Fix apache owner

[perso/Immae/Projets/Puppet.git] / modules / profile / manifests / apache.pp

diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 8db58da99beb5aed81e044791bf7393213ba5682..7187350d3624fedf1904cf1fbe78ced1c11e931c 100644 (file)
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -4,6 +4,8 @@ class profile::apache {
     root_directory_options => ["All"],
     default_mods           => false,
     default_vhost          => false,
+    user                   => "http",
+    group                  => "http",
     log_formats            => {
       combined => '%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %p',
       common   => '%h %l %u %t \"%r\" %>s %b',
@@ -67,13 +69,12 @@ class profile::apache {
     install_method  => "package",
     package_name    => "certbot",
     package_command => "certbot",
-    # FIXME
-    email           => 'sites+letsencrypt@mail.immae.eu',
+    email           => lookup('letsencrypt::email'),
   }
 
-  $real_hostname = lookup("base_installation::real_hostname") |$key| { {} }
+  $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef })
   unless empty($real_hostname) {
-    if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) {
+    if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) {
       letsencrypt::certonly { $real_hostname:
         before => Apache::Vhost["default_ssl"];
         default: * => $::profile::apache::letsencrypt_certonly_default;
@@ -110,6 +111,14 @@ class profile::apache {
     }
   }
 
+  lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| {
+    if ($host != $real_hostname) { # Done above already
+      letsencrypt::certonly { $host: ;
+        default: * => $letsencrypt_certonly_default;
+      }
+    }
+  }
+
   apache::vhost { "redirect_no_ssl":
     port          => '80',
     error_log     => false,