projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
install ssl-cert
[mirror/dsa-puppet.git] / modules / ssl / manifests / init.pp
1 class ssl {
2
3         package {
4                 'openssl':
5                         ensure => installed,
6                         ;
7                 'ssl-cert':
8                         ensure => installed,
9                         ;
10         }
11
12         file { '/etc/ssl/debian':
13                 ensure  => directory,
14                 mode    => '0755',
15                 purge   => true,
16                 recurse => true,
17                 force   => true,
18                 source  => 'puppet:///files/empty/'
19         }
20         file { '/etc/ssl/debian/certs':
21                 ensure => directory,
22                 mode   => '0755',
23         }
24         file { '/etc/ssl/debian/crls':
25                 ensure => directory,
26                 mode   => '0755',
27         }
28         file { '/etc/ssl/debian/keys':
29                 ensure => directory,
30                 group  => ssl-cert,
31                 mode   => '0750',
32         }
33         file { '/etc/ssl/debian/certs/thishost.crt':
34                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
35                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
36         }
37         file { '/etc/ssl/debian/keys/thishost.key':
38                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
39                 mode   => '0440'
40         }
41         file { '/etc/ssl/debian/certs/ca.crt':
42                 source => 'puppet:///modules/ssl/clientcerts/ca.crt',
43                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
44         }
45         file { '/etc/ssl/debian/crls/ca.crl':
46                 source  => 'puppet:///modules/ssl/clientcerts/ca.crl',
47         }
48
49         file { '/etc/ssl/debian/certs/thishost-server.crt':
50                 source  => "puppet:///modules/exim/certs/${::fqdn}.crt",
51                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
52         }
53         file { '/etc/ssl/debian/keys/thishost-server.key':
54                 source  => "puppet:///modules/exim/certs/${::fqdn}.key",
55                 group   => ssl-cert,
56                 mode    => '0440',
57         }
58
59         exec { 'c_rehash /etc/ssl/debian/certs':
60                 refreshonly => true,
61         }
62 }
Unnamed repository; edit this file 'description' to name the repository.