]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ssl/manifests/init.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
try pushing more certs
[dsa-puppet.git] / modules / ssl / manifests / init.pp
1 class ssl {
2
3         package {
4                 'openssl':
5                         ensure => installed,
6                         ;
7                 'ssl-cert':
8                         ensure => installed,
9                         ;
10         }
11
12         file { '/etc/ssl/debian':
13                 ensure  => directory,
14                 mode    => '0755',
15                 purge   => true,
16                 recurse => true,
17                 force   => true,
18                 source  => 'puppet:///files/empty/'
19         }
20         file { '/etc/ssl/certs':
21                 ensure  => directory,
22                 source  => 'puppet:///modules/ssl/servicecerts/',
23                 recurse => true,
24                 mode    => '0755',
25                 ignore  => '*[^c][^r][^t]',
26                 notify  => Exec['c_rehash /etc/ssl/certs'],
27         }
28         file { '/etc/ssl/debian/certs':
29                 ensure => directory,
30                 mode   => '0755',
31         }
32         file { '/etc/ssl/debian/crls':
33                 ensure => directory,
34                 mode   => '0755',
35         }
36         file { '/etc/ssl/debian/keys':
37                 ensure => directory,
38                 group  => ssl-cert,
39                 mode   => '0750',
40                 require => Package['ssl-cert'],
41         }
42         file { '/etc/ssl/debian/certs/thishost.crt':
43                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
44                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
45         }
46         file { '/etc/ssl/debian/keys/thishost.key':
47                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
48                 mode   => '0440',
49                 group   => ssl-cert,
50                 require => Package['ssl-cert'],
51         }
52         file { '/etc/ssl/debian/certs/ca.crt':
53                 source => 'puppet:///modules/ssl/clientcerts/ca.crt',
54                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
55         }
56         file { '/etc/ssl/debian/crls/ca.crl':
57                 source  => 'puppet:///modules/ssl/clientcerts/ca.crl',
58         }
59
60         file { '/etc/ssl/debian/certs/thishost-server.crt':
61                 source  => "puppet:///modules/exim/certs/${::fqdn}.crt",
62                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
63         }
64         file { '/etc/ssl/debian/keys/thishost-server.key':
65                 source  => "puppet:///modules/exim/certs/${::fqdn}.key",
66                 mode    => '0440',
67                 group   => ssl-cert,
68                 require => Package['ssl-cert'],
69         }
70
71         exec { 'c_rehash /etc/ssl/debian/certs':
72                 refreshonly => true,
73         }
74         exec { 'c_rehash /etc/ssl/certs':
75                 refreshonly => true,
76         }
77 }
Unnamed repository; edit this file 'description' to name the repository.