apache-httpd: manage snippets

- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/id/themis_lysergic_dev.sls

@@ -28,6 +28,7 @@ apache:
       ServerAdmin: False
       ServerAlias: False
       Formula_Append: |
+        Include /etc/apache2/snippets.d/ssl_themis.conf
         AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
         SetOutputFilter DEFLATE
         <FilesMatch '\.php$'>

pillar/role/web/apache-httpd.sls

@@ -1,3 +1,13 @@
+{%- set host = grains['host'] -%}
+{%- set fqdn = grains['fqdn'] -%}
+
 apache:
   global:
     ServerAdmin: system@lysergic.dev
+
+profile:
+  apache-httpd:
+   snippets:
+    ssl_{{ host }}:
+      - 'SSLCertificateFile    "/etc/ssl/{{ host }}/{{ fqdn }}.crt"'
+      - 'SSLCertificateKeyFile "/etc/ssl/{{ host }}/{{ fqdn }}.key"'

salt/profile/apache-httpd/init.sls

@@ -0,0 +1,31 @@
+{%- set snippetsdir = '/etc/apache2/snippets.d' -%}
+{%- set mypillar = salt['pillar.get']('profile:apache-httpd', {}) -%}
+
+{{ snippetsdir }}:
+  file.directory:
+    - makedirs: True
+
+{%- if 'snippets' in mypillar %}
+{%- for snippet, config in mypillar['snippets'].items() %}
+{{ snippetsdir }}/{{ snippet }}.conf:
+  file.managed:
+    - contents:
+      {%- for line in config %}
+      - {{ line }}
+      {%- endfor %}
+    - require:
+      - file: {{ snippetsdir }}
+    {#- formula dependencies #}
+    - require_in:
+      - module: apache-service-running-restart
+      - service: apache-service-running
+    - watch_in:
+      - module: apache-service-running-reload
+{%- endfor %}
+{%- endif %}
+
+include:
+  - apache.config
+
+
+

salt/role/web/apache-httpd.sls

@@ -1,2 +1,2 @@
 include:
-  - apache.config
+  - profile.apache-httpd