Skip to content
Snippets Groups Projects
Verified Commit e104c3b2 authored by Joakim Olovsson's avatar Joakim Olovsson
Browse files

Try with an if statement

parent 0e7ffbea
Branches
No related tags found
2 merge requests!6Test,!5Try with an if statement
Pipeline #96361 passed
Stage: puppet
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 27 deletions
manifests/init.pp
+ 27
27
View file @ e104c3b2
...@@ -3,6 +3,7 @@ class openbright ( ...@@ -3,6 +3,7 @@ class openbright (
String $www_root = '/usr/share/nginx/html', String $www_root = '/usr/share/nginx/html',
Array[String] $index_files = ['index.html'], Array[String] $index_files = ['index.html'],
) { ) {
include profiles::letsencrypt
include nginx include nginx
include liurepo::postgres include liurepo::postgres
...@@ -20,8 +21,6 @@ class openbright ( ...@@ -20,8 +21,6 @@ class openbright (
provider => 'dnfmodule', provider => 'dnfmodule',
} }
profiles::letsencrypt::cert { fact('networking.fqdn'): }
package { package {
[ [
'postgresql15-server', 'postgresql15-server',
...@@ -31,33 +30,34 @@ class openbright ( ...@@ -31,33 +30,34 @@ class openbright (
ensure => installed, ensure => installed,
} }
nginx::resource::server { fact('networking.fqdn'): if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
ensure => present, nginx::resource::server { fact('networking.fqdn'):
www_root => $www_root, ensure => present,
location_cfg_append => { www_root => $www_root,
'rewrite' => '^ https://$server_name$request_uri? permanent', location_cfg_append => {
}, 'rewrite' => '^ https://$server_name$request_uri? permanent',
} },
}
nginx::resource::server { "${fact('networking.fqdn')} HTTPS": nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
ensure => present, ensure => present,
listen_port => 443, listen_port => 443,
www_root => $www_root, www_root => $www_root,
index_files => $index_files, index_files => $index_files,
ssl => true, ssl => true,
ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"), ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"), ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
ssl_protocols => 'TLSv1.3 TLSv1.2', ssl_protocols => 'TLSv1.3 TLSv1.2',
ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
require => Profiles::Letsencrypt::Cert[fact('networking.fqdn')], }
}
nginx::resource::location { '/app/': nginx::resource::location { '/app/':
ensure => present, ensure => present,
ssl => true, ssl => true,
ssl_only => true, ssl_only => true,
server => "${fact('networking.fqdn')} HTTPS", server => "${fact('networking.fqdn')} HTTPS",
proxy => 'http://localhost:8100/', proxy => 'http://localhost:8100/',
}
} }
firewalld_service { firewalld_service {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment