From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 31 Jan 2016 17:21:45 +0000 (+0000)
Subject: ship debtags key
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=6e6ef69a87a73384f1032efba8a82f684961504a;p=mirror%2Fdsa-puppet.git

ship debtags key
---

diff --git a/modules/roles/manifests/debtags.pp b/modules/roles/manifests/debtags.pp
index 945ed2a84..b58cf20ea 100644
--- a/modules/roles/manifests/debtags.pp
+++ b/modules/roles/manifests/debtags.pp
@@ -4,6 +4,7 @@ class roles::debtags {
 
 	ssl::service { 'debtags.debian.org':
 		notify => Service['apache2'],
+		key => true,
 	}
 
 	apache2::site { '010-debtags.debian.org':
diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index da0a97f80..a9d4fd45b 100644
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -1,4 +1,4 @@
-define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
+define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = false) {
 	$link_target = $ensure ? {
 		present => link,
 		absent  => absent,
@@ -18,6 +18,15 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
 		content => template('ssl/chained.erb'),
 		notify => [ $notify ],
 	}
+	if $key {
+		file { "/etc/ssl/private/$name.key":
+			mode   => '0440',
+			group => 'ssl-cert',
+			source => [ "puppet:///modules/ssl/keys/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.key" ],
+			notify => [ $notify ],
+			links  => follow,
+		}
+	}
 
 	if $tlsaport > 0 {
 		dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":