1 |
class sympa { |
2 |
class variable { |
3 |
$vhost = "ml.$domain" |
4 |
} |
5 |
|
6 |
class server inherits variable { |
7 |
# perl-CGI-Fast is needed for fast cgi |
8 |
# perl-Socket6 is required by perl-IO-Socket-SSL |
9 |
# (optional requirement) |
10 |
$package_list = ['sympa', 'sympa-www', 'perl-CGI-Fast', |
11 |
'perl-Socket6'] |
12 |
|
13 |
package { $package_list: |
14 |
ensure => installed; |
15 |
} |
16 |
|
17 |
# sympa script start 5 differents script, I am not |
18 |
# sure that puppet will correctly handle this |
19 |
service { "sympa": |
20 |
ensure => running, |
21 |
hasstatus => true, |
22 |
subscribe => [ Package["sympa"], File['/etc/sympa/sympa.conf']] |
23 |
} |
24 |
|
25 |
$pgsql_password = extlookup("sympa_pgsql",'x') |
26 |
$ldap_password = extlookup("sympa_ldap",'x') |
27 |
|
28 |
@@postgresql::user { 'sympa': |
29 |
password => $pgsql_password, |
30 |
} |
31 |
|
32 |
file { '/etc/sympa/sympa.conf': |
33 |
ensure => present, |
34 |
# should be cleaner to have it root owned, but puppet do not support acl |
35 |
# and in any case, config will be reset if it change |
36 |
owner => sympa, |
37 |
group => apache, |
38 |
mode => 640, |
39 |
content => template("sympa/sympa.conf") |
40 |
} |
41 |
|
42 |
file { '/etc/sympa/auth.conf': |
43 |
ensure => present, |
44 |
owner => root, |
45 |
group => root, |
46 |
mode => 644, |
47 |
content => template("sympa/auth.conf"), |
48 |
notify => Service['httpd'] |
49 |
} |
50 |
|
51 |
|
52 |
include apache::mod_fcgid |
53 |
apache::webapp_other{"sympa": |
54 |
webapp_file => "sympa/webapp_sympa.conf", |
55 |
} |
56 |
|
57 |
apache::vhost_redirect_ssl { "$vhost": } |
58 |
|
59 |
apache::vhost_other_app { "$vhost": |
60 |
vhost_file => "sympa/vhost_ml.conf", |
61 |
} |
62 |
|
63 |
openssl::self_signed_cert{ "$vhost": |
64 |
directory => "/etc/ssl/apache/" |
65 |
} |
66 |
|
67 |
|
68 |
@@postgresql::database { 'sympa': |
69 |
description => "Sympa database", |
70 |
user => "sympa", |
71 |
require => Postgresql::User["sympa"] |
72 |
} |
73 |
|
74 |
subversion::snapshot { "/etc/sympa/web_tt2": |
75 |
source => "svn://svn.mageia.org/svn/web/templates/sympa/trunk" |
76 |
} |
77 |
|
78 |
file { ["/etc/sympa/lists_xml/", |
79 |
"/etc/sympa/scenari/", |
80 |
"/etc/sympa/data_sources/", |
81 |
"/etc/sympa/search_filters/"]: |
82 |
ensure => directory, |
83 |
owner => root, |
84 |
group => root, |
85 |
mode => 755, |
86 |
purge => true, |
87 |
recurse => true, |
88 |
force => true, |
89 |
} |
90 |
|
91 |
file { ["/etc/sympa/scenari/subscribe.open_web_only_notify", |
92 |
"/etc/sympa/scenari/unsubscribe.open_web_only_notify"]: |
93 |
ensure => present, |
94 |
owner => root, |
95 |
group => root, |
96 |
mode => 755, |
97 |
source => "puppet:///modules/sympa/scenari/open_web_only_notify", |
98 |
} |
99 |
|
100 |
file { ["/etc/sympa/scenari/send.subscriber_moderated"]: |
101 |
ensure => present, |
102 |
owner => root, |
103 |
group => root, |
104 |
mode => 755, |
105 |
source => "puppet:///modules/sympa/scenari/subscriber_moderated", |
106 |
} |
107 |
|
108 |
file { ["/etc/sympa/topics.conf"]: |
109 |
ensure => present, |
110 |
owner => root, |
111 |
group => root, |
112 |
mode => 755, |
113 |
source => "puppet:///modules/sympa/topics.conf", |
114 |
} |
115 |
|
116 |
define ldap_search_filter { |
117 |
file { "/etc/sympa/search_filters/$name.ldap": |
118 |
ensure => present, |
119 |
owner => root, |
120 |
group => root, |
121 |
mode => 755, |
122 |
content => template('sympa/search_filters/group.ldap') |
123 |
} |
124 |
} |
125 |
|
126 |
define ldap_group_datasource { |
127 |
file { "/etc/sympa/data_sources/$name.incl": |
128 |
ensure => present, |
129 |
owner => root, |
130 |
group => root, |
131 |
mode => 755, |
132 |
content => template('sympa/data_sources/ldap_group.incl') |
133 |
} |
134 |
} |
135 |
|
136 |
define scenario_sender_ldap_group { |
137 |
file { "/etc/sympa/scenari/send.restricted_$name": |
138 |
ensure => present, |
139 |
owner => root, |
140 |
group => root, |
141 |
mode => 755, |
142 |
content => template('sympa/scenari/sender.ldap_group') |
143 |
} |
144 |
} |
145 |
|
146 |
define scenario_sender_email { |
147 |
file { "/etc/sympa/scenari/send.restricted_$name": |
148 |
ensure => present, |
149 |
owner => root, |
150 |
group => root, |
151 |
mode => 755, |
152 |
content => template('sympa/scenari/sender.email') |
153 |
} |
154 |
} |
155 |
|
156 |
# add each group that could be used in a sympa ml either as |
157 |
# - owner |
158 |
# - editor ( moderation ) |
159 |
ldap_group_datasource { "mga-sysadmin": } |
160 |
ldap_group_datasource { "mga-ml_moderators": } |
161 |
|
162 |
|
163 |
# directory that will hold the list data |
164 |
# i am not sure of the name ( misc, 09/12/10 ) |
165 |
file { "/var/lib/sympa/expl/": |
166 |
ensure => directory, |
167 |
owner => sympa, |
168 |
group => root, |
169 |
mode => 755, |
170 |
} |
171 |
} |
172 |
|
173 |
define list($subject, |
174 |
$profile = false, |
175 |
$language = 'en', |
176 |
$reply_to = false, |
177 |
$sender_email = false, |
178 |
$sender_ldap_group = false, |
179 |
$subscriber_ldap_group = false, |
180 |
$public_archive = true ) { |
181 |
|
182 |
include sympa::variable |
183 |
|
184 |
$xml_file = "/etc/sympa/lists_xml/$name.xml" |
185 |
|
186 |
if $sender_email { |
187 |
$sender_email_file = regsubst($sender_email,'\@','-at-') |
188 |
} else { |
189 |
$sender_email_file = '' |
190 |
} |
191 |
|
192 |
file { "$xml_file": |
193 |
owner => root, |
194 |
group => root, |
195 |
content => template('sympa/list.xml') |
196 |
} |
197 |
|
198 |
exec { "sympa.pl --create_list --robot=$sympa::variable::vhost --input_file=$xml_file": |
199 |
require => File["$xml_file"], |
200 |
creates => "/var/lib/sympa/expl/$name", |
201 |
before => File["/var/lib/sympa/expl/$name/config"], |
202 |
} |
203 |
|
204 |
file { "/var/lib/sympa/expl/$name/config": |
205 |
ensure => present, |
206 |
owner => sympa, |
207 |
group => sympa, |
208 |
mode => 750, |
209 |
content => template("sympa/config"), |
210 |
} |
211 |
|
212 |
if $sender_ldap_group { |
213 |
if ! defined(Sympa::Server::Scenario_sender_ldap_group[$sender_ldap_group]) { |
214 |
sympa::server::scenario_sender_ldap_group { $sender_ldap_group: } |
215 |
} |
216 |
} |
217 |
|
218 |
if $sender_email { |
219 |
if ! defined(Sympa::Server::Scenario_sender_email[$sender_email_file]) { |
220 |
sympa::server::scenario_sender_email { $sender_email_file: } |
221 |
} |
222 |
} |
223 |
|
224 |
if $subscriber_ldap_group { |
225 |
if ! defined(Sympa::Server::Ldap_search_filter[$subscriber_ldap_group]) { |
226 |
sympa::server::ldap_search_filter { $subscriber_ldap_group: } |
227 |
} |
228 |
} |
229 |
} |
230 |
|
231 |
# |
232 |
# various types of list that can be directly used |
233 |
# |
234 |
# |
235 |
define public_list($subject, $language = 'en') { |
236 |
list { $name: |
237 |
subject => $subject, |
238 |
# profile => "public", |
239 |
language => $language, |
240 |
} |
241 |
} |
242 |
|
243 |
# list where announce are sent by member of ldap_group |
244 |
# reply_to is set to $reply_to |
245 |
define announce_list_group($subject, $reply_to, $sender_ldap_group, $language = 'en') { |
246 |
# profile + scenario |
247 |
list{ $name: |
248 |
subject => $subject, |
249 |
profile => "", |
250 |
language => $language, |
251 |
reply_to => $reply_to, |
252 |
sender_ldap_group => $sender_ldap_group, |
253 |
} |
254 |
} |
255 |
|
256 |
|
257 |
# list where announce are sent by $email only |
258 |
# reply_to is set to $reply_to |
259 |
define announce_list_email($subject, $reply_to, $sender_email, $language = 'en') { |
260 |
list{ $name: |
261 |
subject => $subject, |
262 |
profile => "", |
263 |
language => $language, |
264 |
reply_to => $reply_to, |
265 |
sender_email => $sender_email, |
266 |
} |
267 |
} |
268 |
|
269 |
# list where people cannot subscribe, where people from $ldap_group receive |
270 |
# mail, with public archive |
271 |
define restricted_list($subject, $subscriber_ldap_group, $language = 'en') { |
272 |
list{ $name: |
273 |
subject => $subject, |
274 |
profile => "", |
275 |
language => $language, |
276 |
subscriber_ldap_group => $subscriber_ldap_group, |
277 |
sender_ldap_group => $subscriber_ldap_group, |
278 |
} |
279 |
} |
280 |
|
281 |
# same as restricted list, but anybody can post |
282 |
define restricted_list_open($subject, $subscriber_ldap_group, $language = 'en') { |
283 |
list{ $name: |
284 |
subject => $subject, |
285 |
profile => "", |
286 |
language => $language, |
287 |
subscriber_ldap_group => $subscriber_ldap_group, |
288 |
sender_ldap_group => $subscriber_ldap_group, |
289 |
} |
290 |
} |
291 |
|
292 |
# list with private archive, restricted to member of $ldap_group |
293 |
define private_list($subject, $subscriber_ldap_group, $language ='en') { |
294 |
list{ $name: |
295 |
subject => $subject, |
296 |
profile => "", |
297 |
language => $language, |
298 |
subscriber_ldap_group => $subscriber_ldap_group, |
299 |
sender_ldap_group => $subscriber_ldap_group, |
300 |
public_archive => false, |
301 |
} |
302 |
} |
303 |
|
304 |
# list with private archive, restricted to member of $ldap_group |
305 |
# everybody can post |
306 |
# used for contact alias |
307 |
define private_list_open($subject, $subscriber_ldap_group, $language ='en') { |
308 |
list{ $name: |
309 |
subject => $subject, |
310 |
profile => "", |
311 |
language => $language, |
312 |
subscriber_ldap_group => $subscriber_ldap_group, |
313 |
public_archive => false, |
314 |
} |
315 |
} |
316 |
|
317 |
# same as private_list, but post are restricted to $email |
318 |
# ( scripting ) |
319 |
define private_list_email($subject, $subscriber_ldap_group, $sender_email, $language ='en') { |
320 |
list{ $name: |
321 |
subject => $subject, |
322 |
profile => "", |
323 |
language => $language, |
324 |
subscriber_ldap_group => $subscriber_ldap_group, |
325 |
sender_email => $sender_email, |
326 |
public_archive => false, |
327 |
} |
328 |
} |
329 |
} |
330 |
|