From ffae0d6f55f609bf67f54891ea0c95e381a8368c Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 11 Mar 2023 11:22:05 +0100
Subject: [PATCH] Draft ipsilon installation

---
 .../roles/deploy_ipsilon/tasks/main.yml        |  5 +++++
 personal_infra/playbooks/site.yaml             |  6 ++++++
 .../puppet/modules/ipsilon/manifests/init.pp   | 18 ++++++++++++++++++
 .../site/ipsilon-test.h1.int.pdp7.net.pp       |  1 +
 4 files changed, 30 insertions(+)
 create mode 100644 personal_infra/playbooks/roles/deploy_ipsilon/tasks/main.yml
 create mode 100644 personal_infra/puppet/modules/ipsilon/manifests/init.pp

diff --git a/personal_infra/playbooks/roles/deploy_ipsilon/tasks/main.yml b/personal_infra/playbooks/roles/deploy_ipsilon/tasks/main.yml
new file mode 100644
index 0000000..1ac50a1
--- /dev/null
+++ b/personal_infra/playbooks/roles/deploy_ipsilon/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: install ipsilon (if this task fails, run kinit as root)
+  command: ipsilon-server-install --hostname {{ ipsilon.hostname }} --ipa yes --openidc yes --admin-user {{ ipsilon.admin_user }}
+  args:
+    creates: /etc/ipsilon/idp
diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml
index 63af423..ddeced0 100644
--- a/personal_infra/playbooks/site.yaml
+++ b/personal_infra/playbooks/site.yaml
@@ -36,3 +36,9 @@
   gather_facts: false
   roles:
     - talos
+
+- name: deploy ipsilon
+  hosts: ipsilon
+  tags: ipsilon
+  roles:
+    - deploy_ipsilon
diff --git a/personal_infra/puppet/modules/ipsilon/manifests/init.pp b/personal_infra/puppet/modules/ipsilon/manifests/init.pp
new file mode 100644
index 0000000..f4de956
--- /dev/null
+++ b/personal_infra/puppet/modules/ipsilon/manifests/init.pp
@@ -0,0 +1,18 @@
+class ipsilon {
+  package {'ipsilon-tools-ipa':
+    source => 'https://kojipkgs.fedoraproject.org//packages/ipsilon/3.0.4/5.el8/noarch/ipsilon-tools-ipa-3.0.4-5.el8.noarch.rpm',
+  }
+
+  package {'ipsilon-openidc':
+    source => 'https://kojipkgs.fedoraproject.org//packages/ipsilon/3.0.4/5.el8/noarch/ipsilon-openidc-3.0.4-5.el8.noarch.rpm',
+  }
+
+  package {'ipsilon-authpam':
+    source => 'https://kojipkgs.fedoraproject.org//packages/ipsilon/3.0.4/5.el8/noarch/ipsilon-authpam-3.0.4-5.el8.noarch.rpm',
+  }
+
+  service {'httpd':
+    ensure => running,
+    enable => true,
+  }
+}
diff --git a/personal_infra/puppet/site/ipsilon-test.h1.int.pdp7.net.pp b/personal_infra/puppet/site/ipsilon-test.h1.int.pdp7.net.pp
index d304c56..6c03966 100644
--- a/personal_infra/puppet/site/ipsilon-test.h1.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/ipsilon-test.h1.int.pdp7.net.pp
@@ -1,2 +1,3 @@
 node 'ipsilon-test.h1.int.pdp7.net' {
+  class {'ipsilon':}
 }
-- 
2.47.3