class kandra::app_frontend { include zulip::app_frontend_base include zulip::profile::memcached include zulip::profile::rabbitmq include zulip::postfix_localmail include zulip::static_asset_compiler include zulip::hooks::sentry include kandra::app_frontend_monitoring kandra::firewall_allow{ 'smtp': } kandra::firewall_allow{ 'http': } kandra::firewall_allow{ 'https': } $redis_hostname = zulipconf('redis', 'hostname', undef) group { 'redistunnel': ensure => present, gid => '1080', } user { 'redistunnel': ensure => present, uid => '1080', gid => '1080', groups => ['zulip'], shell => '/bin/true', home => '/home/redistunnel', managehome => true, } kandra::user_dotfiles { 'redistunnel': keys => true, known_hosts => [$redis_hostname], } package { 'autossh': ensure => installed } file { "${zulip::common::supervisor_conf_dir}/redis_tunnel.conf": ensure => file, require => [ Package['supervisor', 'autossh'], Kandra::User_Dotfiles['redistunnel'], ], owner => 'root', group => 'root', mode => '0644', content => template('kandra/supervisor/conf.d/redis_tunnel.conf.template.erb'), notify => Service['supervisor'], } # Need redis_password in its own file for Nagios file { '/var/lib/nagios/redis_password': ensure => file, mode => '0600', owner => 'nagios', group => 'nagios', content => zulipsecret('secrets', 'redis_password', ''), } # Mount /etc/zulip/well-known/ as /.well-known/ file { '/etc/nginx/zulip-include/app.d/well-known.conf': require => File['/etc/nginx/zulip-include/app.d'], owner => 'root', group => 'root', mode => '0644', source => 'puppet:///modules/kandra/nginx/zulip-include-app.d/well-known.conf', notify => Service['nginx'], } # Each server does its own fetching of contributor data, since # we don't have a way to synchronize that among several servers. file { '/etc/cron.d/fetch-contributor-data': ensure => file, owner => 'root', group => 'root', mode => '0644', source => 'puppet:///modules/kandra/cron.d/fetch-contributor-data', } }