From 1e463c6638a05a237d660f458f5a147353be3fc1 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Fri, 26 May 2017 16:41:51 -0700
Subject: static - support for renewing certs with let's encrypt for static
 sites

---
 puppet/modules/site_static/manifests/domain.pp       | 13 +++++++++----
 puppet/modules/site_static/templates/apache.conf.erb | 10 ++++++++--
 2 files changed, 17 insertions(+), 6 deletions(-)

(limited to 'puppet')

diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index 6cf2c653..e456c94e 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -1,25 +1,30 @@
 # configure static service for domain
 define site_static::domain (
-  $ca_cert,
+  $ca_cert=undef,
   $key,
   $cert,
   $tls_only=true,
   $use_hidden_service=false,
   $locations=undef,
   $aliases=undef,
-  $apache_config=undef) {
+  $apache_config=undef,
+  $www_alias=false) {
 
   $domain = $name
   $base_dir = '/srv/static'
 
-  $cafile = "${cert}\n${ca_cert}"
+  if ($ca_cert) {
+    $certfile = "${cert}\n${ca_cert}"
+  } else {
+    $certfile = $cert
+  }
 
   if is_hash($locations) {
     create_resources(site_static::location, $locations)
   }
 
   x509::cert { $domain:
-    content => $cafile,
+    content => $certfile,
     notify  => Service[apache]
   }
   x509::key { $domain:
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index dd04ca43..eb21e4c9 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -80,7 +80,9 @@
 ##
 <VirtualHost 127.0.0.1:80>
   ServerName <%= @tor_domain %>
+<%- if @www_alias -%>
   ServerAlias www.<%= @tor_domain %>
+<%- end -%>
 
   <IfModule mod_headers.c>
     Header set X-Frame-Options "deny"
@@ -102,7 +104,9 @@
 ##
 <VirtualHost *:80>
   ServerName <%= @domain %>
-  ServerAlias www.<%= @domain %>
+<%- if @www_alias -%>
+  ServerAlias www.<%= @tor_domain %>
+<%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
 <%- end -%>
@@ -122,7 +126,9 @@
 ##
 <VirtualHost *:443>
   ServerName <%= @domain %>
-  ServerAlias www.<%= @domain %>
+<%- if @www_alias -%>
+  ServerAlias www.<%= @tor_domain %>
+<%- end -%>
 <%- @aliases && @aliases.each do |domain_alias| -%>
   ServerAlias <%= domain_alias %>
 <%- end -%>
-- 
cgit v1.2.3