From 0087cbe846b3976828e0427a59f8b0c2a0094147 Mon Sep 17 00:00:00 2001
From: Johan Wassberg <jocar@sunet.se>
Date: Mon, 26 Feb 2024 11:26:43 +0100
Subject: [PATCH] Configuration

---
 .../puppet/modules/eid/manifests/idm_app.pp   |  6 +++
 .../eid/templates/idm/docker-compose.yml.erb  |  7 ++++
 .../modules/eid/templates/idm/idm.yml.erb     | 38 +++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb

diff --git a/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp b/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp
index 2f6ecbbb..013e62d2 100644
--- a/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp
+++ b/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp
@@ -1,6 +1,12 @@
 # idm_app
 class eid::idm_app (
 ) {
+
+  ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
+  file { '/opt/idm_app/config/idm.yml':
+    content => template('eid/idm/idm.yml.erb'),
+    mode    => '0755',
+  }3
   sunet::docker_compose { 'idm_app':
     content          => template('eid/idm/docker-compose.yml.erb'),
     service_name     => 'idm_app',
diff --git a/global/overlay/etc/puppet/modules/eid/templates/idm/docker-compose.yml.erb b/global/overlay/etc/puppet/modules/eid/templates/idm/docker-compose.yml.erb
index ba80206d..f4658115 100644
--- a/global/overlay/etc/puppet/modules/eid/templates/idm/docker-compose.yml.erb
+++ b/global/overlay/etc/puppet/modules/eid/templates/idm/docker-compose.yml.erb
@@ -3,5 +3,12 @@ version: '3.2'
 services:
   idm_app:
     image: docker.sunet.se/eidas-idm
+    environment:
+      - TZ='Europe/Stockholm'
+      - SPRING_CONFIG_IMPORT='/opt/idm_app/config/idm.yml'
     ports:
       - '443:443'
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/opt/idm_app:/opt/idm_app"
+      - "/etc/ssl:/etc/ssl:ro"
diff --git a/global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb b/global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb
new file mode 100644
index 00000000..1edd516c
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb
@@ -0,0 +1,38 @@
+server:
+  port: 8082
+  ssl:
+    bundle: infra
+
+spring:
+  ssl:
+    bundle:
+      pem:
+        infra:
+          keystore:
+            private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key
+            certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt
+          truststore:
+            certificate: file:/etc/ssl/certs/infra.crt
+  data:
+    redis:
+      password: '<%= scope.call_function('safe_hiera', ['idm_redis_password'])  %>'
+      cluster:
+        nodes:
+          <%- @redises.each do |host| -%>
+          - <%= host %>:6379
+          - <%= host %>:6380
+          <%- end -%>
+      ssl:
+        enabled: true
+      ssl-ext:
+        # redis or java require IP addresses in cert if verifcation is turned on
+        # Caused by: java.util.concurrent.CompletionException:
+        # javax.net.ssl.SSLHandshakeException: No subject alternative names
+        # matching IP address 89.46.20.236 found
+        enable-hostname-verification: false
+        credential:
+          resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12
+          password: qwerty123
+        trust:
+          resource: file:/etc/ssl/certs/infra.p12
+          password: qwerty123