1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# File 'modules/profile/manifests/klaxon.pp', line 1
class profile::klaxon (
Klaxon::Klaxon_config $config = lookup('profile::klaxon::klaxon_config', {'merge' => hash})
) {
$port = 4667
class {'klaxon':
port => $port,
config => $config,
}
$ssl_settings = ssl_ciphersuite('apache', 'strong', true)
profile::idp::client::httpd::site {'klaxon.wikimedia.org':
require => [
Acme_chief::Cert['icinga'],
],
vhost_content => 'profile/idp/client/httpd-klaxon.erb',
# These four groups are the best current proxy for "trusted contributors".
required_groups => [
'cn=nda,ou=groups,dc=wikimedia,dc=org',
'cn=ops,ou=groups,dc=wikimedia,dc=org',
'cn=wmf,ou=groups,dc=wikimedia,dc=org',
'cn=wmde,ou=groups,dc=wikimedia,dc=org',
],
# This is the common prefix of all login-required handlers in Klaxon.
protected_uri => '/protected/',
vhost_settings => { port => $port },
}
}
|