Merge branch 'test' into 'production'

Test

See merge request !2

files/nginx.conf

+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    # Redirect http -> https
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  snapp.itn.liu.se;
+        root         /usr/share/nginx/html;
+
+        return 301 https://snapp.itn.liu.se$request_uri;
+    }
+
+    # Settings for a TLS enabled server.
+    server {
+        listen       443 ssl default_server;
+        listen       [::]:443 ssl http2 default_server;
+        server_name  snapp.itn.liu.se;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "/etc/pki/tls/certs/letsencrypt-cert_chain-snapp.itn.liu.se.pem";
+        ssl_certificate_key "/etc/pki/tls/private/letsencrypt-snapp.itn.liu.se.key";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout 10m;
+        ssl_ciphers PROFILE=SYSTEM;
+        ssl_prefer_server_ciphers on;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        location /ws {
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_pass http://localhost:8008;
+        }
+
+        location / {
+            proxy_pass https://localhost:8000;
+        }
+
+        location /static/ {
+            alias /var/www/static/;
+        }
+
+        error_page 404 /;
+    }
+}

files/snapp.conf

+server {
+    # listen 80;
+    # server_name tracing.carbon.liu.se;
+    listen       80 default_server;
+    listen       [::]:80 default_server;
+    server_name  _;
+    root         /usr/share/nginx/html;
+
+    #location /static/ {
+        # root /home/mange61/static/;
+        #alias /home/mange61/static/;
+    #}
+
+    #location / {
+        #proxy_pass http://tracingcarbon.itn.liu.se:8000;
+    #}
+
+    #    # Load configuration files for the default server block.
+    include /etc/nginx/default.d/*.conf;
+
+    location / {
+    }
+
+    error_page 404 /404.html;
+       location = /40x.html {
+    }
+
+    error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+    }
+}

manifests/init.pp

+# @summary communication handling between user interfaces and exhibitions
+#
+#  set up communication handling between user interfaces and exhibitions
+#
+# @example
+#   include snapp
+class snapp (
+) {
+  include profiles::letsencrypt
+  include omni::nginx
+  include omni::postgres
+  # include omni::js
+  # include omni::python
+  # include omni::redis
+
+  firewalld_service { 'Allow SSH in the liu zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'ssh',
+  }
+
+  users::liu_user { 'mange61':
+    commonname => 'Måns Gezelius',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCpf8bx7LiABGMHn/4b85nLxVBid+JNjoT0xhatQPaMMydmN7n8HRqX5JbwNwbchu/9WSvzEuOxXKS4ngR5YFejC66W6mCsdoox38E78CffXc9YVP43d3DhcYvQ5Ie+Kgn2jQ7lmH3Qlk0h+lA4mGeBwoFZdoYeiuuUVCdkiEDZluJeO/cnUs/DvbGhZN5J4WBNBFANtFjrHfl6oC68RGuJQjwMvl+1MWFLUCqLeegVbEGYf3flUz7ucVs4mRq34hGCYhs2QxIOspzNV6KDvWKXLKR5AyfRdpcsCK+2ufdW5DxP7/EJ2lOk6ObCxwdRCpXdeL7sX5KBGNtyuQkt038KfLtRwtTO+2MmqaZ5BenbMDHeda+PRS7yhSgqSpWB28T5houJumt1MkAagLbfRYt5Omfle06xp5GhRqrxA4vleg+dtB+XVOrL+2wbiWno5sNZmdMDRwl/INcnq92R6G1Tlors9nui7VbFJgRti8zc9mhtBWANF+CrtkUtwdMBauc9yGJkNFpcz/fbAnb/yfqOwhuOuzSeplH9dQKif92zimIKeQUyaeYnr4Q8fd/DnZPdl9JXDL0acoGRBQsUQ67iejSqO3oZAw7RdTDbdIy54SRaDOf/jcnJ9HH6LbMelDt0sJg2HftMJS7jd0pRRU26VYQEHYVGBCkDdWygmvDw8w==', #lintignore:140chars
+  }
+}

manifests/js.pp

+# remark
+class snapp::js () {
+  package { 'nodejs':
+    ensure => 'installed',
+    notify => Exec['yarn'],
+  }
+
+  exec { 'yarn':
+    command     => 'npm install --global yarn',
+    path        => ['/bin', '/usr/bin'],
+    refreshonly => true,
+  }
+}

manifests/nginx.pp

+# intelligent comment here
+class snapp::nginx () {
+  package { 'nginx':
+    ensure => 'installed',
+  }
+  # inserf conf. files here
+  file { '/etc/nginx/nginx.conf':
+    ensure => 'file',
+    source => "puppet:///modules/${module_name}/nginx.conf",
+    notify => Service['nginx'],
+  }
+  file { '/etc/nginx/conf.d/snapp.conf':
+    ensure => 'absent',
+    source => "puppet:///modules/${module_name}/snapp.conf",
+    notify => Service['nginx'],
+  }
+  service { 'nginx':
+    ensure => 'running',
+    enable => true,
+  }
+  firewalld_service { 'Allow http in the liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https in the liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http in the public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https in the public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+}

manifests/postgres.pp

+# Comment
+class snapp::postgres () {
+  $passwd = 'quetzalcoatl'
+  include postgresql::server
+
+  postgresql::server::db {
+    default:
+      encoding => 'UTF8',
+      locale   => 'en_US.UTF-8';
+    'snapp':
+      user     => 'snapp',
+      password => postgresql::postgresql_password('snapp', $passwd);
+  }
+
+  postgresql::server::role { 'admin':
+    createrole    => true,
+    superuser     => true,
+    password_hash => postgresql::postgresql_password('admin', $passwd),
+  }
+
+  postgresql::server::database_grant { 'snapp':
+    privilege => 'ALL',
+    db        => 'snapp',
+    role      => 'admin',
+  }
+  postgresql::server::pg_hba_rule { 'Allow access from local':
+    description => "Open up PostgreSQL for access to admin",
+    type        => 'local',
+    database    => 'snapp',
+    user        => 'admin',
+    auth_method => 'md5',
+  }
+  postgresql::server::pg_hba_rule { 'Allow access from localhost':
+    description => "Open up PostgreSQL for access to admin",
+    type        => 'host',
+    address     => '127.0.0.1/32',
+    database    => 'snapp',
+    user        => 'admin',
+    auth_method => 'md5',
+  }
+}

manifests/python.pp

+# well ...
+class snapp::python () {
+  package { 'python3':
+    ensure => 'installed',
+  }
+
+  package { 'python3-psycopg2':
+    ensure => 'installed',
+  }
+
+  package { ['python3-pip']:
+    ensure => 'installed',
+  }
+
+  package { 'pip':
+    require  => Package['python3-pip'],
+    ensure   => 'latest',
+    provider => 'pip',
+  }
+
+  # pip install pipenv
+}

manifests/redis.pp

+# Redis
+class snapp::redis () {
+  # yum install epel-release
+  # yum update
+  # yum install redis
+  # systemctl enable redis
+  # systemctl start redis
+
+  package { 'epel-release':
+    ensure => 'installed',
+  }
+
+  # package { 'redis':
+  #   require  => Package['epel-release'],
+  #   ensure   => 'installed',
+  # }
+}

pdk.yaml

+---
+ignore: []