summaryrefslogtreecommitdiff
path: root/puppet/modules/x509/manifests/base.pp
blob: b88cce643b3e7d7d54def1276f2f4db4d26d518e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
class x509::base {
  include x509::variables

  package { [ 'ssl-cert', 'ca-certificates' ]:
    ensure => installed;
  }

  group { 'ssl-cert':
    ensure  => present,
    system  => true,
    require => Package['ssl-cert'];
  }

  file {
    $x509::variables::root:
      ensure  => directory,
      mode    => '0755',
      owner   => root,
      group   => root;

    $x509::variables::keys:
      ensure  => directory,
      mode    => '0750',
      owner   => root,
      group   => ssl-cert;

    $x509::variables::certs:
      ensure  => directory,
      mode    => '0755',
      owner   => root,
      group   => root;

    $x509::variables::local_CAs:
      ensure  => directory,
      mode    => '2775',
      owner   => root,
      group   => root;
  }

  exec { 'update-ca-certificates':
    command     => '/usr/sbin/update-ca-certificates',
    refreshonly => true,
    subscribe   => File[$x509::variables::local_CAs]
  }
}