Index: modules/discourse/manifests/init.pp |
=================================================================== |
--- a/modules/discourse/manifests/init.pp |
+++ b/modules/discourse/manifests/init.pp |
@@ -28,44 +28,136 @@ class discourse { |
} |
package {'bundler': |
ensure => present, |
provider => gem |
} |
$gem_dependencies = ['git', 'build-essential', 'ruby1.9.1-dev', 'libxml2-dev', |
- 'libxslt-dev', 'libpq-dev'] |
+ 'libxslt-dev', 'libpq-dev', 'libfcgi-dev'] |
package {$gem_dependencies: ensure => present} |
- file {'/etc/discourse': ensure => directory} |
+ file {'/opt/discourse': |
+ ensure => directory, |
+ mode => 755, |
+ owner => discourse, |
+ group => www-data |
+ } |
- file {'/etc/discourse/database.yml': |
- mode => 640, |
+ file {'/opt/discourse/discourse.fcgi': |
+ mode => 755, |
+ owner => discourse, |
+ group => www-data, |
+ source => 'puppet:///modules/discourse/discourse.fcgi', |
+ require => Exec['fetch-discourse'] |
+ } |
+ |
+ file {'/opt/discourse/config/database.yml': |
+ mode => 600, |
+ owner => discourse, |
+ group => www-data, |
+ source => 'puppet:///modules/discourse/database.yml', |
+ require => Exec['fetch-discourse'] |
+ } |
+ |
+ file {'/opt/discourse/config/redis.yml': |
+ mode => 600, |
+ owner => discourse, |
+ group => www-data, |
+ source => 'puppet:///modules/discourse/redis.yml', |
+ require => Exec['fetch-discourse'] |
+ } |
+ |
+ file {'/usr/local/bin/init-discourse': |
+ mode => 0755, |
owner => root, |
group => root, |
- source => 'puppet:///modules/discourse/database.yml' |
+ source => 'puppet:///modules/discourse/init-discourse' |
} |
- file {'/etc/discourse/redis.yml': |
- mode => 640, |
+ user {'discourse': |
+ ensure => present, |
+ comment => 'Discourse user', |
+ home => '/home/discourse', |
+ gid => www-data, |
+ password => '*', |
+ managehome => true |
+ } |
+ |
+ file {'/etc/sudoers.d/discourse': |
+ ensure => present, |
owner => root, |
group => root, |
- source => 'puppet:///modules/discourse/redis.yml' |
+ mode => 0440, |
+ source => 'puppet:///modules/discourse/sudoers', |
+ require => User['discourse'] |
} |
- file {'/usr/local/bin/deploy-discourse': |
- mode => 0744, |
- owner => root, |
- group => root, |
- source => 'puppet:///modules/discourse/deploy-discourse' |
+ exec {'fetch-discourse': |
+ command => "hg clone https://hg.adblockplus.org/discourse /opt/discourse && echo gem \\'fcgi\\' >> /opt/discourse/Gemfile", |
+ path => ["/usr/bin/", "/bin/"], |
+ user => discourse, |
+ group => www-data, |
+ require => [Package['mercurial'], File['/opt/discourse']], |
+ onlyif => "test ! -d /opt/discourse/.hg" |
} |
- exec {'/usr/local/bin/deploy-discourse': |
- subscribe => File['/usr/local/bin/deploy-discourse'], |
+ exec {'/usr/local/bin/init-discourse': |
+ subscribe => File['/usr/local/bin/init-discourse'], |
refreshonly => true, |
+ user => discourse, |
+ group => www-data, |
timeout => 0, |
+ logoutput => true, |
require => [Package['bundler', 'postgresql-contrib', $gem_dependencies], |
- File['/etc/discourse/database.yml', '/etc/discourse/redis.yml']] |
+ User['discourse'], File['/etc/sudoers.d/discourse'], |
+ Exec['fetch-discourse'], |
+ File['/opt/discourse/discourse.fcgi'], |
+ File['/opt/discourse/config/database.yml'], |
+ File['/opt/discourse/config/redis.yml']] |
} |
- # TODO: Set up thin to run the app, with nginx as a proxy if necessary |
+ class {'spawn-fcgi':} |
+ |
+ spawn-fcgi::pool {'discourse-fastcgi': |
+ ensure => 'present', |
+ user => 'discourse', |
+ group => 'www-data', |
+ mode => 0664, |
+ fcgi_app => '/opt/discourse/discourse.fcgi', |
+ socket => '/tmp/discourse-fastcgi.sock', |
+ require => File['/opt/discourse/discourse.fcgi'], |
+ } |
+ |
+ class {'nginx': |
+ worker_processes => 1, |
+ worker_connections => 500 |
+ } |
+ |
+ file {'/etc/nginx/sites-available/adblockplus.org_sslcert.key': |
+ ensure => file, |
+ notify => Service['nginx'], |
+ before => Nginx::Hostconfig['intraforum.adblockplus.org'], |
+ require => Package['nginx'], |
+ source => 'puppet:///modules/private/adblockplus.org_sslcert.key' |
+ } |
+ |
+ file {'/etc/nginx/sites-available/adblockplus.org_sslcert.pem': |
+ ensure => file, |
+ mode => 0400, |
+ notify => Service['nginx'], |
+ before => Nginx::Hostconfig['intraforum.adblockplus.org'], |
+ require => Package['nginx'], |
+ source => 'puppet:///modules/private/adblockplus.org_sslcert.pem' |
+ } |
+ |
+ nginx::hostconfig{'intraforum.adblockplus.org': |
+ source => 'puppet:///modules/discourse/intraforum.adblockplus.org', |
+ enabled => true |
+ } |
+ |
+ file {'/etc/logrotate.d/nginx_intraforum.adblockplus.org': |
+ ensure => file, |
+ require => Nginx::Hostconfig['intraforum.adblockplus.org'], |
+ source => 'puppet:///modules/discourse/logrotate' |
+ } |
} |