Page MenuHomeSoftware Heritage
Files F9336883

No OneTemporary
Actions

View Options

diff --git a/data/common.yaml b/data/common.yaml
index 38edb15..7a8f692 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,16 +1,18 @@
---
hitch::package_name: "hitch"
hitch::service_name: "hitch"
hitch::config_root: "/etc/hitch"
hitch::config_file: "/etc/hitch/hitch.conf"
hitch::dhparams_file: "/etc/hitch/dhparams.pem"
hitch::dhparams_content: :undef
hitch::purge_config_root: false
hitch::file_owner: "root"
hitch::frontend: "[*]:443"
hitch::backend: "[::1]:80"
hitch::write_proxy_v2: "off"
hitch::ciphers: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
hitch::prefer_server_ciphers: "on"
+hitch::tls_protos: :undef
+hitch::alpn_protos: :undef
hitch::domains: {}
hitch::manage_repo: false
diff --git a/manifests/config.pp b/manifests/config.pp
index a917351..c766d4e 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,63 +1,65 @@
# == Class hitch::config
#
# This class is called from hitch for service config.
#
# @api private
class hitch::config (
Stdlib::Absolutepath $config_root,
Stdlib::Absolutepath $config_file,
Stdlib::Absolutepath $dhparams_file,
Boolean $purge_config_root,
String $file_owner,
String $user,
String $group,
Optional[String] $dhparams_content,
Enum['on','off'] $write_proxy_v2,
String $frontend,
String $backend,
String $ciphers,
+ Optional[String] $tls_protos,
+ Optional[String] $alpn_protos,
) {
file { $config_root:
ensure => directory,
recurse => true,
purge => $purge_config_root,
owner => $file_owner,
group => $group,
mode => '0750',
}
concat { $config_file:
ensure => present,
}
if $dhparams_content {
file { $dhparams_file:
ensure => present,
owner => $file_owner,
group => $group,
mode => '0640',
content => $dhparams_content,
}
}
else {
exec { "${title} generate dhparams":
path => '/usr/local/bin:/usr/bin:/bin',
command => "openssl dhparam -out ${dhparams_file} 2048",
creates => $dhparams_file,
}
-> file { $dhparams_file:
ensure => present,
owner => $file_owner,
group => $group,
mode => '0640',
}
}
concat::fragment { "${title} config":
content => template('hitch/hitch.conf.erb'),
target => $config_file,
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 9b5cb56..e644aee 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,92 +1,96 @@
# Class: hitch
# ===========================
#
# Full description of class hitch here.
#
# Parameters
# ----------
#
# @param package_name [String]
# Package name for installing hitch.
#
# @param service_name [String]
# Service name for the hitch service.
#
# @param user [String]
# User running the service.
#
# @param group [String]
# Group running the service.
#
# @param file_owner [String]
# User owning the configuration files. Defaults to "root".
#
# @param dhparams_file [Stdlib::Absolutepath]
# Path to file for Diffie-Hellman parameters, which are shared
# by all domains.
#
# @param dhparams_content [Optional[String]]
# Content for the DH parameter file. If unset, DH parameters will
# be generated on the node, which may take a long time.
#
# @param config_root [Stdlib::Absolutepath]
# Configuration root directory. Default: /etc/hitch/
#
# @param purge_config_root [Boolean]
# If true, will delete all unmanaged files from the config_root.
# Defaults to false.
#
# @param frontend[String]
# The listening frontend for hitch.
#
# @param manage_repo [Boolean]
# If true, install the EPEL repository on RedHat OS family.
#
class hitch (
String $package_name,
String $service_name,
String $user,
String $group,
String $file_owner,
Stdlib::Absolutepath $config_file,
Stdlib::Absolutepath $dhparams_file,
Stdlib::Absolutepath $config_root,
Boolean $purge_config_root,
String $frontend,
String $backend,
Enum['on', 'off'] $write_proxy_v2,
String $ciphers,
+ Optional[String] $tls_protos,
+ Optional[String] $alpn_protos,
Optional[Hash] $domains,
Optional[String] $dhparams_content,
Boolean $manage_repo,
) {
class { '::hitch::install':
package => $package_name,
manage_repo => $manage_repo,
}
-> class { '::hitch::config':
config_root => $config_root,
config_file => $config_file,
dhparams_file => $dhparams_file,
dhparams_content => $dhparams_content,
purge_config_root => $purge_config_root,
file_owner => $file_owner,
user => $user,
group => $group,
frontend => $frontend,
backend => $backend,
write_proxy_v2 => $write_proxy_v2,
ciphers => $ciphers,
+ tls_protos => $tls_protos,
+ alpn_protos => $alpn_protos,
}
~> class { '::hitch::service':
service_name => $service_name,
}
-> Class['::hitch']
$domains.each |$domain_title, $domain_params| {
hitch::domain { $domain_title:
* => $domain_params,
}
}
}
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..0248e43
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,42 @@
+# == Class hitch::params
+#
+# This class is meant to be called from hitch.
+# It sets variables according to platform.
+#
+class hitch::params {
+
+ $config_root = '/etc/hitch'
+ $config_file = '/etc/hitch/hitch.conf'
+ $dhparams_file = '/etc/hitch/dhparams.pem'
+ $dhparams_content = undef
+ $purge_config_root = false
+ $file_owner = 'root'
+
+ $frontend = '[*]:443'
+ $backend = '[::1]:80'
+ $write_proxy_v2 = 'off'
+ $ciphers = 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+ $prefer_server_ciphers = 'on'
+ $domains = {}
+
+ $tls_protos = undef
+ $alpn_protos = undef
+
+ case $::osfamily {
+ 'Debian': {
+ $package_name = 'hitch'
+ $service_name = 'hitch'
+ $user = '_hitch'
+ $group = '_hitch'
+ }
+ 'RedHat', 'Amazon': {
+ $package_name = 'hitch'
+ $service_name = 'hitch'
+ $user = 'hitch'
+ $group = 'hitch'
+ }
+ default: {
+ fail("${::operatingsystem} not supported")
+ }
+ }
+}
diff --git a/templates/hitch.conf.erb b/templates/hitch.conf.erb
index 094ffd7..6d94714 100644
--- a/templates/hitch.conf.erb
+++ b/templates/hitch.conf.erb
@@ -1,15 +1,23 @@
# Configuration for hitch
user = "<%= @user %>"
group = "<%= @group %>"
frontend = "<%= @frontend %>"
backend = "<%= @backend %>"
<% if @write_proxy_v2 == "on" -%>
# use the PROXY v2 protocol to communicate with backend
write-proxy-v2 = "<%= @write_proxy_v2 %>"
<% end -%>
# Define a cipher list for communication
ciphers = "<%= @ciphers %>"
prefer-server-ciphers = on
+
+<% if @tls_protos -%>
+tls-protos = "<%= @tls_protos %>"
+<% end -%>
+<% if @alpn_protos -%>
+alpn-protos = "<%= @alpn_protos %>"
+<% end -%>
+

File Metadata

Mime Type
text/x-diff
Expires
Jul 4 2025, 7:47 AM (10 w, 4 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3331890

Event Timeline

About · Developer information · Legal