# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# TODO: check permission on SSL keys
class nginx {
- # Setup packages
- package { "nginx": ensure => installed, }
- # Nginx service
- service { "nginx":
- enable => true,
- ensure => running,
- hasrestart => true,
- require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+ $ssl = $nginx_ssl {
+ false => false,
+ default => true,
}
+ # Setup packages
+ package { "nginx": ensure => installed, }
+
# Config folders, see http://projects.reductivelabs.com/issues/86
file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]:
ensure => directory,
group => "root",
}
+ if $ssl {
+ file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
+ ensure => directory,
+ owner => "root",
+ group => "root",
+ }
+
+ file { "/etc/ssl/certs/cert.crt":
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 644,
+ source => "puppet://$server/files/keys/ssl/cert.crt",
+ require => File["/etc/ssl/certs"],
+ }
+
+ file { "/etc/ssl/private/cert.pem":
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 600,
+ source => "puppet://$server/files/keys/ssl/cert.pem",
+ require => File["/etc/ssl/private"],
+ }
+
+ service { "nginx":
+ enable => true,
+ ensure => running,
+ hasrestart => true,
+ require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"],
+ File["/etc/ssl/private/cert.pem"], File["/etc/ssl/private/cert.crt"] ],
+ }
+ } else {
+ service { "nginx":
+ enable => true,
+ ensure => running,
+ hasrestart => true,
+ require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+ }
+ }
+
# Default site
site { "$domain": ensure => present, }
projects / puppet-nginx.git / commitdiff