profile.apache-httpd: manage snippets

- add apache-httpd profile with snippets configuration - add TLS snippet to apache-httpd role pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-19 13:40:47 +01:00 · 2023-02-19 13:40:47 +01:00 · 4653655010
commit 4653655010
parent d8d848055f
3 changed files with 42 additions and 1 deletions
--- a/pillar/role/web/apache-httpd.sls
+++ b/pillar/role/web/apache-httpd.sls
@ -1,3 +1,13 @@
+{%- set host = grains['host'] -%}
+{%- set fqdn = grains['fqdn'] -%}
+
 apache:
  global:
    ServerAdmin: system@lysergic.dev
+
+profile:
+  apache-httpd:
+   snippets:
+    ssl_{{ host }}:
+      - 'SSLCertificateFile    "/etc/ssl/{{ host }}/{{ fqdn }}.crt"'
+      - 'SSLCertificateKeyFile "/etc/ssl/{{ host }}/{{ fqdn }}.key"'
--- a/salt/profile/apache-httpd/init.sls
+++ b/salt/profile/apache-httpd/init.sls
@ -0,0 +1,31 @@
+{%- set snippetsdir = '/etc/apache2/snippets.d' -%}
+{%- set mypillar = salt['pillar.get']('profile:apache-httpd', {}) -%}
+
+{{ snippetsdir }}:
+  file.directory:
+    - makedirs: True
+
+{%- if 'snippets' in mypillar %}
+{%- for snippet, config in mypillar['snippets'].items() %}
+{{ snippetsdir }}/{{ snippet }}.conf:
+  file.managed:
+    - contents:
+      {%- for line in config %}
+      - {{ line }}
+      {%- endfor %}
+    - require:
+      - file: {{ snippetsdir }}
+    {#- formula dependencies #}
+    - require_in:
+      - module: apache-service-running-restart
+      - service: apache-service-running
+    - watch_in:
+      - module: apache-service-running-reload
+{%- endfor %}
+{%- endif %}
+
+include:
+  - apache.config
+
+
+
--- a/salt/role/web/apache-httpd.sls
+++ b/salt/role/web/apache-httpd.sls
@ -1,2 +1,2 @@
 include:
-  - apache.config
+  - profile.apache-httpd