Merge branch 'devel' into 'test'

Try with an if statement See merge request !5

Merge branch 'devel' into 'test'
b51ea6a3 · Joakim Olovsson · 612ecf89 · e104c3b2 · b51ea6a3
Commit b51ea6a3 authored 2 years ago by Joakim Olovsson
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,7 @@ class openbright (
  String $www_root = '/usr/share/nginx/html',
  Array[String] $index_files = ['index.html'],
 ) {
+  include profiles::letsencrypt
  include nginx
  include liurepo::postgres

@@ -20,8 +21,6 @@ class openbright (
    provider => 'dnfmodule',
  }

-  profiles::letsencrypt::cert { fact('networking.fqdn'): }
-
  package {
    [
      'postgresql15-server',
@@ -31,33 +30,34 @@ class openbright (
      ensure => installed,
  }

-  nginx::resource::server { fact('networking.fqdn'):
-    ensure              => present,
-    www_root            => $www_root,
-    location_cfg_append => {
-      'rewrite' => '^ https://$server_name$request_uri? permanent',
-    },
-  }
+  if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
+    nginx::resource::server { fact('networking.fqdn'):
+      ensure              => present,
+      www_root            => $www_root,
+      location_cfg_append => {
+        'rewrite' => '^ https://$server_name$request_uri? permanent',
+      },
+    }

-  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
-    ensure        => present,
-    listen_port   => 443,
-    www_root      => $www_root,
-    index_files   => $index_files,
-    ssl           => true,
-    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
-    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
-    ssl_protocols => 'TLSv1.3 TLSv1.2',
-    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
-    require       => Profiles::Letsencrypt::Cert[fact('networking.fqdn')],
-  }
+    nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
+      ensure        => present,
+      listen_port   => 443,
+      www_root      => $www_root,
+      index_files   => $index_files,
+      ssl           => true,
+      ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
+      ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+      ssl_protocols => 'TLSv1.3 TLSv1.2',
+      ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
+    }

-  nginx::resource::location { '/app/':
-    ensure   => present,
-    ssl      => true,
-    ssl_only => true,
-    server   => "${fact('networking.fqdn')} HTTPS",
-    proxy    => 'http://localhost:8100/',
+    nginx::resource::location { '/app/':
+      ensure   => present,
+      ssl      => true,
+      ssl_only => true,
+      server   => "${fact('networking.fqdn')} HTTPS",
+      proxy    => 'http://localhost:8100/',
+    }
  }

  firewalld_service {