From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 1 Jan 2014 10:54:40 +0000 (+0100)
Subject: Add SSL related apache macros
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=28d5e073803e59886b39b0acfa8484b97a855da4;p=mirror%2Fdsa-puppet.git

Add SSL related apache macros
---

diff --git a/modules/apache2/files/puppet-ssl-macros b/modules/apache2/files/puppet-ssl-macros
new file mode 100644
index 000000000..69bc42438
--- /dev/null
+++ b/modules/apache2/files/puppet-ssl-macros
@@ -0,0 +1,27 @@
+<IfModule mod_ssl.c>
+  <IfModule mod_macro.c>
+    <Macro common-ssl-HSTS>
+      # Add two month HSTS header
+      Header always add Strict-Transport-Security "max-age=5184000"
+    </Macro>
+
+    <Macro common-debian-service-ssl $name>
+      SSLEngine on
+      SSLCertificateFile    /etc/ssl/debian/certs/$name.crt
+      SSLCertificateKeyFile /etc/ssl/private/$name.key
+      SSLCertificateChainFile /etc/ssl/debian/certs/$name.crt-chain
+    </Macro>
+
+    <Macro common-debian-service-https-redirect $bind $name>
+      <VirtualHost $bind:80>
+        ServerName $name
+        ServerAdmin debian-admin@lists.debian.org
+
+        CustomLog /var/log/apache2/$name-access.log privacy
+        ErrorLog /var/log/apache2/$name-error.log
+
+        Redirect permanent / https://$name/
+      </VirtualHost>
+    </Macro>
+  </IfModule>
+</IfModule>
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index a475f63ce..03976954d 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -52,6 +52,10 @@ class apache2 {
 		source => 'puppet:///modules/apache2/server-status',
 	}
 
+	apache2::config { 'puppet-ssl-macros':
+		source => 'puppet:///modules/apache2/puppet-ssl-macros',
+	}
+
 	file { '/etc/apache2/sites-available/common-ssl.inc':
 		ensure => absent,
 	}