1 define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = false) {
2 $tlsaports = any2array($tlsaport)
4 if ($ensure == "ifstatic") {
5 $ssl_ensure = has_static_component($name) ? {
13 file { "/etc/ssl/debian/certs/$name.crt":
14 ensure => $ssl_ensure,
15 content => template('ssl/crt.erb'),
16 notify => [ Exec['refresh_debian_hashes'], $notify ],
18 file { "/etc/ssl/debian/certs/$name.crt-chain":
19 ensure => $ssl_ensure,
20 content => template('ssl/crt-chain.erb'),
21 notify => [ $notify ],
24 file { "/etc/ssl/debian/certs/$name.crt-chained":
25 ensure => $ssl_ensure,
26 content => template('ssl/crt-chained.erb'),
27 notify => [ $notify ],
30 file { "/etc/ssl/private/$name.key":
31 ensure => $ssl_ensure,
34 content => template('ssl/key.erb'),
35 notify => [ $notify ],
39 file { "/etc/ssl/private/$name.key-certchain":
40 ensure => $ssl_ensure,
43 content => template('ssl/key-chained.erb'),
44 notify => [ $notify ],
49 if (size($tlsaports) > 0 and $ssl_ensure == "present") {
50 $portlist = join($tlsaports, "-")
51 $certdir = hiera('paths.letsencrypt_dir')
52 dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
54 certfile => [ "${certdir}/${name}.crt" ],