2 files changed, 35 insertions, 15 deletions

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index d477632..8bc57ab 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -36,22 +36,32 @@ class profiles::puppetboard {
     provider => apache,
   }
 
+  # Only set up TLS if we are ready. This allows us to bootstrap
+  # ourselves the next run.
   $certname = lookup('certname')
-  class { 'puppetboard::apache::vhost':
-    vhost_name => $::fqdn,
-    port       => 443,
-    ssl        => true,
-    ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
-    ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
-    ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
-  }
+  if $certname and $facts['letsencrypt_directory'][$certname] {
+    class { 'puppetboard::apache::vhost':
+      vhost_name => $::fqdn,
+      port       => 443,
+      ssl        => true,
+      ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
+      ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
+      ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+    }
 
-  apache::vhost { "http-redirect":
-    servername      => $::fqdn,
-    port            => 80,
-    redirect_source => ['/'],
-    redirect_dest   => ["https://${::fqdn}/"],
-    redirect_status => ['permanent'],
-    docroot         => false,
+    apache::vhost { "http-redirect":
+      servername      => $::fqdn,
+      port            => 80,
+      redirect_source => ['/'],
+      redirect_dest   => ["https://${::fqdn}/"],
+      redirect_status => ['permanent'],
+      docroot         => false,
+    }
+  } else {
+    class { 'puppetboard::apache::vhost':
+      vhost_name => $::fqdn,
+      port       => 80,
+      ssl        => false,
+    }
   }
 }
diff --git a/manifests/puppetserver.pp b/manifests/puppetserver.pp
index 3a6921e..7467600 100644
--- a/manifests/puppetserver.pp
+++ b/manifests/puppetserver.pp
@@ -1,5 +1,8 @@
 class profiles::puppetserver (
+  # TODO provide sensible default here, to allow us to bootstrap
+  # ourselves
   Hash $hiera,
+  String $pupetdb_server = $::fqdn,
 ) {
   # required for the git hook
   ensure_packages(['ruby'])
@@ -40,6 +43,13 @@ class profiles::puppetserver (
     ],
   }
 
+  class { 'puppetdb::master::config':
+    puppetdb_server => $puppetdb_server,
+  }
+
+  # TODO
+  # apt install puppetdb-termini
+
   file { "/etc/puppetlabs/puppet/hiera.yaml":
     ensure     => file,
     content    => hash2yaml($hiera, {