own module

puppet/data/vagrant.yaml

@@ -1,4 +1,11 @@
 ---
+discourse::developer_emails: '[email protected]'
+discourse::api_key: '1234567890abcdef'
+discourse::le_account_email: '[email protected]'
+discourse::smtp_address: 'mail.example.com'
+discourse::smtp_user_name: 'discourse'
+discourse::smtp_password: 'changeme'
+
 restic::password: "SomethingVerySecret"
 
 profiles::backup::receiver:

puppet/modules/discourse/manifests/init.pp

@@ -0,0 +1,54 @@
+class discourse(
+  String $developer_emails,
+  String $api_key,
+  String $le_account_email,
+  Stdlib::Host $smtp_address,
+  String $smtp_user_name,
+  String $smtp_password,
+  Stdlib::Port $smtp_port = 587,
+  Stdlib::Absolutepath $root = '/var/discourse',
+  Stdlib::Host $hostname = 'community.theforeman.org',
+) {
+  ensure_packages(['git'])
+
+  vcsrepo { $root:
+    ensure   => present,
+    provider => git,
+    source   => 'https://github.com/discourse/discourse_docker.git',
+  }
+
+  $containers = "${root}/containers"
+
+  file { $containers:
+    ensure  => directory,
+    mode    => '0700',
+    require => Vcsrepo[$root],
+  }
+
+  $app_context = {
+    'root'             => $root,
+    'hostname'         => $hostname,
+    'developer_emails' => $developer_emails,
+    'smtp_address'     => $smtp_address,
+    'smtp_port'        => $smtp_port,
+    'smtp_user_name'   => $smtp_user_name,
+    'smtp_password'    => $smtp_password,
+    'le_account_email' => $le_account_email,
+  }
+
+  file { "${containers}/app.yml":
+    mode    => '0700',
+    content => epp('discourse/app.yml.epp', $app_context),
+  }
+
+  $mail_context = {
+    'root'     => $root,
+    'hostname' => $hostname,
+    'api_key'  => $api_key,
+  }
+
+  file { "${containers}/mail-receiver.yml":
+    mode    => '0700',
+    content => epp('discourse/mail-receiver.yml.epp', $mail_context ),
+  }
+}

puppet/modules/discourse/templates/app.yml.epp

@@ -0,0 +1,111 @@
+<%- |
+  Stdlib::Absolutepath $root,
+  Stdlib::Host $hostname,
+  String $developer_emails,
+  Stdlib::Host $smtp_address,
+  Stdlib::Port $smtp_port,
+  String $smtp_user_name,
+  String $smtp_password,
+  String $le_account_email,
+  | -%>
+## this is the all-in-one, standalone Discourse Docker container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild app
+##
+## BE *VERY* CAREFUL WHEN EDITING!
+## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
+## visit http://www.yamllint.com/ to validate this file as needed
+
+templates:
+  - "templates/postgres.template.yml"
+  - "templates/redis.template.yml"
+  - "templates/web.template.yml"
+  - "templates/web.ratelimited.template.yml"
+## Uncomment these two lines if you wish to add Lets Encrypt (https)
+  - "templates/web.ssl.template.yml"
+  - "templates/web.letsencrypt.ssl.template.yml"
+
+## which TCP/IP ports should this container expose?
+## If you want Discourse to share a port with another webserver like Apache or nginx,
+## see https://meta.discourse.org/t/17247 for details
+expose:
+  - "80:80"   # http
+  - "443:443" # https
+
+params:
+  db_default_text_search_config: "pg_catalog.english"
+
+  ## Set db_shared_buffers to a max of 25% of the total memory.
+  ## will be set automatically by bootstrap based on detected RAM, or you can override
+  db_shared_buffers: "256MB"
+
+  ## can improve sorting performance, but adds memory usage per-connection
+  #db_work_mem: "40MB"
+
+  ## Which Git revision should this container use? (default: tests-passed)
+  version: stable
+
+env:
+  LANG: en_US.UTF-8
+  # DISCOURSE_DEFAULT_LOCALE: en
+
+  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
+  ## will be set automatically by bootstrap based on detected CPUs, or you can override
+  UNICORN_WORKERS: 4
+
+  ## TODO: The domain name this Discourse instance will respond to
+  DISCOURSE_HOSTNAME: <%= $hostname %>
+
+  ## Uncomment if you want the container to be started with the same
+  ## hostname (-h option) as specified above (default "$hostname-$config")
+  #DOCKER_USE_HOSTNAME: true
+
+  ## TODO: List of comma delimited emails that will be made admin and developer
+  ## on initial signup example '[email protected],[email protected]'
+  DISCOURSE_DEVELOPER_EMAILS: "<%= $developer_emails %>"
+
+  ## TODO: The SMTP mail server used to validate new accounts and send notifications
+  DISCOURSE_SMTP_ADDRESS: <%= $smtp_address %>
+  DISCOURSE_SMTP_PORT: <%= $smtp_port %>
+  DISCOURSE_SMTP_USER_NAME: "<%= $smtp_user_name %>"
+  DISCOURSE_SMTP_PASSWORD: "<%= $smtp_password %>"
+  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
+
+  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
+  LETSENCRYPT_ACCOUNT_EMAIL: <%= $le_account_email %>
+
+  ## The CDN address for this Discourse instance (configured to pull)
+  ## see https://meta.discourse.org/t/14857 for details
+  #DISCOURSE_CDN_URL: //discourse-cdn.example.com
+
+## The Docker container is stateless; all data is stored in /shared
+volumes:
+  - volume:
+      host: <%= $root %>/shared/standalone
+      guest: /shared
+  - volume:
+      host: <%= $root %>/shared/standalone/log/var-log
+      guest: /var/log
+
+## Plugins go here
+## see https://meta.discourse.org/t/19157 for details
+hooks:
+  after_code:
+    - exec:
+        cd: $home/plugins
+        cmd:
+          - git clone https://github.com/discourse/docker_manager.git
+          - git clone https://github.com/discourse/discourse-data-explorer.git
+          - git clone https://github.com/discourse/discourse-solved.git
+          - git clone https://github.com/paviliondev/discourse-events.git
+          - git clone https://github.com/paviliondev/discourse-locations.git
+          - bash -c 'git clone https://github.com/discourse/discourse-checklist.git && cd discourse-checklist && git checkout 4a7f3df360a8e4ff3bbebfed33ea545b1c72506e'
+
+## Any custom commands to run after building
+run:
+  - exec: echo "Beginning of custom commands"
+  ## If you want to set the 'From' email address for your first registration, uncomment and change:
+  ## After getting the first signup email, re-comment the line. It only needs to run once.
+  #- exec: rails r "SiteSetting.notification_email='[email protected]'"
+  - exec: echo "End of custom commands"

puppet/modules/discourse/templates/mail-receiver.yml.epp

@@ -0,0 +1,45 @@
+<%- |
+  Stdlib::Absolutepath $root,
+  Stdlib::Host $hostname,
+  String $api_key,
+  | -%>
+## this is the incoming mail receiver container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild mail-receiver
+##
+## BE *VERY* CAREFUL WHEN EDITING!
+## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
+## visit http://www.yamllint.com/ to validate this file as needed
+
+base_image: discourse/mail-receiver:release
+update_pups: false
+
+expose:
+  - "25:25"   # SMTP
+
+env:
+  LANG: en_US.UTF-8
+
+  ## Where e-mail to your forum should be sent.  In general, it's perfectly fine
+  ## to use the same domain as the forum itself here.
+  MAIL_DOMAIN: <%= $hostname %>
+
+  ## The base URL for this Discourse instance.
+  ## This will be whatever your Discourse site URL is. For example,
+  ## https://discourse.example.com. If you're running a subfolder setup,
+  ## be sure to account for that (ie https://example.com/forum).
+  DISCOURSE_BASE_URL: "https://<%= $hostname %>"
+
+  ## The master API key of your Discourse forum.  You can get this from
+  ## the "API" tab of your admin panel.
+  DISCOURSE_API_KEY: "<%= $api_key %>"
+
+  ## The username to use for processing incoming e-mail.  Unless you have
+  ## renamed the `system` user, you should leave this as-is.
+  DISCOURSE_API_USERNAME: system
+
+volumes:
+  - volume:
+      host: <%= $root %>/shared/mail-receiver/postfix-spool
+      guest: /var/spool/postfix

puppet/modules/profiles/manifests/discourse.pp

@@ -1,8 +1,6 @@
 # @summary Manage a Discourse server
 # @see https://github.com/discourse/discourse/blob/main/docs/INSTALL-cloud.md
 class profiles::discourse {
-  $root = '/var/discourse'
-
   if $facts['os']['family'] == 'RedHat' {
     yumrepo { 'docker-ce-stable':
       descr   => 'Docker CE Stable - $basearch',
@@ -18,19 +16,17 @@
       require => Package['docker-ce'],
     }
 
-    ensure_packages(['git'])
-
-    vcsrepo { $root:
-      ensure   => present,
-      provider => git,
-      source   => 'https://github.com/discourse/discourse_docker.git',
-    }
+    include discourse
+    $backup_path = ["${discourse::root}/shared/standalone/backups"]
+  } else {
+    $root = '/var/discourse'
+    $backup_path = ["${root}/containers", "${root}/shared/standalone/backups"]
   }
 
   include profiles::backup::sender
 
   restic::repository { 'discourse':
     backup_cap_dac_read_search => true,
-    backup_path                => ["${root}/containers", "${root}/shared/standalone/backups"],
+    backup_path                => $backup_path,
   }
 }

puppet/spec/classes/discourse_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe 'discourse' do
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) { facts }
+      let(:pre_condition) do
+        <<~PUPPET
+        class { 'discourse':
+          developer_emails => '[email protected]',
+          api_key => '1234567890abcdef',
+          le_account_email => '[email protected]',
+          smtp_address => 'mail.example.com',
+          smtp_user_name => 'discourse',
+          smtp_password => 'changeme',
+        }
+        PUPPET
+      end
+
+      it { is_expected.to compile.with_all_deps }
+    end
+  end
+end

puppet/spec/classes/profiles_discourse_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe 'profiles::discourse' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+      let(:pre_condition) do
+        <<~PUPPET
+        class { 'restic':
+          password => 'SuperSecret',
+        }
+        class { 'discourse':
+          developer_emails => '[email protected]',
+          api_key => '1234567890abcdef',
+          le_account_email => '[email protected]',
+          smtp_address => 'mail.example.com',
+          smtp_user_name => 'discourse',
+          smtp_password => 'changeme',
+        }
+        PUPPET
+      end
+
+      it { is_expected.to compile.with_all_deps }
+      it do
+        is_expected.to contain_class('restic')
+          .with_backup_timer('daily')
+          .with_type('sftp')
+          .with_host('backups.theforeman.org')
+          .with_id("backup-#{facts[:networking]['hostname']}")
+      end
+
+      it do
+        is_expected.to contain_file('/var/lib/restic/.ssh')
+          .with_ensure('directory')
+          .with_owner('restic')
+          .with_group('restic')
+          .with_mode('0700')
+      end
+
+      it do
+        is_expected.to contain_file('/var/lib/restic/.ssh/id_rsa')
+          .with_ensure('file')
+          .with_owner('restic')
+          .with_group('restic')
+          .with_mode('0600')
+          .with_content(%r{.+})
+      end
+
+      it do
+        is_expected.to contain_sshkey('backups.theforeman.org')
+          .with_ensure('present')
+          .with_type('ecdsa-sha2-nistp256')
+          .with_key(%r{^AAAA.+$})
+      end
+    end
+  end
+end