2024-02-06 21:40:19 +01:00
|
|
|
class kandra::app_frontend {
|
2015-12-26 06:07:15 +01:00
|
|
|
include zulip::app_frontend_base
|
2020-10-20 02:49:54 +02:00
|
|
|
include zulip::profile::memcached
|
2020-10-26 22:10:29 +01:00
|
|
|
include zulip::profile::rabbitmq
|
2014-02-06 21:10:00 +01:00
|
|
|
include zulip::postfix_localmail
|
2016-07-20 00:35:03 +02:00
|
|
|
include zulip::static_asset_compiler
|
2023-03-16 23:07:12 +01:00
|
|
|
include zulip::hooks::sentry
|
2024-02-06 21:40:19 +01:00
|
|
|
include kandra::app_frontend_monitoring
|
2013-11-10 15:58:10 +01:00
|
|
|
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::firewall_allow{ 'smtp': }
|
|
|
|
kandra::firewall_allow{ 'http': }
|
|
|
|
kandra::firewall_allow{ 'https': }
|
2021-05-25 04:12:28 +02:00
|
|
|
|
2024-02-06 19:46:36 +01:00
|
|
|
$redis_hostname = zulipconf('redis', 'hostname', undef)
|
2024-02-05 20:53:04 +01:00
|
|
|
group { 'redistunnel':
|
|
|
|
ensure => present,
|
|
|
|
gid => '1080',
|
|
|
|
}
|
2024-01-31 18:07:08 +01:00
|
|
|
user { 'redistunnel':
|
|
|
|
ensure => present,
|
|
|
|
uid => '1080',
|
|
|
|
gid => '1080',
|
|
|
|
groups => ['zulip'],
|
|
|
|
shell => '/bin/true',
|
|
|
|
home => '/home/redistunnel',
|
|
|
|
managehome => true,
|
|
|
|
}
|
2024-02-06 21:40:19 +01:00
|
|
|
kandra::user_dotfiles { 'redistunnel':
|
2024-02-06 19:46:36 +01:00
|
|
|
keys => true,
|
|
|
|
known_hosts => [$redis_hostname],
|
2024-01-31 18:07:08 +01:00
|
|
|
}
|
|
|
|
package { 'autossh': ensure => installed }
|
2021-06-11 22:37:36 +02:00
|
|
|
file { "${zulip::common::supervisor_conf_dir}/redis_tunnel.conf":
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
2024-02-06 19:46:36 +01:00
|
|
|
require => [
|
|
|
|
Package['supervisor', 'autossh'],
|
2024-02-06 21:40:19 +01:00
|
|
|
Kandra::User_Dotfiles['redistunnel'],
|
2024-02-06 19:46:36 +01:00
|
|
|
],
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
2018-08-13 21:20:34 +02:00
|
|
|
mode => '0644',
|
2024-02-06 21:40:19 +01:00
|
|
|
content => template('kandra/supervisor/conf.d/redis_tunnel.conf.template.erb'),
|
2018-08-13 21:29:40 +02:00
|
|
|
notify => Service['supervisor'],
|
2016-08-01 04:58:47 +02:00
|
|
|
}
|
2016-08-01 05:24:55 +02:00
|
|
|
# Need redis_password in its own file for Nagios
|
|
|
|
file { '/var/lib/nagios/redis_password':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'nagios',
|
|
|
|
group => 'nagios',
|
2018-08-13 21:20:34 +02:00
|
|
|
content => zulipsecret('secrets', 'redis_password', ''),
|
2016-08-01 05:24:55 +02:00
|
|
|
}
|
|
|
|
|
2023-10-04 22:25:49 +02:00
|
|
|
# Mount /etc/zulip/well-known/ as /.well-known/
|
|
|
|
file { '/etc/nginx/zulip-include/app.d/well-known.conf':
|
|
|
|
require => File['/etc/nginx/zulip-include/app.d'],
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
2024-02-06 21:40:19 +01:00
|
|
|
source => 'puppet:///modules/kandra/nginx/zulip-include-app.d/well-known.conf',
|
2023-10-04 22:25:49 +02:00
|
|
|
notify => Service['nginx'],
|
|
|
|
}
|
|
|
|
|
2020-04-07 19:27:07 +02:00
|
|
|
# Each server does its own fetching of contributor data, since
|
|
|
|
# we don't have a way to synchronize that among several servers.
|
|
|
|
file { '/etc/cron.d/fetch-contributor-data':
|
|
|
|
ensure => file,
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
2024-02-06 21:40:19 +01:00
|
|
|
source => 'puppet:///modules/kandra/cron.d/fetch-contributor-data',
|
2020-04-07 19:27:07 +02:00
|
|
|
}
|
2013-11-10 15:58:10 +01:00
|
|
|
}
|