summaryrefslogtreecommitdiff
path: root/puppet/modules/site_nickserver
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_nickserver')
-rw-r--r--puppet/modules/site_nickserver/manifests/init.pp9
-rw-r--r--puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb8
2 files changed, 7 insertions, 10 deletions
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp
index eaf90d55..c2deab0f 100644
--- a/puppet/modules/site_nickserver/manifests/init.pp
+++ b/puppet/modules/site_nickserver/manifests/init.pp
@@ -34,11 +34,12 @@ class site_nickserver {
# See site_webapp/templates/haproxy_couchdb.cfg.erg
$couchdb_port = '4096'
+ $sources = hiera('sources')
+
# temporarily for now:
$domain = hiera('domain')
$address_domain = $domain['full_suffix']
-
include site_config::x509::cert
include site_config::x509::key
include site_config::x509::ca
@@ -69,9 +70,9 @@ class site_nickserver {
vcsrepo { '/srv/leap/nickserver':
ensure => present,
- revision => 'origin/master',
- provider => git,
- source => 'https://leap.se/git/nickserver',
+ revision => $sources['nickserver']['revision'],
+ provider => $sources['nickserver']['type'],
+ source => $sources['nickserver']['source'],
owner => 'nickserver',
group => 'nickserver',
require => [ User['nickserver'], Group['nickserver'] ],
diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
index 56a8d9f6..d4e734c3 100644
--- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
+++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
@@ -8,17 +8,13 @@ Listen 0.0.0.0:<%= @nickserver_port -%>
ServerName <%= @nickserver_domain %>
ServerAlias <%= @address_domain %>
- SSLEngine on
- SSLProtocol all -SSLv2 -SSLv3
- SSLHonorCipherOrder on
- SSLCompression off
- SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK"
-
SSLCACertificatePath /etc/ssl/certs
SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt
SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
+ Include include.d/ssl_common.inc
+
ProxyPass / http://localhost:<%= @nickserver_local_port %>/
ProxyPreserveHost On # preserve Host header in HTTP request
</VirtualHost>