SUNET/soc-ops
9
0
Fork 1
Code Activity
soc-ops/global/overlay/etc/puppet/modules/soc/manifests/intelmq.pp
Johan Björklund d72d2cb157
Bugfix.
2024-11-14 12:25:07 +01:00

72 lines
2 KiB
Puppet
Raw Blame History

class soc::intelmq(
) {
group { 'intelmq':
ensure => present,
}
user { 'intelmq':
ensure => present,
gid => 'intelmq',
groups => 'www-data',
home => '/opt/intelmq',
managehome => true,
shell => '/bin/bash',
}
file { '/etc/intelmq':
ensure => directory,
owner => 'intelmq',
group => 'intelmq',
}
# file { '/opt/sso/apache/groups.txt':
# ensure => file,
# content => template('soc/sso/apache-groups.txt.erb')
# }
package { 'sys-package-deps':
name => ['apache2', 'libapache2-mod-wsgi-py3', 'postgresql', 'python3-venv', 'python3-pip', 'python3-gpg', 'python3-psycopg2', 'redict', ],
ensure => 'latest',
}
exec { 'Install IntelMQ venv':
command => 'sudo -u intelmq /usr/bin/python3 -m venv --system-site-packages /opt/intelmq/venv',
creates => '/opt/intelmq/venv',
}
file { '/opt/intelmq/install-intelmq.sh':
ensure => file,
content => file('soc/intelmq/install-intelmq.sh'),
mode => '0555',
}
exec { 'Install IntelMQ':
command => 'sudo -u intelmq /opt/intelmq/install-intelmq.sh',
creates => '/opt/intelmq/.installed'
}
exec { 'Run IntelMQ setup script':
command => '/opt/intelmq/venv/bin/intelmqsetup --state-file /opt/intelmq/.setup_state',
creates => '/opt/intelmq/.setup_state',
returns => ['0', '1',],
}
file { '/etc/sudoers.d/01_intelmq-api':
ensure => file,
content => file('soc/intelmq/sudoers-01-intelmq-api'),
mode => '0440',
}
service { 'apache2':
ensure => 'running',
enable => true,
require => Package['sys-package-deps'],
}
exec { 'Enable Apache2 modules':
command => 'a2enmod ssl wsgi proxy proxy_http header rewrite',
creates => ['/etc/apache2/mods-enabled/ssl.load', '/etc/apache2/mods-enabled/wsgi.load', '/etc/apache2/mods-enabled/proxy.load', '/etc/apache2/mods-enabled/proxy_http.load', '/etc/apache2/mods-enabled/header.load', '/etc/apache2/mods-enabled/rewrite.load'],
notify => Service['apache2'],
}
}
View git blame Copy permalink