feat: initial commit

environments/production/manifests/config.pp

@@ -0,0 +1,20 @@
+$authentik_host = "https://auth.amy.mov/"
+
+$authentik_pg_host = "postgresql.cluster"
+$authentik_pg_db = "authentik"
+$authentik_pg_user = "authentik"
+
+$infisical_pg_host = "postgresql.cluster"
+$infisical_pg_pass = "infisical"
+$infisical_pg_user = "infisical"
+$infisical_pg_db = "infisical"
+
+$pg_oauth2_name = 'authentik'
+$pg_oauth2_display_name ='authentik'
+$pg_oauth2_token_url ='https://auth.amy.mov/application/o/token/'
+$pg_oauth2_authorization_url = 'https://auth.amy.mov/application/o/authorize/'
+$pg_oauth2_api_base_url = 'https://auth.amy.mov/'
+$pg_oauth2_userinfo_endpoint = 'https://auth.amy.mov/application/o/userinfo/'
+$pg_oauth2_server_metadata_url = 'https://auth.amy.mov/application/o/pgadmin/.well-known/openid-configuration'
+$pg_oauth2_scope = 'openid email profile'
+$pg_oauth2_icon = 'fa-key'

environments/production/manifests/site.pp

@@ -0,0 +1,63 @@
+$nameservers = ['192.168.1.155', '1.1.1.1']
+include stdlib
+
+include apt
+
+include hosts
+include dns
+include utils
+include keys
+
+# For nodes that haven't got the service enabled
+service { 'puppet': 
+  ensure => 'running',
+  enable => true
+}
+
+# This server itself
+node 'puppet-server.cluster' {
+  include infisical::cli
+}
+
+node 'nginx.cluster' {
+  include elastic::filebeat
+  include reverse_proxy
+}
+
+node 'garage.cluster' {
+  include garage
+}
+
+node 'postgresql.cluster' {
+  include postgresql
+}
+
+node 'unifi.cluster'  {
+  include unifi
+}
+
+node 'authentik.cluster' {
+  include authentik
+}
+
+node 'forgejo.cluster' {
+  include forgejo
+}
+
+node 'kibana.cluster' {
+  include elastic::kibana
+}
+
+node 'elasticsearch.cluster' {
+  include elastic::search
+}
+
+node 'owncloud.cluster' {
+  include owncloud
+}
+
+node 'infisical.cluster' {
+  include infisical
+}
+
+node default {}