commit 69f3809c59606ca33dffed4f1b542029d63ec6f7
Author: Antonio J. Delgado <ad@susurrando.com>
Date:   Tue Oct 11 10:19:09 2022 +0300

    Initial commit with previous code

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..a65ece9
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+puppet_version: 6
+puppet_server_name: pm.example.com
+subject_alt_names:
+  - puppet.example.com
+puppet_code_repo: htps://mygit.example.com/puppet_code
+puppet_master_config:
+  autosign: 'false'
+  report: 'true'
+  reports: prometheus
+  pluginsync: 'true'
\ No newline at end of file
diff --git a/files/update_puppet_code.timer b/files/update_puppet_code.timer
new file mode 100644
index 0000000..32fadfa
--- /dev/null
+++ b/files/update_puppet_code.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=Filter mail
+
+[Timer]
+OnBootSec=5min
+OnUnitActiveSec=5min
+Unit=update_puppet_code.service
+
+[Install]
+WantedBy=timers.target
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..96f0fb4
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Restart puppetserver
+  service:
+    name: puppetserver
+    state: restarted
+
+- name: Reload Systemd daemon
+  shell: systemctl daemon-reload
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..02782c7
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,124 @@
+---
+- name: Ensure puppet server master section is configured
+  ini_file:
+    path: /etc/puppetlabs/puppet.conf
+    section: master
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    mode: '0644'
+    backup: true
+    create: true
+  loop: "{{ puppet_master_config | dict2items }}"
+  notify: 'Restart puppetserver'
+
+- name: Ensure puppet server server section is configured
+  ini_file:
+    path: /etc/puppetlabs/puppet.conf
+    section: server
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    mode: '0644'
+    backup: true
+    create: true
+  loop: "{{ puppet_server_config | dict2items }}"
+  notify: 'Restart puppetserver'
+
+- name: Find puppetserver command
+  shell: which puppetserver | true
+  register: which_puppetserver
+
+- name: Find puppetserver command with where
+  shell: "whereis puppetserver | awk 'BEGIN {FS=\": \"} {print($2)}'"
+  register: which_puppetserver
+  when: which_puppetserver.stdout == ""
+
+- name: Fail if not found puppetserver command
+  fail:
+    msg: "Puppet server command couldn't be found"
+  when: which_puppetserver.stdout == ""
+
+- name: Create self-signed certificate authority
+  shell: "{{ which_puppetserver.stdout }} ca setup --subject-alt-names {{ subject_alt_names | join(',') }} --ca-name {{ puppet_server_name }} --certname {{ puppet_server_name }}"
+  args:
+    creates: /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem
+
+- name: Find puppet command
+  shell: which puppet | true
+  register: which_puppet
+
+- name: Find puppet command with where
+  shell: "whereis puppet | awk 'BEGIN {FS=\": \"} {print($2)}'"
+  register: which_puppet
+  when: which_puppet.stdout == ""
+
+- name: Fail if not found puppet command
+  fail:
+    msg: "Puppet command couldn't be found"
+  when: which_puppet.stdout == ""
+
+- name: Configure CA server
+  shell: "{{ which_puppet.stdout }} config set ca_server {{ puppet_server_name }}"
+
+- name: Configure autosign server
+  shell: "{{ which_puppet.stdout }} config set autosign true"
+
+- name: Check if puppet code folder exists
+  stat:
+    path: /etc/puppetlabs/code/environments/production
+  register: puppet_code
+
+- name: Check if readme file exists in puppet code folder
+  stat:
+    path: /etc/puppetlabs/code/environments/production/README
+  register: code_readme
+  when: puppet_code.stat.exists
+
+- name: Copy puppet code folder if there is no readme (not from repo then)
+  copy:
+    remote_src: true
+    src: /etc/puppetlabs/code/environments/production
+    dest: /etc/puppetlabs/code/environments/production.bak
+  when: puppet_code.stat.exists and not code_readme.stat.exists
+
+- name: Remove puppet code folder if there is no readme (not from repo then)
+  file:
+    path: /etc/puppetlabs/code/environments/production
+    state: absent
+
+- name: Ensure puppet code repo is cloned
+  git:
+    repo: "{{ puppet_code_repo }}"
+    dest: /etc/puppetlabs/code/environments/production
+    depth: 1
+
+- name: Ensure service unit to update puppet code exists
+  template:
+    src: templates/update_puppet_code.service.j2
+    dest: /etc/systemd/system/update_puppet_code.service
+    mode: 0644
+    backup: yes
+  notify: Reload Systemd daemon
+
+- name: Ensure timer unit to update puppet code exists
+  copy:
+    src: files/update_puppet_code.timer
+    dest: /etc/systemd/system/update_puppet_code.timer
+    mode: 0644
+    backup: yes
+  notify: Reload Systemd daemon
+
+- name: Ensure service to update puppet code is enabled
+  service:
+    name: update_puppet_code
+    enabled: true
+
+- name: Ensure UFW allow access to the server
+  ufw:
+    rule: allow
+    port: "{{ puppet_master_config['serverport'] | default(8140) }}"
+
+- name: Ensure puppetserver service is enabled and start
+  service:
+    name: puppetserver
+    state: started
+    enabled: true
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..4724ce1
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,16 @@
+---
+- name: Ensure Puppet repository is installed
+  apt:
+    deb: "https://apt.puppetlabs.com/puppet{{ puppet_version }}-release-{{ ansible_distribution_release }}.deb"
+  when: ansible_distribution_release != "hirsute" and ansible_distribution_release != "jammy"
+
+- name: Ensure Puppet repository is installed
+  apt:
+    deb: "https://apt.puppetlabs.com/puppet{{ puppet_version }}-release-focal.deb"
+  when: ansible_distribution_release == "hirsute" or ansible_distribution_release == "jammy"
+
+- name: Ensure software for Puppet server is installed
+  package:
+    name:
+      - puppetserver
+    update_cache: true
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..cbe813e
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Ensure installation
+  include_tasks: install.yml
+- name: Ensure configuration
+  include_tasks: configure.yml
\ No newline at end of file
diff --git a/templates/update_puppet_code.service.j2 b/templates/update_puppet_code.service.j2
new file mode 100644
index 0000000..329113a
--- /dev/null
+++ b/templates/update_puppet_code.service.j2
@@ -0,0 +1,7 @@
+[Service]
+Type=oneshot
+WorkingDirectory=/etc/puppetlabs/code/environments/production
+ExecStart=git pull
+
+[Unit]
+OnFailure=status_email_antoniodelgado@%n.service
\ No newline at end of file