diff options
| author | mh <mh@immerda.ch> | 2010-07-06 00:06:32 +0200 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2010-07-06 00:08:56 +0200 |
| commit | 29deff66d7dfad609e429a14ad6917b79de5de50 (patch) | |
| tree | a1b8a526c5e07e95be8ff6451216a5269b606f66 | |
| parent | 9ff20635fbb0945195f2b562f46efca8f5d13850 (diff) | |
| download | puppet-lighttpd-29deff66d7dfad609e429a14ad6917b79de5de50.tar.gz puppet-lighttpd-29deff66d7dfad609e429a14ad6917b79de5de50.tar.bz2 | |
improve vhosts / ssl stuff
- facter out ssl things in a seperate file
- introduce 1 vhost per file config
| -rw-r--r-- | files/conf.d/ssl.conf | 6 | ||||
| -rw-r--r-- | files/lighttpd.conf | 2 | ||||
| -rw-r--r-- | manifests/config/file.pp | 37 | ||||
| -rw-r--r-- | manifests/ssl.pp | 1 | ||||
| -rw-r--r-- | manifests/vhost/file.pp | 37 | ||||
| -rw-r--r-- | manifests/vhosts.pp | 11 |
6 files changed, 94 insertions, 0 deletions
diff --git a/files/conf.d/ssl.conf b/files/conf.d/ssl.conf new file mode 100644 index 0000000..291fce5 --- /dev/null +++ b/files/conf.d/ssl.conf @@ -0,0 +1,6 @@ +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + ssl.use-sslv2 = "disable" + ssl.cipher-list = "HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH" +} diff --git a/files/lighttpd.conf b/files/lighttpd.conf index 2e0b68e..c84faa8 100644 --- a/files/lighttpd.conf +++ b/files/lighttpd.conf @@ -324,4 +324,6 @@ server.groupname = "lighttpd" ## include configuration snippets, usually provided by packages include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;" +# include vhost snippets +include_shell "find /etc/lighttpd/vhosts.d -maxdepth 1 -name '*.conf' -exec cat {} \;" diff --git a/manifests/config/file.pp b/manifests/config/file.pp new file mode 100644 index 0000000..6fa98c4 --- /dev/null +++ b/manifests/config/file.pp @@ -0,0 +1,37 @@ +define lighttpd::config::file( + $ensure = present, + $conf_source = 'absent', + $content = 'absent' +){ + file{"/etc/lighttpd/conf.d/${name}.conf": + ensure => $ensure, + notify => Service['lighttpd'], + owner => root, group => 0, mode => 0644; + } + + case $content { + 'absent': { + File["/etc/lighttpd/conf.d/${name}.conf"]{ + source => $conf_source ? { + 'absent' => [ + "puppet://$server/modules/site-lighttpd/conf.d/$fqdn/$name.conf", + "puppet://$server/modules/site-lighttpd/conf.d/$lighttpd_cluster_node/$name.conf", + "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem/$name.conf", + "puppet://$server/modules/site-lighttpd/conf.d/$name.conf", + "puppet://$server/modules/lighttpd/conf.d/$name.conf", + "puppet://$server/modules/lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet://$server/modules/lighttpd/conf.d/$operatingsystem/$name.conf", + "puppet://$server/modules/lighttpd/conf.d/$name.conf" + ], + default => "puppet://$server/$conf_source", + } + } + } + default: { + File["/etc/lighttpd/conf.d/${name}.conf"]{ + content => $content, + } + } + } +} diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 376f4ee..adcf5b6 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -1,4 +1,5 @@ class lighttpd::ssl inherits lighttpd { + lighttpd::config::file{ 'ssl.conf': } if $use_shorewall { include shorewall::rules::https } diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp new file mode 100644 index 0000000..f047173 --- /dev/null +++ b/manifests/vhost/file.pp @@ -0,0 +1,37 @@ +define lighttpd::vhost::file( + $ensure = present, + $vhost_source = 'absent', + $content = 'absent' +){ + include ::lighttpd::vhosts + file{"/etc/lighttpd/vhosts.d/${name}.conf": + ensure => $ensure, + notify => Service['lighttpd'], + owner => root, group => 0, mode => 0644; + } + + case $content { + 'absent': { + File["/etc/lighttpd/vhosts.d/${name}.conf"]{ + source => $vhost_source ? { + 'absent' => [ + "puppet://$server/modules/site-lighttpd/vhosts.d/$fqdn/$name.conf", + "puppet://$server/modules/site-lighttpd/vhosts.d/$lighttpd_cluster_node/$name.conf", + "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem/$name.conf", + "puppet://$server/modules/site-lighttpd/vhosts.d/$name.conf", + "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem/$name.conf", + "puppet://$server/modules/lighttpd/vhosts.d/$name.conf" + ], + default => "puppet://$server/$vhost_source", + } + } + } + default: { + File["/etc/lighttpd/vhosts.d/${name}.conf"]{ + content => $content, + } + } + } +} diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp new file mode 100644 index 0000000..9e02661 --- /dev/null +++ b/manifests/vhosts.pp @@ -0,0 +1,11 @@ +class lighttpd::vhosts { + file{'/etc/lighttpd/vhosts.d': + source => "puppet://$server/modules/common/empty", + ensure => directory, + purge => true, + recurse => true, + require => Package['lighttpd'], + notify => Service['lighttpd'], + owner => root, group => 0, mode => 0644; + } +} |