Merge pull request 'neoloc/mediaproxy' (#92) from neoloc/mediaproxy into develop

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
This commit was merged in pull request #92.
This commit is contained in:
2024-07-06 23:24:49 +10:00
18 changed files with 599 additions and 18 deletions
+72
View File
@@ -0,0 +1,72 @@
class profiles::nginx::ldapauth (
Stdlib::AbsolutePath $bin_path = '/usr/local/bin/nginx-ldap-auth',
Stdlib::AbsolutePath $env_path = '/etc/default/nginx-ldap-auth',
String $user = 'nginx-ldap-auth',
String $group = 'nginx-ldap-auth',
Boolean $systempkgs = false,
String $version = 'system',
Hash $packages = {
'python3.11-ldap' => { ensure => 'present' }
}
){
if $::facts['python3_version'] {
$python_version = $version ? {
'system' => $::facts['python3_version'],
default => $version,
}
ensure_resources('package', $packages)
# Deploy the default configuration file using a template
file { $env_path:
ensure => file,
content => template('profiles/ldapauth/nginx-ldap-auth.default.erb'),
}
# Deploy the daemon script using a template
file { $bin_path:
ensure => file,
content => template('profiles/ldapauth/nginx-ldap-auth-daemon.py.erb'),
mode => '0755',
}
# Manage user and group
group { $group:
ensure => present,
system => true,
}
user { $user:
ensure => present,
comment => 'nginx-ldap-auth helper',
gid => $group,
shell => '/sbin/nologin',
system => true,
require => Group[$group],
}
# Create log directory for nginx-ldap-auth
file { '/var/log/nginx-ldap-auth':
ensure => directory,
owner => $user,
group => $group,
mode => '0755',
require => User[$user],
}
# Ensure the systemd service is enabled and started
systemd::unit_file { 'nginx-ldap-auth.service':
content => template('profiles/ldapauth/nginx-ldap-auth.service.erb'),
enable => true,
active => true,
require => [
File[$bin_path],
File[$env_path],
User[$user],
],
}
}
}
+18 -2
View File
@@ -12,6 +12,8 @@ class profiles::nginx::simpleproxy (
Stdlib::Port $proxy_port = 80,
Stdlib::Host $proxy_host = $facts['networking']['ip'],
String $proxy_path = '/',
Boolean $use_default_location = true,
Hash $locations = {},
) {
# if nginx_version isnt set, install nginx
@@ -83,7 +85,7 @@ class profiles::nginx::simpleproxy (
$defaults = {
'listen_port' => $listen_port,
'server_name' => $server_names,
'use_default_location' => true,
'use_default_location' => $use_default_location,
'access_log' => "/var/log/nginx/${nginx_vhost}_access.log",
'error_log' => "/var/log/nginx/${nginx_vhost}_error.log",
'autoindex' => 'on',
@@ -98,11 +100,25 @@ class profiles::nginx::simpleproxy (
$nginx_parameters = merge($defaults, $extras_hash)
# manage the nginx class
include 'nginx'
class { 'nginx':
proxy_cache_path => {
'/var/cache/nginx/cache' => 'cache:128m',
},
proxy_cache_levels => '1:2',
proxy_cache_keys_zone => 'cache:128m',
proxy_cache_max_size => '1024m',
proxy_cache_inactive => '10m',
proxy_temp_path => '/var/cache/nginx/cache_temp',
}
# create the nginx vhost with the merged parameters
create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters })
# create nginx locations
if $use_default_location == false {
create_resources('nginx::resource::location', $locations)
}
# manage selinux
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {