Use a template to get from-letsencrypt cert key, and no longer support getting keys...

author Peter Palfrader <peter@palfrader.org>

Tue, 3 Oct 2017 06:55:52 +0000 (08:55 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 3 Oct 2017 06:55:57 +0000 (08:55 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 3 Oct 2017 06:55:52 +0000 (08:55 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 3 Oct 2017 06:55:57 +0000 (08:55 +0200)
diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp

index f01a75c..eeeec92 100644 (file)
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -31,7 +31,7 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
                         ensure => $ssl_ensure,
                         mode   => '0440',
                         group => 'ssl-cert',
-                       source => [ "puppet:///modules/ssl/keys/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.key" ],
+                       content => template('ssl/key.erb'),
                         notify => [ $notify ],
                         links  => follow,
                 }
diff --git a/modules/ssl/templates/key.erb b/modules/ssl/templates/key.erb

new file mode 100644 (file)

index 0000000..29f969b
--- /dev/null
+++ b/modules/ssl/templates/key.erb
@@ -0,0 +1,5 @@
+<%=
+  fn = "/srv/puppet.torproject.org/from-letsencrypt/#{@name}.key"
+  out = File.read(fn)
+  out
+%>
author	Peter Palfrader <peter@palfrader.org>
	Tue, 3 Oct 2017 06:55:52 +0000 (08:55 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 3 Oct 2017 06:55:57 +0000 (08:55 +0200)
modules/ssl/manifests/service.pp		patch \| blob \| history
modules/ssl/templates/key.erb	[new file with mode: 0644]	patch \| blob