Defines nginx::cert

diff --git a/manifests/cert.pp b/manifests/cert.pp
new file mode 100644 (file)
index 0000000..81a5f4b
--- /dev/null
+++ b/manifests/cert.pp
@@ -0,0 +1,20 @@
+define nginx::cert(
+  $address
+)
+{
+  ssl::cert { "$address":
+    main   => true,
+    notify => Service['nginx'],
+  }
+
+  ssl::check { "$address":
+    file => true,
+  }
+
+  Service["nginx"] {
+    require => [ Package["nginx"],
+                 File["/etc/nginx/sites-enabled/${address}"],
+                 File["/etc/ssl/private/${address}.pem"],
+                 File["/etc/ssl/certs/${address}.crt"] ],
+  }
+}

diff --git a/manifests/init.pp b/manifests/init.pp
index 7c827de7cefd1de26882d3fdab0e9095001a0163..dbbf4f4b1b8722cabbe6030754907bc1196e0664 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -16,9 +16,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-class nginx inherits nginx::base(
-  $deploy_certs = true
-) {
+class nginx inherits nginx::base {
   include ssl
 
   # See https://weakdh.org/
@@ -30,31 +28,6 @@ class nginx inherits nginx::base(
     notify  => Service['nginx'],
   }
 
-  case $deploy_certs {
-    true: {
-      ssl::cert { "$::domain":
-        main   => true,
-        notify => Service['nginx'],
-      }
-
-      ssl::check { "$::domain":
-        file => true,
-      }
-
-      # For SNI
-      ssl::cert { "example.org":
-        notify => Service['nginx'],
-      }
-
-      Service["nginx"] {
-        require => [ Package["nginx"],
-                     File["/etc/nginx/sites-enabled/${::domain}"],
-                     File["/etc/ssl/private/${::domain}.pem"],
-                     File["/etc/ssl/certs/${::domain}.crt"] ],
-      }
-    }
-  }
-
   # Default site
   nginx::base::site { "default":
     ensure => present,