]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ssl/manifests/init.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix path and perms
[dsa-puppet.git] / modules / ssl / manifests / init.pp
1 class ssl {
2
3         package { 'openssl':
4                 ensure => installed
5         }
6
7         file { '/etc/ssl/debian':
8                 ensure  => directory,
9                 mode    => '0755',
10                 purge   => true,
11                 recurse => true,
12                 force   => true,
13                 source  => 'puppet:///files/empty/'
14         }
15         file { '/etc/ssl/debian/certs':
16                 ensure => directory,
17                 mode   => '0755',
18         }
19         file { '/etc/ssl/debian/crls':
20                 ensure => directory,
21                 mode   => '0755',
22         }
23         file { '/etc/ssl/debian/keys':
24                 ensure => directory,
25                 group  => ssl-cert,
26                 mode   => '0750',
27         }
28         file { '/etc/ssl/debian/certs/thishost.crt':
29                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
30                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
31         }
32         file { '/etc/ssl/debian/keys/thishost.key':
33                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
34                 mode   => '0440'
35         }
36         file { '/etc/ssl/debian/certs/ca.crt':
37                 source => 'puppet:///modules/ssl/clientcerts/ca.crt',
38                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
39         }
40         file { '/etc/ssl/debian/crls/ca.crl':
41                 source  => 'puppet:///modules/ssl/clientcerts/ca.crl',
42         }
43
44         file { '/etc/ssl/debian/certs/thishost-server.crt':
45                 source  => "puppet:///modules/exim/certs/${::fqdn}.crt",
46                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
47         }
48         file { '/etc/ssl/debian/keys/thishost-server.key':
49                 source  => "puppet:///modules/exim/certs/${::fqdn}.key",
50                 group   => ssl-cert,
51                 mode    => '0440',
52         }
53
54         exec { 'c_rehash /etc/ssl/debian/certs':
55                 refreshonly => true,
56         }
57 }
Unnamed repository; edit this file 'description' to name the repository.