Drop HOST_PGBACKUPHOST_V4 and HOST_PGBACKUPHOST_V6

[mirror/dsa-puppet.git] / modules / ssl / manifests / init.pp

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 744cb46..2474f20 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -1,6 +1,6 @@
-class ssl {
-       $caconf = '/etc/ca-certificates.conf'
-
+class ssl (
+       Boolean $insecure_ssl = false
+) {
        package { 'openssl':
                ensure   => installed,
        }
@@ -11,7 +11,7 @@ class ssl {
                ensure   => installed,
        }
 
-       if has_role('insecure_ssl') {
+       if $insecure_ssl {
                $extra_ssl_certs_flags = ' --default'
                $ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
        } else {
@@ -29,7 +29,7 @@ class ssl {
        }
        file { '/etc/ca-certificates-debian.conf':
                mode    => '0444',
-               source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
+               source => 'puppet:///modules/ssl/ca-certificates.conf',
                notify  => Exec['refresh_ca_debian_hashes'],
        }
        file { '/etc/ca-certificates-global.conf':
@@ -37,11 +37,6 @@ class ssl {
                notify  => Exec['refresh_ca_global_hashes'],
        }
 
-       file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
-               mode   => '0444',
-               source => 'puppet:///modules/ssl/local-ssl-ca-global',
-       }
-
        file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
                ensure => absent,
                notify => Exec['refresh_normal_hashes'],
@@ -147,6 +142,12 @@ class ssl {
                $updatecacerts = $updatecacertsdsa
        }
 
+       file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+               mode   => '0444',
+               content => template('ssl/local-ssl-ca-global.erb'),
+       }
+
+
        exec { 'refresh_debian_hashes':
                command     => 'c_rehash /etc/ssl/debian/certs',
                refreshonly => true,