From a9436d2739650b4b03e45488d27001edceb8d8a0 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 23 May 2015 11:32:39 -0300 Subject: Defines nginx::cert --- manifests/cert.pp | 20 ++++++++++++++++++++ manifests/init.pp | 29 +---------------------------- 2 files changed, 21 insertions(+), 28 deletions(-) create mode 100644 manifests/cert.pp diff --git a/manifests/cert.pp b/manifests/cert.pp new file mode 100644 index 0000000..81a5f4b --- /dev/null +++ b/manifests/cert.pp @@ -0,0 +1,20 @@ +define nginx::cert( + $address +) +{ + ssl::cert { "$address": + main => true, + notify => Service['nginx'], + } + + ssl::check { "$address": + file => true, + } + + Service["nginx"] { + require => [ Package["nginx"], + File["/etc/nginx/sites-enabled/${address}"], + File["/etc/ssl/private/${address}.pem"], + File["/etc/ssl/certs/${address}.crt"] ], + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 7c827de..dbbf4f4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,9 +16,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -class nginx inherits nginx::base( - $deploy_certs = true -) { +class nginx inherits nginx::base { include ssl # See https://weakdh.org/ @@ -30,31 +28,6 @@ class nginx inherits nginx::base( notify => Service['nginx'], } - case $deploy_certs { - true: { - ssl::cert { "$::domain": - main => true, - notify => Service['nginx'], - } - - ssl::check { "$::domain": - file => true, - } - - # For SNI - ssl::cert { "example.org": - notify => Service['nginx'], - } - - Service["nginx"] { - require => [ Package["nginx"], - File["/etc/nginx/sites-enabled/${::domain}"], - File["/etc/ssl/private/${::domain}.pem"], - File["/etc/ssl/certs/${::domain}.crt"] ], - } - } - } - # Default site nginx::base::site { "default": ensure => present, -- cgit v1.2.3