summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2013-09-19 13:45:03 +0200
committervarac <varacanero@zeromail.org>2013-09-19 13:45:03 +0200
commit43a5b322d99effa411c9fddf5f849da70a7768e8 (patch)
tree3e04903f3f1070f89e691d061888976ceccf766e /puppet
parentb798d716e5219d00b5b94ce8b80566e4b3bf0899 (diff)
tidy nickserver x509 definitions (#3842)
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_nickserver/manifests/init.pp24
-rw-r--r--puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb6
2 files changed, 7 insertions, 23 deletions
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp
index 84b07e77..a12ed3a2 100644
--- a/puppet/modules/site_nickserver/manifests/init.pp
+++ b/puppet/modules/site_nickserver/manifests/init.pp
@@ -41,11 +41,6 @@ class site_nickserver {
include site_config::x509::cert_key
include site_config::x509::ca
- $x509 = hiera('x509')
- $x509_key = $x509['key']
- $x509_cert = $x509['cert']
- $x509_ca = $x509['ca_cert']
-
#
# USER AND GROUP
#
@@ -129,7 +124,10 @@ class site_nickserver {
enable => true,
hasrestart => true,
hasstatus => true,
- require => File['/etc/init.d/nickserver'];
+ require => [
+ File['/etc/init.d/nickserver'],
+ Class['Site_config::X509::Cert_key'],
+ Class['Site_config::X509::Ca'] ];
}
#
@@ -165,18 +163,4 @@ class site_nickserver {
content => template('site_nickserver/nickserver-proxy.conf.erb')
}
- x509::key { 'nickserver':
- content => $x509_key,
- notify => Service[apache];
- }
-
- x509::cert { 'nickserver':
- content => $x509_cert,
- notify => Service[apache];
- }
-
- x509::ca { 'nickserver':
- content => $x509_ca,
- notify => Service[apache];
- }
}
diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
index 67896cd3..478ae7f1 100644
--- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
+++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
@@ -14,9 +14,9 @@ Listen 0.0.0.0:<%= @nickserver_port -%>
SSLHonorCipherOrder on
SSLCACertificatePath /etc/ssl/certs
- SSLCertificateChainFile /etc/ssl/certs/nickserver.pem
- SSLCertificateKeyFile /etc/x509/keys/nickserver.key
- SSLCertificateFile /etc/x509/certs/nickserver.crt
+ SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt
+ SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
+ SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
ProxyPass / http://localhost:<%= @nickserver_local_port %>/
ProxyPreserveHost On # preserve Host header in HTTP request