modules/ssl/manifests/init.pp

   1 class ssl {
   2     package { openssl: ensure => installed }
   3
   4     file {
   5         "/etc/ssl/debian":
   6           ensure  => directory,
   7           mode    => 755,
   8           purge   => true
   9           recurse => true,
  10           force   => true,
  11           source  => "puppet:///files/empty/"
  12         ;
  13         "/etc/ssl/debian/certs":
  14           ensure  => directory,
  15           mode    => 755,
  16           purge   => true,
  17           force   => true,
  18           recurse => true,
  19           source  => "puppet:///files/empty/"
  20         ;
  21         "/etc/ssl/debian/crls":
  22           ensure  => directory,
  23           mode    => 755,
  24           purge   => true,
  25           force   => true,
  26           recurse => true,
  27           source  => "puppet:///files/empty/"
  28         ;
  29         "/etc/ssl/debian/keys":
  30           ensure  => directory,
  31           mode    => 750,
  32           purge   => true
  33           force   => true,
  34           recurse => true,
  35           source  => "puppet:///files/empty/"
  36         ;
  37         "/etc/ssl/debian/certs/thishost.crt":
  38           source  => "puppet:///ssl/clientcerts/$fqdn.crt",
  39           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
  40           ;
  41         "/etc/ssl/debian/keys/thishost.key":
  42           source  => "puppet:///ssl/clientcerts/$fqdn.key",
  43           mode    => 640
  44           ;
  45         "/etc/ssl/debian/certs/ca.crt":
  46           source  => "puppet:///exim/certs/ca.crt",
  47           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
  48           ;
  49         "/etc/ssl/debian/crls/ca.crl":
  50           source  => "puppet:///exim/certs/ca.crl",
  51           ;
  52     }
  53
  54     exec { "c_rehash /etc/ssl/debian/certs":
  55         refreshonly => true,
  56     }
  57 }
  58 # vim:set et:
  59 # vim:set sts=4 ts=4:
  60 # vim:set shiftwidth=4: