Initial commit

6 files changed, 97 insertions, 0 deletions

diff --git a/manifests/base.pp b/manifests/base.pp
new file mode 100644
index 0000000..f38f24f
--- /dev/null
+++ b/manifests/base.pp
@@ -0,0 +1,45 @@
+class x509::base {
+  include x509::variables
+
+  package { [ 'ssl-cert', 'ca-certificates' ]:
+    ensure => installed;
+  }
+
+  group { 'ssl-cert':
+    ensure  => present,
+    system  => true,
+    require => Package['ssl-cert'];
+  }
+
+  file {
+    $x509::variables::root:
+      ensure  => directory,
+      mode    => '0755'
+      owner   => root,
+      group   => root;
+
+    $x509::variables::keys:
+      ensure  => directory,
+      mode    => '0700',
+      owner   => root,
+      group   => ssl-cert;
+
+    $x509::variables::certs:
+      ensure  => directory,
+      mode    => '0755',
+      owner   => root,
+      group   => root;
+
+    $x509::variables::local_CAs:
+      ensure  => directory,
+      mode    => '2775',
+      owner   => root,
+      group   => root;
+  }
+
+  exec { 'update-ca-certificates':
+    command     => '/usr/sbin/update-ca-certificates',
+    refreshonly => true,
+    subscribe   => File[$x509::variables::local_CAs]
+  }
+}
diff --git a/manifests/ca.pp b/manifests/ca.pp
new file mode 100644
index 0000000..dc862d3
--- /dev/null
+++ b/manifests/ca.pp
@@ -0,0 +1,15 @@
+define x509::ca (
+  $source = "puppet:///modules/site_x509/files/CAs/${name}.crt"
+) {
+  include x509::variables
+  include x509::base
+
+  file { "${x509::variables::local_CAs}/${name}.crt" :
+    ensure  => file,
+    mode    => '0444',
+    group   => 'ssl-cert',
+    source  => $source,
+    require => [ Package['openssl'], Package['ca-certificates'] ],
+    notify  => Exec['update-ca-certificates'],
+  }
+}
diff --git a/manifests/cert.pp b/manifests/cert.pp
new file mode 100644
index 0000000..b6caa7b
--- /dev/null
+++ b/manifests/cert.pp
@@ -0,0 +1,14 @@
+define x509::cert (
+  $source = "puppet:///modules/site_x509/files/certs/${name}.crt",
+) {
+  include x509::variables
+  include x509::base
+
+  file { "${x509::variables::ssl_local_certs}/${name}.crt" :
+    ensure  => file,
+    mode    => '0444',
+    group   => 'ssl-cert',
+    source  => $source,
+    require => Package['openssl'],
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..8283e48
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,2 @@
+class x509 {
+}
diff --git a/manifests/key.pp b/manifests/key.pp
new file mode 100644
index 0000000..f083a02
--- /dev/null
+++ b/manifests/key.pp
@@ -0,0 +1,14 @@
+define x509::key (
+  $source = "puppet:///modules/site_x509/files/keys/${name}.key"
+) {
+  include x509::variables
+  include x509::base
+
+  file { "${x509::variables::keys}/${name}.key":
+    ensure  => file,
+    mode    => '0600',
+    group   => 'ssl-cert',
+    source  => $source,
+    require => Package['openssl']
+  }
+}
diff --git a/manifests/variables.pp b/manifests/variables.pp
new file mode 100644
index 0000000..e6bd235
--- /dev/null
+++ b/manifests/variables.pp
@@ -0,0 +1,7 @@
+class x509::variables {
+  $root           = '/etc/x509'
+  $certs          = "${root}/certs"
+  $keys           = "${root}/keys"
+  $x509_chain     = "${root}/certs"
+  $local_CAs      = '/usr/local/share/ca-certificates'
+}