summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/sniproxy.pp
blob: 966f2d833446f7542c8ad24404d2c8e357eaf710 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Class: profiles::sniproxy
# =========================
#
# This class takes care of setting up an SNI base proxy for other systems.
#
# Parameters
# ----------
#
# @param https_forwards a hash of server names to target ips/ports for nginx
#
# @param https_port     the https port for nginx
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::sniproxy
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2017-2021 Jan Dittberner
#
class profiles::sniproxy (
  Hash[String,String] $https_forwards,
  Integer             $https_port = 443,
) {
  package { 'sniproxy':
    ensure => purged,
  }

  file { '/etc/default/sniproxy':
    ensure  => absent,
  }

  file { '/etc/sniproxy.conf':
    ensure  => absent,
  }

  service { 'sniproxy':
    ensure => stopped,
    enable => false,
  }

  package { 'nginx-full':
    ensure => present,
  }
  service { 'nginx':
    ensure => running,
    enable => true,
  }

  file { '/etc/nginx':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  }
  file { '/etc/nginx/sni-servers.conf':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/sniproxy/nginx.sni-server.epp',
      {
        'https_forwards' => $https_forwards,
        'https_port'     => $https_port,
      },
    ),
    require => Package['nginx-full'],
    notify  => Service['nginx'],
  }
  file { '/etc/nginx/nginx.conf':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    source  => 'puppet:///modules/profiles/sniproxy/nginx.conf',
    require => [File['/etc/nginx/sni-servers.conf'], Package['nginx-full']],
    notify  => Service['nginx'],
  }
}