Jan Dittberner
6a8997e950
This commit adds an initial Vagrant and Saltstack setup that reuses the same configuration as that of the gva repository. The LDAP server itself is not configured yet.
31 lines
1.1 KiB
Plaintext
31 lines
1.1 KiB
Plaintext
{%- macro key_cert(domain_name) %}
|
|
{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
|
|
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
|
|
{% set keyfile = nginx_ssl_keydir + '/' + domain_name + '.key.pem' %}
|
|
{% set certfile = nginx_ssl_certdir + '/' + domain_name + '.crt.pem' %}
|
|
|
|
{{ keyfile }}:
|
|
rsa_key.valid_key:
|
|
- bits: {{ salt['pillar.get']('nginx:keylength:' + domain_name, 2048) }}
|
|
- require:
|
|
- file: {{ nginx_ssl_keydir }}
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
|
|
{{ certfile }}:
|
|
cmd.run:
|
|
- name: openssl req -new -x509 -key {{ keyfile }} -subj '/CN={{ domain_name }}' -days 730 -out {{ certfile }}
|
|
- require:
|
|
- rsa_key: {{ keyfile }}
|
|
- creates: {{ certfile }}
|
|
x509_certificate.valid_certificate:
|
|
- require:
|
|
- file: {{ nginx_ssl_certdir }}
|
|
- cmd: {{ certfile }}
|
|
- pkg: python-m2crypto
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
{% endmacro %}
|