]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ssl/manifests/init.pp
no, we don't want to purge the certs directory
[dsa-puppet.git] / modules / ssl / manifests / init.pp
1 class ssl {
2     package { openssl: ensure => installed }
3
4     file {
5         "/etc/ssl/debian":
6           ensure  => directory,
7           mode    => 755,
8           purge   => true,
9           recurse => true,
10           force   => true,
11           source  => "puppet:///files/empty/"
12         ;
13         "/etc/ssl/debian/certs":
14           ensure  => directory,
15           mode    => 755,
16           source  => "puppet:///files/empty/"
17         ;
18         "/etc/ssl/debian/crls":
19           ensure  => directory,
20           mode    => 755,
21           purge   => true,
22           force   => true,
23           recurse => true,
24           source  => "puppet:///files/empty/"
25         ;
26         "/etc/ssl/debian/keys":
27           ensure  => directory,
28           mode    => 750,
29           purge   => true,
30           force   => true,
31           recurse => true,
32           source  => "puppet:///files/empty/"
33         ;
34         "/etc/ssl/debian/certs/thishost.crt":
35           source  => "puppet:///ssl/clientcerts/$fqdn.client.crt",
36           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
37           ;
38         "/etc/ssl/debian/keys/thishost.key":
39           source  => "puppet:///ssl/clientcerts/$fqdn.key",
40           mode    => 640
41           ;
42         "/etc/ssl/debian/certs/ca.crt":
43           source  => "puppet:///ssl/clientcerts/ca.crt",
44           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
45           ;
46         "/etc/ssl/debian/crls/ca.crl":
47           source  => "puppet:///ssl/clientcerts/ca.crl",
48           ;
49     }
50
51     exec { "c_rehash /etc/ssl/debian/certs":
52         refreshonly => true,
53     }
54 }
55 # vim:set et:
56 # vim:set sts=4 ts=4:
57 # vim:set shiftwidth=4: