From 683dbde79850db946078624cf8a07ec2c954701b Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 17 Jun 2016 15:19:39 -0300
Subject: Managing the default config

---
 manifests/base.pp   | 1 +
 manifests/config.pp | 1 +
 manifests/ssl.pp    | 7 ++++++-
 3 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'manifests')

diff --git a/manifests/base.pp b/manifests/base.pp
index 7febb79..bb13860 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -18,6 +18,7 @@ class nginx::base {
   }
 
   # Main configuration
+  # TODO: we're managing the default config. Remove this block after a while.
   file { "/etc/nginx/nginx.conf":
     content => template("nginx/nginx.conf.erb"),
     owner   => "root",
diff --git a/manifests/config.pp b/manifests/config.pp
index bba54b9..3b60016 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -6,5 +6,6 @@ define nginx::config($value, $ensure = 'present') {
     mode    => '0644',
     content => "${value}\n",
     notify  => Service['nginx'],
+    require => Package['nginx'],
   }
 }
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 4b38332..899f4ff 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -18,7 +18,12 @@ class nginx::ssl(
     'ssl_session_timeout':       value => "ssl_session_timeout ${session_timeout};";
     'ssl_protocols':             value => 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;';
     'ssl_ciphers':               value => 'ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;';
-    'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;';
     'ssl_dhparam':               value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;';
   }
+
+  # Already in default config
+  nginx::config { 'ssl_prefer_server_ciphers':
+    value  => 'ssl_prefer_server_ciphers on;',
+    ensure => absent,
+  }
 }
-- 
cgit v1.2.3