ServerAdmin debian-admin@debian.org
SSLEngine on
SSLCertificateFile /etc/ssl/debian/certs/thishost-server.crt
- SSLCertificateKeyFile /etc/ssl/debian/keys/thishost-server.key
+ SSLCertificateKeyFile /etc/ssl/private/thishost-server.key
SSLCertificateChainFile /etc/ssl/debian/certs/ca.crt
ErrorLog /var/log/apache2/error.log
$bacula_ca_path = '/etc/ssl/debian/certs/ca.crt'
$bacula_ssl_client_cert = '/etc/ssl/debian/certs/thishost.crt'
- $bacula_ssl_client_key = '/etc/ssl/debian/keys/thishost.key'
+ $bacula_ssl_client_key = '/etc/ssl/private/thishost.key'
$bacula_ssl_server_cert = '/etc/ssl/debian/certs/thishost-server.crt'
- $bacula_ssl_server_key = '/etc/ssl/debian/keys/thishost-server.key'
+ $bacula_ssl_server_key = '/etc/ssl/private/thishost-server.key'
file { '/usr/local/sbin/bacula-idle-restart':
mode => '0555',
ssl => true,
ssl_cacert => '/etc/ssl/debian/certs/ca.crt',
ssl_cert => '/etc/ssl/debian/certs/thishost-server.crt',
- ssl_key => '/etc/ssl/debian/keys/thishost-server.key',
+ ssl_key => '/etc/ssl/private/thishost-server.key',
ssl_port => 5671,
ssl_verify => 'verify_none',
manage_repos => false,
ensure => directory,
mode => '0755',
}
- file { '/etc/ssl/debian/keys':
- ensure => directory,
- mode => '0750',
- group => ssl-cert,
- require => Package['ssl-cert'],
- }
file { '/etc/ssl/debian/certs/thishost.crt':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
notify => Exec['refresh_debian_hashes'],
}
- file { '/etc/ssl/debian/keys/thishost.key':
- source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
- mode => '0440',
- group => ssl-cert,
- require => Package['ssl-cert'],
- }
file { '/etc/ssl/debian/certs/ca.crt':
source => 'puppet:///modules/ssl/clientcerts/ca.crt',
notify => Exec['refresh_debian_hashes'],
source => "puppet:///modules/exim/certs/${::fqdn}.crt",
notify => Exec['refresh_debian_hashes'],
}
- file { '/etc/ssl/debian/keys/thishost-server.key':
+
+ #file { '/etc/ssl/debian/keys/thishost.key':
+ # ensure => absent,
+ #}
+ #file { '/etc/ssl/debian/keys/thishost-server.key':
+ # ensure => absent,
+ #}
+ #file { '/etc/ssl/debian/keys':
+ # ensure => absent,
+ #}
+ file { '/etc/ssl/private/thishost.key':
+ source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
+ mode => '0440',
+ group => ssl-cert,
+ require => Package['ssl-cert'],
+ }
+ file { '/etc/ssl/private/thishost-server.key':
source => "puppet:///modules/exim/certs/${::fqdn}.key",
mode => '0440',
group => ssl-cert,
if $client {
$certfile = '/etc/ssl/debian/certs/thishost.crt'
- $keyfile = '/etc/ssl/debian/keys/thishost.key'
+ $keyfile = '/etc/ssl/private/thishost.key'
} else {
$certfile = '/etc/exim4/ssl/thishost.crt'
$keyfile = '/etc/exim4/ssl/thishost.key'
<%- if client -%>
cert = /etc/ssl/debian/certs/thishost.crt
-key = /etc/ssl/debian/keys/thishost.key
+key = /etc/ssl/private/thishost.key
<%- else -%>
cert = /etc/exim4/ssl/thishost.crt
key = /etc/exim4/ssl/thishost.key
<%- if hostname != "lotti" -%>
destination loghost-lotti {
tcp("lotti.debian.org" port (5140)
- tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ tls( key_file("/etc/ssl/private/thishost.key")
cert_file("/etc/ssl/debian/certs/thishost.crt")
ca_dir("/etc/ssl/debian/certs/")
)
<%- if hostname != "lully" -%>
destination loghost-lully {
tcp("lully.debian.org" port (5140)
- tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ tls( key_file("/etc/ssl/private/thishost.key")
cert_file("/etc/ssl/debian/certs/thishost.crt")
ca_dir("/etc/ssl/debian/certs/")
)
<%- if hostname != "loghost-grnet-01" -%>
destination loghost-loghost-grnet-01 {
tcp("loghost-grnet-01.debian.org" port (5140)
- tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ tls( key_file("/etc/ssl/private/thishost.key")
cert_file("/etc/ssl/debian/certs/thishost.crt")
ca_dir("/etc/ssl/debian/certs/")
)
projects / mirror / dsa-puppet.git / commitdiff