finish vagrant configuration

- ignore collected assets
- setup virtualenv and environment variables
- import additional salt state modules

roots/webserver/nginx-ssl.conf

@@ -4,7 +4,7 @@ ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;
 
-ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir') }}/dhparams.pem;
+ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') }}/dhparams.pem;
 
 # OCSP stapling
 ssl_stapling on;

roots/webserver/sslcert.macros.sls

@@ -0,0 +1,29 @@
+{%- macro key_cert(domain_name) %}
+{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
+{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
+{% set keyfile = nginx_ssl_keydir + '/' + domain_name + '.key.pem' %}
+{% set certfile = nginx_ssl_certdir + '/' + domain_name + '.crt.pem' %}
+
+{{ keyfile }}:
+  rsa_key.valid_key:
+    - bits: {{ salt['pillar.get']('nginx:keylength:' + domain_name, 2048) }}
+    - require:
+      - file: {{ nginx_ssl_keydir }}
+    - require_in:
+      - file: /etc/nginx/sites-available/{{ domain_name }}
+      - service: nginx
+
+{{ certfile }}:
+  cmd.run:
+    - name: openssl req -new -x509 -key {{ keyfile }} -subj '/CN={{ domain_name }}' -days 730 -out {{ certfile }}
+    - require:
+      - rsa_key: {{ keyfile }}
+    - creates: {{ certfile }}
+  x509_certificate.valid_certificate:
+    - require:
+      - file: {{ nginx_ssl_certdir }}
+      - cmd: {{ certfile }}
+    - require_in:
+      - file: /etc/nginx/sites-available/{{ domain_name }}
+      - service: nginx
+{% endmacro %}