blob: 75b5b480b540daf7e308308078a68c10eb1617db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# Sets up nginx specific configuration, and provides access to
# variables for enterpolating into nginx configurations
#
# These use the default cert name
# @example
# nginx::resource::server { 'servername':
# * => $letsescrypt::nginx::server_ssl
# }
# $letsencrypt::nginx::location_ssl
#
# @param certbot_plugin_package
# Name of the system package providing this plugin.
# Populated through hiera.
# @param manage_package
# If this class should manage the package.
class letsencrypt::nginx (
String $certbot_plugin_package,
Boolean $manage_package = true,
) {
# TODO $cert_path should use the default certificate name.
# There should however also be a hash of all configured
# certificates.
$cert_path = "${letsencrypt::config_dir}/live/${letsencrypt::config_dir::default_cert_name}"
$server_ssl = if $letsencrypt::ssl_configured {
{
ssl => true,
ssl_redirect => true,
ssl_cert => "${cert_path}/fullchain.pem",
ssl_key => "${cert_path}/privkey.pem",
}
} else {
{
ssl => false,
}
}
$location_ssl = if $letsencrypt::ssl_configured {
{
ssl => true,
ssl_only => true,
}
} else {
{
ssl => false,
}
}
if $manage_package {
ensure_packages([$certbot_plugin_package])
}
}
|