Start creating sunet-cdnp unit file

global/overlay/etc/puppet/modules/cdn/manifests/cache.pp

@@ -7,6 +7,11 @@ class cdn::cache(
   Hash[String, String] $acme_url = {
     test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory'
   }
+  Hash[String, Hash[String, String]] $mqtt_url = {
+    sto3 => {
+      test => 'tls://internal-sto3-test-mqtt-1.cdn.sunet.se:8883',
+    },
+  }
 )
 {
   include sunet::packages::certbot
@@ -135,6 +140,7 @@ class cdn::cache(
   $dot_split = split($my_fqdn, '[.]')
   $my_hostname = $dot_split[0]
   $dash_split = split($my_hostname,'[-]')
+  $location = $dash_split[1]
   $environment = $dash_split[2]
 
   sunet::nftables::allow { 'allow-step-ca-acme':
@@ -182,6 +188,14 @@ class cdn::cache(
     target => "${sunet_cdnp_dir}/sunet-cdnp",
   }
 
+  file { '/etc/systemd/system/sunet-cdnp.service':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template('cdn/cache/sunet-cdnp.service.erb'),
+  }
+
   if $cache_secrets {
     $customers.each |String $customer, Integer $customer_uid| {
       if $cache_secrets['customers'][$customer] {

global/overlay/etc/puppet/modules/cdn/templates/cache/sunet-cdnp.service.erb

@@ -0,0 +1,16 @@
+# This service file is generated by Puppet. Do not edit.
+[Unit]
+Description=SUNET CDN Purger
+Wants=docker.service
+After=docker.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/sunet-cdnp \
+  -mqtt-ca-file /usr/local/share/ca-certificates/step_ca_root.crt \
+  -mqtt-client-key-file /etc/letsencrypt/live/<%= @networking['fqdn'] %>/privkey.pem \
+  -mqtt-client-cert-file /etc/letsencrypt/live/<%= @networking['fqdn'] %>/fullchain.pem \
+  -mqtt-server <%= @mqtt_url[@location][@environment] %>
+
+[Install]
+WantedBy=multi-user.target