add ssl module for clientcerts

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
new file mode 100644 (file)
index 0000000..20a0030
--- /dev/null
+++ b/modules/ssl/manifests/init.pp
@@ -0,0 +1,60 @@
+class ssl {
+    package { openssl: ensure => installed }
+
+    file {
+        "/etc/ssl/debian":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true
+          recurse => true,
+          force   => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/crls":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/keys":
+          ensure  => directory,
+          mode    => 750,
+          purge   => true
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs/thishost.crt":
+          source  => "puppet:///ssl/clientcerts/$fqdn.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/keys/thishost.key":
+          source  => "puppet:///ssl/clientcerts/$fqdn.key",
+          mode    => 640
+          ;
+        "/etc/ssl/debian/certs/ca.crt":
+          source  => "puppet:///exim/certs/ca.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/crls/ca.crl":
+          source  => "puppet:///exim/certs/ca.crl",
+          ;
+    }
+
+    exec { "c_rehash /etc/ssl/debian/certs":
+        refreshonly => true,
+    }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: