From 29deff66d7dfad609e429a14ad6917b79de5de50 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 6 Jul 2010 00:06:32 +0200
Subject: improve vhosts / ssl stuff

- facter out ssl things in a seperate file
- introduce 1 vhost per file config
---
 files/conf.d/ssl.conf    |  6 ++++++
 files/lighttpd.conf      |  2 ++
 manifests/config/file.pp | 37 +++++++++++++++++++++++++++++++++++++
 manifests/ssl.pp         |  1 +
 manifests/vhost/file.pp  | 37 +++++++++++++++++++++++++++++++++++++
 manifests/vhosts.pp      | 11 +++++++++++
 6 files changed, 94 insertions(+)
 create mode 100644 files/conf.d/ssl.conf
 create mode 100644 manifests/config/file.pp
 create mode 100644 manifests/vhost/file.pp
 create mode 100644 manifests/vhosts.pp

diff --git a/files/conf.d/ssl.conf b/files/conf.d/ssl.conf
new file mode 100644
index 0000000..291fce5
--- /dev/null
+++ b/files/conf.d/ssl.conf
@@ -0,0 +1,6 @@
+$SERVER["socket"] == ":443" {
+     ssl.engine             = "enable" 
+     ssl.pemfile            = "/etc/ssl/private/lighttpd.pem"
+     ssl.use-sslv2          = "disable"
+     ssl.cipher-list        = "HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH"
+}
diff --git a/files/lighttpd.conf b/files/lighttpd.conf
index 2e0b68e..c84faa8 100644
--- a/files/lighttpd.conf
+++ b/files/lighttpd.conf
@@ -324,4 +324,6 @@ server.groupname           = "lighttpd"
 
 ## include configuration snippets, usually provided by packages
 include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
+# include vhost snippets
+include_shell "find /etc/lighttpd/vhosts.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
 
diff --git a/manifests/config/file.pp b/manifests/config/file.pp
new file mode 100644
index 0000000..6fa98c4
--- /dev/null
+++ b/manifests/config/file.pp
@@ -0,0 +1,37 @@
+define lighttpd::config::file(
+    $ensure = present,
+    $conf_source = 'absent',
+    $content = 'absent'
+){
+    file{"/etc/lighttpd/conf.d/${name}.conf":
+        ensure => $ensure,
+        notify => Service['lighttpd'],
+        owner => root, group => 0, mode => 0644;
+    }
+
+    case $content {
+        'absent': {
+            File["/etc/lighttpd/conf.d/${name}.conf"]{
+                source => $conf_source ? {
+                  'absent'  => [
+                    "puppet://$server/modules/site-lighttpd/conf.d/$fqdn/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$lighttpd_cluster_node/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$name.conf"
+                  ],
+                  default => "puppet://$server/$conf_source",
+              }
+            }
+        }
+        default: {
+            File["/etc/lighttpd/conf.d/${name}.conf"]{
+                content => $content,
+            }
+        }
+    }
+}
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 376f4ee..adcf5b6 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -1,4 +1,5 @@
 class lighttpd::ssl inherits lighttpd {
+  lighttpd::config::file{ 'ssl.conf': }
   if $use_shorewall {
     include shorewall::rules::https
   }
diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp
new file mode 100644
index 0000000..f047173
--- /dev/null
+++ b/manifests/vhost/file.pp
@@ -0,0 +1,37 @@
+define lighttpd::vhost::file(
+    $ensure = present,
+    $vhost_source = 'absent',
+    $content = 'absent'
+){
+    include ::lighttpd::vhosts
+    file{"/etc/lighttpd/vhosts.d/${name}.conf":
+        ensure => $ensure,
+        notify => Service['lighttpd'],
+        owner => root, group => 0, mode => 0644;
+    }
+
+    case $content {
+        'absent': {
+            File["/etc/lighttpd/vhosts.d/${name}.conf"]{
+                source => $vhost_source ? {
+                  'absent'  => [
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$fqdn/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$lighttpd_cluster_node/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$name.conf"
+                  ],
+                  default => "puppet://$server/$vhost_source",
+              }
+            }
+        }
+        default: {
+            File["/etc/lighttpd/vhosts.d/${name}.conf"]{
+                content => $content,
+            }
+        }
+    }
+}
diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp
new file mode 100644
index 0000000..9e02661
--- /dev/null
+++ b/manifests/vhosts.pp
@@ -0,0 +1,11 @@
+class lighttpd::vhosts {
+  file{'/etc/lighttpd/vhosts.d':
+    source => "puppet://$server/modules/common/empty",
+    ensure => directory,
+    purge => true,
+    recurse => true,
+    require => Package['lighttpd'],
+    notify => Service['lighttpd'],
+    owner => root, group => 0, mode => 0644;
+  }
+}
-- 
cgit v1.2.3