Puppet Class: taiga::vhost

Defined in:

manifests/vhost.pp

Summary

Configure an apache Virtual Host for taiga

Overview

Parameters:

• protocol (Enum['http', 'https']) —

  Protocol to be used.

• hostname (String[1]) —

  Hostname that will be used to reach the Taiga instance.

• back_directory (Stdlib::Absolutepath) —

  Directory where is installed the backend of Taiga.

• venv_directory (Stdlib::Absolutepath) —

  Directory where is installed python dependencies.

• front_directory (Stdlib::Absolutepath) —

  Directory where is installed the frontend of Taiga.

• back_user (String[1]) —

  Name of the user running the backend daemon.

• ssl_cert (Optional[String[1]]) (defaults to: undef) —

  Certificate to use for apache VirtualHost.

• ssl_key (Optional[String[1]]) (defaults to: undef) —

  Key to use for apache VirtualHost.

• ssl_chain (Optional[String[1]]) (defaults to: undef) —

  Certificate chain to use for apache VirtualHost.

# File 'manifests/vhost.pp', line 12

class taiga::vhost (
  Enum['http', 'https'] $protocol,
  String[1]             $hostname,
  Stdlib::Absolutepath  $back_directory,
  Stdlib::Absolutepath  $venv_directory,
  Stdlib::Absolutepath  $front_directory,
  String[1]             $back_user,
  Optional[String[1]]   $ssl_cert = undef,
  Optional[String[1]]   $ssl_key = undef,
  Optional[String[1]]   $ssl_chain = undef,
) {
  case $protocol {
    'http': {
      $port = 80
      $ssl = false
    }
    'https': {
      $port = 443
      $ssl = true
    }
    default: {
      fail("Unknown protocol '${protocol}'")
    }
  }

  file { "${back_directory}/passenger_wsgi.py":
    ensure  => file,
    owner   => 'root',
    mode    => '0755',
    content => epp('taiga/vhost/passenger_wsgi.py'),
  }

  include apache
  include apache::mod::passenger

  apache::vhost { $hostname:
    port                       => $port,
    docroot                    => "${front_directory}/dist",
    manage_docroot             => false,
    ssl                        => $ssl,
    ssl_cert                   => $ssl_cert,
    ssl_key                    => $ssl_key,
    ssl_chain                  => $ssl_chain,

    aliases                    => [
      {
        alias => '/media',
        path  => "${back_directory}/media",
      },
      {
        alias => '/static',
        path  => "${back_directory}/static",
      },
    ],

    fallbackresource           => '/index.html',

    passenger_high_performance => false,

    directories                => [
      {
        path           => "${back_directory}/media",
        options        => 'None',
        allow_override => 'None',
      },
      {
        path           => "${back_directory}/static",
        options        => 'None',
        allow_override => 'None',
      },
      {
        path           => "${front_directory}/dist",
        options        => 'None',
        allow_override => 'None',
      },
      {
        path                   => '/api',
        provider               => 'location',
        fallbackresource       => 'disabled',
        passenger_base_uri     => '/',
        passenger_app_root     => $back_directory,
        passenger_app_type     => 'wsgi',
        passenger_startup_file => 'passenger_wsgi.py',
        passenger_python       => "${venv_directory}/bin/python",
        passenger_user         => $back_user,
      },
      {
        path                   => '/admin',
        provider               => 'location',
        fallbackresource       => 'disabled',
        passenger_base_uri     => '/admin',
        passenger_app_root     => $back_directory,
        passenger_app_type     => 'wsgi',
        passenger_startup_file => 'passenger_wsgi.py',
        passenger_python       => "${venv_directory}/bin/python",
        passenger_user         => $back_user,
        require                => [
          '127.0.0.1',
          '::1',
          $facts.get('networking.ip'),
          $facts.get('networking.ip6'),
        ].filter |$ip| { ! $ip.empty }.map |$ip| { "ip ${ip}" },
      },
    ],
  }
}