Complement puppet configuration.

1 files changed, 25 insertions, 15 deletions

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index d477632..8bc57ab 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -36,22 +36,32 @@ class profiles::puppetboard {
     provider => apache,
   }
 
+  # Only set up TLS if we are ready. This allows us to bootstrap
+  # ourselves the next run.
   $certname = lookup('certname')
-  class { 'puppetboard::apache::vhost':
-    vhost_name => $::fqdn,
-    port       => 443,
-    ssl        => true,
-    ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
-    ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-  }
+  if $certname and $facts['letsencrypt_directory'][$certname] {
+    class { 'puppetboard::apache::vhost':
+      vhost_name => $::fqdn,
+      port       => 443,
+      ssl        => true,
+      ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
+      ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
+      ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+    }
 
-  apache::vhost { "http-redirect":
-    servername      => $::fqdn,
-    port            => 80,
-    redirect_source => ['/'],
-    redirect_dest   => ["https://${::fqdn}/"],
-    redirect_status => ['permanent'],
-    docroot         => false,
+    apache::vhost { "http-redirect":
+      servername      => $::fqdn,
+      port            => 80,
+      redirect_source => ['/'],
+      redirect_dest   => ["https://${::fqdn}/"],
+      redirect_status => ['permanent'],
+      docroot         => false,
+    }
+  } else {
+    class { 'puppetboard::apache::vhost':
+      vhost_name => $::fqdn,
+      port       => 80,
+      ssl        => false,
+    }
   }
 }