From 1803d1c69aa4eac74b61d19e4c98ca063273d00b Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Tue, 8 Oct 2024 10:02:48 +0200
Subject: [PATCH] Add initial compose file for step-ca

---
 global/overlay/etc/puppet/modules/cdn/manifests/ca.pp |  1 +
 .../modules/cdn/templates/ca/docker-compose.yml.erb   | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/cdn/templates/ca/docker-compose.yml.erb

diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/ca.pp b/global/overlay/etc/puppet/modules/cdn/manifests/ca.pp
index cca6f81..f92deed 100644
--- a/global/overlay/etc/puppet/modules/cdn/manifests/ca.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/ca.pp
@@ -1,5 +1,6 @@
 # Configure a SUNET CDN CA server
 class cdn::ca(
+  String $step_ca_version = '0.27.4',
 )
 {
 
diff --git a/global/overlay/etc/puppet/modules/cdn/templates/ca/docker-compose.yml.erb b/global/overlay/etc/puppet/modules/cdn/templates/ca/docker-compose.yml.erb
new file mode 100644
index 0000000..b70f2fb
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/cdn/templates/ca/docker-compose.yml.erb
@@ -0,0 +1,11 @@
+services:
+  ca:
+    image: "smallstep/step-ca:<%= @step_ca_version %>"
+    volumes:
+      - /opt/step-ca/data:/home/step
+      - /opt/step-ca/init/secrets:/init-secrets
+    environment:
+      - DOCKER_STEPCA_INIT_NAME=sunet-cdn-ca
+      - DOCKER_STEPCA_INIT_DNS_NAMES=localhost,<%= @networking['fqdn'] %>
+      - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true
+      - DOCKER_STEPCA_INIT_PASSWORD_FILE=/init-secrets/key-password