manifests/site.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

define nginx::site(
  $ensure          = present,
  $ssl             = present,
  $source          = 'template',
  $certbot         = true,
  $template        = 'site',
  $backend         = 'weblocal',
  $aliases         = "*.${name}",
  $cache           = false,
  $cache_levels    = '1:2',
  $cache_size      = '10m',
  $cache_inactive  = '600s',
  $cache_max_size  = '1m',
  $x_frame_options = 'DENY',
) {
  nginx::site::config { $name:
    ensure   => $ensure,
    source   => $source,
    template => $template,
    backend  => $backend,
    aliases  => $aliases,
  }

  # We should discover the best practices' way to
  # stop managing a certificate using certbot so
  # we can implement an ensurable properly.
  if $certbot == true and $ensure == 'present' {
    certbot::manage { $name:
      aliases  => $aliases,
      pre_hook => '/usr/sbin/service nginx restart',
      require  => Nginx::Site::Config[$name],
    }
  }

  nginx::site::config { "${name}-ssl":
    server_name     => $name,
    ensure          => $ensure ? {
      'present' => $ssl,
      default   => absent,
    },
    source          => $source,
    template        => "${template}-ssl",
    backend         => $backend,
    aliases         => $aliases,
    cache           => $cache,
    cache_levels    => $cache_levels,
    cache_size      => $cache_size,
    cache_inactive  => $cache_inactive,
    cache_max_size  => $cache_max_size,
    x_frame_options => $x_frame_options,
    require        => $certbot ? {
      true => $ensure ? {
        'present' => Certbot::Manage[$name],
        default   => undef,
      },
      default => undef,
    }
  }
}