apache-formula/apache/mod_ssl.sls

{% from "apache/map.jinja" import apache with context %}

{% if grains['os_family']=="Debian" %}

include:
  - apache

a2enmod mod_ssl:
  cmd.run:
    - name: a2enmod ssl
    - unless: ls /etc/apache2/mods-enabled/ssl.load
    - order: 225
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

/etc/apache2/mods-available/ssl.conf:
  file.managed:
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
    - template: jinja
    - mode: 644
    - watch_in:
      - module: apache-restart

{% elif grains['os_family']=="RedHat" %}

mod_ssl:
  pkg.installed:
    - name: {{ apache.mod_ssl_pkg }}
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{{ apache.confdir }}/ssl.conf:
  file.absent:
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% elif grains['os_family']=="FreeBSD" %}

include:
  - apache
  - apache.mod_socache_shmcb

{{ apache.modulesdir }}/010_mod_ssl.conf:
  file.managed:
    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
    - mode: 644
    - template: jinja
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% endif %}

{{ apache.confdir }}/tls-defaults.conf:
{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
  file.managed:
    - source: salt://apache/files/tls-defaults.conf.jinja
    - mode: 644
    - template: jinja
{% else %}
  file.absent:
{% endif %}
    - require:
      - pkg: apache
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache

{% if grains['os_family']=="Debian" %}
a2endisconf tls-defaults:
  cmd.run:
{%   if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
    - name: a2enconf tls-defaults
    - unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%   else %}
    - name: a2disconf tls-defaults
    - onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
{%   endif %}
    - order: 225
    - require:
      - pkg: apache
      - file: {{ apache.confdir }}/tls-defaults.conf
    - watch_in:
      - module: apache-restart
    - require_in:
      - module: apache-restart
      - module: apache-reload
      - service: apache
{% endif %}