diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-15 09:30:31 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-01-15 12:27:55 +0100 |
| commit | 6a870d2b4f5cd9aff5cb6c63cf09ef9407fa6ab0 (patch) | |
| tree | 5f4fd213f737fc01912cbe556bc1b1ebf70a6f77 | |
| parent | Fix linter warnings. (diff) | |
| download | cgit-6a870d2b4f5cd9aff5cb6c63cf09ef9407fa6ab0.tar.gz cgit-6a870d2b4f5cd9aff5cb6c63cf09ef9407fa6ab0.tar.xz | |
Change to use HugoNikanor/letsencrypt.
| -rw-r--r-- | manifests/init.pp | 3 | ||||
| -rw-r--r-- | manifests/nginx.pp | 40 |
2 files changed, 12 insertions, 31 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 9af59a4..c2d7c00 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -41,8 +41,6 @@ # supported. # @param server_name # Passed to nginx::resource::server's server_name. -# @param certname -# Target TLS certificate used by nginx. # @param htpasswd # Path to htpasswd file used by nginx's basic auth. # @param cgitrc @@ -69,7 +67,6 @@ class cgit ( }]] $users = [], Variant[Boolean, Enum['nginx']] $manage_server = false, Optional[String] $server_name = undef, - Optional[String] $certname = undef, String $htpasswd = '/var/lib/nginx/cgit-htpasswd', String $cgitrc = '/etc/cgitrc', Hash[String, Hash] $filters = {}, diff --git a/manifests/nginx.pp b/manifests/nginx.pp index b3af3f5..b94fff0 100644 --- a/manifests/nginx.pp +++ b/manifests/nginx.pp @@ -1,31 +1,15 @@ # @summary Manages nginx resources for cgit # @api private class cgit::nginx { - if ($cgit::certname == undef) { - nginx::resource::server { 'cgit': - server_name => [$cgit::server_name], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => ['$uri', '@cgit'], - ssl => false, - use_default_location => true, - www_root => $cgit::root, - } - } else { - nginx::resource::server { 'cgit': - server_name => [$cgit::server_name], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => ['$uri', '@cgit'], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${cgit::certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${cgit::certname}/privkey.pem", - use_default_location => true, - www_root => $cgit::root, - ssl_redirect => true, - } + nginx::resource::server { 'cgit': + server_name => [$cgit::server_name], + access_log => 'absent', + error_log => 'absent', + index_files => [], + try_files => ['$uri', '@cgit'], + use_default_location => true, + www_root => $cgit::root, + * => letsencrypt::conf::nginx($cgit::server_name), } nginx::resource::location { '@cgit': @@ -35,7 +19,7 @@ class cgit::nginx { 'PATH_INFO' => '$fastcgi_script_name', 'QUERY_STRING' => '$args', }, - ssl_only => $cgit::certname != undef, + * => letsencrypt::conf::nginx::location($cgit::server_name), fastcgi => 'unix:/run/fcgiwrap.socket', server => [ 'cgit', @@ -53,8 +37,8 @@ class cgit::nginx { $re = $cgit::public_repos.join('|') nginx::resource::location { "~ ^(/(${re})\\.git/.*)" : + * => letsencrypt::conf::nginx::location($cgit::server_name), server => 'cgit', - ssl_only => $cgit::certname != undef, priority => 450, fastcgi => 'unix:/run/fcgiwrap.socket', fastcgi_params => 'fastcgi_params', @@ -67,8 +51,8 @@ class cgit::nginx { } nginx::resource::location { '~ (.*\.git/.*)': + * => letsencrypt::conf::nginx::location($cgit::server_name), server => 'cgit', - ssl_only => $cgit::certname != undef, location_cfg_append => { auth_basic => '"CGit login"', auth_basic_user_file => $cgit::htpasswd, |