summaryrefslogtreecommitdiff
path: root/puppet/modules/site_nickserver
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_nickserver')
-rw-r--r--puppet/modules/site_nickserver/manifests/init.pp27
-rw-r--r--puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb6
2 files changed, 11 insertions, 22 deletions
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp
index 45503d8a..a12ed3a2 100644
--- a/puppet/modules/site_nickserver/manifests/init.pp
+++ b/puppet/modules/site_nickserver/manifests/init.pp
@@ -36,10 +36,10 @@ class site_nickserver {
# temporarily for now:
$domain = hiera('domain')
$address_domain = $domain['full_suffix']
- $x509 = hiera('x509')
- $x509_key = $x509['key']
- $x509_cert = $x509['cert']
- $x509_ca = $x509['ca_cert']
+
+
+ include site_config::x509::cert_key
+ include site_config::x509::ca
#
# USER AND GROUP
@@ -124,7 +124,10 @@ class site_nickserver {
enable => true,
hasrestart => true,
hasstatus => true,
- require => File['/etc/init.d/nickserver'];
+ require => [
+ File['/etc/init.d/nickserver'],
+ Class['Site_config::X509::Cert_key'],
+ Class['Site_config::X509::Ca'] ];
}
#
@@ -160,18 +163,4 @@ class site_nickserver {
content => template('site_nickserver/nickserver-proxy.conf.erb')
}
- x509::key { 'nickserver':
- content => $x509_key,
- notify => Service[apache];
- }
-
- x509::cert { 'nickserver':
- content => $x509_cert,
- notify => Service[apache];
- }
-
- x509::ca { 'nickserver':
- content => $x509_ca,
- notify => Service[apache];
- }
}
diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
index 67896cd3..ae06410e 100644
--- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
+++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb
@@ -14,9 +14,9 @@ Listen 0.0.0.0:<%= @nickserver_port -%>
SSLHonorCipherOrder on
SSLCACertificatePath /etc/ssl/certs
- SSLCertificateChainFile /etc/ssl/certs/nickserver.pem
- SSLCertificateKeyFile /etc/x509/keys/nickserver.key
- SSLCertificateFile /etc/x509/certs/nickserver.crt
+ SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt
+ SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key
+ SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt
ProxyPass / http://localhost:<%= @nickserver_local_port %>/
ProxyPreserveHost On # preserve Host header in HTTP request