Skip to content
Snippets Groups Projects
Verified Commit e104c3b2 authored by Joakim Olovsson's avatar Joakim Olovsson
Browse files

Try with an if statement

parent 0e7ffbea
No related branches found
No related tags found
2 merge requests!6Test,!5Try with an if statement
Pipeline #96361 passed
Stage: puppet
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 27 deletions
manifests/init.pp
+ 27
27
View file @ e104c3b2
...@@ -3,6 +3,7 @@ class openbright ( ...@@ -3,6 +3,7 @@ class openbright (
String $www_root = '/usr/share/nginx/html', String $www_root = '/usr/share/nginx/html',
Array[String] $index_files = ['index.html'], Array[String] $index_files = ['index.html'],
) { ) {
include profiles::letsencrypt
include nginx include nginx
include liurepo::postgres include liurepo::postgres
...@@ -20,8 +21,6 @@ class openbright ( ...@@ -20,8 +21,6 @@ class openbright (
provider => 'dnfmodule', provider => 'dnfmodule',
} }
profiles::letsencrypt::cert { fact('networking.fqdn'): }
package { package {
[ [
'postgresql15-server', 'postgresql15-server',
...@@ -31,33 +30,34 @@ class openbright ( ...@@ -31,33 +30,34 @@ class openbright (
ensure => installed, ensure => installed,
} }
nginx::resource::server { fact('networking.fqdn'): if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
ensure => present, nginx::resource::server { fact('networking.fqdn'):
www_root => $www_root, ensure => present,
location_cfg_append => { www_root => $www_root,
'rewrite' => '^ https://$server_name$request_uri? permanent', location_cfg_append => {
}, 'rewrite' => '^ https://$server_name$request_uri? permanent',
} },
}
nginx::resource::server { "${fact('networking.fqdn')} HTTPS": nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
ensure => present, ensure => present,
listen_port => 443, listen_port => 443,
www_root => $www_root, www_root => $www_root,
index_files => $index_files, index_files => $index_files,
ssl => true, ssl => true,
ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"), ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"), ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
ssl_protocols => 'TLSv1.3 TLSv1.2', ssl_protocols => 'TLSv1.3 TLSv1.2',
ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
require => Profiles::Letsencrypt::Cert[fact('networking.fqdn')], }
}
nginx::resource::location { '/app/': nginx::resource::location { '/app/':
ensure => present, ensure => present,
ssl => true, ssl => true,
ssl_only => true, ssl_only => true,
server => "${fact('networking.fqdn')} HTTPS", server => "${fact('networking.fqdn')} HTTPS",
proxy => 'http://localhost:8100/', proxy => 'http://localhost:8100/',
}
} }
firewalld_service { firewalld_service {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment