
# manage gitlab
# based on https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/install/13.7-freebsd.md
class profiles::services::gitlab (
Optional[String[1]] $db_root_password = undef,
Optional[String[1]] $db_password = undef,
Optional[String[1]] $db_name = 'gitlabhq_production',
Optional[String[1]] $db_username = 'git',
Optional[String[1]] $gitlab_root_password = undef,
){
class { 'postgresql::globals':
encoding => 'UTF-8',
locale => 'en_US.UTF-8',
manage_package_repo => false,
version => '12',
}
class { '::postgresql::server':
postgres_password => $db_root_password,
service_provider => 'freebsd',
}
postgresql::server::role { $db_username:
password_hash => postgresql::postgresql_password($db_username, $db_password),
superuser => true,
}
postgresql::server::db { $db_name:
user => $db_name,
owner => $db_username,
# (auth_method - md5):
#password => $db_password,
# (auth_method - password):
password => postgresql_password($db_username, $db_password),
grant => 'all',
} ->
postgresql::server::pg_hba_rule { 'allow git user to postgres database':
order => '002',
description => "Open up PostgreSQL for access from $db_username -> postgres",
type => 'host',
database => 'postgres',
user => $db_username,
address => '0.0.0.0/0',
#auth_method => 'md5',
auth_method => 'password',
}
postgresql::server::pg_hba_rule { 'allow application network to access app database':
order => '003',
description => "Open up PostgreSQL for access from $db_username -> $db_name",
type => 'host',
database => $db_name,
user => $db_username,
address => '0.0.0.0/0',
#auth_method => 'md5',
auth_method => 'password',
}
class { '::postgresql::server::contrib': }
postgresql::server::extension { 'pg_trgm':
database => $db_name,
require => Postgresql::Server::Db[$db_name],
}
postgresql::server::extension { 'btree_gist':
database => $db_name,
require => Postgresql::Server::Db[$db_name],
}
class { '::redis':
bind => '10.0.1.2',
masterauth => 'secret',
unixsocketperm => '0777', # /var/run/redis/redis.sock root:wheel - freebsd bug?
unixsocket => '/var/run/redis/redis.sock',
}
accounts::user { 'redis':
groups => [ 'redis', 'git' ],
}
file { '/root/gitlab':
ensure => directory,
mode => '0700',
source => "puppet:///modules/${module_name}/gitlab",
owner => 0,
group => 0,
recurse => true,
}
exec { "config_git.sh":
command => "/root/gitlab/config_git.sh",
# default 300 sec too small for install
#timeout => 1500,
#onlyif => "/usr/bin/env test ! -r /usr/local/etc/rc.d/powerdnsadmin",
}
file { '/usr/local/git/repositories':
ensure => directory,
mode => '2770',
owner => 'git',
group => 'git',
}
file_line { '/usr/local/www/gitlab-ce/config/database.yml-password':
path => '/usr/local/www/gitlab-ce/config/database.yml',
line => " password: \"${db_password}\"",
match => '^ password: "secure password"',
multiple => true,
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment