--- /dev/null
+# This has probably to be removed from this module
+define ikiwiki::auth($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+ file { "${home}/.ssh/config":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ file { "${home}/.ssh/known_hosts":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ # The NoHostAuthenticationForLocalhost ssh option might be useful
+ # for automated deployment environments so your ikiwiki user doesn't
+ # get stuck with the fingerprint confirmation prompt when pushing
+ # content via ssh in the first time it runs.
+ line { 'NoHostAuthenticationForLocalhost-${owner}':
+ file => "${home}/.ssh/config",
+ line => "NoHostAuthenticationForLocalhost yes",
+ ensure => $ssh_localhost_auth ? {
+ 'auto' => present,
+ 'fingerprint' => absent,
+ default => absent,
+ },
+ }
+
+ # Alternativelly, you can choose to include the host's fingeprints
+ # directly into the known_hosts file.
+ if $::sshrsakey != '' {
+ line { 'known_hosts-localhost-rsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-rsa ${::sshrsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshdsakey != '' {
+ line { 'known_hosts-localhost-dsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-dss ${::sshdsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshecdsakey != '' {
+ line { 'known_hosts-localhost-ecdsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+}
-define ikiwiki::instance($base_url = $domain, $ensure = 'present', $description = false,
- $adminuser = 'yourname', $adminemail = 'me@example.org', $instance = 'ikiwiki',
- $account_creation_password = false, $add_plugins = false, $disable_plugins = false,
- $protocol = 'https', $owner = $name, $group = $name, $home = "/home/$owner", $ssh_localhost_auth = false) {
+define ikiwiki::instance(
+ $ensure = 'present',
+ $base_url = $domain,
+ $description = false,
+ $adminuser = 'yourname',
+ $adminemail = 'me@example.org',
+ $account_creation_password = false,
+ $add_plugins = false,
+ $disable_plugins = false,
+ $protocol = 'https',
+ $owner = $name,
+ $group = $name,
+ $home = "/home/$owner"
+) {
$desc = $description ? {
false => $title,
default => $description,
}
+ # This was previously a parameter
+ $instance = 'ikiwiki'
+
case $ensure {
'present': {
file { "/etc/ikiwiki/$name.setup":
owner => root,
group => $group,
mode => 640,
- notify => Exec["ikiwiki_refresh_${name}_${instance}"],
+ notify => Exec["ikiwiki_refresh_${name}"],
}
- exec { "ikiwiki_refresh_${name}_${instance}":
- command => "/usr/local/sbin/ikiwiki-refresh $name $instance $owner $group",
+ exec { "ikiwiki_refresh_${name}":
+ command => "/usr/local/sbin/ikiwiki-refresh $name $owner $group",
user => root,
refreshonly => true,
}
- exec { "ssh-keygen-ikiwiki-${name}_${instance}":
+ exec { "ssh-keygen-ikiwiki-${owner}":
command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/id_rsa",
creates => "${home}/.ssh/id_rsa",
user => $owner,
owner => $owner,
group => $group,
recurse => true,
- notify => Exec["ikiwiki_refresh_${name}_${instance}"],
+ notify => Exec["ikiwiki_refresh_${name}"],
require => File["${ikiwiki::sites_folder}/${name}"],
}
}
group => $group,
mode => 0700,
}
-
- file { "${home}/.ssh/config":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- file { "${home}/.ssh/known_hosts":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # The NoHostAuthenticationForLocalhost ssh option might be useful
- # for automated deployment environments so your ikiwiki user doesn't
- # get stuck with the fingerprint confirmation prompt when pushing
- # content via ssh in the first time it runs.
- line { 'NoHostAuthenticationForLocalhost-${owner}':
- file => "${home}/.ssh/config",
- line => "NoHostAuthenticationForLocalhost yes",
- ensure => $ssh_localhost_auth ? {
- 'auto' => present,
- 'fingerprint' => absent,
- default => absent,
- },
- }
-
- # Alternativelly, you can choose to include the host's fingeprints
- # directly into the known_hosts file.
- if $::sshrsakey != '' {
- line { 'known_hosts-localhost-rsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-rsa ${::sshrsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshdsakey != '' {
- line { 'known_hosts-localhost-dsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-dss ${::sshdsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshecdsakey != '' {
- line { 'known_hosts-localhost-ecdsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
}
if !defined(File["${ikiwiki::sites_folder}/${name}"]) {
projects / puppet-ikiwiki.git / commitdiff