summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hieradata/nodes/proxyin.yaml4
-rw-r--r--sitemodules/profiles/manifests/sniproxy.pp39
2 files changed, 7 insertions, 36 deletions
diff --git a/hieradata/nodes/proxyin.yaml b/hieradata/nodes/proxyin.yaml
index bd1e96c..e1872fd 100644
--- a/hieradata/nodes/proxyin.yaml
+++ b/hieradata/nodes/proxyin.yaml
@@ -3,13 +3,9 @@ classes:
- roles::proxyin
profiles::base::admins:
- jandd
-profiles::sniproxy::https_forwards_sniproxy:
- - "motion\\.cacert\\.org$ 10.0.0.117:8443"
- - "selfservice\\.cacert\\.org$ 10.0.0.118:8443"
profiles::sniproxy::https_forwards:
motion.cacert.org: "10.0.0.117:8443"
selfservice.cacert.org: "10.0.0.118:8443"
-profiles::sniproxy::https_port: 8443
profiles::icinga2_agent::pki_ticket: >
ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAVh+d4e8x8Tub+RMVEeyllfUZz2VGaqIL0mW7
diff --git a/sitemodules/profiles/manifests/sniproxy.pp b/sitemodules/profiles/manifests/sniproxy.pp
index 971c210..966f2d8 100644
--- a/sitemodules/profiles/manifests/sniproxy.pp
+++ b/sitemodules/profiles/manifests/sniproxy.pp
@@ -6,13 +6,9 @@
# Parameters
# ----------
#
-# @param https_forwards_sniproxy a list of server names to target ips/ports for
-# the sniproxy configuration
+# @param https_forwards a hash of server names to target ips/ports for nginx
#
-# @param https_forwards a hash of server names to target ips/ports for
-# nginx
-#
-# @param https_port the https port for nginx
+# @param https_port the https port for nginx
#
# Examples
# --------
@@ -33,45 +29,24 @@
# Copyright 2017-2021 Jan Dittberner
#
class profiles::sniproxy (
- Array[String] $https_forwards_sniproxy,
Hash[String,String] $https_forwards,
Integer $https_port = 443,
) {
- # not required since Buster
- file { '/etc/apt/preferences.d/sniproxy':
- ensure => absent,
- }
-
package { 'sniproxy':
- ensure => present,
+ ensure => purged,
}
file { '/etc/default/sniproxy':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0644',
- source => 'puppet:///modules/profiles/sniproxy/etc_default_sniproxy',
- require => Package['sniproxy'],
+ ensure => absent,
}
file { '/etc/sniproxy.conf':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => epp(
- 'profiles/sniproxy/sniproxy.conf.epp',
- {'https_forwards' => $https_forwards_sniproxy}
- ),
- require => Package['sniproxy'],
+ ensure => absent,
}
service { 'sniproxy':
- ensure => running,
- enable => true,
- require => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
- subscribe => [File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
+ ensure => stopped,
+ enable => false,
}
package { 'nginx-full':