8a2bec462856f8befa062f4b9e74c03690950b31
[mirror/dsa-puppet.git] / modules / ssl / manifests / service.pp
1 define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
2         $link_target = $ensure ? {
3                 present => link,
4                 absent  => absent,
5                 default => fail ( "Unknown ensure value: '$ensure'" ),
6         }
7
8         file { "/etc/ssl/debian/certs/$name.crt":
9                 source => "puppet:///modules/ssl/servicecerts/${name}.crt",
10                 notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
11         }
12         file { "/etc/ssl/debian/certs/$name.crt-chain":
13                 source => [ "puppet:///modules/ssl/servicecerts/${name}.crt-chain",  "puppet:///modules/ssl/empty" ],
14                 notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
15         }
16
17         if $tlsaport > 0 {
18                 dnsextras::tlsa_record{ "tlsa-${tlsaport}":
19                         zone => 'debian.org',
20                         certfile => "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt",
21                         port => $tlsaport,
22                         hostname => "$name",
23                 }
24         }
25 }