Merge pull request #113 from jay7x/manage_things

Allow to manage caddy user/group/systemd unit/service parameters separately

REFERENCE.md

@@ -58,7 +58,9 @@ The following parameters are available in the `caddy` class:
 * [`version`](#-caddy--version)
 * [`install_method`](#-caddy--install_method)
 * [`install_path`](#-caddy--install_path)
+* [`manage_user`](#-caddy--manage_user)
 * [`caddy_user`](#-caddy--caddy_user)
+* [`manage_group`](#-caddy--manage_group)
 * [`caddy_group`](#-caddy--caddy_group)
 * [`caddy_shell`](#-caddy--caddy_shell)
 * [`caddy_log_dir`](#-caddy--caddy_log_dir)
@@ -70,11 +72,16 @@ The following parameters are available in the `caddy` class:
 * [`caddy_architecture`](#-caddy--caddy_architecture)
 * [`caddy_account_id`](#-caddy--caddy_account_id)
 * [`caddy_api_key`](#-caddy--caddy_api_key)
+* [`manage_systemd_unit`](#-caddy--manage_systemd_unit)
 * [`systemd_limit_processes`](#-caddy--systemd_limit_processes)
 * [`systemd_private_devices`](#-caddy--systemd_private_devices)
 * [`systemd_capability_bounding_set`](#-caddy--systemd_capability_bounding_set)
 * [`systemd_ambient_capabilities`](#-caddy--systemd_ambient_capabilities)
 * [`systemd_no_new_privileges`](#-caddy--systemd_no_new_privileges)
+* [`manage_service`](#-caddy--manage_service)
+* [`service_name`](#-caddy--service_name)
+* [`service_ensure`](#-caddy--service_ensure)
+* [`service_enable`](#-caddy--service_enable)
 
 ##### <a name="-caddy--version"></a>`version`
 
@@ -100,6 +107,14 @@ Directory where the Caddy binary is stored.
 
 Default value: `'/opt/caddy'`
 
+##### <a name="-caddy--manage_user"></a>`manage_user`
+
+Data type: `Boolean`
+
+Whether or not the module should create the user.
+
+Default value: `true`
+
 ##### <a name="-caddy--caddy_user"></a>`caddy_user`
 
 Data type: `String[1]`
@@ -108,6 +123,14 @@ The user used by the Caddy process.
 
 Default value: `'caddy'`
 
+##### <a name="-caddy--manage_group"></a>`manage_group`
+
+Data type: `Boolean`
+
+Whether or not the module should create the group.
+
+Default value: `true`
+
 ##### <a name="-caddy--caddy_group"></a>`caddy_group`
 
 Data type: `String[1]`
@@ -196,6 +219,14 @@ The API key, required for the commercial license.
 
 Default value: `undef`
 
+##### <a name="-caddy--manage_systemd_unit"></a>`manage_systemd_unit`
+
+Data type: `Boolean`
+
+Whether or not the module should create the systemd unit file.
+
+Default value: `true`
+
 ##### <a name="-caddy--systemd_limit_processes"></a>`systemd_limit_processes`
 
 Data type: `Integer[0]`
@@ -236,6 +267,38 @@ Whether the process and all its children can gain new privileges through execve(
 
 Default value: `undef`
 
+##### <a name="-caddy--manage_service"></a>`manage_service`
+
+Data type: `Boolean`
+
+Whether or not the module should manage the service.
+
+Default value: `true`
+
+##### <a name="-caddy--service_name"></a>`service_name`
+
+Data type: `String[1]`
+
+Customise the name of the system service
+
+Default value: `'caddy'`
+
+##### <a name="-caddy--service_ensure"></a>`service_ensure`
+
+Data type: `Stdlib::Ensure::Service`
+
+Whether the service should be running or stopped
+
+Default value: `'running'`
+
+##### <a name="-caddy--service_enable"></a>`service_enable`
+
+Data type: `Boolean`
+
+Whether the service should be enabled or disabled
+
+Default value: `true`
+
 ## Defined types
 
 ### <a name="caddy--vhost"></a>`caddy::vhost`

manifests/init.pp

@@ -24,9 +24,15 @@
 # @param install_path
 #   Directory where the Caddy binary is stored.
 #
+# @param manage_user
+#   Whether or not the module should create the user.
+#
 # @param caddy_user
 #   The user used by the Caddy process.
 #
+# @param manage_group
+#    Whether or not the module should create the group.
+#
 # @param caddy_group
 #   The group used by the Caddy process.
 #
@@ -60,6 +66,9 @@
 # @param caddy_api_key
 #   The API key, required for the commercial license.
 #
+# @param manage_systemd_unit
+#   Whether or not the module should create the systemd unit file.
+#
 # @param systemd_limit_processes
 #   The number of processes.
 #
@@ -75,11 +84,25 @@
 # @param systemd_no_new_privileges
 #   Whether the process and all its children can gain new privileges through execve().
 #
+# @param manage_service
+#   Whether or not the module should manage the service.
+#
+# @param service_name
+#   Customise the name of the system service
+#
+# @param service_ensure
+#   Whether the service should be running or stopped
+#
+# @param service_enable
+#   Whether the service should be enabled or disabled
+#
 class caddy (
   String[1]                      $version                         = '2.0.0',
   Optional[Enum['github']]       $install_method                  = undef,
   Stdlib::Absolutepath           $install_path                    = '/opt/caddy',
+  Boolean                        $manage_user                     = true,
   String[1]                      $caddy_user                      = 'caddy',
+  Boolean                        $manage_group                    = true,
   String[1]                      $caddy_group                     = 'caddy',
   Stdlib::Absolutepath           $caddy_shell                     = '/sbin/nologin',
   Stdlib::Absolutepath           $caddy_log_dir                   = '/var/log/caddy',
@@ -91,11 +114,16 @@
   String[1]                      $caddy_architecture              = $facts['os']['architecture'],
   Optional[String[1]]            $caddy_account_id                = undef,
   Optional[String[1]]            $caddy_api_key                   = undef,
+  Boolean                        $manage_systemd_unit             = true,
   Integer[0]                     $systemd_limit_processes         = 64,
   Boolean                        $systemd_private_devices         = true,
   Optional[String[1]]            $systemd_capability_bounding_set = undef,
   String[1]                      $systemd_ambient_capabilities    = 'CAP_NET_BIND_SERVICE',
   Optional[Boolean]              $systemd_no_new_privileges       = undef,
+  Boolean                        $manage_service                  = true,
+  String[1]                      $service_name                    = 'caddy',
+  Stdlib::Ensure::Service        $service_ensure                  = 'running',
+  Boolean                        $service_enable                  = true,
 ) {
   case $caddy_architecture {
     'x86_64', 'amd64': { $arch = 'amd64' }
@@ -106,17 +134,25 @@
     }
   }
 
-  group { $caddy_group:
-    ensure => present,
-    system => true,
+  if $manage_group {
+    group { $caddy_group:
+      ensure => present,
+      system => true,
+    }
   }
 
-  user { $caddy_user:
-    ensure => present,
-    shell  => $caddy_shell,
-    gid    => $caddy_group,
-    system => true,
-    home   => $caddy_home,
+  if $manage_user {
+    user { $caddy_user:
+      ensure => present,
+      shell  => $caddy_shell,
+      gid    => $caddy_group,
+      system => true,
+      home   => $caddy_home,
+    }
+
+    if $manage_group {
+      Group[$caddy_group] -> User[$caddy_user]
+    }
   }
 
   contain caddy::install

manifests/service.pp

@@ -6,23 +6,34 @@
 class caddy::service {
   assert_private()
 
-  systemd::unit_file { 'caddy.service':
-    enable  => true,
-    active  => true,
-    content => epp('caddy/etc/systemd/system/caddy.service.epp',
-      {
-        install_path                    => $caddy::install_path,
-        caddy_user                      => $caddy::caddy_user,
-        caddy_group                     => $caddy::caddy_group,
-        caddy_log_dir                   => $caddy::caddy_log_dir,
-        caddy_ssl_dir                   => $caddy::caddy_ssl_dir,
-        caddy_home                      => $caddy::caddy_home,
-        systemd_limit_processes         => $caddy::systemd_limit_processes,
-        systemd_private_devices         => $caddy::systemd_private_devices,
-        systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set,
-        systemd_ambient_capabilities    => $caddy::systemd_ambient_capabilities,
-        systemd_no_new_privileges       => $caddy::systemd_no_new_privileges,
-      }
-    ),
+  if $caddy::manage_systemd_unit {
+    systemd::unit_file { "${caddy::service_name}.service":
+      content => epp('caddy/etc/systemd/system/caddy.service.epp',
+        {
+          install_path                    => $caddy::install_path,
+          caddy_user                      => $caddy::caddy_user,
+          caddy_group                     => $caddy::caddy_group,
+          caddy_log_dir                   => $caddy::caddy_log_dir,
+          caddy_ssl_dir                   => $caddy::caddy_ssl_dir,
+          caddy_home                      => $caddy::caddy_home,
+          systemd_limit_processes         => $caddy::systemd_limit_processes,
+          systemd_private_devices         => $caddy::systemd_private_devices,
+          systemd_capability_bounding_set => $caddy::systemd_capability_bounding_set,
+          systemd_ambient_capabilities    => $caddy::systemd_ambient_capabilities,
+          systemd_no_new_privileges       => $caddy::systemd_no_new_privileges,
+        }
+      ),
+    }
+  }
+
+  if $caddy::manage_service {
+    service { $caddy::service_name:
+      ensure => $caddy::service_ensure,
+      enable => $caddy::service_enable,
+    }
+
+    if $caddy::manage_systemd_unit {
+      Systemd::Unit_file["${caddy::service_name}.service"] ~> Service[$caddy::service_name]
+    }
   }
 }