diff --git a/README.md b/README.md
index a540eb036c17ab1d31945d75261fa7751af1235a..362290a025c6db3db74abb443a145a35ae4f71bf 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ If you are using Apache, this setup is possible :
```ruby
class { 'comptoir':
- trusted_hosts => '^comptoir.example.org$',
app_secret => 'ThisIsMySecetUsedToGenerateCSRFTokens',
smtp_host => 'smtp.example.org',
smtp_port => 465,
@@ -56,6 +55,9 @@ class { 'comptoir':
sys_rootpath_mode => '0700',
sys_user => 'www-data',
sys_group => 'www-data',
+ webapp => {
+ trusted_hosts => '^comptoir.example.org$',
+ },
}
```
diff --git a/REFERENCE.md b/REFERENCE.md
index ddc0064af7214238cc641907d7fba72a485c1bd0..947466a601f6ecfdb01c710789b641975e1caa6b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -8,6 +8,10 @@
* [`comptoir`](#comptoir): Deploy and configure Comptoir-du-Libre webapp
+### Data types
+
+* [`Comptoir::Config::Webapp`](#Comptoir--Config--Webapp): Describes configuration parameters
+
## Classes
### <a name="comptoir"></a>`comptoir`
@@ -20,7 +24,6 @@ Deploy and configure Comptoir-du-Libre webapp.
```puppet
class { 'comptoir':
- trusted_hosts => '^example\.org$|^comptoir\.example\.org$',
sys_rootpath => '/var/www/comptoir.example.org',
sys_rootpath_mode => '0700',
sys_user => 'www-data',
@@ -35,19 +38,9 @@ The following parameters are available in the `comptoir` class:
* [`download_url`](#-comptoir--download_url)
* [`download_checksum`](#-comptoir--download_checksum)
* [`checksum_type`](#-comptoir--checksum_type)
-* [`app_default_uri`](#-comptoir--app_default_uri)
-* [`app_name`](#-comptoir--app_name)
-* [`app_shortname`](#-comptoir--app_shortname)
-* [`app_session_lifetime`](#-comptoir--app_session_lifetime)
-* [`app_reset_password_token_lifetime`](#-comptoir--app_reset_password_token_lifetime)
-* [`app_user_min_password_lenght`](#-comptoir--app_user_min_password_lenght)
-* [`app_version_displayed_publicly`](#-comptoir--app_version_displayed_publicly)
* [`app_secret`](#-comptoir--app_secret)
* [`config_path`](#-comptoir--config_path)
* [`var_path`](#-comptoir--var_path)
-* [`trusted_hosts`](#-comptoir--trusted_hosts)
-* [`timezone`](#-comptoir--timezone)
-* [`i18ndefaultlocale`](#-comptoir--i18ndefaultlocale)
* [`sys_usermanage`](#-comptoir--sys_usermanage)
* [`sys_user`](#-comptoir--sys_user)
* [`sys_group`](#-comptoir--sys_group)
@@ -63,8 +56,7 @@ The following parameters are available in the `comptoir` class:
* [`smtp_port`](#-comptoir--smtp_port)
* [`smtp_user`](#-comptoir--smtp_user)
* [`smtp_password`](#-comptoir--smtp_password)
-* [`smtp_mailfrom`](#-comptoir--smtp_mailfrom)
-* [`smtp_mailalertingto`](#-comptoir--smtp_mailalertingto)
+* [`webapp`](#-comptoir--webapp)
##### <a name="-comptoir--download_url"></a>`download_url`
@@ -72,7 +64,7 @@ Data type: `Stdlib::HTTPSUrl`
URL where Comptoir-du-Libre archive is stored.
-Default value: `'https://gitlab.adullact.net/Comptoir/comptoir-du-libre/-/package_files/1056/download'`
+Default value: `'https://gitlab.adullact.net/Comptoir/comptoir-du-libre/-/package_files/1059/download'`
##### <a name="-comptoir--download_checksum"></a>`download_checksum`
@@ -80,7 +72,7 @@ Data type: `String[1]`
Archive file checksum (match checksum_type) used to verify of archive file.
-Default value: `'f33363b96fc330b9298d3477f90ee1aaa09eb06605901b72af3d472c054cf223'`
+Default value: `'2d9099a51b3cd43633e7784e50f734aaf76206660c8c03f5c5f9549899ce22c9'`
##### <a name="-comptoir--checksum_type"></a>`checksum_type`
@@ -90,62 +82,6 @@ Checksum type given with download_checksum.
Default value: `'sha256'`
-##### <a name="-comptoir--app_default_uri"></a>`app_default_uri`
-
-Data type: `Stdlib::HTTPUrl`
-
-Default URI used to generate URLs in a non-HTTP context
-
-Default value: `'https://comptoir.example.org/'`
-
-##### <a name="-comptoir--app_name"></a>`app_name`
-
-Data type: `String[1]`
-
-A custom string displayed to users as name of service.
-
-Default value: `'Comptoir-du-Libre'`
-
-##### <a name="-comptoir--app_shortname"></a>`app_shortname`
-
-Data type: `String[1]`
-
-A custom string displayed to users as short name of service.
-
-Default value: `'Comptoir'`
-
-##### <a name="-comptoir--app_session_lifetime"></a>`app_session_lifetime`
-
-Data type: `Integer`
-
-Lifetime of webapp session in seconds
-
-Default value: `3600`
-
-##### <a name="-comptoir--app_reset_password_token_lifetime"></a>`app_reset_password_token_lifetime`
-
-Data type: `Integer`
-
-Lifetime of reset password token in seconds
-
-Default value: `1500`
-
-##### <a name="-comptoir--app_user_min_password_lenght"></a>`app_user_min_password_lenght`
-
-Data type: `Integer`
-
-Minimum user password length
-
-Default value: `12`
-
-##### <a name="-comptoir--app_version_displayed_publicly"></a>`app_version_displayed_publicly`
-
-Data type: `Boolean`
-
-Public display of software version
-
-Default value: `false`
-
##### <a name="-comptoir--app_secret"></a>`app_secret`
Data type: `String[1]`
@@ -170,30 +106,6 @@ Directory where Comptoir-du-Libre stores var files.
Default value: `'/var/comptoir'`
-##### <a name="-comptoir--trusted_hosts"></a>`trusted_hosts`
-
-Data type: `String[1]`
-
-Regular expression listing allowed domains and IP to prevent HTTP Host header attacks
-
-Default value: `$facts['networking']['fqdn']`
-
-##### <a name="-comptoir--timezone"></a>`timezone`
-
-Data type: `String[1]`
-
-Time Zone used by Comptoir-du-Libre web application
-
-Default value: `'Europe/Paris'`
-
-##### <a name="-comptoir--i18ndefaultlocale"></a>`i18ndefaultlocale`
-
-Data type: `Enum['en','fr']`
-
-Default language used by Comptoir-du-Libre in WebUI.
-
-Default value: `'en'`
-
##### <a name="-comptoir--sys_usermanage"></a>`sys_usermanage`
Data type: `Boolean`
@@ -314,19 +226,27 @@ SMTP password used with SMTP auth
Default value: `undef`
-##### <a name="-comptoir--smtp_mailfrom"></a>`smtp_mailfrom`
+##### <a name="-comptoir--webapp"></a>`webapp`
-Data type: `Stdlib::Email`
+Data type: `Comptoir::Config::Webapp`
-Who the email sent by Comptoir-du-Libre should come from.
+Comptoir configuration parameters starting with WEBAPP_
-Default value: `"admin@${facts['networking']['domain']}"`
+Default value: `{}`
-##### <a name="-comptoir--smtp_mailalertingto"></a>`smtp_mailalertingto`
+## Data types
-Data type: `Stdlib::Email`
+### <a name="Comptoir--Config--Webapp"></a>`Comptoir::Config::Webapp`
-Email address for alert notifications (web application not working properly, ...)
+Describes configuration parameters
-Default value: `"monitor@${facts['networking']['domain']}"`
+Alias of
+
+```puppet
+Hash[String[1], Variant[
+ String[1],
+ Integer,
+ Boolean,
+ ]]
+```
diff --git a/manifests/init.pp b/manifests/init.pp
index 7cebc4788694ac02dbe9f0376650d035e62a93f4..a4fd4cfd2767bb1c7e2179ab502e51cb18a2294c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,19 +5,9 @@
# @param download_url URL where Comptoir-du-Libre archive is stored.
# @param download_checksum Archive file checksum (match checksum_type) used to verify of archive file.
# @param checksum_type Checksum type given with download_checksum.
-# @param app_default_uri Default URI used to generate URLs in a non-HTTP context
-# @param app_name A custom string displayed to users as name of service.
-# @param app_shortname A custom string displayed to users as short name of service.
-# @param app_session_lifetime Lifetime of webapp session in seconds
-# @param app_reset_password_token_lifetime Lifetime of reset password token in seconds
-# @param app_user_min_password_lenght Minimum user password length
-# @param app_version_displayed_publicly Public display of software version
# @param app_secret Application secret is required to generate CSRF tokens
# @param config_path Directory where Comptoir-du-Libre configuration file is stored.
# @param var_path Directory where Comptoir-du-Libre stores var files.
-# @param trusted_hosts Regular expression listing allowed domains and IP to prevent HTTP Host header attacks
-# @param timezone Time Zone used by Comptoir-du-Libre web application
-# @param i18ndefaultlocale Default language used by Comptoir-du-Libre in WebUI.
# @param sys_usermanage To enable/disable the creation of system user and group. To permit manage then by external process.
# @param sys_user Operating system user account owner of Comptoir-du-Libre files
# @param sys_group Operating system group owner of Comptoir-du-Libre files
@@ -33,12 +23,10 @@
# @param smtp_port SMTP port to use
# @param smtp_user SMTP user used with SMTP auth. If user is email, use username%40example.org instead of username@example.org.
# @param smtp_password SMTP password used with SMTP auth
-# @param smtp_mailfrom Who the email sent by Comptoir-du-Libre should come from.
-# @param smtp_mailalertingto Email address for alert notifications (web application not working properly, ...)
+# @param webapp Comptoir configuration parameters starting with WEBAPP_
#
# @example
# class { 'comptoir':
-# trusted_hosts => '^example\.org$|^comptoir\.example\.org$',
# sys_rootpath => '/var/www/comptoir.example.org',
# sys_rootpath_mode => '0700',
# sys_user => 'www-data',
@@ -50,18 +38,8 @@ class comptoir (
String[1] $download_checksum = '2d9099a51b3cd43633e7784e50f734aaf76206660c8c03f5c5f9549899ce22c9', # 3.0.0.alpha.7
Enum['md5', 'sha1', 'sha2', 'sha256', 'sha384', 'sha512'] $checksum_type = 'sha256',
String[1] $app_secret = 'ThisTokenIsNotSoSecretChangeIt',
- Stdlib::HTTPUrl $app_default_uri = 'https://comptoir.example.org/',
- String[1] $app_name = 'Comptoir-du-Libre',
- String[1] $app_shortname = 'Comptoir',
- Integer $app_session_lifetime = 3600,
- Integer $app_reset_password_token_lifetime = 1500,
- Integer $app_user_min_password_lenght = 12,
- Boolean $app_version_displayed_publicly = false,
Stdlib::Absolutepath $config_path = '/etc/comptoir',
Stdlib::Absolutepath $var_path = '/var/comptoir',
- String[1] $trusted_hosts = $facts['networking']['fqdn'],
- String[1] $timezone = 'Europe/Paris',
- Enum['en','fr'] $i18ndefaultlocale = 'en',
Boolean $sys_usermanage = true,
String[1] $sys_user = 'comptoir',
String[1] $sys_group = 'comptoir',
@@ -73,12 +51,11 @@ class comptoir (
String[1] $db_user = 'dbcomptoir',
Variant[String[1], Sensitive[String]] $db_password = Sensitive.new('changeit'),
String[1] $db_name = 'comptoir',
- Stdlib::Email $smtp_mailfrom = "admin@${facts['networking']['domain']}",
- Stdlib::Email $smtp_mailalertingto = "monitor@${facts['networking']['domain']}",
Stdlib::Host $smtp_host = '127.0.0.1',
Stdlib::Port $smtp_port = 25,
Optional[String[1]] $smtp_user = undef,
Optional[Variant[String[1], Sensitive[String]]] $smtp_password = undef,
+ Comptoir::Config::Webapp $webapp = {},
) {
$_archive_rootdir = 'comptoir'
diff --git a/spec/acceptance/comptoir_spec.rb b/spec/acceptance/comptoir_spec.rb
index 3f44935fa2a6544e9252f30bb048266c4bcf3732..a25c33a90cefb6375d3a9e361019fc79005a25db 100644
--- a/spec/acceptance/comptoir_spec.rb
+++ b/spec/acceptance/comptoir_spec.rb
@@ -20,12 +20,14 @@ describe 'comptoir' do
class { 'comptoir':
download_url => '#{download_url_initial}',
download_checksum => '#{download_checksum_initial}',
- app_version_displayed_publicly => true,
- trusted_hosts => '127.0.0.1',
sys_rootpath => '#{sys_rootpath}',
sys_rootpath_mode => '0700',
sys_user => 'www-data',
sys_group => 'www-data',
+ webapp => {
+ software_version_displayed_publicly => true,
+ trusted_hosts => '127.0.0.1',
+ },
}
)
@@ -149,12 +151,14 @@ describe 'comptoir' do
class { 'comptoir':
download_url => '#{download_url_upgrade}',
download_checksum => '#{download_checksum_upgrade}',
- app_version_displayed_publicly => true,
- trusted_hosts => '127.0.0.1',
sys_rootpath => '#{sys_rootpath}',
sys_rootpath_mode => '0700',
sys_user => 'www-data',
sys_group => 'www-data',
+ webapp => {
+ software_version_displayed_publicly => true,
+ trusted_hosts => '127.0.0.1',
+ },
}
)
diff --git a/spec/classes/comptoir_spec.rb b/spec/classes/comptoir_spec.rb
index bb16d11141ed2a7f45dc5baa2857e62c84badce8..26f71159f7258147f50b64d88d9e2a02d2be4087 100644
--- a/spec/classes/comptoir_spec.rb
+++ b/spec/classes/comptoir_spec.rb
@@ -10,40 +10,19 @@ describe 'comptoir' do
it { is_expected.to compile }
it { is_expected.to contain_archive('comptoir.tgz') }
- context '/etc/comptoir/env.prod.local with default values' do
+ context 'with defaults' do
it do
is_expected.to contain_file('/etc/comptoir/env.prod.local') \
.with_content(sensitive(%r{^APP_ENV=prod$}))
- # is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- # .with_content(%r{^DATABASE_URL="postgresql://dbcomptoir:changeit@127.0.0.1:5432/comptoir\?serverVersion=14&charset=utf8"$})
is_expected.to contain_file('/etc/comptoir/env.prod.local') \
.with_content(sensitive(%r{^APP_SECRET=ThisTokenIsNotSoSecretChangeIt$}))
is_expected.to contain_file('/etc/comptoir/env.prod.local') \
.with_content(sensitive(%r{^MAILER_DSN=smtp://127.0.0.1:25$}))
-
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_DEFAULT_URI='https://comptoir.example.org/'$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_NAME='Comptoir-du-Libre'$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_SHORTNAME='Comptoir'$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_I18N_DEFAULT_LOCALE='en'$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_SESSION_LIFETIME=3600$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_SOFTWARE_VERSION_DISPLAYED_PUBLICLY=false$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_TIMEZONE='Europe/Paris'$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=12$}))
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=1500$}))
end
end
- context '/etc/comptoir/env.prod.local with custom database settings' do
+ context 'with custom database settings' do
let(:params) do
{
db_host: 'db.example.org',
@@ -57,13 +36,10 @@ describe 'comptoir' do
it do
is_expected.to contain_file('/etc/comptoir/env.prod.local') \
.with_content(%r{^DATABASE_URL="postgresql://database_user:database_password@db.example.org:5432/database_name\?serverVersion=16&charset=utf8"$})
-
- # is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- # .with_content(sensitive(%r{^DATABASE_URL="postgresql://database_user:database_password@db.example.org:5432/database_name\?serverVersion=16&charset=utf8"$}))
end
end
- context '/etc/comptoir/env.prod.local with custom app_secret' do
+ context 'with custom app_secret' do
let(:params) do
{
app_secret: 'ThisCustomTokenIsNotSoSecret',
@@ -89,7 +65,7 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with SMTP auth and custom SMTP host and port' do
+ context 'with SMTP auth and custom SMTP host and port' do
let(:params) do
{
smtp_host: 'smtp.example.org',
@@ -105,10 +81,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom WEBAPP_DEFAULT_URI' do
+ context 'with custom WEBAPP_DEFAULT_URI' do
let(:params) do
{
- app_default_uri: 'http://new-comptoir.example.org/',
+ webapp: {
+ default_uri: 'http://new-comptoir.example.org/',
+ }
}
end
@@ -118,11 +96,13 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom emails (mail from, mail alerting to)' do
+ context 'with custom emails (mail from, mail alerting to)' do
let(:params) do
{
- smtp_mailfrom: 'custormer-contact@example.org',
- smtp_mailalertingto: 'webapp-alerting@example.org',
+ webapp: {
+ email_from: 'custormer-contact@example.org',
+ email_alerting_to: 'webapp-alerting@example.org',
+ }
}
end
@@ -134,11 +114,13 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom webapp name' do
+ context 'with custom webapp name' do
let(:params) do
{
- app_name: 'The New Comptoir',
- app_shortname: 'New-Comptoir',
+ webapp: {
+ name: 'The New Comptoir',
+ shortname: 'New-Comptoir',
+ }
}
end
@@ -150,10 +132,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with locale fr' do
+ context 'with locale fr' do
let(:params) do
{
- i18ndefaultlocale: 'fr',
+ webapp: {
+ i18n_default_locale: 'fr',
+ }
}
end
@@ -163,23 +147,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom session lifetime (smaller than default value: 60 seconds)' do
- let(:params) do
- {
- app_session_lifetime: 60,
- }
- end
-
- it do
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_SESSION_LIFETIME=60$}))
- end
- end
-
- context '/etc/comptoir/env.prod.local with custom session lifetime (greater than default value: 30 days)' do
+ context 'with custom session lifetime' do
let(:params) do
{
- app_session_lifetime: 60 * 60 * 24 * 30, # 60 seconds * 60 minutes * 24 hours * 30 days = 2 592 000 seconds
+ webapp: {
+ session_lifetime: 60 * 60 * 24 * 30, # 60 seconds * 60 minutes * 24 hours * 30 days = 2 592 000 seconds
+ }
}
end
@@ -189,10 +162,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom webapp version displayed publicly (true)' do
+ context 'with webapp version displayed publicly (true)' do
let(:params) do
{
- app_version_displayed_publicly: true,
+ webapp: {
+ software_version_displayed_publicly: true,
+ }
}
end
@@ -202,10 +177,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom webapp version displayed publicly (false)' do
+ context 'with webapp version displayed publicly (false)' do
let(:params) do
{
- app_version_displayed_publicly: false,
+ webapp: {
+ software_version_displayed_publicly: false,
+ }
}
end
@@ -215,10 +192,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom timezone: Pacific/Tahiti' do
+ context 'with custom timezone: Pacific/Tahiti' do
let(:params) do
{
- timezone: 'Pacific/Tahiti',
+ webapp: {
+ timezone: 'Pacific/Tahiti',
+ }
}
end
@@ -231,7 +210,9 @@ describe 'comptoir' do
context '/etc/comptoir/env.prod.local with custom trusted_hosts' do
let(:params) do
{
- trusted_hosts: '^example.org$',
+ webapp: {
+ trusted_hosts: '^example.org$',
+ }
}
end
@@ -241,23 +222,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom min password length (smaller than default value: 8 characters)' do
- let(:params) do
- {
- app_user_min_password_lenght: 8,
- }
- end
-
- it do
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=8$}))
- end
- end
-
- context '/etc/comptoir/env.prod.local with custom min password length (greater than default value: 16 characters)' do
+ context 'with custom min password length' do
let(:params) do
{
- app_user_min_password_lenght: 16,
+ webapp: {
+ user_config_min_password_length: 16,
+ }
}
end
@@ -267,10 +237,12 @@ describe 'comptoir' do
end
end
- context '/etc/comptoir/env.prod.local with custom password reset token lifetime (10 minutes, smaller than default value)' do
+ context 'with custom password reset token lifetime' do
let(:params) do
{
- app_reset_password_token_lifetime: 60 * 10, # 60 secondes * 10 minutes = 600 seconds
+ webapp: {
+ user_config_password_reset_token_lifetime: 600, # 600 seconds
+ }
}
end
@@ -279,19 +251,6 @@ describe 'comptoir' do
.with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=600$}))
end
end
-
- context '/etc/comptoir/env.prod.local with custom password reset token lifetime (3 hours, greater than default value)' do
- let(:params) do
- {
- app_reset_password_token_lifetime: 60 * 60 * 3, # 60 secondes * 60 minutes * 3 hours = 10 800 seconds
- }
- end
-
- it do
- is_expected.to contain_file('/etc/comptoir/env.prod.local') \
- .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=10800$}))
- end
- end
end
end
end
diff --git a/templates/env.prod.local.epp b/templates/env.prod.local.epp
index 598b93ba74e3b30f3f9ef8749a0e2bd2d09dda31..d6f1ec931a1141a8c7c9dca5a4a2eb8e4479c30f 100644
--- a/templates/env.prod.local.epp
+++ b/templates/env.prod.local.epp
@@ -33,15 +33,31 @@ APP_SECRET=<%= $comptoir::app_secret %>
DATABASE_URL="postgresql://<%= $comptoir::db_user %>:<%= $comptoir::db_password %>@<%= $comptoir::db_host %>:5432/<%= $comptoir::db_name %>?serverVersion=<%= $comptoir::db_version %>&charset=utf8"
MAILER_DSN=smtp://<% if $comptoir::smtp_user { %><%= $comptoir::smtp_user %>:<%= $comptoir::smtp_password %>@<% } %><%= $comptoir::smtp_host %>:<%= $comptoir::smtp_port %>
-WEBAPP_DEFAULT_URI='<%= $comptoir::app_default_uri %>'
-WEBAPP_EMAIL_FROM='<%= $comptoir::smtp_mailfrom %>'
-WEBAPP_EMAIL_ALERTING_TO='<%= $comptoir::smtp_mailalertingto %>'
-WEBAPP_NAME='<%= $comptoir::app_name %>'
-WEBAPP_SHORTNAME='<%= $comptoir::app_shortname %>'
-WEBAPP_I18N_DEFAULT_LOCALE='<%= $comptoir::i18ndefaultlocale %>'
-WEBAPP_SESSION_LIFETIME=<%= $comptoir::app_session_lifetime %>
-WEBAPP_SOFTWARE_VERSION_DISPLAYED_PUBLICLY=<% if $comptoir::app_version_displayed_publicly == true { %>true<% } else { %>false<% } %>
-WEBAPP_TIMEZONE='<%= $comptoir::timezone %>'
-WEBAPP_TRUSTED_HOSTS='<%= $comptoir::trusted_hosts %>'
-WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=<%= $comptoir::app_user_min_password_lenght %>
-WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=<%= $comptoir::app_reset_password_token_lifetime %>
+# Webapp configuration
+# As this template is writing a config file based on some hashes and hashes are not meant to be in a certain order,
+# We need to ensure that the order of the keys are always outputed in the same order.
+# Otherwise puppet will always update(change) the config file.
+
+##################################################################################################
+# If the incoming request's hostname doesn't match the regular expression,
+# the application won't respond and the user will receive a 400 response.
+#
+# Only allows incoming requests with example.org hostname
+# WEBAPP_TRUSTED_HOSTS='^example\.org$'
+#
+# Only allows incoming requests with example.org or trusted.example.com hostnames
+# WEBAPP_TRUSTED_HOSTS='^example\.org$|^trusted\.example\.com$'
+#
+# Only allow incoming requests for all subdomains of example.org
+# WEBAPP_TRUSTED_HOSTS='^(.+\.)?example\.org$'
+##################################################################################################
+
+<%- $comptoir::webapp.keys.sort.each |$k| { -%>
+<% if $comptoir::webapp[$k] =~ String[1] { -%>
+<%= join(['WEBAPP',upcase($k)], '_') -%>='<%= $comptoir::webapp[$k] %>'
+<% } elsif $comptoir::webapp[$k] =~ Variant[Integer,Boolean] { -%>
+<%= join(['WEBAPP',upcase($k)], '_') -%>=<%= $comptoir::webapp[$k] %>
+<% } else { -%>
+BOOOOOM <%= $comptoir::webapp[$k] %>
+<%- } -%>
+<%- } -%>
diff --git a/types/config/webapp.pp b/types/config/webapp.pp
new file mode 100644
index 0000000000000000000000000000000000000000..30a1e8bebf865ab9a1d9a6cc1a922cec98692412
--- /dev/null
+++ b/types/config/webapp.pp
@@ -0,0 +1,9 @@
+# Describes configuration parameters
+type Comptoir::Config::Webapp = Hash[
+ String[1],
+ Variant[
+ String[1],
+ Integer,
+ Boolean,
+ ],
+]