improve vhosts / ssl stuff

- facter out ssl things in a seperate file
- introduce 1 vhost per file config

diff --git a/files/conf.d/ssl.conf b/files/conf.d/ssl.conf
new file mode 100644 (file)
index 0000000..291fce5
--- /dev/null
+++ b/files/conf.d/ssl.conf
@@ -0,0 +1,6 @@
+$SERVER["socket"] == ":443" {
+     ssl.engine             = "enable" 
+     ssl.pemfile            = "/etc/ssl/private/lighttpd.pem"
+     ssl.use-sslv2          = "disable"
+     ssl.cipher-list        = "HIGH:MEDIUM:!aNULL:!SSLv2:@STRENGTH"
+}

diff --git a/files/lighttpd.conf b/files/lighttpd.conf
index 2e0b68ed3cd6a9113bf8e80070118554f31ae673..c84faa883ce485d5b848a26b79a87ca6b72462f4 100644 (file)
--- a/files/lighttpd.conf
+++ b/files/lighttpd.conf
@@ -324,4 +324,6 @@ server.groupname           = "lighttpd"
 
 ## include configuration snippets, usually provided by packages
 include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
+# include vhost snippets
+include_shell "find /etc/lighttpd/vhosts.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
 

diff --git a/manifests/config/file.pp b/manifests/config/file.pp
new file mode 100644 (file)
index 0000000..6fa98c4
--- /dev/null
+++ b/manifests/config/file.pp
@@ -0,0 +1,37 @@
+define lighttpd::config::file(
+    $ensure = present,
+    $conf_source = 'absent',
+    $content = 'absent'
+){
+    file{"/etc/lighttpd/conf.d/${name}.conf":
+        ensure => $ensure,
+        notify => Service['lighttpd'],
+        owner => root, group => 0, mode => 0644;
+    }
+
+    case $content {
+        'absent': {
+            File["/etc/lighttpd/conf.d/${name}.conf"]{
+                source => $conf_source ? {
+                  'absent'  => [
+                    "puppet://$server/modules/site-lighttpd/conf.d/$fqdn/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$lighttpd_cluster_node/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/conf.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/lighttpd/conf.d/$name.conf"
+                  ],
+                  default => "puppet://$server/$conf_source",
+              }
+            }
+        }
+        default: {
+            File["/etc/lighttpd/conf.d/${name}.conf"]{
+                content => $content,
+            }
+        }
+    }
+}

diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 376f4eebdb1f986f5d140c6d554b07f646026e71..adcf5b6ea563f272d53b1ecf74c7b0b05b715f5f 100644 (file)
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -1,4 +1,5 @@
 class lighttpd::ssl inherits lighttpd {
+  lighttpd::config::file{ 'ssl.conf': }
   if $use_shorewall {
     include shorewall::rules::https
   }

diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp
new file mode 100644 (file)
index 0000000..f047173
--- /dev/null
+++ b/manifests/vhost/file.pp
@@ -0,0 +1,37 @@
+define lighttpd::vhost::file(
+    $ensure = present,
+    $vhost_source = 'absent',
+    $content = 'absent'
+){
+    include ::lighttpd::vhosts
+    file{"/etc/lighttpd/vhosts.d/${name}.conf":
+        ensure => $ensure,
+        notify => Service['lighttpd'],
+        owner => root, group => 0, mode => 0644;
+    }
+
+    case $content {
+        'absent': {
+            File["/etc/lighttpd/vhosts.d/${name}.conf"]{
+                source => $vhost_source ? {
+                  'absent'  => [
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$fqdn/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$lighttpd_cluster_node/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/site-lighttpd/vhosts.d/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$operatingsystem/$name.conf",
+                    "puppet://$server/modules/lighttpd/vhosts.d/$name.conf"
+                  ],
+                  default => "puppet://$server/$vhost_source",
+              }
+            }
+        }
+        default: {
+            File["/etc/lighttpd/vhosts.d/${name}.conf"]{
+                content => $content,
+            }
+        }
+    }
+}

diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp
new file mode 100644 (file)
index 0000000..9e02661
--- /dev/null
+++ b/manifests/vhosts.pp
@@ -0,0 +1,11 @@
+class lighttpd::vhosts {
+  file{'/etc/lighttpd/vhosts.d':
+    source => "puppet://$server/modules/common/empty",
+    ensure => directory,
+    purge => true,
+    recurse => true,
+    require => Package['lighttpd'],
+    notify => Service['lighttpd'],
+    owner => root, group => 0, mode => 0644;
+  }
+}