Merge branch 'devel' into 'test'

Devel See merge request liu-puppet-modules/ai4ca!4

Merge branch 'devel' into 'test'
ad8b69c7 · Joakim Olovsson · 7795ccc8 · 92153c38 · ad8b69c7
Commit ad8b69c7 authored 2 years ago by Joakim Olovsson
--- a/manifests/init.pp
+++ b/manifests/init.pp
+#
 class ai4ca (
  String $www_root = '/usr/share/nginx/html',
  Array[String] $index_files = ['index.html'],
@@ -14,13 +15,15 @@ class ai4ca (
  }
  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
-    ensure      => present,
+    ensure        => present,
-    listen_port => 443,
+    listen_port   => 443,
-    www_root    => $www_root,
+    www_root      => $www_root,
-    index_files => $index_files,
+    index_files   => $index_files,
-    ssl         => true,
+    ssl           => true,
-    ssl_cert    => fact("letsencrypt_certs.${fact('networking.fqdn')}.files.combined"),
+    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
-    ssl_key     => fact("letsencrypt_certs.${fact('networking.fqdn')}.files.key"),
+    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+    ssl_protocols => 'TLSv1.3 TLSv1.2',
+    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
  }
  firewalld_service {
@@ -30,5 +33,11 @@ class ai4ca (
    'nginx https LiU':
      zone    => 'liu',
      service => 'https';
+    'nginx http Public':
+      zone    => 'public',
+      service => 'http';
+    'nginx https Public':
+      zone    => 'public',
+      service => 'https';
  }
 }