From: Martin Zobel-Helas <zobel@debian.org>
Date: Sun, 20 Jun 2010 09:16:01 +0000 (+0200)
Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... 
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=5244957c0cd8b29cd15fc7cd55dc996dbb9ced3a;hp=17435cfa3bab96c9f5c74e95abcf7aabc6d9e920

Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
---

diff --git a/.gitignore b/.gitignore
index dcb5fa66..94994447 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 puppet.conf
 modules/nagios/files/dsa-nagios
 modules/exim/files/certs/
+modules/ssl/files/
diff --git a/manifests/site.pp b/manifests/site.pp
index 896f6baf..4ad02242 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -29,6 +29,7 @@ node default {
     include monit
     include apt-keys
     include ntp
+    include ssl
 
     include motd
 
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 40e1c9e5..89c341f9 100644
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -392,6 +392,7 @@ dir=1/etc/ferm/dsa.d
 file=/etc/ferm/conf.d/me.conf
 file=/etc/ferm/conf.d/defs.conf
 file=/etc/ferm/ferm.conf
+dir=2/etc/ssl/debian
 
 [IgnoreNone]
 ##
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
new file mode 100644
index 00000000..81bdb893
--- /dev/null
+++ b/modules/ssl/manifests/init.pp
@@ -0,0 +1,57 @@
+class ssl {
+    package { openssl: ensure => installed }
+
+    file {
+        "/etc/ssl/debian":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          recurse => true,
+          force   => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs":
+          ensure  => directory,
+          mode    => 755,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/crls":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/keys":
+          ensure  => directory,
+          mode    => 750,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs/thishost.crt":
+          source  => "puppet:///ssl/clientcerts/$fqdn.client.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/keys/thishost.key":
+          source  => "puppet:///ssl/clientcerts/$fqdn.key",
+          mode    => 640
+          ;
+        "/etc/ssl/debian/certs/ca.crt":
+          source  => "puppet:///ssl/clientcerts/ca.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/crls/ca.crl":
+          source  => "puppet:///ssl/clientcerts/ca.crl",
+          ;
+    }
+
+    exec { "c_rehash /etc/ssl/debian/certs":
+        refreshonly => true,
+    }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: