apache-formula/apache/config/modules/mod_ssl.sls

# -*- coding: utf-8 -*-
# vim: ft=sls

{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- set sls_package_install = tplroot ~ '.package.install' %}
{%- from tplroot ~ "/map.jinja" import apache with context %}

include:
  - {{ sls_service_running }}
  - {{ sls_package_install }}

    {%- if grains['os_family'] in ('Debian', 'Suse') %}

apache-config-modules-ssl-cmd-run:
  cmd.run:
    - name: a2enmod ssl
    - unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl'
    - order: 225
    - require:
      - pkg: apache-package-install-pkg-installed
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running
  file.managed:
    - name: /etc/apache2/mods-available/ssl.conf
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
    - template: {{ apache.get('template_engine', 'jinja') }}
    - context:
      apache: {{ apache|json }}
    - mode: 644
    - makedirs: True
    - watch_in:
      - module: apache-service-running-restart

    {%- elif grains['os_family']=="RedHat" %}

apache-config-modules-ssl-pkg:
  pkg.installed:
    - name: {{ apache.pkg.mod_ssl }}
    - require:
      - pkg: apache-package-install-pkg-installed
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running
  file.absent:
    - name: {{ apache.confdir }}/ssl.conf
    - require:
      - pkg: apache-package-install-pkg-installed
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running

    {%- elif grains['os_family']=="FreeBSD" %}
  - .mod_ssl

apache-config-modules-ssl-file-managed:
  file.managed:
    - name: {{ apache.modulesdir }}/010_mod_ssl.conf
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
    - mode: 644
    - makedirs: True
    - template: {{ apache.get('template_engine', 'jinja') }}
    - context:
      apache: {{ apache|json }}
    - require:
      - pkg: apache-package-install-pkg-installed
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running

    {%- endif %}

apache-config-modules-ssl-file-managed-tls-defaults:
    {%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
  file.managed:
    - name: {{ apache.confdir }}/tls-defaults.conf
    - source: salt://apache/files/ssl/tls-defaults.conf.jinja
    - mode: 644
    - makedirs: True
    - template: {{ apache.get('template_engine', 'jinja') }}
    - context:
      apache: {{ apache|json }}
    {%- else %}
  file.absent:
    - name: {{ apache.confdir }}/tls-defaults.conf
    {%- endif %}
    - require:
      - pkg: apache-package-install-pkg-installed
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running

    {%- if grains['os_family'] in ('Debian',) %}
apache-config-modules-ssl-cmd-run-debian-tls-defaults:
  cmd.run:
       {%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
    - name: a2enconf tls-defaults
    - unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
       {%- else %}
    - name: a2disconf tls-defaults
    - onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
       {%- endif %}
    - order: 225
    - require:
      - pkg: apache-package-install-pkg-installed
      - file: {{ apache.confdir }}/tls-defaults.conf
    - watch_in:
      - module: apache-service-running-restart
    - require_in:
      - module: apache-service-running-restart
      - module: apache-service-running-reload
      - service: apache-service-running
    {%- endif %}
refactor(formula): align to template-formula & improve ci features FEATURE: Archlinux support FEATURE: Windows support FEATURE: Enhanced CI/CD FEATURE: modular states BREAKING CHANGE: 'apache.sls' converted to new style 'init.ssl' BREAKING CHANGE: "logrotate.sls" became "config/logrotate.sls" BREAKING CHANGE: "debian_full.sls" became "config/debian_full.sls" BREAKING CHANGE: "flags.sls" became "config/flags.sls" BREAKING CHANGE: "manage_security" became "config/manage_security.sls" BREAKING CHANGE: "mod_.sls" became "config/mod_.sls" BREAKING CHANGE: "no_default_host.sls" became "config/no_default_host.sls" BREAKING CHANGE: "own_default_host.sls" became "config/own_default_host.sls" BREAKING CHANGE: "register_site.sls" became "config/register_site.sls" BREAKING CHANGE: "server_status.sls" became "config/server_status.sls" BREAKING CHANGE: "vhosts/" became "config/vhosts/" BREAKING CHANGE: "mod_security/" became "config/mod_security/" NOT-BREAKING CHANGE: 'config.sls' became 'config/init.sls' NOT-BREAKING CHANGE: 'uninstall.sls' symlinked to 'clean.sls' 2020-09-13 06:07:20 +02:00			`# -- coding: utf-8 --`
			`# vim: ft=sls`

			`{%- set tplroot = tpldir.split('/')[0] %}`
			`{%- set sls_service_running = tplroot ~ '.service.running' %}`
			`{%- set sls_package_install = tplroot ~ '.package.install' %}`
			`{%- from tplroot ~ "/map.jinja" import apache with context %}`

			`include:`
			`- {{ sls_service_running }}`
			`- {{ sls_package_install }}`

			`{%- if grains['os_family'] in ('Debian', 'Suse') %}`

			`apache-config-modules-ssl-cmd-run:`
			`cmd.run:`
			`- name: a2enmod ssl`
			`- unless: ls {{ apache.moddir }}/ssl.load \|\| egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 \| grep ' ssl'`
			`- order: 225`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`
			`file.managed:`
			`- name: /etc/apache2/mods-available/ssl.conf`
			`- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja`
			`- template: {{ apache.get('template_engine', 'jinja') }}`
			`- context:`
			`apache: {{ apache\|json }}`
			`- mode: 644`
			`- makedirs: True`
			`- watch_in:`
			`- module: apache-service-running-restart`

			`{%- elif grains['os_family']=="RedHat" %}`

			`apache-config-modules-ssl-pkg:`
			`pkg.installed:`
			`- name: {{ apache.pkg.mod_ssl }}`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`
			`file.absent:`
			`- name: {{ apache.confdir }}/ssl.conf`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`

			`{%- elif grains['os_family']=="FreeBSD" %}`
			`- .mod_ssl`

			`apache-config-modules-ssl-file-managed:`
			`file.managed:`
			`- name: {{ apache.modulesdir }}/010_mod_ssl.conf`
			`- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja`
			`- mode: 644`
			`- makedirs: True`
			`- template: {{ apache.get('template_engine', 'jinja') }}`
			`- context:`
			`apache: {{ apache\|json }}`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`

			`{%- endif %}`

			`apache-config-modules-ssl-file-managed-tls-defaults:`
			`{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}`
			`file.managed:`
			`- name: {{ apache.confdir }}/tls-defaults.conf`
			`- source: salt://apache/files/ssl/tls-defaults.conf.jinja`
			`- mode: 644`
			`- makedirs: True`
			`- template: {{ apache.get('template_engine', 'jinja') }}`
			`- context:`
			`apache: {{ apache\|json }}`
			`{%- else %}`
			`file.absent:`
			`- name: {{ apache.confdir }}/tls-defaults.conf`
			`{%- endif %}`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`

			`{%- if grains['os_family'] in ('Debian',) %}`
			`apache-config-modules-ssl-cmd-run-debian-tls-defaults:`
			`cmd.run:`
			`{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}`
			`- name: a2enconf tls-defaults`
			`- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf`
			`{%- else %}`
			`- name: a2disconf tls-defaults`
			`- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf`
			`{%- endif %}`
			`- order: 225`
			`- require:`
			`- pkg: apache-package-install-pkg-installed`
			`- file: {{ apache.confdir }}/tls-defaults.conf`
			`- watch_in:`
			`- module: apache-service-running-restart`
			`- require_in:`
			`- module: apache-service-running-restart`
			`- module: apache-service-running-reload`
			`- service: apache-service-running`
			`{%- endif %}`