# Configure a SUNET CDN CA server class cdn::cache( Hash[String, Integer] $customers = { customer1 => 1000000000, } ) { include sunet::packages::certbot include cdn::ca_trust $cache_secrets = lookup({ 'name' => 'cdn::cache-secrets', 'default_value' => undef }) file { '/opt/sunet-cdn': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/customers': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/conf': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/conf/varnish-slash-seccomp.json': ensure => file, owner => 'root', group => 'root', mode => '0644', content => template('cdn/cache/varnish-slash-seccomp.json.erb'), } if $cache_secrets { $customers.each |String $customer, Integer $customer_uid| { if $cache_secrets['customers'][$customer] { file { "/opt/sunet-cdn/customers/$customer": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/conf": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/shared": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/cache": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/certs-private": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } $combined_pem = "/opt/sunet-cdn/customers/$customer/certs-private/combined.pem" concat { $combined_pem: ensure => present, owner => $customer_uid, group => $customer_uid, mode => '0640', } concat::fragment { "${customer}.fullchain-${$cache_secrets['customers'][$customer]['host']}": target => $combined_pem, source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/fullchain.pem", order => '01' } concat::fragment { "${customer}-privkey-${$cache_secrets['customers'][$customer]['host']}": target => $combined_pem, source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/privkey.pem", order => '02' } file { "/opt/sunet-cdn/customers/$customer/conf/haproxy.cfg": ensure => file, owner => $customer_uid, group => $customer_uid, mode => '0440', content => template('cdn/cache/haproxy.cfg.erb'), } file { "/opt/sunet-cdn/customers/$customer/conf/varnish.vcl": ensure => file, owner => $customer_uid, group => $customer_uid, mode => '0440', content => template('cdn/cache/varnish.vcl.erb'), } sunet::docker_compose { "sunet-cdn-cache-$customer": content => template('cdn/cache/docker-compose.yml.erb'), service_name => "cdn-cache-$customer", compose_dir => "/opt/sunet-cdn/compose/$customer", compose_filename => 'docker-compose.yml', description => "SUNET CDN CA $customer", } } } } }