diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-13 22:43:58 +0100 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-14 10:48:28 +0100 |
commit | a23935ccf0c2044887fd81c147e8f26c4e0055e9 (patch) | |
tree | 090f736a2f02bf726ce9726ecc0df6d70daf616f /manifests/puppetboard.pp | |
parent | Set default timezone. (diff) | |
download | profiles-a23935ccf0c2044887fd81c147e8f26c4e0055e9.tar.gz profiles-a23935ccf0c2044887fd81c147e8f26c4e0055e9.tar.xz |
Complement puppet configuration.
Diffstat (limited to 'manifests/puppetboard.pp')
-rw-r--r-- | manifests/puppetboard.pp | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp index d477632..8bc57ab 100644 --- a/manifests/puppetboard.pp +++ b/manifests/puppetboard.pp @@ -36,22 +36,32 @@ class profiles::puppetboard { provider => apache, } + # Only set up TLS if we are ready. This allows us to bootstrap + # ourselves the next run. $certname = lookup('certname') - class { 'puppetboard::apache::vhost': - vhost_name => $::fqdn, - port => 443, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", - } + if $certname and $facts['letsencrypt_directory'][$certname] { + class { 'puppetboard::apache::vhost': + vhost_name => $::fqdn, + port => 443, + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", + ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", + ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", + } - apache::vhost { "http-redirect": - servername => $::fqdn, - port => 80, - redirect_source => ['/'], - redirect_dest => ["https://${::fqdn}/"], - redirect_status => ['permanent'], - docroot => false, + apache::vhost { "http-redirect": + servername => $::fqdn, + port => 80, + redirect_source => ['/'], + redirect_dest => ["https://${::fqdn}/"], + redirect_status => ['permanent'], + docroot => false, + } + } else { + class { 'puppetboard::apache::vhost': + vhost_name => $::fqdn, + port => 80, + ssl => false, + } } } |