File: certificates.sls

package info (click to toggle)
cloc 2.06-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 8,064 kB
  • sloc: perl: 30,146; cpp: 1,219; python: 623; ansic: 334; asm: 267; makefile: 244; sh: 186; sql: 144; java: 136; ruby: 111; cs: 104; pascal: 52; lisp: 50; haskell: 35; f90: 35; cobol: 35; objc: 25; php: 22; javascript: 15; fortran: 9; ml: 8; xml: 7; tcl: 2
file content (62 lines) | stat: -rw-r--r-- 2,214 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# https://github.com/saltstack-formulas/nginx-formula/tree/master/nginx
{% from 'nginx/map.jinja' import nginx with context %}

include:
  - nginx.service

{% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}

{%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
{%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
  file.managed:
    - name: {{ certificates_path }}/{{ dh_param }}
    - contents_pillar: nginx:dh_param:{{ dh_param }}
    - makedirs: True
    - watch_in:
      - service: nginx_service
{%- else %}
generate_nginx_dhparam_{{ dh_param }}_key:
  pkg.installed:
    - name: {{ nginx.lookup.openssl_package }}
  file.directory:
    - name: {{ certificates_path }}
    - makedirs: True
  cmd.run:
    - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
    - cwd: {{ certificates_path }}
    - creates: {{ certificates_path }}/{{ dh_param }}
    - watch_in:
      - service: nginx_service
{%- endif %}
{%- endfor %}

{%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
  file.managed:
    - name: {{ certificates_path }}/{{ domain }}.crt
    - makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
    - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain))}}
{% else %}
    - contents_pillar: nginx:certificates:{{ domain }}:public_cert
{% endif %}
    - watch_in:
      - service: nginx_service

{% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain))%}
nginx_{{ domain }}_ssl_key:
  file.managed:
    - name: {{ certificates_path }}/{{ domain }}.key
    - mode: 600
    - makedirs: True
{% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
    - contents_pillar: {{salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain))}}
{% else %}
    - contents_pillar: nginx:certificates:{{ domain }}:private_key
{% endif %}
    - watch_in:
      - service: nginx_service
{% endif %}
{%- endfor %}