From 47149748246e56513e50a0a609d228c1785a9e55 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 7 Jan 2010 15:30:41 -0200
Subject: Adding SSL support

---
 manifests/init.pp | 56 ++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 47 insertions(+), 9 deletions(-)

(limited to 'manifests/init.pp')

diff --git a/manifests/init.pp b/manifests/init.pp
index b8fb5aa..4dc4183 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -16,19 +16,16 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# TODO: check permission on SSL keys
 class nginx {
-  # Setup packages
-  package { "nginx": ensure => installed, }
 
-  # Nginx service
-  service { "nginx":
-    enable     => true,
-    ensure     => running,
-    hasrestart => true,
-    require    => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+  $ssl = $nginx_ssl {
+    false   => false,
+    default => true,
   }
 
+  # Setup packages
+  package { "nginx": ensure => installed, }
+
   # Config folders, see http://projects.reductivelabs.com/issues/86
   file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]:
     ensure  => directory,
@@ -36,6 +33,47 @@ class nginx {
     group   => "root",
   }
 
+  if $ssl {
+    file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
+      ensure  => directory,
+      owner   => "root",
+      group   => "root",
+    }
+
+    file { "/etc/ssl/certs/cert.crt":
+      ensure => present,
+      owner   => "root",
+      group   => "root",
+      mode    => 644,
+      source  => "puppet://$server/files/keys/ssl/cert.crt",
+      require => File["/etc/ssl/certs"],
+    }
+
+    file { "/etc/ssl/private/cert.pem":
+      ensure => present,
+      owner   => "root",
+      group   => "root",
+      mode    => 600,
+      source  => "puppet://$server/files/keys/ssl/cert.pem",
+      require => File["/etc/ssl/private"],
+    }
+
+    service { "nginx":
+      enable     => true,
+      ensure     => running,
+      hasrestart => true,
+      require    => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"],
+                      File["/etc/ssl/private/cert.pem"], File["/etc/ssl/private/cert.crt"] ],
+    }
+  } else {
+    service { "nginx":
+      enable     => true,
+      ensure     => running,
+      hasrestart => true,
+      require    => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+    }
+  }
+
   # Default site
   site { "$domain": ensure => present, }
 
-- 
cgit v1.2.3