Saltstack Official Nginx Formula

certificates.sls 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. {% from 'nginx/map.jinja' import nginx with context %}
  2. include:
  3. - nginx.service
  4. {% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}
  5. {%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}
  6. {%- if value is string %}
  7. create_nginx_dhparam_{{ dh_param }}_key:
  8. file.managed:
  9. - name: {{ certificates_path }}/{{ dh_param }}
  10. - contents_pillar: nginx:dh_param:{{ dh_param }}
  11. - makedirs: True
  12. - watch_in:
  13. - service: nginx_service
  14. {%- else %}
  15. generate_nginx_dhparam_{{ dh_param }}_key:
  16. pkg.installed:
  17. - name: {{ nginx.lookup.openssl_package }}
  18. file.directory:
  19. - name: {{ certificates_path }}
  20. - makedirs: True
  21. cmd.run:
  22. - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
  23. - cwd: {{ certificates_path }}
  24. - creates: {{ certificates_path }}/{{ dh_param }}
  25. - watch_in:
  26. - service: nginx_service
  27. {%- endif %}
  28. {%- endfor %}
  29. {%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}
  30. nginx_{{ domain }}_ssl_certificate:
  31. file.managed:
  32. - name: {{ certificates_path }}/{{ domain }}.crt
  33. - makedirs: True
  34. {% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}
  35. - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }}
  36. {% else %}
  37. - contents_pillar: nginx:certificates:{{ domain }}:public_cert
  38. {% endif %}
  39. - watch_in:
  40. - service: nginx_service
  41. {% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
  42. nginx_{{ domain }}_ssl_key:
  43. file.managed:
  44. - name: {{ certificates_path }}/{{ domain }}.key
  45. - mode: 600
  46. - makedirs: True
  47. {% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}
  48. - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }}
  49. {% else %}
  50. - contents_pillar: nginx:certificates:{{ domain }}:private_key
  51. {% endif %}
  52. - watch_in:
  53. - service: nginx_service
  54. {% endif %}
  55. {%- endfor %}