From 235caa63ec1d56ee63afec6a71acad2169f12b3c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 29 Nov 2011 00:23:21 -0200
Subject: Adding SSL suport

---
 manifests/init.pp  | 23 ++++++++++++++++++++++-
 templates/site.erb | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 4c1b284..205b11f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -31,6 +31,8 @@ $apache2_macros = "/etc/apache2/conf.d/macros"
 $apache2_conf   = "/etc/apache2/apache2.conf"
 
 class apache {
+  include ssl
+
   case $apache_www_folder {
     '': { $apache_www_folder = "/var/www" }
   }
@@ -84,6 +86,11 @@ class apache {
     require => Package["apache"],
   }
 
+  module { "ssl":
+    ensure  => present,
+    require => Package["apache"],
+  }
+
   # apache mod_macro configuration
   file { "${apache2_macros}":
     ensure  => present,
@@ -139,7 +146,8 @@ class apache {
               $manage_docroot = true, $owner = 'root', $group = 'root',
               $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*',
               $comment = '', $sshkey = absent,
-              $groups = '', $shell = '/bin/false', $manage_user = true) {
+              $groups = '', $shell = '/bin/false', $manage_user = true,
+              $ssl = false, $listen = '*') {
 
     $vhost = $filename ? {
       ''      => "$title",
@@ -202,6 +210,19 @@ class apache {
       }
     }
 
+    if $ssl == true {
+      ssl::cert { "$name":
+        group    => $gid,
+        privmode => '0640',
+        ensure   => $ensure,
+      }
+    
+      ssl::check { "$name":
+        file   => "/etc/ssl/certs/$name.crt",
+        ensure => $ensure,
+      }
+    }
+
     case $source {
       true: {
                file { "${apache2_sites}-available/$vhost":
diff --git a/templates/site.erb b/templates/site.erb
index 80ad807..5a9f074 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -1,5 +1,5 @@
 # begin vhost for <%= title %>
-<VirtualHost *:80>
+<VirtualHost <%= listen %>:80>
    ServerName <%= title %>.<%= hosting_domain %>
 <% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
    DocumentRoot <%= docroot %>
@@ -18,3 +18,32 @@
 <% end %>   
 </VirtualHost>
 # end vhost for <%= title %>
+<% if ssl == true %>
+# begin ssl vhost for <%= title %>
+<VirtualHost <%= listen %>:443>
+   ServerName <%= title %>.<%= hosting_domain %>
+<% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
+   DocumentRoot <%= docroot %>
+<% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
+<% if redirect != false %>   Redirect <%= redirect %><% end %>
+<% if aliases != false %><% aliases.each do |map| -%>
+   Alias <%= map %>
+<% end -%><% end -%>  
+<% if use != false %><% use.each do |instance| -%>
+   Use <%= instance %>
+<% end -%><% end -%>
+<% if mpm == true %>
+   <IfModule mpm_itk_module>
+     AssignUserId <%= user %> <%= gid %>
+   </IfModule>
+<% end %>   
+<% if server_alias == true %>
+   # SSL Configuration
+   SSLEngine on
+   SSLProtocol -all +SSLv3 +TLSv1
+   SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+   SSLHonorCipherOrder on
+<% end %>   
+</VirtualHost>
+# end ssl vhost for <%= title %>
+<% end %>   
-- 
cgit v1.2.3