cdn-ops/global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp

65 lines
1.7 KiB
ObjectPascal
Raw Normal View History

2024-10-04 15:33:49 +00:00
# Configure a SUNET CDN mqtt server
2024-10-04 15:43:31 +00:00
class cdn::mqtt(
String $dc = '',
Array[String] $mqtt_client_ips = [],
Hash[String, Hash] $bridges = {},
Hash[String, String] $acme_url = {
test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory'
}
2024-10-04 15:33:49 +00:00
)
{
include sunet::packages::certbot
2024-10-10 08:19:00 +00:00
include cdn::ca_trust
2024-10-04 15:33:49 +00:00
package {'mosquitto': ensure => installed }
file { '/etc/mosquitto/aclfile':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
2024-10-06 12:32:17 +00:00
content => template('cdn/mqtt/aclfile.erb'),
}
2024-10-06 12:51:55 +00:00
file { '/etc/mosquitto/conf.d/cdn.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template('cdn/mqtt/cdn.conf.erb'),
}
sunet::nftables::allow { 'allow-step-ca-acme':
from => 'any',
port => 80,
proto => 'tcp',
}
$mqtt_client_ips.each | String $mqtt_client_ip | {
sunet::nftables::allow { "allow-acme-client-${mqtt_client_ip}":
from => $mqtt_client_ip,
port => 8883,
proto => 'tcp',
}
}
# From https://wiki.sunet.se/display/sunetops/Platform+naming+standards
$my_fqdn = $facts['networking']['fqdn']
$dot_split = split($my_fqdn, '[.]')
$my_hostname = $dot_split[0]
$dash_split = split($my_hostname,'[-]')
$environment = $dash_split[2]
file { '/etc/letsencrypt/renewal-hooks/deploy/sunet-cdn-mqtt':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => file('cdn/mqtt/sunet-cdn-mqtt'),
}
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
}
2024-10-04 15:33:49 +00:00
}